From openssl at openssl.org Fri May 1 06:20:01 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 01 May 2020 06:20:01 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1588314001.565145.20657.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 64e54bf5c6 coverity 1462581 Dereference after null check 206da660a3 coverity 1462580 Improper use of negative value 209c3d3ef6 coverity 1462578 Resource leak 6f0bdf41a3 coverity 1462576 Resource leak 3e47e7b454 coverity 1462567: Null pointer dereferences ba61a0e60f coverity 1462574 Resource leak 5e12a13af7 coverity 1462573 Dereference after null check cb383f10d1 coverity 1462572 Dereference after null check 61cdc2a08d coverity 1462571 Dereference after null check 67d744b933 coverity 1462570 Resource leak d4d67bafe7 coverity 1462566 Resource leak 0e2b6091e9 coverity 1462564 Improper use of negative value 437e36aed5 coverity 1462562 Dereference before null check 70e18f9dce coverity 1462561 Uninitialized scalar variable 2a4ad6a5d4 coverity 1462560 Resource leak 576bcdb5bd coverity 1462556 Resource leak 9dbfb11d5a coverity 1462554 Dereference after null check 4dcff55c75 coverity 1462549 Dereference before null check ada7d4c345 coverity 1462548 Resource leak 089c292825 coverity 1462546 Dereference after null check dc8908bfe2 coverity 1462545 Dereference after null check e655ce14d0 coverity: 1462544 Dereference after null check 1f74259d42 coverity 1462543 Logically dead code bd5f280091 coverity 1462541 Dereference after null check 9b0e74c41a coverity 1462550 Resource leak 721330705a coverity 1462565: Null pointer dereferences 4f5e206dd8 coverity 1462577: Incorrect expression 92f0684d11 param bld: avoid freeing the param builder structure on error paths. bb4f39114c Fix snprintf missing for windows build 588d5d01fe Undeprecate DH, DSA and RSA _bits() functions. 036ee37063 EVP: Fix evp_keymgmt_util_copy() for to->keymgmt == NULL a6ed19dc9a Amend references to "OpenSSL license" 5e427a435b Update EVP_PKEY_fromdata.pod 90a37ce389 include/openssl/ts.h: clean away a misplaced EVP_MD stack definition 01659135a1 include/openssl/x509v3.h: restore previous stack definition arrangement Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1984, 659 wallclock secs ( 8.90 usr 1.54 sys + 612.60 cusr 43.37 csys = 666.41 CPU) Result: FAIL Makefile:3024: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3022: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Fri May 1 06:56:35 2020 From: levitte at openssl.org (Richard Levitte) Date: Fri, 01 May 2020 06:56:35 +0000 Subject: [openssl] master update Message-ID: <1588316195.278284.16979.nullmailer@dev.openssl.org> The branch master has been updated via 90113096186e185cd07ee1c4c7267d0e68e67793 (commit) via 2fc2e37b282cb6570760e9c837599dd51f239ca1 (commit) from 64e54bf5c6657bf423d3ba463f31095d598d94e7 (commit) - Log ----------------------------------------------------------------- commit 90113096186e185cd07ee1c4c7267d0e68e67793 Author: Mat Berchtold Date: Tue Apr 21 19:30:40 2020 -0500 Add a test for EVP_PKEY_*_check functions for "DSA" keys Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11598) commit 2fc2e37b282cb6570760e9c837599dd51f239ca1 Author: Mat Berchtold Date: Tue Apr 21 14:13:16 2020 -0500 When a private key is validated and there is no private key, return early. Affected functions: dsa_validate_public dsa_validate_private dh_validate_public dh_validate_private Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11598) ----------------------------------------------------------------------- Summary of changes: providers/implementations/keymgmt/dh_kmgmt.c | 4 ++++ providers/implementations/keymgmt/dsa_kmgmt.c | 4 ++++ test/evp_pkey_provided_test.c | 20 ++++++++++++++++++++ 3 files changed, 28 insertions(+) diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index f09654c048..a551a72d79 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -322,6 +322,8 @@ static int dh_validate_public(DH *dh) const BIGNUM *pub_key = NULL; DH_get0_key(dh, &pub_key, NULL); + if (pub_key == NULL) + return 0; return DH_check_pub_key_ex(dh, pub_key); } @@ -331,6 +333,8 @@ static int dh_validate_private(DH *dh) const BIGNUM *priv_key = NULL; DH_get0_key(dh, NULL, &priv_key); + if (priv_key == NULL) + return 0; return dh_check_priv_key(dh, priv_key, &status);; } diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c index 1261035296..de54b9a3fd 100644 --- a/providers/implementations/keymgmt/dsa_kmgmt.c +++ b/providers/implementations/keymgmt/dsa_kmgmt.c @@ -312,6 +312,8 @@ static int dsa_validate_public(DSA *dsa) const BIGNUM *pub_key = NULL; DSA_get0_key(dsa, &pub_key, NULL); + if (pub_key == NULL) + return 0; return dsa_check_pub_key(dsa, pub_key, &status); } @@ -321,6 +323,8 @@ static int dsa_validate_private(DSA *dsa) const BIGNUM *priv_key = NULL; DSA_get0_key(dsa, NULL, &priv_key); + if (priv_key == NULL) + return 0; return dsa_check_priv_key(dsa, priv_key, &status); } diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index 1ded0d9f9e..2c07ed0282 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -1211,6 +1211,25 @@ static int test_fromdata_dsa_fips186_4(void) return ret; } + +static int test_check_dsa(void) +{ + int ret = 0; + EVP_PKEY_CTX *ctx = NULL; + + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)) + || !TEST_false(EVP_PKEY_check(ctx)) + || !TEST_false(EVP_PKEY_public_check(ctx)) + || !TEST_false(EVP_PKEY_private_check(ctx)) + || !TEST_false(EVP_PKEY_pairwise_check(ctx))) + goto err; + + ret = 1; + err: + EVP_PKEY_CTX_free(ctx); + + return ret; +} #endif /* OPENSSL_NO_DSA */ @@ -1231,6 +1250,7 @@ int setup_tests(void) ADD_TEST(test_fromdata_dh_named_group); #endif #ifndef OPENSSL_NO_DSA + ADD_TEST(test_check_dsa); ADD_TEST(test_fromdata_dsa_fips186_4); #endif #ifndef OPENSSL_NO_EC From kaduk at mit.edu Fri May 1 22:38:21 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Fri, 01 May 2020 22:38:21 +0000 Subject: [openssl] master update Message-ID: <1588372701.587416.9191.nullmailer@dev.openssl.org> The branch master has been updated via e908f292de6383c5d4dbece9381b523d4ce41c69 (commit) via f0049b86cc5d745af97c087e54abaeb00de40b6b (commit) via 3bfacb5fd4679812a7b9ec61d296b1add64669c0 (commit) via 6250282f7fc37c5903d051174a69053a80e1b1bd (commit) from 90113096186e185cd07ee1c4c7267d0e68e67793 (commit) - Log ----------------------------------------------------------------- commit e908f292de6383c5d4dbece9381b523d4ce41c69 Author: Benjamin Kaduk Date: Wed Apr 1 17:08:10 2020 -0700 make update for SSL_new_session_ticket Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11416) commit f0049b86cc5d745af97c087e54abaeb00de40b6b Author: Benjamin Kaduk Date: Tue Mar 17 10:08:11 2020 -0700 Add test for SSL_new_session_ticket() Run a normal handshake and then request some extra tickets, checking that the new_session_cb is called the expected number of times. Since the tickets are generated in the same way as other tickets, there should not be a need to verify that these specific ones can be used to resume. Run the test with both zero and a non-zero number of tickets issued in the initial handshake. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11416) commit 3bfacb5fd4679812a7b9ec61d296b1add64669c0 Author: Benjamin Kaduk Date: Mon Mar 16 11:25:58 2020 -0700 Add SSL_new_session_ticket() API This API requests that the TLS stack generate a (TLS 1.3) NewSessionTicket message the next time it is safe to do so (i.e., we do not have other data pending write, which could be mid-record). For efficiency, defer actually generating/writing the ticket until there is other data to write, to avoid producing server-to-client traffic when not needed. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11416) commit 6250282f7fc37c5903d051174a69053a80e1b1bd Author: Benjamin Kaduk Date: Mon Mar 16 11:25:12 2020 -0700 Fix whitespace nit in ossl_statem_server_pre_work An 'if' clause was nestled against a previous closing brace as it if was an 'else if', but should properly stand on its own line. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11416) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_num_tickets.pod | 27 ++++++- include/openssl/ssl.h | 1 + ssl/record/rec_layer_s3.c | 8 +- ssl/ssl_lib.c | 9 +++ ssl/ssl_local.h | 2 + ssl/statem/statem_srvr.c | 19 ++++- test/sslapitest.c | 143 +++++++++++++++++++++++++++++++++++ util/libssl.num | 1 + 8 files changed, 199 insertions(+), 11 deletions(-) diff --git a/doc/man3/SSL_CTX_set_num_tickets.pod b/doc/man3/SSL_CTX_set_num_tickets.pod index 84afe4ae6a..5d4bd6f5be 100644 --- a/doc/man3/SSL_CTX_set_num_tickets.pod +++ b/doc/man3/SSL_CTX_set_num_tickets.pod @@ -5,7 +5,8 @@ SSL_set_num_tickets, SSL_get_num_tickets, SSL_CTX_set_num_tickets, -SSL_CTX_get_num_tickets +SSL_CTX_get_num_tickets, +SSL_new_session_ticket - control the number of TLSv1.3 session tickets that are issued =head1 SYNOPSIS @@ -16,6 +17,7 @@ SSL_CTX_get_num_tickets size_t SSL_get_num_tickets(SSL *s); int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); + int SSL_new_session_ticket(SSL *s); =head1 DESCRIPTION @@ -40,14 +42,29 @@ handshake then SSL_set_num_tickets() can be called again prior to calling SSL_verify_client_post_handshake() to update the number of tickets that will be sent. +To issue tickets after other events (such as application-layer changes), +SSL_new_session_ticket() is used by a server application to request that a new +ticket be sent when it is safe to do so. New tickets are only allowed to be +sent in this manner after the initial handshake has completed, and only for TLS +1.3 connections. The ticket generation and transmission are delayed until the +server is starting a new write operation, so that it is bundled with other +application data being written and properly aligned to a record boundary. +SSL_new_session_ticket() can be called more than once to request additional +tickets be sent; all such requests are queued and written together when it is +safe to do so. Note that a successful return from SSL_new_session_ticket() +indicates only that the request to send a ticket was processed, not that the +ticket itself was sent. To be notified when the ticket itself is sent, a +new-session callback can be registered with L that +will be invoked as the ticket or tickets are generated. + SSL_CTX_get_num_tickets() and SSL_get_num_tickets() return the number of tickets set by a previous call to SSL_CTX_set_num_tickets() or SSL_set_num_tickets(), or 2 if no such call has been made. =head1 RETURN VALUES -SSL_CTX_set_num_tickets() and SSL_set_num_tickets() return 1 on success or 0 on -failure. +SSL_CTX_set_num_tickets(), SSL_set_num_tickets(), and +SSL_new_session_ticket() return 1 on success or 0 on failure. SSL_CTX_get_num_tickets() and SSL_get_num_tickets() return the number of tickets that have been previously set. @@ -58,7 +75,9 @@ L =head1 HISTORY -These functions were added in OpenSSL 1.1.1. +SSL_new_session_ticket() was added in OpenSSL 3.0.0. +SSL_set_num_tickets(), SSL_get_num_tickets(), SSL_CTX_set_num_tickets(), and +SSL_CTX_get_num_tickets() were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 5c2affb690..f293b035e3 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1959,6 +1959,7 @@ int SSL_get_key_update_type(const SSL *s); int SSL_renegotiate(SSL *s); int SSL_renegotiate_abbreviated(SSL *s); __owur int SSL_renegotiate_pending(const SSL *s); +int SSL_new_session_ticket(SSL *s); int SSL_shutdown(SSL *s); __owur int SSL_verify_client_post_handshake(SSL *s); void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index d4198917d0..bceac72051 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -384,10 +384,12 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, s->rlayer.wnum = 0; /* - * If we are supposed to be sending a KeyUpdate then go into init unless we - * have writes pending - in which case we should finish doing that first. + * If we are supposed to be sending a KeyUpdate or NewSessionTicket then go + * into init unless we have writes pending - in which case we should finish + * doing that first. */ - if (wb->left == 0 && s->key_update != SSL_KEY_UPDATE_NONE) + if (wb->left == 0 && (s->key_update != SSL_KEY_UPDATE_NONE + || s->ext.extra_tickets_expected > 0)) ossl_statem_set_in_init(s, 1); /* diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 63cbb3d904..fde726e0ba 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2303,6 +2303,15 @@ int SSL_renegotiate_pending(const SSL *s) return (s->renegotiate != 0); } +int SSL_new_session_ticket(SSL *s) +{ + if (SSL_in_init(s) || SSL_IS_FIRST_HANDSHAKE(s) || !s->server + || !SSL_IS_TLS13(s)) + return 0; + s->ext.extra_tickets_expected++; + return 1; +} + long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) { long l; diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 21bf482bef..de7e9fde48 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -1539,6 +1539,8 @@ struct ssl_st { /* RFC4507 session ticket expected to be received or sent */ int ticket_expected; + /* TLS 1.3 tickets requested by the application. */ + int extra_tickets_expected; # ifndef OPENSSL_NO_EC size_t ecpointformats_len; /* our list */ diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index c463f22ce2..d1d86ea5e6 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -441,6 +441,10 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) st->hand_state = TLS_ST_SW_CERT_REQ; return WRITE_TRAN_CONTINUE; } + if (s->ext.extra_tickets_expected > 0) { + st->hand_state = TLS_ST_SW_SESSION_TICKET; + return WRITE_TRAN_CONTINUE; + } /* Try to read from the client instead */ return WRITE_TRAN_FINISHED; @@ -531,7 +535,9 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) * Following an initial handshake we send the number of tickets we have * been configured for. */ - if (s->hit || s->num_tickets <= s->sent_tickets) { + if (!SSL_IS_FIRST_HANDSHAKE(s) && s->ext.extra_tickets_expected > 0) { + return WRITE_TRAN_CONTINUE; + } else if (s->hit || s->num_tickets <= s->sent_tickets) { /* We've written enough tickets out. */ st->hand_state = TLS_ST_OK; } @@ -727,7 +733,8 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) return WORK_FINISHED_CONTINUE; case TLS_ST_SW_SESSION_TICKET: - if (SSL_IS_TLS13(s) && s->sent_tickets == 0) { + if (SSL_IS_TLS13(s) && s->sent_tickets == 0 + && s->ext.extra_tickets_expected == 0) { /* * Actually this is the end of the handshake, but we're going * straight into writing the session ticket out. So we finish off @@ -736,7 +743,8 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) * Calls SSLfatal as required. */ return tls_finish_handshake(s, wst, 0, 0); - } if (SSL_IS_DTLS(s)) { + } + if (SSL_IS_DTLS(s)) { /* * We're into the last flight. We don't retransmit the last flight * unless we need to, so we don't use the timer @@ -4160,10 +4168,13 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) /* * Increment both |sent_tickets| and |next_ticket_nonce|. |sent_tickets| * gets reset to 0 if we send more tickets following a post-handshake - * auth, but |next_ticket_nonce| does not. + * auth, but |next_ticket_nonce| does not. If we're sending extra + * tickets, decrement the count of pending extra tickets. */ s->sent_tickets++; s->next_ticket_nonce++; + if (s->ext.extra_tickets_expected > 0) + s->ext.extra_tickets_expected--; ssl_update_cache(s, SSL_SESS_CACHE_SERVER); } diff --git a/test/sslapitest.c b/test/sslapitest.c index 779176a0f1..b8bad61fd2 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -2093,6 +2093,148 @@ static int test_psk_tickets(void) return testresult; } + +static int test_extra_tickets(int idx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + BIO *bretry = BIO_new(bio_s_always_retry()); + BIO *tmp = NULL; + int testresult = 0; + int stateful = 0; + size_t nbytes; + unsigned char c, buf[1]; + + new_called = 0; + do_cache = 1; + + if (idx >= 3) { + idx -= 3; + stateful = 1; + } + + if (!TEST_ptr(bretry) || !setup_ticket_test(stateful, idx, &sctx, &cctx)) + goto end; + SSL_CTX_sess_set_new_cb(sctx, new_session_cb); + /* setup_ticket_test() uses new_cachesession_cb which we don't need. */ + SSL_CTX_sess_set_new_cb(cctx, new_session_cb); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) + goto end; + + /* + * Note that we have new_session_cb on both sctx and cctx, so new_called is + * incremented by both client and server. + */ + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + /* Check we got the number of tickets we were expecting */ + || !TEST_int_eq(idx * 2, new_called) + || !TEST_true(SSL_new_session_ticket(serverssl)) + || !TEST_true(SSL_new_session_ticket(serverssl)) + || !TEST_int_eq(idx * 2, new_called)) + goto end; + + /* Now try a (real) write to actually send the tickets */ + c = '1'; + if (!TEST_true(SSL_write_ex(serverssl, &c, 1, &nbytes)) + || !TEST_size_t_eq(1, nbytes) + || !TEST_int_eq(idx * 2 + 2, new_called) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) + || !TEST_int_eq(idx * 2 + 4, new_called) + || !TEST_int_eq(sizeof(buf), nbytes) + || !TEST_int_eq(c, buf[0]) + || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))) + goto end; + + /* Try with only requesting one new ticket, too */ + c = '2'; + new_called = 0; + if (!TEST_true(SSL_new_session_ticket(serverssl)) + || !TEST_true(SSL_write_ex(serverssl, &c, sizeof(c), &nbytes)) + || !TEST_size_t_eq(sizeof(c), nbytes) + || !TEST_int_eq(1, new_called) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) + || !TEST_int_eq(2, new_called) + || !TEST_size_t_eq(sizeof(buf), nbytes) + || !TEST_int_eq(c, buf[0])) + goto end; + + /* Do it again but use dummy writes to drive the ticket generation */ + c = '3'; + new_called = 0; + if (!TEST_true(SSL_new_session_ticket(serverssl)) + || !TEST_true(SSL_new_session_ticket(serverssl)) + || !TEST_true(SSL_write_ex(serverssl, &c, 0, &nbytes)) + || !TEST_size_t_eq(0, nbytes) + || !TEST_int_eq(2, new_called) + || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) + || !TEST_int_eq(4, new_called)) + goto end; + + /* + * Use the always-retry BIO to exercise the logic that forces ticket + * generation to wait until a record boundary. + */ + c = '4'; + new_called = 0; + tmp = SSL_get_wbio(serverssl); + if (!TEST_ptr(tmp) || !TEST_true(BIO_up_ref(tmp))) { + tmp = NULL; + goto end; + } + SSL_set0_wbio(serverssl, bretry); + bretry = NULL; + if (!TEST_false(SSL_write_ex(serverssl, &c, 1, &nbytes)) + || !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_WANT_WRITE) + || !TEST_size_t_eq(nbytes, 0)) + goto end; + /* Restore a BIO that will let the write succeed */ + SSL_set0_wbio(serverssl, tmp); + tmp = NULL; + /* These calls should just queue the request and not send anything. */ + if (!TEST_true(SSL_new_session_ticket(serverssl)) + || !TEST_true(SSL_new_session_ticket(serverssl)) + || !TEST_int_eq(0, new_called)) + goto end; + /* Re-do the write; still no tickets sent */ + if (!TEST_true(SSL_write_ex(serverssl, &c, 1, &nbytes)) + || !TEST_size_t_eq(1, nbytes) + || !TEST_int_eq(0, new_called) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) + || !TEST_int_eq(0, new_called) + || !TEST_int_eq(sizeof(buf), nbytes) + || !TEST_int_eq(c, buf[0]) + || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))) + goto end; + /* Now the *next* write should send the tickets */ + c = '5'; + if (!TEST_true(SSL_write_ex(serverssl, &c, 1, &nbytes)) + || !TEST_size_t_eq(1, nbytes) + || !TEST_int_eq(2, new_called) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) + || !TEST_int_eq(4, new_called) + || !TEST_int_eq(sizeof(buf), nbytes) + || !TEST_int_eq(c, buf[0]) + || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))) + goto end; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + testresult = 1; + + end: + BIO_free(bretry); + BIO_free(tmp); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + clientssl = serverssl = NULL; + sctx = cctx = NULL; + return testresult; +} #endif #define USE_NULL 0 @@ -7395,6 +7537,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_stateful_tickets, 3); ADD_ALL_TESTS(test_stateless_tickets, 3); ADD_TEST(test_psk_tickets); + ADD_ALL_TESTS(test_extra_tickets, 6); #endif ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS); ADD_TEST(test_ssl_bio_pop_next_bio); diff --git a/util/libssl.num b/util/libssl.num index c2b162f3bd..b8e0982daa 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -513,3 +513,4 @@ SSL_CTX_load_verify_dir ? 3_0_0 EXIST::FUNCTION: SSL_CTX_load_verify_store ? 3_0_0 EXIST::FUNCTION: SSL_CTX_set_tlsext_ticket_key_evp_cb ? 3_0_0 EXIST::FUNCTION: SSL_CTX_new_with_libctx ? 3_0_0 EXIST::FUNCTION: +SSL_new_session_ticket ? 3_0_0 EXIST::FUNCTION: From openssl at openssl.org Sat May 2 02:54:12 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 02 May 2020 02:54:12 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-rfc3779 Message-ID: <1588388052.627340.17883.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-rfc3779 Commit log since last time: 64e54bf5c6 coverity 1462581 Dereference after null check 206da660a3 coverity 1462580 Improper use of negative value 209c3d3ef6 coverity 1462578 Resource leak 6f0bdf41a3 coverity 1462576 Resource leak 3e47e7b454 coverity 1462567: Null pointer dereferences ba61a0e60f coverity 1462574 Resource leak 5e12a13af7 coverity 1462573 Dereference after null check cb383f10d1 coverity 1462572 Dereference after null check 61cdc2a08d coverity 1462571 Dereference after null check 67d744b933 coverity 1462570 Resource leak d4d67bafe7 coverity 1462566 Resource leak 0e2b6091e9 coverity 1462564 Improper use of negative value 437e36aed5 coverity 1462562 Dereference before null check 70e18f9dce coverity 1462561 Uninitialized scalar variable 2a4ad6a5d4 coverity 1462560 Resource leak 576bcdb5bd coverity 1462556 Resource leak 9dbfb11d5a coverity 1462554 Dereference after null check 4dcff55c75 coverity 1462549 Dereference before null check ada7d4c345 coverity 1462548 Resource leak 089c292825 coverity 1462546 Dereference after null check dc8908bfe2 coverity 1462545 Dereference after null check e655ce14d0 coverity: 1462544 Dereference after null check 1f74259d42 coverity 1462543 Logically dead code bd5f280091 coverity 1462541 Dereference after null check 9b0e74c41a coverity 1462550 Resource leak 721330705a coverity 1462565: Null pointer dereferences 4f5e206dd8 coverity 1462577: Incorrect expression 92f0684d11 param bld: avoid freeing the param builder structure on error paths. bb4f39114c Fix snprintf missing for windows build 588d5d01fe Undeprecate DH, DSA and RSA _bits() functions. 036ee37063 EVP: Fix evp_keymgmt_util_copy() for to->keymgmt == NULL a6ed19dc9a Amend references to "OpenSSL license" 5e427a435b Update EVP_PKEY_fromdata.pod 90a37ce389 include/openssl/ts.h: clean away a misplaced EVP_MD stack definition 01659135a1 include/openssl/x509v3.h: restore previous stack definition arrangement From shane.lontis at oracle.com Sat May 2 04:19:08 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Sat, 02 May 2020 04:19:08 +0000 Subject: [openssl] master update Message-ID: <1588393148.836224.11260.nullmailer@dev.openssl.org> The branch master has been updated via e0624f0d702b57e23ecaf5236ce1bafdd85ec649 (commit) from e908f292de6383c5d4dbece9381b523d4ce41c69 (commit) - Log ----------------------------------------------------------------- commit e0624f0d702b57e23ecaf5236ce1bafdd85ec649 Author: Shane Lontis Date: Sat May 2 14:17:54 2020 +1000 Add default property API's to enable and test for fips Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11239) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 1 + crypto/evp/evp_cnf.c | 16 +++++---- crypto/evp/evp_err.c | 2 ++ crypto/evp/evp_fetch.c | 34 +++++++++++++++++- crypto/property/property.c | 63 +++++++++++++++++++++++++++++++-- crypto/property/property_parse.c | 29 +++++++++++++++ doc/man3/EVP_set_default_properties.pod | 23 +++++++++--- include/internal/property.h | 6 ++++ include/openssl/evp.h | 2 ++ include/openssl/evperr.h | 1 + test/property_test.c | 31 ++++++++++++++++ util/libcrypto.num | 2 ++ 12 files changed, 195 insertions(+), 15 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 4978ce7a8c..9eeb9c8008 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2572,6 +2572,7 @@ EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error EVP_R_PRIVATE_KEY_ENCODE_ERROR:146:private key encode error EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa +EVP_R_SET_DEFAULT_PROPERTY_FAILURE:208:set default property failure EVP_R_TOO_MANY_RECORDS:183:too many records EVP_R_UNKNOWN_CIPHER:160:unknown cipher EVP_R_UNKNOWN_DIGEST:161:unknown digest diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c index fa35fd168c..7798c4fcfa 100644 --- a/crypto/evp/evp_cnf.c +++ b/crypto/evp/evp_cnf.c @@ -19,7 +19,6 @@ DEFINE_STACK_OF(CONF_VALUE) /* Algorithm configuration module. */ -/* TODO(3.0): the config module functions should be passed a library context */ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) { int i; @@ -46,14 +45,17 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) } /* * fips_mode is deprecated and should not be used in new - * configurations. Old configurations are likely to ONLY - * have this, so we assume that no default properties have - * been set before this. + * configurations. */ - if (m > 0) - EVP_set_default_properties(NULL, "fips=yes"); + if (!EVP_default_properties_enable_fips(cnf->libctx, m > 0)) { + EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); + return 0; + } } else if (strcmp(oval->name, "default_properties") == 0) { - EVP_set_default_properties(NULL, oval->value); + if (!EVP_set_default_properties(cnf->libctx, oval->value)) { + EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); + return 0; + } } else { EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION); ERR_add_error_data(4, "name=", oval->name, diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 5b7b4b586c..0908b1ca16 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -133,6 +133,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SET_DEFAULT_PROPERTY_FAILURE), + "set default property failure"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_TOO_MANY_RECORDS), "too many records"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"}, diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 3176aa6b59..be5ab111aa 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -367,10 +367,42 @@ int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq) if (store != NULL) return ossl_method_store_set_global_properties(store, propq); - EVPerr(EVP_F_EVP_SET_DEFAULT_PROPERTIES, ERR_R_INTERNAL_ERROR); + EVPerr(0, ERR_R_INTERNAL_ERROR); return 0; } + +static int evp_default_properties_merge(OPENSSL_CTX *libctx, const char *propq) +{ + OSSL_METHOD_STORE *store = get_evp_method_store(libctx); + + if (store != NULL) + return ossl_method_store_merge_global_properties(store, propq); + EVPerr(0, ERR_R_INTERNAL_ERROR); + return 0; +} + +static int evp_default_property_is_enabled(OPENSSL_CTX *libctx, + const char *prop_name) +{ + OSSL_METHOD_STORE *store = get_evp_method_store(libctx); + + return ossl_method_store_global_property_is_enabled(store, prop_name); +} + +int EVP_default_properties_is_fips_enabled(OPENSSL_CTX *libctx) +{ + return evp_default_property_is_enabled(libctx, "fips"); +} + +int EVP_default_properties_enable_fips(OPENSSL_CTX *libctx, int enable) +{ + const char *query = (enable != 0) ? "fips=yes" : "-fips"; + + return evp_default_properties_merge(libctx, query); +} + + struct do_all_data_st { void (*user_fn)(void *method, void *arg); void *user_arg; diff --git a/crypto/property/property.c b/crypto/property/property.c index 2bcbc85813..93df1bb679 100644 --- a/crypto/property/property.c +++ b/crypto/property/property.c @@ -362,8 +362,24 @@ fin: return ret; } +int ossl_method_store_global_property_is_enabled(OSSL_METHOD_STORE *store, + const char *prop_name) +{ + int ret = 0; + + if (store == NULL) + return 0; + + ossl_property_read_lock(store); + ret = ossl_property_is_enabled(store->ctx, prop_name, + store->global_properties); + ossl_property_unlock(store); + return ret; +} + int ossl_method_store_set_global_properties(OSSL_METHOD_STORE *store, - const char *prop_query) { + const char *prop_query) +{ int ret = 0; if (store == NULL) @@ -371,9 +387,11 @@ int ossl_method_store_set_global_properties(OSSL_METHOD_STORE *store, ossl_property_write_lock(store); ossl_method_cache_flush_all(store); + + ossl_property_free(store->global_properties); + store->global_properties = NULL; + if (prop_query == NULL) { - ossl_property_free(store->global_properties); - store->global_properties = NULL; ossl_property_unlock(store); return 1; } @@ -383,6 +401,45 @@ int ossl_method_store_set_global_properties(OSSL_METHOD_STORE *store, return ret; } +int ossl_method_store_merge_global_properties(OSSL_METHOD_STORE *store, + const char *prop_query) +{ + int ret = 0; + OSSL_PROPERTY_LIST *prop = NULL, *global; + + if (store == NULL) + return 1; + + ossl_property_write_lock(store); + ossl_method_cache_flush_all(store); + if (prop_query == NULL) { + ossl_property_free(store->global_properties); + store->global_properties = NULL; + goto success; + } + prop = ossl_parse_query(store->ctx, prop_query); + if (prop == NULL) + goto end; + + if (store->global_properties == NULL) { + store->global_properties = prop; + prop = NULL; + goto success; + } + global = ossl_property_merge(prop, store->global_properties); + if (global == NULL) + goto end; + ossl_property_free(store->global_properties); + store->global_properties = global; + success: + ret = 1; + end: + ossl_property_unlock(store); + ossl_property_free(prop); + return ret; +} + + static void impl_cache_flush_alg(ossl_uintmax_t idx, ALGORITHM *alg) { lh_QUERY_doall(alg->cache, &impl_cache_free); diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c index eee76abc2c..21f78c02e2 100644 --- a/crypto/property/property_parse.c +++ b/crypto/property/property_parse.c @@ -453,6 +453,35 @@ int ossl_property_has_optional(const OSSL_PROPERTY_LIST *query) return query->has_optional ? 1 : 0; } +int ossl_property_is_enabled(OPENSSL_CTX *ctx, const char *property_name, + const OSSL_PROPERTY_LIST *prop_list) +{ + int i; + OSSL_PROPERTY_IDX name_id; + const PROPERTY_DEFINITION *prop = NULL; + + if (prop_list == NULL) + return 0; + + if (!parse_name(ctx, &property_name, 0, &name_id)) + return 0; + + prop = prop_list->properties; + for (i = 0; i < prop_list->n; ++i) { + if (prop[i].name_idx == name_id) { + /* Do a separate check for override as it does not set type */ + if (prop[i].optional || prop[i].oper == PROPERTY_OVERRIDE) + return 0; + return (prop[i].type == PROPERTY_TYPE_STRING + && ((prop[i].oper == PROPERTY_OPER_EQ + && prop[i].v.str_val == ossl_property_true) + || (prop[i].oper == PROPERTY_OPER_NE + && prop[i].v.str_val != ossl_property_true))); + } + } + return 0; +} + /* * Compare a query against a definition. * Return the number of clauses matched or -1 if a mandatory clause is false. diff --git a/doc/man3/EVP_set_default_properties.pod b/doc/man3/EVP_set_default_properties.pod index 6231fde627..1981ff12c1 100644 --- a/doc/man3/EVP_set_default_properties.pod +++ b/doc/man3/EVP_set_default_properties.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_set_default_properties +EVP_set_default_properties, EVP_default_properties_enable_fips, +EVP_default_properties_is_fips_enabled - Set default properties for future algorithm fetches =head1 SYNOPSIS @@ -10,6 +11,8 @@ EVP_set_default_properties #include int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq); + int EVP_default_properties_enable_fips(OPENSSL_CTX *libctx, int enable); + int EVP_default_properties_is_fips_enabled(OPENSSL_CTX *libctx); =head1 DESCRIPTION @@ -27,10 +30,22 @@ given with I (NULL signifies the default library context). Any previous default property for the specified library context will be dropped. +EVP_default_properties_enable_fips() sets the 'fips=yes' to be a default property +if I is non zero, otherwise it clears 'fips' from the default property +query for the given I. It merges the fips default property query with any +existing query strings that have been set via EVP_set_default_properties(). + +EVP_default_properties_is_fips_enabled() indicates if 'fips=yes' is a default +property for the given I. + =head1 RETURN VALUES -EVP_set_default_properties() returns 1 on success, or 0 on failure. -The latter adds an error on the error stack. +EVP_set_default_properties() and EVP_default_properties_enable_fips() return 1 +on success, or 0 on failure. An error is placed on the the error stack if a +failure occurs. + +EVP_default_properties_is_fips_enabled() returns 1 if the 'fips=true' default +property is set for the given I, otherwise it returns 0. =head1 SEE ALSO @@ -42,7 +57,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/property.h b/include/internal/property.h index 5e23dabab0..2b2332b237 100644 --- a/include/internal/property.h +++ b/include/internal/property.h @@ -26,6 +26,8 @@ OSSL_PROPERTY_LIST *ossl_parse_query(OPENSSL_CTX *ctx, const char *s); /* Property checker of query vs definition */ int ossl_property_match_count(const OSSL_PROPERTY_LIST *query, const OSSL_PROPERTY_LIST *defn); +int ossl_property_is_enabled(OPENSSL_CTX *ctx, const char *property_name, + const OSSL_PROPERTY_LIST *prop_list); /* Free a parsed property list */ void ossl_property_free(OSSL_PROPERTY_LIST *p); @@ -43,6 +45,10 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid, const char *prop_query, void **result); int ossl_method_store_set_global_properties(OSSL_METHOD_STORE *store, const char *prop_query); +int ossl_method_store_merge_global_properties(OSSL_METHOD_STORE *store, + const char *prop_query); +int ossl_method_store_global_property_is_enabled(OSSL_METHOD_STORE *store, + const char *prop_name); /* property query cache functions */ int ossl_method_store_cache_get(OSSL_METHOD_STORE *store, int nid, diff --git a/include/openssl/evp.h b/include/openssl/evp.h index ec1103522e..23cf52df0f 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -78,6 +78,8 @@ extern "C" { #endif int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq); +int EVP_default_properties_is_fips_enabled(OPENSSL_CTX *libctx); +int EVP_default_properties_enable_fips(OPENSSL_CTX *libctx, int enable); # define EVP_PKEY_MO_SIGN 0x0001 # define EVP_PKEY_MO_VERIFY 0x0002 diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index b8799a6f43..61848bbc0c 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -235,6 +235,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 # define EVP_R_PUBLIC_KEY_NOT_RSA 106 +# define EVP_R_SET_DEFAULT_PROPERTY_FAILURE 208 # define EVP_R_TOO_MANY_RECORDS 183 # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 diff --git a/test/property_test.c b/test/property_test.c index ca407b2ba4..aad43b9184 100644 --- a/test/property_test.c +++ b/test/property_test.c @@ -9,6 +9,7 @@ */ #include +#include #include "testutil.h" #include "internal/nelem.h" #include "internal/property.h" @@ -383,6 +384,35 @@ err: return res; } +static int test_fips_mode(void) +{ + int ret = 0; + OPENSSL_CTX *ctx = NULL; + + if (!TEST_ptr(ctx = OPENSSL_CTX_new())) + goto err; + + ret = TEST_true(EVP_set_default_properties(ctx, "default=yes,fips=yes")) + && TEST_true(EVP_default_properties_is_fips_enabled(ctx)) + && TEST_true(EVP_set_default_properties(ctx, "fips=no,default=yes")) + && TEST_false(EVP_default_properties_is_fips_enabled(ctx)) + && TEST_true(EVP_set_default_properties(ctx, "fips=no")) + && TEST_false(EVP_default_properties_is_fips_enabled(ctx)) + && TEST_true(EVP_set_default_properties(ctx, "fips!=no")) + && TEST_true(EVP_default_properties_is_fips_enabled(ctx)) + && TEST_true(EVP_set_default_properties(ctx, "fips=no")) + && TEST_false(EVP_default_properties_is_fips_enabled(ctx)) + && TEST_true(EVP_set_default_properties(ctx, "fips=no,default=yes")) + && TEST_true(EVP_default_properties_enable_fips(ctx, 1)) + && TEST_true(EVP_default_properties_is_fips_enabled(ctx)) + && TEST_true(EVP_default_properties_enable_fips(ctx, 0)) + && TEST_false(EVP_default_properties_is_fips_enabled(ctx)); +err: + OPENSSL_CTX_free(ctx); + return ret; +} + + int setup_tests(void) { ADD_TEST(test_property_string); @@ -393,5 +423,6 @@ int setup_tests(void) ADD_TEST(test_register_deregister); ADD_TEST(test_property); ADD_TEST(test_query_cache_stochastic); + ADD_TEST(test_fips_mode); return 1; } diff --git a/util/libcrypto.num b/util/libcrypto.num index 6c7ce4c0c3..ec0e6a171b 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5079,3 +5079,5 @@ X509_REQ_set0_signature ? 3_0_0 EXIST::FUNCTION: X509_REQ_set1_signature_algo ? 3_0_0 EXIST::FUNCTION: OSSL_PARAM_modified ? 3_0_0 EXIST::FUNCTION: OSSL_PARAM_set_all_unmodified ? 3_0_0 EXIST::FUNCTION: +EVP_default_properties_is_fips_enabled ? 3_0_0 EXIST::FUNCTION: +EVP_default_properties_enable_fips ? 3_0_0 EXIST::FUNCTION: From builds at travis-ci.org Sat May 2 04:23:30 2020 From: builds at travis-ci.org (Travis CI) Date: Sat, 02 May 2020 04:23:30 +0000 Subject: Broken: openssl/openssl#34315 (master - e0624f0) In-Reply-To: Message-ID: <5eacf5c229db5_13fa8e53abe0c1386ca@travis-tasks-c7957f786-4dm99.mail> Build Update for openssl/openssl ------------------------------------- Build: #34315 Status: Broken Duration: 1 min and 48 secs Commit: e0624f0 (master) Author: Shane Lontis Message: Add default property API's to enable and test for fips Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11239) View the changeset: https://github.com/openssl/openssl/compare/e908f292de63...e0624f0d702b View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/682198469?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Sat May 2 05:04:18 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 02 May 2020 05:04:18 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1588395858.640496.5979.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 64e54bf5c6 coverity 1462581 Dereference after null check 206da660a3 coverity 1462580 Improper use of negative value 209c3d3ef6 coverity 1462578 Resource leak 6f0bdf41a3 coverity 1462576 Resource leak 3e47e7b454 coverity 1462567: Null pointer dereferences ba61a0e60f coverity 1462574 Resource leak 5e12a13af7 coverity 1462573 Dereference after null check cb383f10d1 coverity 1462572 Dereference after null check 61cdc2a08d coverity 1462571 Dereference after null check 67d744b933 coverity 1462570 Resource leak d4d67bafe7 coverity 1462566 Resource leak 0e2b6091e9 coverity 1462564 Improper use of negative value 437e36aed5 coverity 1462562 Dereference before null check 70e18f9dce coverity 1462561 Uninitialized scalar variable 2a4ad6a5d4 coverity 1462560 Resource leak 576bcdb5bd coverity 1462556 Resource leak 9dbfb11d5a coverity 1462554 Dereference after null check 4dcff55c75 coverity 1462549 Dereference before null check ada7d4c345 coverity 1462548 Resource leak 089c292825 coverity 1462546 Dereference after null check dc8908bfe2 coverity 1462545 Dereference after null check e655ce14d0 coverity: 1462544 Dereference after null check 1f74259d42 coverity 1462543 Logically dead code bd5f280091 coverity 1462541 Dereference after null check 9b0e74c41a coverity 1462550 Resource leak 721330705a coverity 1462565: Null pointer dereferences 4f5e206dd8 coverity 1462577: Incorrect expression 92f0684d11 param bld: avoid freeing the param builder structure on error paths. bb4f39114c Fix snprintf missing for windows build 588d5d01fe Undeprecate DH, DSA and RSA _bits() functions. 036ee37063 EVP: Fix evp_keymgmt_util_copy() for to->keymgmt == NULL a6ed19dc9a Amend references to "OpenSSL license" 5e427a435b Update EVP_PKEY_fromdata.pod 90a37ce389 include/openssl/ts.h: clean away a misplaced EVP_MD stack definition 01659135a1 include/openssl/x509v3.h: restore previous stack definition arrangement Build log ended with (last 100 lines): clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_i2d_fp.d.tmp -MT crypto/asn1/libcrypto-lib-a_i2d_fp.o -c -o crypto/asn1/libcrypto-lib-a_i2d_fp.o ../openssl/crypto/asn1/a_i2d_fp.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_int.d.tmp -MT crypto/asn1/libcrypto-lib-a_int.o -c -o crypto/asn1/libcrypto-lib-a_int.o ../openssl/crypto/asn1/a_int.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_mbstr.d.tmp -MT crypto/asn1/libcrypto-lib-a_mbstr.o -c -o crypto/asn1/libcrypto-lib-a_mbstr.o ../openssl/crypto/asn1/a_mbstr.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_object.d.tmp -MT crypto/asn1/libcrypto-lib-a_object.o -c -o crypto/asn1/libcrypto-lib-a_object.o ../openssl/crypto/asn1/a_object.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_octet.d.tmp -MT crypto/asn1/libcrypto-lib-a_octet.o -c -o crypto/asn1/libcrypto-lib-a_octet.o ../openssl/crypto/asn1/a_octet.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_print.d.tmp -MT crypto/asn1/libcrypto-lib-a_print.o -c -o crypto/asn1/libcrypto-lib-a_print.o ../openssl/crypto/asn1/a_print.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_sign.d.tmp -MT crypto/asn1/libcrypto-lib-a_sign.o -c -o crypto/asn1/libcrypto-lib-a_sign.o ../openssl/crypto/asn1/a_sign.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_strex.d.tmp -MT crypto/asn1/libcrypto-lib-a_strex.o -c -o crypto/asn1/libcrypto-lib-a_strex.o ../openssl/crypto/asn1/a_strex.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_strnid.d.tmp -MT crypto/asn1/libcrypto-lib-a_strnid.o -c -o crypto/asn1/libcrypto-lib-a_strnid.o ../openssl/crypto/asn1/a_strnid.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_time.d.tmp -MT crypto/asn1/libcrypto-lib-a_time.o -c -o crypto/asn1/libcrypto-lib-a_time.o ../openssl/crypto/asn1/a_time.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_type.d.tmp -MT crypto/asn1/libcrypto-lib-a_type.o -c -o crypto/asn1/libcrypto-lib-a_type.o ../openssl/crypto/asn1/a_type.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_utctm.d.tmp -MT crypto/asn1/libcrypto-lib-a_utctm.o -c -o crypto/asn1/libcrypto-lib-a_utctm.o ../openssl/crypto/asn1/a_utctm.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_utf8.d.tmp -MT crypto/asn1/libcrypto-lib-a_utf8.o -c -o crypto/asn1/libcrypto-lib-a_utf8.o ../openssl/crypto/asn1/a_utf8.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_verify.d.tmp -MT crypto/asn1/libcrypto-lib-a_verify.o -c -o crypto/asn1/libcrypto-lib-a_verify.o ../openssl/crypto/asn1/a_verify.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-ameth_lib.d.tmp -MT crypto/asn1/libcrypto-lib-ameth_lib.o -c -o crypto/asn1/libcrypto-lib-ameth_lib.o ../openssl/crypto/asn1/ameth_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_err.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_err.o -c -o crypto/asn1/libcrypto-lib-asn1_err.o ../openssl/crypto/asn1/asn1_err.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_gen.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_gen.o -c -o crypto/asn1/libcrypto-lib-asn1_gen.o ../openssl/crypto/asn1/asn1_gen.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_item_list.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_item_list.o -c -o crypto/asn1/libcrypto-lib-asn1_item_list.o ../openssl/crypto/asn1/asn1_item_list.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_lib.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_lib.o -c -o crypto/asn1/libcrypto-lib-asn1_lib.o ../openssl/crypto/asn1/asn1_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_par.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_par.o -c -o crypto/asn1/libcrypto-lib-asn1_par.o ../openssl/crypto/asn1/asn1_par.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn_mime.d.tmp -MT crypto/asn1/libcrypto-lib-asn_mime.o -c -o crypto/asn1/libcrypto-lib-asn_mime.o ../openssl/crypto/asn1/asn_mime.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn_moid.d.tmp -MT crypto/asn1/libcrypto-lib-asn_moid.o -c -o crypto/asn1/libcrypto-lib-asn_moid.o ../openssl/crypto/asn1/asn_moid.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn_mstbl.d.tmp -MT crypto/asn1/libcrypto-lib-asn_mstbl.o -c -o crypto/asn1/libcrypto-lib-asn_mstbl.o ../openssl/crypto/asn1/asn_mstbl.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn_pack.d.tmp -MT crypto/asn1/libcrypto-lib-asn_pack.o -c -o crypto/asn1/libcrypto-lib-asn_pack.o ../openssl/crypto/asn1/asn_pack.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-bio_asn1.d.tmp -MT crypto/asn1/libcrypto-lib-bio_asn1.o -c -o crypto/asn1/libcrypto-lib-bio_asn1.o ../openssl/crypto/asn1/bio_asn1.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-bio_ndef.d.tmp -MT crypto/asn1/libcrypto-lib-bio_ndef.o -c -o crypto/asn1/libcrypto-lib-bio_ndef.o ../openssl/crypto/asn1/bio_ndef.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-d2i_param.d.tmp -MT crypto/asn1/libcrypto-lib-d2i_param.o -c -o crypto/asn1/libcrypto-lib-d2i_param.o ../openssl/crypto/asn1/d2i_param.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-d2i_pr.d.tmp -MT crypto/asn1/libcrypto-lib-d2i_pr.o -c -o crypto/asn1/libcrypto-lib-d2i_pr.o ../openssl/crypto/asn1/d2i_pr.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-d2i_pu.d.tmp -MT crypto/asn1/libcrypto-lib-d2i_pu.o -c -o crypto/asn1/libcrypto-lib-d2i_pu.o ../openssl/crypto/asn1/d2i_pu.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-evp_asn1.d.tmp -MT crypto/asn1/libcrypto-lib-evp_asn1.o -c -o crypto/asn1/libcrypto-lib-evp_asn1.o ../openssl/crypto/asn1/evp_asn1.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-f_int.d.tmp -MT crypto/asn1/libcrypto-lib-f_int.o -c -o crypto/asn1/libcrypto-lib-f_int.o ../openssl/crypto/asn1/f_int.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-f_string.d.tmp -MT crypto/asn1/libcrypto-lib-f_string.o -c -o crypto/asn1/libcrypto-lib-f_string.o ../openssl/crypto/asn1/f_string.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-i2d_param.d.tmp -MT crypto/asn1/libcrypto-lib-i2d_param.o -c -o crypto/asn1/libcrypto-lib-i2d_param.o ../openssl/crypto/asn1/i2d_param.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-i2d_pr.d.tmp -MT crypto/asn1/libcrypto-lib-i2d_pr.o -c -o crypto/asn1/libcrypto-lib-i2d_pr.o ../openssl/crypto/asn1/i2d_pr.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-i2d_pu.d.tmp -MT crypto/asn1/libcrypto-lib-i2d_pu.o -c -o crypto/asn1/libcrypto-lib-i2d_pu.o ../openssl/crypto/asn1/i2d_pu.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-n_pkey.d.tmp -MT crypto/asn1/libcrypto-lib-n_pkey.o -c -o crypto/asn1/libcrypto-lib-n_pkey.o ../openssl/crypto/asn1/n_pkey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-nsseq.d.tmp -MT crypto/asn1/libcrypto-lib-nsseq.o -c -o crypto/asn1/libcrypto-lib-nsseq.o ../openssl/crypto/asn1/nsseq.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-p5_pbe.d.tmp -MT crypto/asn1/libcrypto-lib-p5_pbe.o -c -o crypto/asn1/libcrypto-lib-p5_pbe.o ../openssl/crypto/asn1/p5_pbe.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-p5_pbev2.d.tmp -MT crypto/asn1/libcrypto-lib-p5_pbev2.o -c -o crypto/asn1/libcrypto-lib-p5_pbev2.o ../openssl/crypto/asn1/p5_pbev2.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-p5_scrypt.d.tmp -MT crypto/asn1/libcrypto-lib-p5_scrypt.o -c -o crypto/asn1/libcrypto-lib-p5_scrypt.o ../openssl/crypto/asn1/p5_scrypt.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-p8_pkey.d.tmp -MT crypto/asn1/libcrypto-lib-p8_pkey.o -c -o crypto/asn1/libcrypto-lib-p8_pkey.o ../openssl/crypto/asn1/p8_pkey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-t_bitst.d.tmp -MT crypto/asn1/libcrypto-lib-t_bitst.o -c -o crypto/asn1/libcrypto-lib-t_bitst.o ../openssl/crypto/asn1/t_bitst.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-t_pkey.d.tmp -MT crypto/asn1/libcrypto-lib-t_pkey.o -c -o crypto/asn1/libcrypto-lib-t_pkey.o ../openssl/crypto/asn1/t_pkey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-t_spki.d.tmp -MT crypto/asn1/libcrypto-lib-t_spki.o -c -o crypto/asn1/libcrypto-lib-t_spki.o ../openssl/crypto/asn1/t_spki.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_dec.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_dec.o -c -o crypto/asn1/libcrypto-lib-tasn_dec.o ../openssl/crypto/asn1/tasn_dec.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_enc.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_enc.o -c -o crypto/asn1/libcrypto-lib-tasn_enc.o ../openssl/crypto/asn1/tasn_enc.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_fre.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_fre.o -c -o crypto/asn1/libcrypto-lib-tasn_fre.o ../openssl/crypto/asn1/tasn_fre.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_new.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_new.o -c -o crypto/asn1/libcrypto-lib-tasn_new.o ../openssl/crypto/asn1/tasn_new.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_prn.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_prn.o -c -o crypto/asn1/libcrypto-lib-tasn_prn.o ../openssl/crypto/asn1/tasn_prn.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_scn.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_scn.o -c -o crypto/asn1/libcrypto-lib-tasn_scn.o ../openssl/crypto/asn1/tasn_scn.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_typ.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_typ.o -c -o crypto/asn1/libcrypto-lib-tasn_typ.o ../openssl/crypto/asn1/tasn_typ.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_utl.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_utl.o -c -o crypto/asn1/libcrypto-lib-tasn_utl.o ../openssl/crypto/asn1/tasn_utl.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_algor.d.tmp -MT crypto/asn1/libcrypto-lib-x_algor.o -c -o crypto/asn1/libcrypto-lib-x_algor.o ../openssl/crypto/asn1/x_algor.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_bignum.d.tmp -MT crypto/asn1/libcrypto-lib-x_bignum.o -c -o crypto/asn1/libcrypto-lib-x_bignum.o ../openssl/crypto/asn1/x_bignum.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_info.d.tmp -MT crypto/asn1/libcrypto-lib-x_info.o -c -o crypto/asn1/libcrypto-lib-x_info.o ../openssl/crypto/asn1/x_info.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_int64.d.tmp -MT crypto/asn1/libcrypto-lib-x_int64.o -c -o crypto/asn1/libcrypto-lib-x_int64.o ../openssl/crypto/asn1/x_int64.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_long.d.tmp -MT crypto/asn1/libcrypto-lib-x_long.o -c -o crypto/asn1/libcrypto-lib-x_long.o ../openssl/crypto/asn1/x_long.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_pkey.d.tmp -MT crypto/asn1/libcrypto-lib-x_pkey.o -c -o crypto/asn1/libcrypto-lib-x_pkey.o ../openssl/crypto/asn1/x_pkey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_sig.d.tmp -MT crypto/asn1/libcrypto-lib-x_sig.o -c -o crypto/asn1/libcrypto-lib-x_sig.o ../openssl/crypto/asn1/x_sig.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_spki.d.tmp -MT crypto/asn1/libcrypto-lib-x_spki.o -c -o crypto/asn1/libcrypto-lib-x_spki.o ../openssl/crypto/asn1/x_spki.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_val.d.tmp -MT crypto/asn1/libcrypto-lib-x_val.o -c -o crypto/asn1/libcrypto-lib-x_val.o ../openssl/crypto/asn1/x_val.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/arch/libcrypto-lib-async_null.d.tmp -MT crypto/async/arch/libcrypto-lib-async_null.o -c -o crypto/async/arch/libcrypto-lib-async_null.o ../openssl/crypto/async/arch/async_null.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/arch/libcrypto-lib-async_posix.d.tmp -MT crypto/async/arch/libcrypto-lib-async_posix.o -c -o crypto/async/arch/libcrypto-lib-async_posix.o ../openssl/crypto/async/arch/async_posix.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/arch/libcrypto-lib-async_win.d.tmp -MT crypto/async/arch/libcrypto-lib-async_win.o -c -o crypto/async/arch/libcrypto-lib-async_win.o ../openssl/crypto/async/arch/async_win.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/libcrypto-lib-async.d.tmp -MT crypto/async/libcrypto-lib-async.o -c -o crypto/async/libcrypto-lib-async.o ../openssl/crypto/async/async.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/libcrypto-lib-async_err.d.tmp -MT crypto/async/libcrypto-lib-async_err.o -c -o crypto/async/libcrypto-lib-async_err.o ../openssl/crypto/async/async_err.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/libcrypto-lib-async_wait.d.tmp -MT crypto/async/libcrypto-lib-async_wait.o -c -o crypto/async/libcrypto-lib-async_wait.o ../openssl/crypto/async/async_wait.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_cfb64.d.tmp -MT crypto/bf/libcrypto-lib-bf_cfb64.o -c -o crypto/bf/libcrypto-lib-bf_cfb64.o ../openssl/crypto/bf/bf_cfb64.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_ecb.d.tmp -MT crypto/bf/libcrypto-lib-bf_ecb.o -c -o crypto/bf/libcrypto-lib-bf_ecb.o ../openssl/crypto/bf/bf_ecb.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_enc.d.tmp -MT crypto/bf/libcrypto-lib-bf_enc.o -c -o crypto/bf/libcrypto-lib-bf_enc.o ../openssl/crypto/bf/bf_enc.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_ofb64.d.tmp -MT crypto/bf/libcrypto-lib-bf_ofb64.o -c -o crypto/bf/libcrypto-lib-bf_ofb64.o ../openssl/crypto/bf/bf_ofb64.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_skey.d.tmp -MT crypto/bf/libcrypto-lib-bf_skey.o -c -o crypto/bf/libcrypto-lib-bf_skey.o ../openssl/crypto/bf/bf_skey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_addr.d.tmp -MT crypto/bio/libcrypto-lib-b_addr.o -c -o crypto/bio/libcrypto-lib-b_addr.o ../openssl/crypto/bio/b_addr.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_dump.d.tmp -MT crypto/bio/libcrypto-lib-b_dump.o -c -o crypto/bio/libcrypto-lib-b_dump.o ../openssl/crypto/bio/b_dump.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_print.d.tmp -MT crypto/bio/libcrypto-lib-b_print.o -c -o crypto/bio/libcrypto-lib-b_print.o ../openssl/crypto/bio/b_print.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_sock.d.tmp -MT crypto/bio/libcrypto-lib-b_sock.o -c -o crypto/bio/libcrypto-lib-b_sock.o ../openssl/crypto/bio/b_sock.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_sock2.d.tmp -MT crypto/bio/libcrypto-lib-b_sock2.o -c -o crypto/bio/libcrypto-lib-b_sock2.o ../openssl/crypto/bio/b_sock2.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_buff.d.tmp -MT crypto/bio/libcrypto-lib-bf_buff.o -c -o crypto/bio/libcrypto-lib-bf_buff.o ../openssl/crypto/bio/bf_buff.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_lbuf.d.tmp -MT crypto/bio/libcrypto-lib-bf_lbuf.o -c -o crypto/bio/libcrypto-lib-bf_lbuf.o ../openssl/crypto/bio/bf_lbuf.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_nbio.d.tmp -MT crypto/bio/libcrypto-lib-bf_nbio.o -c -o crypto/bio/libcrypto-lib-bf_nbio.o ../openssl/crypto/bio/bf_nbio.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_null.d.tmp -MT crypto/bio/libcrypto-lib-bf_null.o -c -o crypto/bio/libcrypto-lib-bf_null.o ../openssl/crypto/bio/bf_null.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_prefix.d.tmp -MT crypto/bio/libcrypto-lib-bf_prefix.o -c -o crypto/bio/libcrypto-lib-bf_prefix.o ../openssl/crypto/bio/bf_prefix.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bio_cb.d.tmp -MT crypto/bio/libcrypto-lib-bio_cb.o -c -o crypto/bio/libcrypto-lib-bio_cb.o ../openssl/crypto/bio/bio_cb.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bio_err.d.tmp -MT crypto/bio/libcrypto-lib-bio_err.o -c -o crypto/bio/libcrypto-lib-bio_err.o ../openssl/crypto/bio/bio_err.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bio_lib.d.tmp -MT crypto/bio/libcrypto-lib-bio_lib.o -c -o crypto/bio/libcrypto-lib-bio_lib.o ../openssl/crypto/bio/bio_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bio_meth.d.tmp -MT crypto/bio/libcrypto-lib-bio_meth.o -c -o crypto/bio/libcrypto-lib-bio_meth.o ../openssl/crypto/bio/bio_meth.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bss_acpt.d.tmp -MT crypto/bio/libcrypto-lib-bss_acpt.o -c -o crypto/bio/libcrypto-lib-bss_acpt.o ../openssl/crypto/bio/bss_acpt.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bss_bio.d.tmp -MT crypto/bio/libcrypto-lib-bss_bio.o -c -o crypto/bio/libcrypto-lib-bss_bio.o ../openssl/crypto/bio/bss_bio.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bss_conn.d.tmp -MT crypto/bio/libcrypto-lib-bss_conn.o -c -o crypto/bio/libcrypto-lib-bss_conn.o ../openssl/crypto/bio/bss_conn.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bss_dgram.d.tmp -MT crypto/bio/libcrypto-lib-bss_dgram.o -c -o crypto/bio/libcrypto-lib-bss_dgram.o ../openssl/crypto/bio/bss_dgram.c ../openssl/crypto/bio/bio_lib.c:791:9: error: unused variable 'fd' [-Werror,-Wunused-variable] int fd; ^ 1 error generated. Makefile:12947: recipe for target 'crypto/bio/libcrypto-lib-bio_lib.o' failed make[1]: *** [crypto/bio/libcrypto-lib-bio_lib.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3002: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From shane.lontis at oracle.com Sat May 2 07:56:04 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Sat, 02 May 2020 07:56:04 +0000 Subject: [openssl] master update Message-ID: <1588406164.090133.10234.nullmailer@dev.openssl.org> The branch master has been updated via c450922c8cd8bc7326670fe83e2eb453fea79595 (commit) from e0624f0d702b57e23ecaf5236ce1bafdd85ec649 (commit) - Log ----------------------------------------------------------------- commit c450922c8cd8bc7326670fe83e2eb453fea79595 Author: Shane Lontis Date: Fri May 1 15:15:02 2020 +1000 Add solaris assembler fixes for legacy provider The legacy provider contains assembler references. Most code is automagically pulled in from the libcrypto - but the platform specific assembler functions will not be visible in the symbol table. Copying BNASM and DESASM into liblegacy seems to be a better solution than exposing platform specific function in libcrypto.num. Added a missing call in the des_cbc code for sparc. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11697) ----------------------------------------------------------------------- Summary of changes: crypto/bn/build.info | 8 +++++--- crypto/des/build.info | 8 +++++--- providers/implementations/ciphers/cipher_des_hw.c | 8 +++++++- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/crypto/bn/build.info b/crypto/bn/build.info index 5e04ed00ad..a40bcdca0f 100644 --- a/crypto/bn/build.info +++ b/crypto/bn/build.info @@ -112,16 +112,18 @@ $COMMON=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c \ bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ bn_x931p.c bn_intern.c bn_dh.c \ - bn_rsa_fips186_4.c $BNDH $BNASM -SOURCE[../../libcrypto]=$COMMON bn_print.c bn_err.c bn_srp.c + bn_rsa_fips186_4.c $BNDH +SOURCE[../../libcrypto]=$COMMON $BNASM bn_print.c bn_err.c bn_srp.c IF[{- !$disabled{'deprecated-3.0'} -}] SOURCE[../../libcrypto]=bn_depr.c ENDIF -SOURCE[../../providers/libfips.a]=$COMMON +SOURCE[../../providers/libfips.a]=$COMMON $BNASM +SOURCE[../../providers/liblegacy.a]=$BNASM # Implementations are now spread across several libraries, so the defines # need to be applied to all affected libraries and modules. DEFINE[../../libcrypto]=$BNDEF DEFINE[../../providers/libfips.a]=$BNDEF +DEFINE[../../providers/liblegacy.a]=$BNDEF DEFINE[../../providers/libimplementations.a]=$BNDEF INCLUDE[../../libcrypto]=../../crypto/include diff --git a/crypto/des/build.info b/crypto/des/build.info index 0e5fd171e2..eb0c75496b 100644 --- a/crypto/des/build.info +++ b/crypto/des/build.info @@ -14,7 +14,7 @@ IF[{- !$disabled{asm} -}] ENDIF LIBS=../../libcrypto -$COMMON=set_key.c ecb3_enc.c $DESASM +$COMMON=set_key.c ecb3_enc.c $ALL=$COMMON\ ecb_enc.c cbc_enc.c \ cfb64enc.c cfb64ede.c cfb_enc.c \ @@ -22,8 +22,10 @@ $ALL=$COMMON\ str2key.c pcbc_enc.c qud_cksm.c rand_key.c \ fcrypt.c xcbc_enc.c cbc_cksm.c -SOURCE[../../libcrypto]=$ALL -SOURCE[../../providers/libfips.a]=$COMMON +SOURCE[../../libcrypto]=$ALL $DESASM +SOURCE[../../providers/libfips.a]=$COMMON $DESASM +SOURCE[../../providers/liblegacy.a]=$DESASM + DEFINE[../../libcrypto]=$DESDEF DEFINE[../../providers/libfips.a]=$DESDEF DEFINE[../../providers/liblegacy.a]=$DESDEF diff --git a/providers/implementations/ciphers/cipher_des_hw.c b/providers/implementations/ciphers/cipher_des_hw.c index 7181c2290c..f52bade45e 100644 --- a/providers/implementations/ciphers/cipher_des_hw.c +++ b/providers/implementations/ciphers/cipher_des_hw.c @@ -65,7 +65,13 @@ static int cipher_hw_des_ecb_cipher(PROV_CIPHER_CTX *ctx, unsigned char *out, static int cipher_hw_des_cbc_cipher(PROV_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - DES_key_schedule *key = &(((PROV_DES_CTX *)ctx)->dks.ks); + PROV_DES_CTX *dctx = (PROV_DES_CTX *)ctx; + DES_key_schedule *key = &(dctx->dks.ks); + + if (dctx->dstream.cbc != NULL) { + (*dctx->dstream.cbc) (in, out, len, key, ctx->iv); + return 1; + } while (len >= MAXCHUNK) { DES_ncbc_encrypt(in, out, MAXCHUNK, key, (DES_cblock *)ctx->iv, From builds at travis-ci.org Sat May 2 07:59:47 2020 From: builds at travis-ci.org (Travis CI) Date: Sat, 02 May 2020 07:59:47 +0000 Subject: Still Failing: openssl/openssl#34317 (master - c450922) In-Reply-To: Message-ID: <5ead2871b6964_13fe3681a31c4359b3@travis-tasks-cc5944597-wrljt.mail> Build Update for openssl/openssl ------------------------------------- Build: #34317 Status: Still Failing Duration: 2 mins and 15 secs Commit: c450922 (master) Author: Shane Lontis Message: Add solaris assembler fixes for legacy provider The legacy provider contains assembler references. Most code is automagically pulled in from the libcrypto - but the platform specific assembler functions will not be visible in the symbol table. Copying BNASM and DESASM into liblegacy seems to be a better solution than exposing platform specific function in libcrypto.num. Added a missing call in the des_cbc code for sparc. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11697) View the changeset: https://github.com/openssl/openssl/compare/e0624f0d702b...c450922c8cd8 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/682221017?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Sat May 2 11:04:31 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 02 May 2020 11:04:31 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1588417471.305656.21724.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 64e54bf5c6 coverity 1462581 Dereference after null check 206da660a3 coverity 1462580 Improper use of negative value 209c3d3ef6 coverity 1462578 Resource leak 6f0bdf41a3 coverity 1462576 Resource leak 3e47e7b454 coverity 1462567: Null pointer dereferences ba61a0e60f coverity 1462574 Resource leak 5e12a13af7 coverity 1462573 Dereference after null check cb383f10d1 coverity 1462572 Dereference after null check 61cdc2a08d coverity 1462571 Dereference after null check 67d744b933 coverity 1462570 Resource leak d4d67bafe7 coverity 1462566 Resource leak 0e2b6091e9 coverity 1462564 Improper use of negative value 437e36aed5 coverity 1462562 Dereference before null check 70e18f9dce coverity 1462561 Uninitialized scalar variable 2a4ad6a5d4 coverity 1462560 Resource leak 576bcdb5bd coverity 1462556 Resource leak 9dbfb11d5a coverity 1462554 Dereference after null check 4dcff55c75 coverity 1462549 Dereference before null check ada7d4c345 coverity 1462548 Resource leak 089c292825 coverity 1462546 Dereference after null check dc8908bfe2 coverity 1462545 Dereference after null check e655ce14d0 coverity: 1462544 Dereference after null check 1f74259d42 coverity 1462543 Logically dead code bd5f280091 coverity 1462541 Dereference after null check 9b0e74c41a coverity 1462550 Resource leak 721330705a coverity 1462565: Null pointer dereferences 4f5e206dd8 coverity 1462577: Incorrect expression 92f0684d11 param bld: avoid freeing the param builder structure on error paths. bb4f39114c Fix snprintf missing for windows build 588d5d01fe Undeprecate DH, DSA and RSA _bits() functions. 036ee37063 EVP: Fix evp_keymgmt_util_copy() for to->keymgmt == NULL a6ed19dc9a Amend references to "OpenSSL license" 5e427a435b Update EVP_PKEY_fromdata.pod 90a37ce389 include/openssl/ts.h: clean away a misplaced EVP_MD stack definition 01659135a1 include/openssl/x509v3.h: restore previous stack definition arrangement Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1984, 640 wallclock secs ( 7.62 usr 1.62 sys + 605.25 cusr 43.04 csys = 657.53 CPU) Result: FAIL Makefile:3052: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3050: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat May 2 12:39:06 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 02 May 2020 12:39:06 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1588423146.281167.5791.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 64e54bf5c6 coverity 1462581 Dereference after null check 206da660a3 coverity 1462580 Improper use of negative value 209c3d3ef6 coverity 1462578 Resource leak 6f0bdf41a3 coverity 1462576 Resource leak 3e47e7b454 coverity 1462567: Null pointer dereferences ba61a0e60f coverity 1462574 Resource leak 5e12a13af7 coverity 1462573 Dereference after null check cb383f10d1 coverity 1462572 Dereference after null check 61cdc2a08d coverity 1462571 Dereference after null check 67d744b933 coverity 1462570 Resource leak d4d67bafe7 coverity 1462566 Resource leak 0e2b6091e9 coverity 1462564 Improper use of negative value 437e36aed5 coverity 1462562 Dereference before null check 70e18f9dce coverity 1462561 Uninitialized scalar variable 2a4ad6a5d4 coverity 1462560 Resource leak 576bcdb5bd coverity 1462556 Resource leak 9dbfb11d5a coverity 1462554 Dereference after null check 4dcff55c75 coverity 1462549 Dereference before null check ada7d4c345 coverity 1462548 Resource leak 089c292825 coverity 1462546 Dereference after null check dc8908bfe2 coverity 1462545 Dereference after null check e655ce14d0 coverity: 1462544 Dereference after null check 1f74259d42 coverity 1462543 Logically dead code bd5f280091 coverity 1462541 Dereference after null check 9b0e74c41a coverity 1462550 Resource leak 721330705a coverity 1462565: Null pointer dereferences 4f5e206dd8 coverity 1462577: Incorrect expression 92f0684d11 param bld: avoid freeing the param builder structure on error paths. bb4f39114c Fix snprintf missing for windows build 588d5d01fe Undeprecate DH, DSA and RSA _bits() functions. 036ee37063 EVP: Fix evp_keymgmt_util_copy() for to->keymgmt == NULL a6ed19dc9a Amend references to "OpenSSL license" 5e427a435b Update EVP_PKEY_fromdata.pod 90a37ce389 include/openssl/ts.h: clean away a misplaced EVP_MD stack definition 01659135a1 include/openssl/x509v3.h: restore previous stack definition arrangement Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslprovider.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=197, Tests=1901, 571 wallclock secs ( 7.06 usr 1.78 sys + 540.71 cusr 39.74 csys = 589.29 CPU) Result: FAIL Makefile:3034: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:3032: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat May 2 13:18:02 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 02 May 2020 13:18:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1588425482.779915.14941.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 64e54bf5c6 coverity 1462581 Dereference after null check 206da660a3 coverity 1462580 Improper use of negative value 209c3d3ef6 coverity 1462578 Resource leak 6f0bdf41a3 coverity 1462576 Resource leak 3e47e7b454 coverity 1462567: Null pointer dereferences ba61a0e60f coverity 1462574 Resource leak 5e12a13af7 coverity 1462573 Dereference after null check cb383f10d1 coverity 1462572 Dereference after null check 61cdc2a08d coverity 1462571 Dereference after null check 67d744b933 coverity 1462570 Resource leak d4d67bafe7 coverity 1462566 Resource leak 0e2b6091e9 coverity 1462564 Improper use of negative value 437e36aed5 coverity 1462562 Dereference before null check 70e18f9dce coverity 1462561 Uninitialized scalar variable 2a4ad6a5d4 coverity 1462560 Resource leak 576bcdb5bd coverity 1462556 Resource leak 9dbfb11d5a coverity 1462554 Dereference after null check 4dcff55c75 coverity 1462549 Dereference before null check ada7d4c345 coverity 1462548 Resource leak 089c292825 coverity 1462546 Dereference after null check dc8908bfe2 coverity 1462545 Dereference after null check e655ce14d0 coverity: 1462544 Dereference after null check 1f74259d42 coverity 1462543 Logically dead code bd5f280091 coverity 1462541 Dereference after null check 9b0e74c41a coverity 1462550 Resource leak 721330705a coverity 1462565: Null pointer dereferences 4f5e206dd8 coverity 1462577: Incorrect expression 92f0684d11 param bld: avoid freeing the param builder structure on error paths. bb4f39114c Fix snprintf missing for windows build 588d5d01fe Undeprecate DH, DSA and RSA _bits() functions. 036ee37063 EVP: Fix evp_keymgmt_util_copy() for to->keymgmt == NULL a6ed19dc9a Amend references to "OpenSSL license" 5e427a435b Update EVP_PKEY_fromdata.pod 90a37ce389 include/openssl/ts.h: clean away a misplaced EVP_MD stack definition 01659135a1 include/openssl/x509v3.h: restore previous stack definition arrangement Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1986, 652 wallclock secs ( 8.25 usr 1.57 sys + 613.72 cusr 43.53 csys = 667.07 CPU) Result: FAIL Makefile:3036: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3034: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat May 2 14:35:54 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 02 May 2020 14:35:54 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1588430154.018685.30010.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 64e54bf5c6 coverity 1462581 Dereference after null check 206da660a3 coverity 1462580 Improper use of negative value 209c3d3ef6 coverity 1462578 Resource leak 6f0bdf41a3 coverity 1462576 Resource leak 3e47e7b454 coverity 1462567: Null pointer dereferences ba61a0e60f coverity 1462574 Resource leak 5e12a13af7 coverity 1462573 Dereference after null check cb383f10d1 coverity 1462572 Dereference after null check 61cdc2a08d coverity 1462571 Dereference after null check 67d744b933 coverity 1462570 Resource leak d4d67bafe7 coverity 1462566 Resource leak 0e2b6091e9 coverity 1462564 Improper use of negative value 437e36aed5 coverity 1462562 Dereference before null check 70e18f9dce coverity 1462561 Uninitialized scalar variable 2a4ad6a5d4 coverity 1462560 Resource leak 576bcdb5bd coverity 1462556 Resource leak 9dbfb11d5a coverity 1462554 Dereference after null check 4dcff55c75 coverity 1462549 Dereference before null check ada7d4c345 coverity 1462548 Resource leak 089c292825 coverity 1462546 Dereference after null check dc8908bfe2 coverity 1462545 Dereference after null check e655ce14d0 coverity: 1462544 Dereference after null check 1f74259d42 coverity 1462543 Logically dead code bd5f280091 coverity 1462541 Dereference after null check 9b0e74c41a coverity 1462550 Resource leak 721330705a coverity 1462565: Null pointer dereferences 4f5e206dd8 coverity 1462577: Incorrect expression 92f0684d11 param bld: avoid freeing the param builder structure on error paths. bb4f39114c Fix snprintf missing for windows build 588d5d01fe Undeprecate DH, DSA and RSA _bits() functions. 036ee37063 EVP: Fix evp_keymgmt_util_copy() for to->keymgmt == NULL a6ed19dc9a Amend references to "OpenSSL license" 5e427a435b Update EVP_PKEY_fromdata.pod 90a37ce389 include/openssl/ts.h: clean away a misplaced EVP_MD stack definition 01659135a1 include/openssl/x509v3.h: restore previous stack definition arrangement Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslprovider.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=197, Tests=1901, 582 wallclock secs ( 6.84 usr 1.73 sys + 549.73 cusr 40.36 csys = 598.66 CPU) Result: FAIL Makefile:3046: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:3044: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat May 2 15:15:36 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 02 May 2020 15:15:36 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1588432536.961164.6728.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 64e54bf5c6 coverity 1462581 Dereference after null check 206da660a3 coverity 1462580 Improper use of negative value 209c3d3ef6 coverity 1462578 Resource leak 6f0bdf41a3 coverity 1462576 Resource leak 3e47e7b454 coverity 1462567: Null pointer dereferences ba61a0e60f coverity 1462574 Resource leak 5e12a13af7 coverity 1462573 Dereference after null check cb383f10d1 coverity 1462572 Dereference after null check 61cdc2a08d coverity 1462571 Dereference after null check 67d744b933 coverity 1462570 Resource leak d4d67bafe7 coverity 1462566 Resource leak 0e2b6091e9 coverity 1462564 Improper use of negative value 437e36aed5 coverity 1462562 Dereference before null check 70e18f9dce coverity 1462561 Uninitialized scalar variable 2a4ad6a5d4 coverity 1462560 Resource leak 576bcdb5bd coverity 1462556 Resource leak 9dbfb11d5a coverity 1462554 Dereference after null check 4dcff55c75 coverity 1462549 Dereference before null check ada7d4c345 coverity 1462548 Resource leak 089c292825 coverity 1462546 Dereference after null check dc8908bfe2 coverity 1462545 Dereference after null check e655ce14d0 coverity: 1462544 Dereference after null check 1f74259d42 coverity 1462543 Logically dead code bd5f280091 coverity 1462541 Dereference after null check 9b0e74c41a coverity 1462550 Resource leak 721330705a coverity 1462565: Null pointer dereferences 4f5e206dd8 coverity 1462577: Incorrect expression 92f0684d11 param bld: avoid freeing the param builder structure on error paths. bb4f39114c Fix snprintf missing for windows build 588d5d01fe Undeprecate DH, DSA and RSA _bits() functions. 036ee37063 EVP: Fix evp_keymgmt_util_copy() for to->keymgmt == NULL a6ed19dc9a Amend references to "OpenSSL license" 5e427a435b Update EVP_PKEY_fromdata.pod 90a37ce389 include/openssl/ts.h: clean away a misplaced EVP_MD stack definition 01659135a1 include/openssl/x509v3.h: restore previous stack definition arrangement Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1986, 654 wallclock secs ( 7.85 usr 1.66 sys + 616.12 cusr 42.71 csys = 668.34 CPU) Result: FAIL Makefile:3045: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3043: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Sat May 2 15:29:18 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 02 May 2020 15:29:18 +0000 Subject: Build failed: openssl master.33769 Message-ID: <20200502152918.1.1B98CC5A4D86565F@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 2 17:33:52 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 02 May 2020 17:33:52 +0000 Subject: Build completed: openssl master.33770 Message-ID: <20200502173352.1.8F09CA56DB6F5584@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Sun May 3 04:06:26 2020 From: levitte at openssl.org (Richard Levitte) Date: Sun, 03 May 2020 04:06:26 +0000 Subject: [openssl] master update Message-ID: <1588478786.441948.32060.nullmailer@dev.openssl.org> The branch master has been updated via 6d81bb2676f6a210f15f17324ab6852f52cc7f55 (commit) from c450922c8cd8bc7326670fe83e2eb453fea79595 (commit) - Log ----------------------------------------------------------------- commit 6d81bb2676f6a210f15f17324ab6852f52cc7f55 Author: Richard Levitte Date: Fri May 1 19:24:50 2020 +0200 util/perl/OpenSSL/OID.pm: remove the included unit test The unit test uses features that appeared in perl 5.12, and is therefore a source of trouble when building. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11704) ----------------------------------------------------------------------- Summary of changes: util/perl/OpenSSL/OID.pm | 85 ------------------------------------------------ 1 file changed, 85 deletions(-) diff --git a/util/perl/OpenSSL/OID.pm b/util/perl/OpenSSL/OID.pm index 0bc34ce5b7..0b39ef9fd2 100644 --- a/util/perl/OpenSSL/OID.pm +++ b/util/perl/OpenSSL/OID.pm @@ -304,89 +304,4 @@ sub _pairmap (&@) { map { $block->($_) } _pairs @_; } -######## UNIT TESTING - -use Test::More; - -sub TEST { - # Order is important, so we make it a pairwise list - my @predefined = - ( - 'pkcs' => '1.2.840.113549', - 'pkcs-1' => 'pkcs.1', - ); - - my %good_cases = - ( - ' 1.2.840.113549.1.1 ' => [ 42, 134, 72, 134, 247, 13, 1, 1 ], - 'pkcs.1.1' => [ 42, 134, 72, 134, 247, 13, 1, 1 ], - 'pkcs-1.1' => [ 42, 134, 72, 134, 247, 13, 1, 1 ], - ' { iso (1) 2 840 113549 1 1 } ' => [ 42, 134, 72, 134, 247, 13, 1, 1 ], - '{ pkcs 1 1 } ' => [ 42, 134, 72, 134, 247, 13, 1, 1 ], - '{pkcs-1 1 }' => [ 42, 134, 72, 134, 247, 13, 1, 1 ], - ); - my @bad_cases = - ( - ' { 1.2.840.113549.1.1 } ', - ); - - plan tests => - scalar ( @predefined ) / 2 - + scalar ( keys %good_cases ) - + scalar @bad_cases; - - note 'Predefine a few names OIDs'; - foreach my $pair ( _pairs @predefined ) { - ok( defined eval { register_oid(@$pair) }, - "Registering $pair->[0] => $pair->[1]" ); - } - - note 'Good cases'; - foreach ( keys %good_cases ) { - subtest "Checking '$_'" => sub { - my $oid = shift; - - plan tests => 5; - - my (@l, @e); - - ok( scalar (@l = eval { parse_oid $oid }) > 0, - "Parsing" ); - diag $@ unless @l; - ok( scalar (@e = eval { encode_oid_nums @l }) > 0, - "Encoding via encode_oid_nums()" ); - diag $@ unless @e; - is_deeply(\@e, $good_cases{$oid}, "Checking encoding"); - note "'$oid' => ", join(', ', @e) if @e; - - ok( scalar (@e = eval { encode_oid $oid }) > 0, - "Encoding directly" ); - diag $@ unless @e; - is_deeply(\@e, $good_cases{$oid}, "Checking encoding"); - note "'$oid' => ", join(', ', @e) if @e; - }, - $_; - } - - note 'Bad cases'; - foreach ( @bad_cases ) { - subtest "Checking '$_'" => sub { - my $oid = shift; - - plan tests => 2; - - my (@l, @e); - - ok( scalar (@l = eval { parse_oid $oid }) == 0, - "Parsing '$oid'" ); - note $@ unless @l; - ok( scalar (@e = eval { encode_oid_nums @l }) == 0, - "Encoding '$oid'" ); - note $@ unless @e; - note "'$oid' => ", join(', ', @e) if @e; - }, - $_; - } -} - 1; # End of OpenSSL::OID From shane.lontis at oracle.com Sun May 3 04:28:05 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Sun, 03 May 2020 04:28:05 +0000 Subject: [openssl] master update Message-ID: <1588480085.127926.12385.nullmailer@dev.openssl.org> The branch master has been updated via 200e5ee5a4493906b307bf23117630b7caff0694 (commit) from 6d81bb2676f6a210f15f17324ab6852f52cc7f55 (commit) - Log ----------------------------------------------------------------- commit 200e5ee5a4493906b307bf23117630b7caff0694 Author: Richard Levitte Date: Sat May 2 10:48:59 2020 +0200 Fix reason code clash EVP_R_NULL_MAC_PKEY_CTX vs EVP_R_SET_DEFAULT_PROPERTY_FAILURE Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11708) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 2 +- include/openssl/evperr.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 9eeb9c8008..133a935b0f 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2572,7 +2572,7 @@ EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error EVP_R_PRIVATE_KEY_ENCODE_ERROR:146:private key encode error EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa -EVP_R_SET_DEFAULT_PROPERTY_FAILURE:208:set default property failure +EVP_R_SET_DEFAULT_PROPERTY_FAILURE:209:set default property failure EVP_R_TOO_MANY_RECORDS:183:too many records EVP_R_UNKNOWN_CIPHER:160:unknown cipher EVP_R_UNKNOWN_DIGEST:161:unknown digest diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 61848bbc0c..a18b30e497 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -235,7 +235,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 # define EVP_R_PUBLIC_KEY_NOT_RSA 106 -# define EVP_R_SET_DEFAULT_PROPERTY_FAILURE 208 +# define EVP_R_SET_DEFAULT_PROPERTY_FAILURE 209 # define EVP_R_TOO_MANY_RECORDS 183 # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 From builds at travis-ci.org Sun May 3 04:10:48 2020 From: builds at travis-ci.org (Travis CI) Date: Sun, 03 May 2020 04:10:48 +0000 Subject: Still Failing: openssl/openssl#34332 (master - 6d81bb2) In-Reply-To: Message-ID: <5eae444838b45_13fedb67e6aec1719f5@travis-tasks-68469694ff-vwh82.mail> Build Update for openssl/openssl ------------------------------------- Build: #34332 Status: Still Failing Duration: 2 mins and 47 secs Commit: 6d81bb2 (master) Author: Richard Levitte Message: util/perl/OpenSSL/OID.pm: remove the included unit test The unit test uses features that appeared in perl 5.12, and is therefore a source of trouble when building. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11704) View the changeset: https://github.com/openssl/openssl/compare/c450922c8cd8...6d81bb2676f6 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/682491013?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun May 3 04:57:07 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 03 May 2020 04:57:07 +0000 Subject: Build failed: openssl master.33774 Message-ID: <20200503045707.1.E69931AD6B6CDE5D@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Sun May 3 05:15:44 2020 From: builds at travis-ci.org (Travis CI) Date: Sun, 03 May 2020 05:15:44 +0000 Subject: Fixed: openssl/openssl#34333 (master - 200e5ee) In-Reply-To: Message-ID: <5eae537f802e8_13fd4844d9bec372cd@travis-tasks-6989fbdc88-tpf2h.mail> Build Update for openssl/openssl ------------------------------------- Build: #34333 Status: Fixed Duration: 47 mins and 19 secs Commit: 200e5ee (master) Author: Richard Levitte Message: Fix reason code clash EVP_R_NULL_MAC_PKEY_CTX vs EVP_R_SET_DEFAULT_PROPERTY_FAILURE Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11708) View the changeset: https://github.com/openssl/openssl/compare/6d81bb2676f6...200e5ee5a449 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/682493995?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun May 3 07:48:45 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 03 May 2020 07:48:45 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5eae775c59f67_4d3a2ac85a6cef4c15d@appnode-2.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDi0WH2X69cApo3pLD935e8Q-3D-3D40NT_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEtAV95foTVxcoikxRrFdL1VAfPHDazaO9sHQ-2BAtm4a7-2Fj2hpu-2F0fEWB-2Fw4qs8MuDIma-2FUImhCFj5hUC0o3PYkncPhMtu558XaIzPzZ7gAQ8TZgL97B2EiZBnvad2YwnttJb5Fe3Kzu4q9mv9WU2XxFWsJ07c6GzM7AuV2By5-2FI7h6JMx7BxPno8GkP7Xa-2FZv-2B2WL9ECQXYHgbHnj2sg9Wg Build ID: 311076 Analysis Summary: New defects found: 0 Defects eliminated: 36 From scan-admin at coverity.com Sun May 3 07:51:21 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 03 May 2020 07:51:21 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5eae77f8a82c9_50922ac85a6cef4c161@appnode-2.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDoN19TFJwpfzx7faM2hcaNQ-3D-3DLftO_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEaQBfey9EPQj5RRh1jhEnw7OL5SIrfqoNTyKkTyEg56JRr7tX0e6elX-2BW5WlXcI3F6jammcafOHT6G-2BLyg30f-2FFvQHZAitNkwTQgC18McP74QPFS3jfQ8sqeWxi2eqsW-2BvbA1nBiEJyH6ek0MUQNwJuyQK-2FM1GUUep3kzffmYZ9qR6D7SePYLidR98kSPlS40-3D Build ID: 311077 Analysis Summary: New defects found: 0 Defects eliminated: 0 From no-reply at appveyor.com Sun May 3 10:01:17 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 03 May 2020 10:01:17 +0000 Subject: Build failed: openssl master.33780 Message-ID: <20200503100117.1.52AC9F6594D43561@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun May 3 14:13:56 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 03 May 2020 14:13:56 +0000 Subject: Build completed: openssl master.33781 Message-ID: <20200503141356.1.E8F674AC02123E51@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun May 3 15:37:11 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 03 May 2020 15:37:11 +0000 Subject: Build failed: openssl master.33782 Message-ID: <20200503153711.1.2C41350D64614D28@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon May 4 03:50:13 2020 From: levitte at openssl.org (Richard Levitte) Date: Mon, 04 May 2020 03:50:13 +0000 Subject: [openssl] master update Message-ID: <1588564213.708472.27793.nullmailer@dev.openssl.org> The branch master has been updated via 12cbb8e0497bc4990cfb02f1b9ebe23df9b53a2c (commit) from 200e5ee5a4493906b307bf23117630b7caff0694 (commit) - Log ----------------------------------------------------------------- commit 12cbb8e0497bc4990cfb02f1b9ebe23df9b53a2c Author: Richard Levitte Date: Fri May 1 18:06:18 2020 +0200 WPACKET: don't write DER length when we don't want to With endfirst writing, it could be that we want to abandon any zero length sub-packet. That's what WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH was supposed to make happen, but the DER length writing code didn't look at that flag. Now it does. Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11703) ----------------------------------------------------------------------- Summary of changes: crypto/packet.c | 5 ++++- test/wpackettest.c | 9 +++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/crypto/packet.c b/crypto/packet.c index 661b59e842..6db97a5434 100644 --- a/crypto/packet.c +++ b/crypto/packet.c @@ -265,7 +265,10 @@ static int wpacket_intern_close(WPACKET *pkt, WPACKET_SUB *sub, int doclose) && !put_value(&buf[sub->packet_len], packlen, sub->lenbytes)) return 0; - } else if (pkt->endfirst && sub->parent != NULL) { + } else if (pkt->endfirst && sub->parent != NULL + && (packlen != 0 + || (sub->flags + & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) == 0)) { size_t tmplen = packlen; size_t numlenbytes = 1; diff --git a/test/wpackettest.c b/test/wpackettest.c index 08b5f976ca..b03dfcd2e0 100644 --- a/test/wpackettest.c +++ b/test/wpackettest.c @@ -360,6 +360,8 @@ static int test_WPACKET_init_der(void) unsigned char testdata[] = { 0x00, 0x01, 0x02, 0x03 }; unsigned char testdata2[259] = { 0x82, 0x01, 0x00 }; size_t written[2]; + size_t size1, size2; + int flags = WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH; int i; /* Test initialising for writing DER */ @@ -370,6 +372,13 @@ static int test_WPACKET_init_der(void) || !TEST_true(WPACKET_memcpy(&pkt, testdata, sizeof(testdata))) || !TEST_true(WPACKET_close(&pkt)) || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xfc)) + /* this sub-packet is empty, and should render zero bytes */ + || (!TEST_true(WPACKET_start_sub_packet(&pkt)) + || !TEST_true(WPACKET_set_flags(&pkt, flags)) + || !TEST_true(WPACKET_get_total_written(&pkt, &size1)) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &size2)) + || !TEST_size_t_eq(size1, size2)) || !TEST_true(WPACKET_finish(&pkt)) || !TEST_true(WPACKET_get_total_written(&pkt, &written[0])) || !TEST_mem_eq(WPACKET_get_curr(&pkt), written[0], simpleder, From no-reply at appveyor.com Mon May 4 05:54:04 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 04 May 2020 05:54:04 +0000 Subject: Build completed: openssl master.33783 Message-ID: <20200504055404.1.DF4C75630B7D3D6C@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon May 4 06:15:21 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 04 May 2020 06:15:21 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1588572921.799179.4115.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 200e5ee5a4 Fix reason code clash 6d81bb2676 util/perl/OpenSSL/OID.pm: remove the included unit test c450922c8c Add solaris assembler fixes for legacy provider e0624f0d70 Add default property API's to enable and test for fips e908f292de make update for SSL_new_session_ticket f0049b86cc Add test for SSL_new_session_ticket() 3bfacb5fd4 Add SSL_new_session_ticket() API 6250282f7f Fix whitespace nit in ossl_statem_server_pre_work 9011309618 Add a test for EVP_PKEY_*_check functions for "DSA" keys 2fc2e37b28 When a private key is validated and there is no private key, return early. Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1984, 666 wallclock secs ( 8.84 usr 1.45 sys + 622.86 cusr 44.43 csys = 677.58 CPU) Result: FAIL Makefile:3054: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3052: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Mon May 4 07:13:42 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 04 May 2020 07:13:42 +0000 Subject: Build failed: openssl master.33785 Message-ID: <20200504071342.1.52F714E45C435C2E@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Mon May 4 07:52:20 2020 From: matt at openssl.org (Matt Caswell) Date: Mon, 04 May 2020 07:52:20 +0000 Subject: [openssl] master update Message-ID: <1588578740.284109.15558.nullmailer@dev.openssl.org> The branch master has been updated via e4ec769eb9a18df3593339fc1213dc9441155c90 (commit) from 12cbb8e0497bc4990cfb02f1b9ebe23df9b53a2c (commit) - Log ----------------------------------------------------------------- commit e4ec769eb9a18df3593339fc1213dc9441155c90 Author: Leo Neat Date: Mon Mar 16 18:15:50 2020 -0700 CIFuzz turning dry_run off Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11339) ----------------------------------------------------------------------- Summary of changes: .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7e2e029758..b21c24ea57 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -8,13 +8,13 @@ jobs: uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers at master with: oss-fuzz-project-name: 'openssl' - dry-run: true + dry-run: false - name: Run Fuzzers uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers at master with: oss-fuzz-project-name: 'openssl' fuzz-seconds: 600 - dry-run: true + dry-run: false - name: Upload Crash uses: actions/upload-artifact at v1 if: failure() From matt at openssl.org Mon May 4 08:04:22 2020 From: matt at openssl.org (Matt Caswell) Date: Mon, 04 May 2020 08:04:22 +0000 Subject: [openssl] master update Message-ID: <1588579462.104985.23963.nullmailer@dev.openssl.org> The branch master has been updated via 7421f085005e0d7a1dd2fe61b991ff23cef91c22 (commit) via 0c27ce7322e15a7e0733d48aaf9c8e1d1249541f (commit) via e2e4b784e65eaafb133a7db3d344446c43112d41 (commit) from e4ec769eb9a18df3593339fc1213dc9441155c90 (commit) - Log ----------------------------------------------------------------- commit 7421f085005e0d7a1dd2fe61b991ff23cef91c22 Author: nia Date: Thu Apr 30 14:43:04 2020 +0100 rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes. Requests for more than 256 bytes will fail. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11689) commit 0c27ce7322e15a7e0733d48aaf9c8e1d1249541f Author: nia Date: Thu Apr 30 14:42:09 2020 +0100 rand_unix.c: Only enable hack for old FreeBSD versions on FreeBSD Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11689) commit e2e4b784e65eaafb133a7db3d344446c43112d41 Author: nia Date: Thu Apr 30 14:41:07 2020 +0100 rand_unix.c: Include correct headers for sysctl() on NetBSD This allows sysctl(KERN_ARND) to be detected properly. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11689) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_unix.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 319c6e4c53..081ffca908 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -27,12 +27,12 @@ # include # endif #endif -#if defined(__FreeBSD__) && !defined(OPENSSL_SYS_UEFI) +#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(OPENSSL_SYS_UEFI) # include # include # include #endif -#if defined(__OpenBSD__) || defined(__NetBSD__) +#if defined(__OpenBSD__) # include #endif @@ -227,10 +227,12 @@ static ssize_t sysctl_random(char *buf, size_t buflen) * when the sysctl returns long and we want to request something not a * multiple of longs, which should never be the case. */ +#if defined(__FreeBSD__) if (!ossl_assert(buflen % sizeof(long) == 0)) { errno = EINVAL; return -1; } +#endif /* * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only @@ -248,7 +250,7 @@ static ssize_t sysctl_random(char *buf, size_t buflen) mib[1] = KERN_ARND; do { - len = buflen; + len = buflen > 256 ? 256 : buflen; if (sysctl(mib, 2, buf, &len, NULL, 0) == -1) return done > 0 ? done : -1; done += len; From matt at openssl.org Mon May 4 08:27:15 2020 From: matt at openssl.org (Matt Caswell) Date: Mon, 04 May 2020 08:27:15 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1588580835.408060.6990.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 352933bd664e6145366b51b50821c8aefd652aa8 (commit) via 3c64c50bcf848bd341dd4c4541a70a76883f5147 (commit) via 78ed03986f39a5b85ebf04e5e97eaa9602dee0a3 (commit) from 1632a6854cc594901018f9490426b26e893aae43 (commit) - Log ----------------------------------------------------------------- commit 352933bd664e6145366b51b50821c8aefd652aa8 Author: nia Date: Thu Apr 30 14:43:04 2020 +0100 rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes. Requests for more than 256 bytes will fail. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11689) (cherry picked from commit 7421f085005e0d7a1dd2fe61b991ff23cef91c22) commit 3c64c50bcf848bd341dd4c4541a70a76883f5147 Author: nia Date: Thu Apr 30 14:42:09 2020 +0100 rand_unix.c: Only enable hack for old FreeBSD versions on FreeBSD Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11689) (cherry picked from commit 0c27ce7322e15a7e0733d48aaf9c8e1d1249541f) commit 78ed03986f39a5b85ebf04e5e97eaa9602dee0a3 Author: nia Date: Thu Apr 30 14:41:07 2020 +0100 rand_unix.c: Include correct headers for sysctl() on NetBSD This allows sysctl(KERN_ARND) to be detected properly. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11689) (cherry picked from commit e2e4b784e65eaafb133a7db3d344446c43112d41) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_unix.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index fe457cab4a..19b6138a1f 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -26,12 +26,12 @@ # include # endif #endif -#if defined(__FreeBSD__) && !defined(OPENSSL_SYS_UEFI) +#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(OPENSSL_SYS_UEFI) # include # include # include #endif -#if defined(__OpenBSD__) || defined(__NetBSD__) +#if defined(__OpenBSD__) # include #endif @@ -247,10 +247,12 @@ static ssize_t sysctl_random(char *buf, size_t buflen) * when the sysctl returns long and we want to request something not a * multiple of longs, which should never be the case. */ +#if defined(__FreeBSD__) if (!ossl_assert(buflen % sizeof(long) == 0)) { errno = EINVAL; return -1; } +#endif /* * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only @@ -268,7 +270,7 @@ static ssize_t sysctl_random(char *buf, size_t buflen) mib[1] = KERN_ARND; do { - len = buflen; + len = buflen > 256 ? 256 : buflen; if (sysctl(mib, 2, buf, &len, NULL, 0) == -1) return done > 0 ? done : -1; done += len; From matt at openssl.org Mon May 4 08:39:14 2020 From: matt at openssl.org (Matt Caswell) Date: Mon, 04 May 2020 08:39:14 +0000 Subject: [openssl] master update Message-ID: <1588581554.678949.18937.nullmailer@dev.openssl.org> The branch master has been updated via b756626a3732869875c50f150bddacfbcac5a7ab (commit) via 86dc26baf65dd2ba83beff80ce37d05a3f6c33b0 (commit) via 2b1bc78acc0d7ef3a10ca0cb3d2280375032d137 (commit) via 262ff12347f30548080ad904b7d15928221864aa (commit) via 48b4b1044906b6bdbf948f11bf54c5b2733c0c94 (commit) via d4fe478df04073abf0657506b58ed3f67443fcaf (commit) via c19d89785075393d27287c90086fa2aeaa842e62 (commit) via f3336f40508dfd4821f0048b149ffb45f8f08875 (commit) via 969024b4580172b1cd836550e227d64515c628bc (commit) via a6f8a834ba6f877baa427e3d25694d49beb29306 (commit) via 1c4f340dd35f0ca48e263ab85399a965e1125ac6 (commit) from 7421f085005e0d7a1dd2fe61b991ff23cef91c22 (commit) - Log ----------------------------------------------------------------- commit b756626a3732869875c50f150bddacfbcac5a7ab Author: Matt Caswell Date: Tue Apr 28 17:45:53 2020 +0100 Allow OSSL_PARAM_get_octet_string() to pass a NULL buffer We may just want to know the number of octets so allow passing a NULL buffer. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11635) commit 86dc26baf65dd2ba83beff80ce37d05a3f6c33b0 Author: Matt Caswell Date: Mon Apr 27 17:17:05 2020 +0100 Add some tests for the newly added raw private/public key functions We already had soem tests for the older raw private/public key functions so we expand those to call the new versions as well and pass in a libctx. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11635) commit 2b1bc78acc0d7ef3a10ca0cb3d2280375032d137 Author: Matt Caswell Date: Mon Apr 27 16:48:18 2020 +0100 Document the new raw private/public key functions Document the newly added EVP_PKEY_new_raw_private_key_with_libctx and EVP_PKEY_new_raw_public_key_with_libctx functions. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11635) commit 262ff12347f30548080ad904b7d15928221864aa Author: Matt Caswell Date: Mon Apr 27 16:14:16 2020 +0100 Implement key match functionality for ECX keys This makes EVP_PKEY_cmp work for provider side ECX keys. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11635) commit 48b4b1044906b6bdbf948f11bf54c5b2733c0c94 Author: Matt Caswell Date: Fri Apr 24 17:40:31 2020 +0100 Fix the KEYNID2TYPE macro This macro was not correctly handling Ed25519 keys Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11635) commit d4fe478df04073abf0657506b58ed3f67443fcaf Author: Matt Caswell Date: Fri Apr 24 16:20:27 2020 +0100 Don't export ECX key data twice We had a redundant couple of lines where we exported key data twice. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11635) commit c19d89785075393d27287c90086fa2aeaa842e62 Author: Matt Caswell Date: Fri Apr 24 16:19:25 2020 +0100 Ensure EVP_PKEY_get_raw_[private|public]_key work with provider keys If the key is a provider key then we should export it from the provider. Fixes #11627 Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11635) commit f3336f40508dfd4821f0048b149ffb45f8f08875 Author: Matt Caswell Date: Fri Apr 24 15:43:20 2020 +0100 Add the library ctx into an ECX_KEY At various points we need to be able to retrieve the current library context so we store it in the ECX_KEY structure. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11635) commit 969024b4580172b1cd836550e227d64515c628bc Author: Matt Caswell Date: Fri Apr 24 15:32:34 2020 +0100 Add the ability to ECX to import keys with only the private key ECX keys can very easily crete the public key from the private key. Therefore when we import ecx keys it is sufficent to just have the private key. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11635) commit a6f8a834ba6f877baa427e3d25694d49beb29306 Author: Matt Caswell Date: Fri Apr 24 11:44:15 2020 +0100 Ensure OSSL_PARAM_BLD_free() can accept a NULL All OpenSSL free functions should accept NULL. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11635) commit 1c4f340dd35f0ca48e263ab85399a965e1125ac6 Author: Matt Caswell Date: Fri Apr 24 11:33:33 2020 +0100 Make EVP_new_raw_[private|public]_key provider aware We also introduce variants which are OPENSSL_CTX aware Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11635) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ecx_backend.c | 48 ++++-- crypto/ec/ecx_backend.h | 6 +- crypto/ec/ecx_key.c | 3 +- crypto/ec/ecx_meth.c | 34 +--- crypto/evp/p_lib.c | 234 +++++++++++++++++++++----- crypto/param_build.c | 2 + crypto/params.c | 5 +- doc/man3/EVP_PKEY_new.pod | 53 ++++-- doc/man3/OSSL_PARAM_int.pod | 4 +- include/crypto/ecx.h | 4 +- include/openssl/evp.h | 10 ++ providers/implementations/keymgmt/ecx_kmgmt.c | 59 +++++-- test/evp_extra_test.c | 53 ++++-- util/libcrypto.num | 2 + 14 files changed, 397 insertions(+), 120 deletions(-) diff --git a/crypto/ec/ecx_backend.c b/crypto/ec/ecx_backend.c index e613337029..042f9ca8da 100644 --- a/crypto/ec/ecx_backend.c +++ b/crypto/ec/ecx_backend.c @@ -9,6 +9,8 @@ #include #include +#include +#include #include "crypto/ecx.h" #include "ecx_backend.h" @@ -18,10 +20,35 @@ * implementations alike. */ +int ecx_public_from_private(ECX_KEY *key) +{ + switch (key->type) { + case ECX_KEY_TYPE_X25519: + X25519_public_from_private(key->pubkey, key->privkey); + break; + case ECX_KEY_TYPE_ED25519: + if (!ED25519_public_from_private(key->libctx, key->pubkey, key->privkey)) { + ECerr(0, EC_R_FAILED_MAKING_PUBLIC_KEY); + return 0; + } + break; + case ECX_KEY_TYPE_X448: + X448_public_from_private(key->pubkey, key->privkey); + break; + case ECX_KEY_TYPE_ED448: + if (!ED448_public_from_private(key->libctx, key->pubkey, key->privkey)) { + ECerr(0, EC_R_FAILED_MAKING_PUBLIC_KEY); + return 0; + } + break; + } + return 1; +} + int ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[], int include_private) { - size_t privkeylen = 0, pubkeylen; + size_t privkeylen = 0, pubkeylen = 0; const OSSL_PARAM *param_priv_key = NULL, *param_pub_key; unsigned char *pubkey; @@ -32,11 +59,8 @@ int ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[], if (include_private) param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); - /* - * If a private key is present then a public key must also be present. - * Alternatively we've just got a public key. - */ - if (param_pub_key == NULL) + + if (param_pub_key == NULL && param_priv_key == NULL) return 0; if (param_priv_key != NULL @@ -46,15 +70,19 @@ int ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[], return 0; pubkey = ecx->pubkey; - if (!OSSL_PARAM_get_octet_string(param_pub_key, - (void **)&pubkey, - sizeof(ecx->pubkey), &pubkeylen)) + if (param_pub_key != NULL + && !OSSL_PARAM_get_octet_string(param_pub_key, + (void **)&pubkey, + sizeof(ecx->pubkey), &pubkeylen)) return 0; - if (pubkeylen != ecx->keylen + if ((param_pub_key != NULL && pubkeylen != ecx->keylen) || (param_priv_key != NULL && privkeylen != ecx->keylen)) return 0; + if (param_pub_key == NULL && !ecx_public_from_private(ecx)) + return 0; + ecx->haspubkey = 1; return 1; diff --git a/crypto/ec/ecx_backend.h b/crypto/ec/ecx_backend.h index 50ece17abb..2c01294789 100644 --- a/crypto/ec/ecx_backend.h +++ b/crypto/ec/ecx_backend.h @@ -13,8 +13,8 @@ : ((id) == EVP_PKEY_X448 ? X448_KEYLEN \ : ED448_KEYLEN)) #define KEYNID2TYPE(id) \ - (IS25519(id) ? ECX_KEY_TYPE_X25519 \ + (IS25519(id) ? ((id) == EVP_PKEY_X25519 ? ECX_KEY_TYPE_X25519 \ + : ECX_KEY_TYPE_ED25519) \ : ((id) == EVP_PKEY_X448 ? ECX_KEY_TYPE_X448 \ - : ((id) == EVP_PKEY_ED25519 ? ECX_KEY_TYPE_ED25519 \ - : ECX_KEY_TYPE_ED448))) + : ECX_KEY_TYPE_ED448)) #define KEYLEN(p) KEYLENID((p)->ameth->pkey_id) diff --git a/crypto/ec/ecx_key.c b/crypto/ec/ecx_key.c index 0b43d26ae4..46abd57a74 100644 --- a/crypto/ec/ecx_key.c +++ b/crypto/ec/ecx_key.c @@ -10,13 +10,14 @@ #include #include "crypto/ecx.h" -ECX_KEY *ecx_key_new(ECX_KEY_TYPE type, int haspubkey) +ECX_KEY *ecx_key_new(OPENSSL_CTX *libctx, ECX_KEY_TYPE type, int haspubkey) { ECX_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) return NULL; + ret->libctx = libctx; ret->haspubkey = haspubkey; switch (type) { case ECX_KEY_TYPE_X25519: diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index a9c71f33aa..eedb1c9259 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -59,7 +59,7 @@ static int ecx_key_op(EVP_PKEY *pkey, int id, const X509_ALGOR *palg, } } - key = ecx_key_new(KEYNID2TYPE(id), 1); + key = ecx_key_new(libctx, KEYNID2TYPE(id), 1); if (key == NULL) { ECerr(EC_F_ECX_KEY_OP, ERR_R_MALLOC_FAILURE); return 0; @@ -88,25 +88,9 @@ static int ecx_key_op(EVP_PKEY *pkey, int id, const X509_ALGOR *palg, } else { memcpy(privkey, p, KEYLENID(id)); } - switch (id) { - case EVP_PKEY_X25519: - X25519_public_from_private(pubkey, privkey); - break; - case EVP_PKEY_ED25519: - if (!ED25519_public_from_private(libctx, pubkey, privkey)) { - ECerr(EC_F_ECX_KEY_OP, EC_R_FAILED_MAKING_PUBLIC_KEY); - goto err; - } - break; - case EVP_PKEY_X448: - X448_public_from_private(pubkey, privkey); - break; - case EVP_PKEY_ED448: - if (!ED448_public_from_private(libctx, pubkey, privkey)) { - ECerr(EC_F_ECX_KEY_OP, EC_R_FAILED_MAKING_PUBLIC_KEY); - goto err; - } - break; + if (!ecx_public_from_private(key)) { + ECerr(EC_F_ECX_KEY_OP, EC_R_FAILED_MAKING_PUBLIC_KEY); + goto err; } } @@ -455,7 +439,7 @@ static int ecx_generic_import_from(const OSSL_PARAM params[], void *vpctx, { EVP_PKEY_CTX *pctx = vpctx; EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); - ECX_KEY *ecx = ecx_key_new(KEYNID2TYPE(keytype), 0); + ECX_KEY *ecx = ecx_key_new(pctx->libctx, KEYNID2TYPE(keytype), 0); if (ecx == NULL) { ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); @@ -963,7 +947,7 @@ static int s390x_pkey_ecx_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - ECX_KEY *key = ecx_key_new(ECX_KEY_TYPE_X25519, 1); + ECX_KEY *key = ecx_key_new(ctx->libctx, ECX_KEY_TYPE_X25519, 1); unsigned char *privkey = NULL, *pubkey; if (key == NULL) { @@ -1005,7 +989,7 @@ static int s390x_pkey_ecx_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - ECX_KEY *key = ecx_key_new(ECX_KEY_TYPE_X448, 1); + ECX_KEY *key = ecx_key_new(ctx->libctx, ECX_KEY_TYPE_X448, 1); unsigned char *privkey = NULL, *pubkey; if (key == NULL) { @@ -1050,7 +1034,7 @@ static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, }; unsigned char x_dst[32], buff[SHA512_DIGEST_LENGTH]; - ECX_KEY *key = ecx_key_new(ECX_KEY_TYPE_ED25519, 1); + ECX_KEY *key = ecx_key_new(ctx->libctx, ECX_KEY_TYPE_ED25519, 1); unsigned char *privkey = NULL, *pubkey; unsigned int sz; @@ -1107,7 +1091,7 @@ static int s390x_pkey_ecd_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 0x24, 0xbc, 0xb6, 0x6e, 0x71, 0x46, 0x3f, 0x69, 0x00 }; unsigned char x_dst[57], buff[114]; - ECX_KEY *key = ecx_key_new(ECX_KEY_TYPE_ED448, 1); + ECX_KEY *key = ecx_key_new(ctx->libctx, ECX_KEY_TYPE_ED448, 1); unsigned char *privkey = NULL, *pubkey; EVP_MD_CTX *hashctx = NULL; diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index bbeb7276fe..9eb9f4937b 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include @@ -320,78 +321,213 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) return -2; } -EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, - const unsigned char *priv, - size_t len) + +static EVP_PKEY *new_raw_key_int(OPENSSL_CTX *libctx, + const char *strtype, + const char *propq, + int nidtype, + ENGINE *e, + const unsigned char *key, + size_t len, + int key_is_priv) { - EVP_PKEY *ret = EVP_PKEY_new(); + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *ctx = NULL; + const EVP_PKEY_ASN1_METHOD *ameth = NULL; + int result = 0; - if (ret == NULL - || !pkey_set_type(ret, e, type, NULL, -1, NULL)) { - /* EVPerr already called */ - goto err; +# ifndef OPENSSL_NO_ENGINE + /* Check if there is an Engine for this type */ + if (e == NULL) { + ENGINE *tmpe = NULL; + + if (strtype != NULL) + ameth = EVP_PKEY_asn1_find_str(&tmpe, strtype, -1); + else if (nidtype != EVP_PKEY_NONE) + ameth = EVP_PKEY_asn1_find(&tmpe, nidtype); + + /* If tmpe is NULL then no engine is claiming to support this type */ + if (tmpe == NULL) + ameth = NULL; + + ENGINE_finish(tmpe); } +# endif - if (ret->ameth->set_priv_key == NULL) { - EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + if (e == NULL && ameth == NULL) { + /* + * No engine is claiming to support this type, so lets see if we have + * a provider. + */ + ctx = EVP_PKEY_CTX_new_from_name(libctx, + strtype != NULL ? strtype + : OBJ_nid2sn(nidtype), + propq); + if (ctx == NULL) { + EVPerr(0, ERR_R_MALLOC_FAILURE); + goto err; + } + /* May fail if no provider available */ + ERR_set_mark(); + if (EVP_PKEY_key_fromdata_init(ctx) == 1) { + OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + ERR_clear_last_mark(); + params[0] = OSSL_PARAM_construct_octet_string( + key_is_priv ? OSSL_PKEY_PARAM_PRIV_KEY + : OSSL_PKEY_PARAM_PUB_KEY, + (void *)key, len); + + if (EVP_PKEY_fromdata(ctx, &pkey, params) != 1) { + EVPerr(0, EVP_R_KEY_SETUP_FAILED); + goto err; + } + + EVP_PKEY_CTX_free(ctx); + + return pkey; + } + ERR_pop_to_mark(); + /* else not supported so fallback to legacy */ + } + + /* Legacy code path */ + + pkey = EVP_PKEY_new(); + if (pkey == NULL) { + EVPerr(0, ERR_R_MALLOC_FAILURE); goto err; } - if (!ret->ameth->set_priv_key(ret, priv, len)) { - EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, EVP_R_KEY_SETUP_FAILED); + if (!pkey_set_type(pkey, e, nidtype, strtype, -1, NULL)) { + /* EVPerr already called */ goto err; } - return ret; + if (!ossl_assert(pkey->ameth != NULL)) + goto err; + if (key_is_priv) { + if (pkey->ameth->set_priv_key == NULL) { + EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + goto err; + } + + if (!pkey->ameth->set_priv_key(pkey, key, len)) { + EVPerr(0, EVP_R_KEY_SETUP_FAILED); + goto err; + } + } else { + if (pkey->ameth->set_pub_key == NULL) { + EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + goto err; + } + + if (!pkey->ameth->set_pub_key(pkey, key, len)) { + EVPerr(0, EVP_R_KEY_SETUP_FAILED); + goto err; + } + } + + result = 1; err: - EVP_PKEY_free(ret); - return NULL; + if (!result) { + EVP_PKEY_free(pkey); + pkey = NULL; + } + EVP_PKEY_CTX_free(ctx); + return pkey; +} + +EVP_PKEY *EVP_PKEY_new_raw_private_key_with_libctx(OPENSSL_CTX *libctx, + const char *keytype, + const char *propq, + const unsigned char *priv, + size_t len) +{ + return new_raw_key_int(libctx, keytype, propq, EVP_PKEY_NONE, NULL, priv, + len, 1); +} + +EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, + const unsigned char *priv, + size_t len) +{ + return new_raw_key_int(NULL, NULL, NULL, type, e, priv, len, 1); +} + +EVP_PKEY *EVP_PKEY_new_raw_public_key_with_libctx(OPENSSL_CTX *libctx, + const char *keytype, + const char *propq, + const unsigned char *pub, + size_t len) +{ + return new_raw_key_int(libctx, keytype, propq, EVP_PKEY_NONE, NULL, pub, + len, 0); } EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, const unsigned char *pub, size_t len) { - EVP_PKEY *ret = EVP_PKEY_new(); + return new_raw_key_int(NULL, NULL, NULL, type, e, pub, len, 0); +} - if (ret == NULL - || !pkey_set_type(ret, e, type, NULL, -1, NULL)) { - /* EVPerr already called */ - goto err; - } +struct raw_key_details_st +{ + unsigned char **key; + size_t *len; + int selection; +}; - if (ret->ameth->set_pub_key == NULL) { - EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - goto err; - } +static OSSL_CALLBACK get_raw_key_details; +static int get_raw_key_details(const OSSL_PARAM params[], void *arg) +{ + const OSSL_PARAM *p = NULL; + struct raw_key_details_st *raw_key = arg; - if (!ret->ameth->set_pub_key(ret, pub, len)) { - EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, EVP_R_KEY_SETUP_FAILED); - goto err; + if (raw_key->selection == OSSL_KEYMGMT_SELECT_PRIVATE_KEY) { + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY)) + != NULL) + return OSSL_PARAM_get_octet_string(p, (void **)raw_key->key, + SIZE_MAX, raw_key->len); + } else if (raw_key->selection == OSSL_KEYMGMT_SELECT_PUBLIC_KEY) { + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY)) + != NULL) + return OSSL_PARAM_get_octet_string(p, (void **)raw_key->key, + SIZE_MAX, raw_key->len); } - return ret; - - err: - EVP_PKEY_free(ret); - return NULL; + return 0; } int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, size_t *len) { - /* TODO(3.0) Do we need to do anything about provider side keys? */ - if (pkey->ameth->get_priv_key == NULL) { - EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + if (pkey->keymgmt != NULL) { + struct raw_key_details_st raw_key; + + raw_key.key = priv == NULL ? NULL : &priv; + raw_key.len = len; + raw_key.selection = OSSL_KEYMGMT_SELECT_PRIVATE_KEY; + + return evp_keymgmt_export(pkey->keymgmt, pkey->keydata, + OSSL_KEYMGMT_SELECT_PRIVATE_KEY, + get_raw_key_details, &raw_key); + } + + if (pkey->ameth == NULL) { + EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return 0; + } + + if (pkey->ameth->get_priv_key == NULL) { + EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return 0; } if (!pkey->ameth->get_priv_key(pkey, priv, len)) { - EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, EVP_R_GET_RAW_KEY_FAILED); + EVPerr(0, EVP_R_GET_RAW_KEY_FAILED); return 0; } @@ -401,7 +537,23 @@ int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, size_t *len) { - /* TODO(3.0) Do we need to do anything about provider side keys? */ + if (pkey->keymgmt != NULL) { + struct raw_key_details_st raw_key; + + raw_key.key = pub == NULL ? NULL : &pub; + raw_key.len = len; + raw_key.selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY; + + return evp_keymgmt_export(pkey->keymgmt, pkey->keydata, + OSSL_KEYMGMT_SELECT_PUBLIC_KEY, + get_raw_key_details, &raw_key); + } + + if (pkey->ameth == NULL) { + EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return 0; + } + if (pkey->ameth->get_pub_key == NULL) { EVPerr(EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); diff --git a/crypto/param_build.c b/crypto/param_build.c index 43b194bcea..76522cd377 100644 --- a/crypto/param_build.c +++ b/crypto/param_build.c @@ -125,6 +125,8 @@ static void free_all_params(OSSL_PARAM_BLD *bld) void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld) { + if (bld == NULL) + return; free_all_params(bld); sk_OSSL_PARAM_BLD_DEF_free(bld->params); OPENSSL_free(bld); diff --git a/crypto/params.c b/crypto/params.c index 32161d0533..06ae1bc44f 100644 --- a/crypto/params.c +++ b/crypto/params.c @@ -780,7 +780,7 @@ static int get_string_internal(const OSSL_PARAM *p, void **val, size_t max_len, { size_t sz; - if (val == NULL || p == NULL || p->data_type != type) + if ((val == NULL && used_len == NULL) || p == NULL || p->data_type != type) return 0; sz = p->data_size; @@ -793,6 +793,9 @@ static int get_string_internal(const OSSL_PARAM *p, void **val, size_t max_len, if (p->data == NULL) return 0; + if (val == NULL) + return 1; + if (*val == NULL) { char *const q = OPENSSL_malloc(sz); diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod index b3bbe63aec..3efab95671 100644 --- a/doc/man3/EVP_PKEY_new.pod +++ b/doc/man3/EVP_PKEY_new.pod @@ -5,7 +5,9 @@ EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free, +EVP_PKEY_new_raw_private_key_with_libctx, EVP_PKEY_new_raw_private_key, +EVP_PKEY_new_raw_public_key_with_libctx, EVP_PKEY_new_raw_public_key, EVP_PKEY_new_CMAC_key, EVP_PKEY_new_mac_key, @@ -21,8 +23,18 @@ EVP_PKEY_get_raw_public_key int EVP_PKEY_up_ref(EVP_PKEY *key); void EVP_PKEY_free(EVP_PKEY *key); + EVP_PKEY *EVP_PKEY_new_raw_private_key_with_libctx(OPENSSL_CTX *libctx, + const char *keytype, + const char *propq, + const unsigned char *key, + size_t keylen); EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, const unsigned char *key, size_t keylen); + EVP_PKEY *EVP_PKEY_new_raw_public_key_with_libctx(OPENSSL_CTX *libctx, + const char *keytype, + const char *propq, + const unsigned char *key, + size_t keylen); EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, const unsigned char *key, size_t keylen); EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, @@ -46,16 +58,34 @@ EVP_PKEY_up_ref() increments the reference count of B. EVP_PKEY_free() decrements the reference count of B and, if the reference count is zero, frees it up. If B is NULL, nothing is done. -EVP_PKEY_new_raw_private_key() allocates a new B. If B is non-NULL -then the new B structure is associated with the engine B. The -B argument indicates what kind of key this is. The value should be a NID -for a public key algorithm that supports raw private keys, i.e. one of -B, B, B, B, -B, B or B. B points to the -raw private key data for this B which should be of length B. -The length should be appropriate for the type of the key. The public key data -will be automatically derived from the given private key data (if appropriate -for the algorithm type). +EVP_PKEY_new_raw_private_key_with_libctx() allocates a new B. Unless +an engine should be used for the key type, a provider for the key is found using +the library context I and the property query string I. The +I argument indicates what kind of key this is. The value should be a +string for a public key algorithm that supports raw private keys, i.e one of +"POLY1305", "SIPHASH", "X25519", "ED25519", "X448" or "ED448". Note that you may +also use "HMAC" which is not a public key algorithm but is treated as such by +some OpenSSL APIs. You are encouraged to use the EVP_MAC APIs instead for HMAC +(see L). I points to the raw private key data for this +B which should be of length I. The length should be +appropriate for the type of the key. The public key data will be automatically +derived from the given private key data (if appropriate for the algorithm type). + +EVP_PKEY_new_raw_private_key() does the same as +EVP_PKEY_new_raw_private_key_with_libctx() except that the default library +context and default property query are used instead. If B is non-NULL then +the new B structure is associated with the engine B. The B +argument indicates what kind of key this is. The value should be a NID for a +public key algorithm that supports raw private keys, i.e. one of +B, B, B, +B, B or B. As for +EVP_PKEY_new_raw_private_key_with_libctx() you may also use B. + +EVP_PKEY_new_raw_public_key_with_libctx() works in the same way as +EVP_PKEY_new_raw_private_key_with_libctx() except that B points to the raw +public key data. The B structure will be initialised without any +private key information. Algorithm types that support raw public keys are +"X25519", "ED25519", "X448" or "ED448". EVP_PKEY_new_raw_public_key() works in the same way as EVP_PKEY_new_raw_private_key() except that B points to the raw public key @@ -127,6 +157,9 @@ EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), EVP_PKEY_new_CMAC_key(), EVP_PKEY_new_raw_private_key() and EVP_PKEY_get_raw_public_key() functions were added in OpenSSL 1.1.1. +The EVP_PKEY_new_raw_private_key_with_libctx and +EVP_PKEY_new_raw_public_key_with_libctx functions were added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/OSSL_PARAM_int.pod b/doc/man3/OSSL_PARAM_int.pod index 9126906883..09215184a7 100644 --- a/doc/man3/OSSL_PARAM_int.pod +++ b/doc/man3/OSSL_PARAM_int.pod @@ -233,7 +233,9 @@ OSSL_PARAM_get_octet_string() retrieves an OCTET string from the parameter pointed to by B

. The OCTETs are either stored into B<*val> with a length limit of B or, in the case when B<*val> is B, memory is allocated and -B is ignored. +B is ignored. B<*used_len> is populated with the number of OCTETs +stored. If B is NULL then the OCTETS are not stored, but B<*used_len> is +still populated. If memory is allocated by this function, it must be freed by the caller. OSSL_PARAM_set_octet_string() sets an OCTET string from the parameter diff --git a/include/crypto/ecx.h b/include/crypto/ecx.h index 5ee6b8ce7e..54ce5f2b7c 100644 --- a/include/crypto/ecx.h +++ b/include/crypto/ecx.h @@ -61,6 +61,7 @@ typedef enum { : EVP_PKEY_ED448))) struct ecx_key_st { + OPENSSL_CTX *libctx; unsigned int haspubkey:1; unsigned char pubkey[MAX_KEYLEN]; unsigned char *privkey; @@ -73,7 +74,7 @@ struct ecx_key_st { typedef struct ecx_key_st ECX_KEY; size_t ecx_key_length(ECX_KEY_TYPE type); -ECX_KEY *ecx_key_new(ECX_KEY_TYPE type, int haspubkey); +ECX_KEY *ecx_key_new(OPENSSL_CTX *libctx, ECX_KEY_TYPE type, int haspubkey); unsigned char *ecx_key_allocate_privkey(ECX_KEY *key); void ecx_key_free(ECX_KEY *key); int ecx_key_up_ref(ECX_KEY *key); @@ -109,6 +110,7 @@ void X448_public_from_private(uint8_t out_public_value[56], const uint8_t private_key[56]); /* Backend support */ +int ecx_public_from_private(ECX_KEY *key); int ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[], int include_private); diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 23cf52df0f..5dc29d1976 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1518,9 +1518,19 @@ void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, int keylen); +EVP_PKEY *EVP_PKEY_new_raw_private_key_with_libctx(OPENSSL_CTX *libctx, + const char *keytype, + const char *propq, + const unsigned char *priv, + size_t len); EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, const unsigned char *priv, size_t len); +EVP_PKEY *EVP_PKEY_new_raw_public_key_with_libctx(OPENSSL_CTX *libctx, + const char *keytype, + const char *propq, + const unsigned char *pub, + size_t len); EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, const unsigned char *pub, size_t len); diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index 2ba8f53e5a..e2b613e5e0 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -47,6 +47,7 @@ static OSSL_OP_keymgmt_gettable_params_fn x448_gettable_params; static OSSL_OP_keymgmt_gettable_params_fn ed25519_gettable_params; static OSSL_OP_keymgmt_gettable_params_fn ed448_gettable_params; static OSSL_OP_keymgmt_has_fn ecx_has; +static OSSL_OP_keymgmt_match_fn ecx_match; static OSSL_OP_keymgmt_import_fn ecx_import; static OSSL_OP_keymgmt_import_types_fn ecx_imexport_types; static OSSL_OP_keymgmt_export_fn ecx_export; @@ -68,22 +69,22 @@ static void *s390x_ecd_keygen448(struct ecx_gen_ctx *gctx); static void *x25519_new_key(void *provctx) { - return ecx_key_new(ECX_KEY_TYPE_X25519, 0); + return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_X25519, 0); } static void *x448_new_key(void *provctx) { - return ecx_key_new(ECX_KEY_TYPE_X448, 0); + return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_X448, 0); } static void *ed25519_new_key(void *provctx) { - return ecx_key_new(ECX_KEY_TYPE_ED25519, 0); + return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_ED25519, 0); } static void *ed448_new_key(void *provctx) { - return ecx_key_new(ECX_KEY_TYPE_ED448, 0); + return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_ED448, 0); } static int ecx_has(void *keydata, int selection) @@ -104,6 +105,36 @@ static int ecx_has(void *keydata, int selection) return ok; } +static int ecx_match(const void *keydata1, const void *keydata2, int selection) +{ + const ECX_KEY *key1 = keydata1; + const ECX_KEY *key2 = keydata2; + int ok = 1; + + if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) + ok = ok && key1->type == key2->type; + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + if ((key1->privkey == NULL && key2->privkey != NULL) + || (key1->privkey != NULL && key2->privkey == NULL) + || key1->type != key2->type) + ok = 0; + else + ok = ok && (key1->privkey == NULL /* implies key2->privkey == NULL */ + || CRYPTO_memcmp(key1->privkey, key2->privkey, + key1->keylen) == 0); + } + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + if (key1->haspubkey != key2->haspubkey + || key1->type != key2->type) + ok = 0; + else + ok = ok && (key1->haspubkey == 0 /* implies key2->haspubkey == 0 */ + || CRYPTO_memcmp(key1->pubkey, key2->pubkey, + key1->keylen) == 0); + } + return ok; +} + static int ecx_import(void *keydata, int selection, const OSSL_PARAM params[]) { ECX_KEY *key = keydata; @@ -113,12 +144,11 @@ static int ecx_import(void *keydata, int selection, const OSSL_PARAM params[]) if (key == NULL) return 0; - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0) + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) return 0; include_private = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0); - if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) - ok = ok && ecx_key_fromdata(key, params, include_private); + ok = ok && ecx_key_fromdata(key, params, include_private); return ok; } @@ -162,10 +192,6 @@ static int ecx_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, && !key_to_params(key, tmpl, NULL)) goto err; - if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 - && !key_to_params(key, tmpl, NULL)) - goto err; - params = OSSL_PARAM_BLD_to_param(tmpl); if (params == NULL) goto err; @@ -326,7 +352,7 @@ static void *ecx_gen(struct ecx_gen_ctx *gctx) if (gctx == NULL) return NULL; - if ((key = ecx_key_new(gctx->type, 0)) == NULL) { + if ((key = ecx_key_new(gctx->libctx, gctx->type, 0)) == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; } @@ -425,6 +451,7 @@ static void ecx_gen_cleanup(void *genctx) { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))alg##_get_params }, \ { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))alg##_gettable_params }, \ { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ecx_has }, \ + { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))ecx_match }, \ { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ecx_import }, \ { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ecx_imexport_types }, \ { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ecx_export }, \ @@ -450,7 +477,7 @@ static void *s390x_ecx_keygen25519(struct ecx_gen_ctx *gctx) 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - ECX_KEY *key = ecx_key_new(ECX_KEY_TYPE_X25519, 1); + ECX_KEY *key = ecx_key_new(gctx->libctx, ECX_KEY_TYPE_X25519, 1); unsigned char *privkey = NULL, *pubkey; if (key == NULL) { @@ -490,7 +517,7 @@ static void *s390x_ecx_keygen448(struct ecx_gen_ctx *gctx) 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - ECX_KEY *key = ecx_key_new(ECX_KEY_TYPE_X448, 1); + ECX_KEY *key = ecx_key_new(gctx->libctx, ECX_KEY_TYPE_X448, 1); unsigned char *privkey = NULL, *pubkey; if (key == NULL) { @@ -533,7 +560,7 @@ static void *s390x_ecd_keygen25519(struct ecx_gen_ctx *gctx) 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, }; unsigned char x_dst[32], buff[SHA512_DIGEST_LENGTH]; - ECX_KEY *key = ecx_key_new(ECX_KEY_TYPE_ED25519, 1); + ECX_KEY *key = ecx_key_new(gctx->libctx, ECX_KEY_TYPE_ED25519, 1); unsigned char *privkey = NULL, *pubkey; unsigned int sz; EVP_MD *sha = NULL; @@ -595,7 +622,7 @@ static void *s390x_ecd_keygen448(struct ecx_gen_ctx *gctx) 0x24, 0xbc, 0xb6, 0x6e, 0x71, 0x46, 0x3f, 0x69, 0x00 }; unsigned char x_dst[57], buff[114]; - ECX_KEY *key = ecx_key_new(ECX_KEY_TYPE_ED448, 1); + ECX_KEY *key = ecx_key_new(gctx->libctx, ECX_KEY_TYPE_ED448, 1); unsigned char *privkey = NULL, *pubkey; EVP_MD_CTX *hashctx = NULL; EVP_MD *shake = NULL; diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index b7e23a162e..9deae29c47 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -29,6 +29,8 @@ #include "internal/sizes.h" #include "crypto/evp.h" +static OPENSSL_CTX *testctx = NULL; + /* * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you * should never use this key anywhere but in an example. @@ -1005,7 +1007,7 @@ static struct keys_st { #endif }; -static int test_set_get_raw_keys_int(int tst, int pub) +static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx) { int ret = 0; unsigned char buf[80]; @@ -1022,17 +1024,34 @@ static int test_set_get_raw_keys_int(int tst, int pub) if (pub) { inlen = strlen(keys[tst].pub); in = (unsigned char *)keys[tst].pub; - pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, - NULL, - in, - inlen); + if (uselibctx) { + pkey = EVP_PKEY_new_raw_public_key_with_libctx( + testctx, + OBJ_nid2sn(keys[tst].type), + NULL, + in, + inlen); + } else { + pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, + NULL, + in, + inlen); + } } else { inlen = strlen(keys[tst].priv); in = (unsigned char *)keys[tst].priv; - pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, - NULL, - in, - inlen); + if (uselibctx) { + pkey = EVP_PKEY_new_raw_private_key_with_libctx( + testctx, OBJ_nid2sn(keys[tst].type), + NULL, + in, + inlen); + } else { + pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, + NULL, + in, + inlen); + } } if (!TEST_ptr(pkey) @@ -1052,8 +1071,10 @@ static int test_set_get_raw_keys_int(int tst, int pub) static int test_set_get_raw_keys(int tst) { - return test_set_get_raw_keys_int(tst, 0) - && test_set_get_raw_keys_int(tst, 1); + return test_set_get_raw_keys_int(tst, 0, 0) + && test_set_get_raw_keys_int(tst, 0, 1) + && test_set_get_raw_keys_int(tst, 1, 0) + && test_set_get_raw_keys_int(tst, 1, 1); } static int pkey_custom_check(EVP_PKEY *pkey) @@ -1583,6 +1604,11 @@ static int test_keygen_with_empty_template(int n) int setup_tests(void) { + testctx = OPENSSL_CTX_new(); + + if (!TEST_ptr(testctx)) + return 0; + ADD_ALL_TESTS(test_EVP_DigestSignInit, 9); ADD_TEST(test_EVP_DigestVerifyInit); ADD_TEST(test_EVP_Enveloped); @@ -1624,3 +1650,8 @@ int setup_tests(void) return 1; } + +void cleanup_tests(void) +{ + OPENSSL_CTX_free(testctx); +} diff --git a/util/libcrypto.num b/util/libcrypto.num index ec0e6a171b..82ae2e7e84 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5081,3 +5081,5 @@ OSSL_PARAM_modified ? 3_0_0 EXIST::FUNCTION: OSSL_PARAM_set_all_unmodified ? 3_0_0 EXIST::FUNCTION: EVP_default_properties_is_fips_enabled ? 3_0_0 EXIST::FUNCTION: EVP_default_properties_enable_fips ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_new_raw_private_key_with_libctx ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_new_raw_public_key_with_libctx ? 3_0_0 EXIST::FUNCTION: From builds at travis-ci.org Mon May 4 09:38:47 2020 From: builds at travis-ci.org (Travis CI) Date: Mon, 04 May 2020 09:38:47 +0000 Subject: Errored: openssl/openssl#34346 (master - b756626) In-Reply-To: Message-ID: <5eafe2a741412_13fd3e4aa3eec1105b5@travis-tasks-7d9cf7df65-nwls2.mail> Build Update for openssl/openssl ------------------------------------- Build: #34346 Status: Errored Duration: 48 mins and 9 secs Commit: b756626 (master) Author: Matt Caswell Message: Allow OSSL_PARAM_get_octet_string() to pass a NULL buffer We may just want to know the number of octets so allow passing a NULL buffer. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11635) View the changeset: https://github.com/openssl/openssl/compare/7421f085005e...b756626a3732 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/682831546?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From shane.lontis at oracle.com Mon May 4 23:39:26 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Mon, 04 May 2020 23:39:26 +0000 Subject: [openssl] master update Message-ID: <1588635566.540942.10880.nullmailer@dev.openssl.org> The branch master has been updated via 95cf64404cabac96f32e72b5673e2702627e6b4c (commit) from b756626a3732869875c50f150bddacfbcac5a7ab (commit) - Log ----------------------------------------------------------------- commit 95cf64404cabac96f32e72b5673e2702627e6b4c Author: Shane Lontis Date: Sat May 2 13:51:35 2020 +1000 Fix incorrect default keysize for CAST ofb and cfb modes. Fixes #11459 It was incorrectly using 8 bytes instead of 16 as the default. This was verified by expanding the macros used in e_cast.c. The issue occurs if EVP_CIPHER_CTX_set_key_length() is not called. evp_test.c hides this issue as it always calls EVP_CIPHER_CTX_set_key_length() before using EVP_CipherInit_ex(...., key, ..). Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11707) ----------------------------------------------------------------------- Summary of changes: providers/implementations/ciphers/cipher_cast5.c | 8 ++++---- providers/implementations/include/prov/implementations.h | 4 ++-- providers/legacyprov.c | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/providers/implementations/ciphers/cipher_cast5.c b/providers/implementations/ciphers/cipher_cast5.c index a9da32e761..566583d141 100644 --- a/providers/implementations/ciphers/cipher_cast5.c +++ b/providers/implementations/ciphers/cipher_cast5.c @@ -49,7 +49,7 @@ static void *cast5_dupctx(void *ctx) IMPLEMENT_var_keylen_cipher(cast5, CAST, ecb, ECB, CAST5_FLAGS, 128, 64, 0, block) /* cast5128cbc_functions */ IMPLEMENT_var_keylen_cipher(cast5, CAST, cbc, CBC, CAST5_FLAGS, 128, 64, 64, block) -/* cast564ofb64_functions */ -IMPLEMENT_var_keylen_cipher(cast5, CAST, ofb64, OFB, CAST5_FLAGS, 64, 8, 64, stream) -/* cast564cfb64_functions */ -IMPLEMENT_var_keylen_cipher(cast5, CAST, cfb64, CFB, CAST5_FLAGS, 64, 8, 64, stream) +/* cast5128ofb64_functions */ +IMPLEMENT_var_keylen_cipher(cast5, CAST, ofb64, OFB, CAST5_FLAGS, 128, 8, 64, stream) +/* cast5128cfb64_functions */ +IMPLEMENT_var_keylen_cipher(cast5, CAST, cfb64, CFB, CAST5_FLAGS, 128, 8, 64, stream) diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index 8d35fba49c..1f761e0ec4 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -148,8 +148,8 @@ extern const OSSL_DISPATCH idea128cfb64_functions[]; #ifndef OPENSSL_NO_CAST extern const OSSL_DISPATCH cast5128ecb_functions[]; extern const OSSL_DISPATCH cast5128cbc_functions[]; -extern const OSSL_DISPATCH cast564ofb64_functions[]; -extern const OSSL_DISPATCH cast564cfb64_functions[]; +extern const OSSL_DISPATCH cast5128ofb64_functions[]; +extern const OSSL_DISPATCH cast5128cfb64_functions[]; #endif /* OPENSSL_NO_CAST */ #ifndef OPENSSL_NO_SEED extern const OSSL_DISPATCH seed128ecb_functions[]; diff --git a/providers/legacyprov.c b/providers/legacyprov.c index c8ebc9c433..ca91093893 100644 --- a/providers/legacyprov.c +++ b/providers/legacyprov.c @@ -79,8 +79,8 @@ static const OSSL_ALGORITHM legacy_ciphers[] = { #ifndef OPENSSL_NO_CAST ALG("CAST5-ECB", cast5128ecb_functions), ALG("CAST5-CBC:CAST-CBC:CAST", cast5128cbc_functions), - ALG("CAST5-OFB", cast564ofb64_functions), - ALG("CAST5-CFB", cast564cfb64_functions), + ALG("CAST5-OFB", cast5128ofb64_functions), + ALG("CAST5-CFB", cast5128cfb64_functions), #endif /* OPENSSL_NO_CAST */ #ifndef OPENSSL_NO_BF ALG("BF-ECB", blowfish128ecb_functions), From shane.lontis at oracle.com Mon May 4 23:47:35 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Mon, 04 May 2020 23:47:35 +0000 Subject: [openssl] master update Message-ID: <1588636055.785345.18753.nullmailer@dev.openssl.org> The branch master has been updated via 3327c8d6f3b6d9509559782aec28b78013fb72ba (commit) from 95cf64404cabac96f32e72b5673e2702627e6b4c (commit) - Log ----------------------------------------------------------------- commit 3327c8d6f3b6d9509559782aec28b78013fb72ba Author: Shane Lontis Date: Fri May 1 17:09:01 2020 +1000 Fix aix compile error in cmp_ctx_test.c Errors were of the form 1506-226 (S) The ":" operator is not allowed between "int" and "char*". I think it is valid syntax the way it was written, But just rewrote so it compiled. The aix compiler must be looking at the type of blah() when doing test ? (blah(), NULL) : X. Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11698) ----------------------------------------------------------------------- Summary of changes: test/cmp_ctx_test.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c index a2a8adc856..6f6a13673c 100644 --- a/test/cmp_ctx_test.c +++ b/test/cmp_ctx_test.c @@ -500,7 +500,11 @@ static X509_STORE *X509_STORE_new_1(void) #define IS_0(x) ((x) == 0) /* for any type */ #define DROP(x) (void)(x) /* dummy free() for non-pointer and function types */ -#define ERR(x) (CMPerr(0, CMP_R_NULL_ARGUMENT), x) +#define RET_IF_NULL_ARG(ctx, ret) \ + if (ctx == NULL) { \ + CMPerr(0, CMP_R_NULL_ARGUMENT); \ + return ret; \ + } #define DEFINE_SET_GET_TEST(OSSL_CMP, CTX, N, M, DUP, FIELD, TYPE) \ DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get##M, DUP, FIELD, \ @@ -525,7 +529,8 @@ static X509_STORE *X509_STORE_new_1(void) #define DEFINE_SET_TEST_DEFAULT(OSSL_CMP, CTX, N, DUP, FIELD, TYPE, DEFAULT) \ static TYPE *OSSL_CMP_CTX_get0_##FIELD(const CMP_CTX *ctx) \ { \ - return ctx == NULL ? ERR(NULL) : (TYPE *)ctx->FIELD; \ + RET_IF_NULL_ARG(ctx, NULL); \ + return (TYPE *)ctx->FIELD; \ } \ DEFINE_SET_GET_TEST_DEFAULT(OSSL_CMP, CTX, N, 0, DUP, FIELD, TYPE, DEFAULT) #define DEFINE_SET_TEST(OSSL_CMP, CTX, N, DUP, FIELD, TYPE) \ @@ -534,7 +539,8 @@ static X509_STORE *X509_STORE_new_1(void) #define DEFINE_SET_SK_TEST(OSSL_CMP, CTX, N, FIELD, TYPE) \ static STACK_OF(TYPE) *OSSL_CMP_CTX_get0_##FIELD(const CMP_CTX *ctx) \ { \ - return ctx == NULL ? ERR(NULL) : ctx->FIELD; \ + RET_IF_NULL_ARG(ctx, NULL); \ + return ctx->FIELD; \ } \ DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get0, 1, FIELD, \ STACK_OF(TYPE)*, NULL, IS_0, \ @@ -544,9 +550,8 @@ typedef OSSL_HTTP_bio_cb_t OSSL_CMP_http_cb_t; #define DEFINE_SET_CB_TEST(FIELD) \ static OSSL_CMP_##FIELD##_t OSSL_CMP_CTX_get_##FIELD(const CMP_CTX *ctx) \ { \ - if (ctx == NULL) \ - CMPerr(0, CMP_R_NULL_ARGUMENT); \ - return ctx == NULL ? NULL /* cannot use ERR(NULL) here */ : ctx->FIELD;\ + RET_IF_NULL_ARG(ctx, NULL); \ + return ctx->FIELD; \ } \ DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, FIELD, \ OSSL_CMP_##FIELD##_t, NULL, IS_0, \ @@ -563,7 +568,8 @@ typedef OSSL_HTTP_bio_cb_t OSSL_CMP_http_cb_t; #define DEFINE_SET_INT_TEST(FIELD) \ static int OSSL_CMP_CTX_get_##FIELD(const CMP_CTX *ctx) \ { \ - return ctx == NULL ? ERR(-1) : ctx->FIELD; \ + RET_IF_NULL_ARG(ctx, -1); \ + return ctx->FIELD; \ } \ DEFINE_SET_GET_INT_TEST_DEFAULT(OSSL_CMP, CTX, FIELD, IS_0) @@ -587,8 +593,10 @@ typedef OSSL_HTTP_bio_cb_t OSSL_CMP_http_cb_t; \ static char *OSSL_CMP_CTX_get1_##FIELD##_str(const CMP_CTX *ctx) \ { \ - const ASN1_OCTET_STRING *bytes = ctx == NULL ? ERR(NULL) : ctx->FIELD; \ + const ASN1_OCTET_STRING *bytes = NULL; \ \ + RET_IF_NULL_ARG(ctx, NULL); \ + bytes = ctx->FIELD; \ return bytes == NULL ? NULL : \ OPENSSL_strndup((char *)bytes->data, bytes->length); \ } From builds at travis-ci.org Tue May 5 00:22:33 2020 From: builds at travis-ci.org (Travis CI) Date: Tue, 05 May 2020 00:22:33 +0000 Subject: Errored: openssl/openssl#34356 (master - 95cf644) In-Reply-To: Message-ID: <5eb0b1c9382db_13f8e3f0be4a82447c7@travis-tasks-bd6c5cfb8-bjh9m.mail> Build Update for openssl/openssl ------------------------------------- Build: #34356 Status: Errored Duration: 42 mins and 34 secs Commit: 95cf644 (master) Author: Shane Lontis Message: Fix incorrect default keysize for CAST ofb and cfb modes. Fixes #11459 It was incorrectly using 8 bytes instead of 16 as the default. This was verified by expanding the macros used in e_cast.c. The issue occurs if EVP_CIPHER_CTX_set_key_length() is not called. evp_test.c hides this issue as it always calls EVP_CIPHER_CTX_set_key_length() before using EVP_CipherInit_ex(...., key, ..). Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11707) View the changeset: https://github.com/openssl/openssl/compare/b756626a3732...95cf64404cab View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/683174925?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue May 5 00:50:27 2020 From: builds at travis-ci.org (Travis CI) Date: Tue, 05 May 2020 00:50:27 +0000 Subject: Passed: openssl/openssl#34357 (master - 3327c8d) In-Reply-To: Message-ID: <5eb0b850c5694_13f9ff9fefc1c698@travis-tasks-54747766c9-288x6.mail> Build Update for openssl/openssl ------------------------------------- Build: #34357 Status: Passed Duration: 59 mins and 46 secs Commit: 3327c8d (master) Author: Shane Lontis Message: Fix aix compile error in cmp_ctx_test.c Errors were of the form 1506-226 (S) The ":" operator is not allowed between "int" and "char*". I think it is valid syntax the way it was written, But just rewrote so it compiled. The aix compiler must be looking at the type of blah() when doing test ? (blah(), NULL) : X. Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11698) View the changeset: https://github.com/openssl/openssl/compare/95cf64404cab...3327c8d6f3b6 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/683176758?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue May 5 04:33:24 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 05 May 2020 04:33:24 +0000 Subject: [openssl] master update Message-ID: <1588653204.274807.23737.nullmailer@dev.openssl.org> The branch master has been updated via e307e616f25a6b7b0f343fc1e62a35b2cba888f3 (commit) from 3327c8d6f3b6d9509559782aec28b78013fb72ba (commit) - Log ----------------------------------------------------------------- commit e307e616f25a6b7b0f343fc1e62a35b2cba888f3 Author: Kurt Roeckx Date: Mon Apr 13 13:01:29 2020 +0200 Improve SSL_shutdown documentation. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11531) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_shutdown.pod | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/doc/man3/SSL_shutdown.pod b/doc/man3/SSL_shutdown.pod index 608cd7195e..f7476500fd 100644 --- a/doc/man3/SSL_shutdown.pod +++ b/doc/man3/SSL_shutdown.pod @@ -75,6 +75,16 @@ state but not actually send the close_notify alert messages, see L. When "quiet shutdown" is enabled, SSL_shutdown() will always succeed and return 1. +Note that this is not standard compliant behaviour. +It should only be done when the peer has a way to make sure all +data has been received and doesn't wait for the close_notify alert +message, otherwise an unexpected EOF will be reported. + +There are implementations that do not send the required close_notify alert. +If there is a need to communicate with such an implementation, and it's clear +that all data has been received, do not wait for the peer's close_notify alert. +Waiting for the close_notify alert when the peer just closes the connection will +result in an error being generated. =head2 First to close the connection @@ -124,8 +134,10 @@ The following return values can occur: The shutdown is not yet finished: the close_notify was sent but the peer did not send it back yet. Call SSL_read() to do a bidirectional shutdown. -The output of L may be misleading, as an -erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. + +Unlike most other function, returning 0 does not indicate an error. +L should not get called, it may misleadingly +indicate an error even though no error occurred. =item Z<>1 From levitte at openssl.org Tue May 5 04:39:58 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 05 May 2020 04:39:58 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1588653598.827591.22801.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 184b0f14173fd69120767d86227d1db3a4e60ec0 (commit) from 352933bd664e6145366b51b50821c8aefd652aa8 (commit) - Log ----------------------------------------------------------------- commit 184b0f14173fd69120767d86227d1db3a4e60ec0 Author: Kurt Roeckx Date: Mon Apr 13 13:01:29 2020 +0200 Improve SSL_shutdown documentation. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11531) (cherry picked from commit e307e616f25a6b7b0f343fc1e62a35b2cba888f3) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_shutdown.pod | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/doc/man3/SSL_shutdown.pod b/doc/man3/SSL_shutdown.pod index 732e5ada04..30cf484619 100644 --- a/doc/man3/SSL_shutdown.pod +++ b/doc/man3/SSL_shutdown.pod @@ -116,6 +116,16 @@ state but not actually send the close_notify alert messages, see L. When "quiet shutdown" is enabled, SSL_shutdown() will always succeed and return 1. +Note that this is not standard compliant behaviour. +It should only be done when the peer has a way to make sure all +data has been received and doesn't wait for the close_notify alert +message, otherwise an unexpected EOF will be reported. + +There are implementations that do not send the required close_notify alert. +If there is a need to communicate with such an implementation, and it's clear +that all data has been received, do not wait for the peer's close_notify alert. +Waiting for the close_notify alert when the peer just closes the connection will +result in an error being generated. =head1 RETURN VALUES @@ -128,8 +138,10 @@ The following return values can occur: The shutdown is not yet finished: the close_notify was sent but the peer did not send it back yet. Call SSL_read() to do a bidirectional shutdown. -The output of L may be misleading, as an -erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. + +Unlike most other function, returning 0 does not indicate an error. +L should not get called, it may misleadingly +indicate an error even though no error occurred. =item Z<>1 From openssl at openssl.org Tue May 5 04:51:16 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 05 May 2020 04:51:16 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1588654276.472743.25804.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 200e5ee5a4 Fix reason code clash 6d81bb2676 util/perl/OpenSSL/OID.pm: remove the included unit test c450922c8c Add solaris assembler fixes for legacy provider e0624f0d70 Add default property API's to enable and test for fips e908f292de make update for SSL_new_session_ticket f0049b86cc Add test for SSL_new_session_ticket() 3bfacb5fd4 Add SSL_new_session_ticket() API 6250282f7f Fix whitespace nit in ossl_statem_server_pre_work 9011309618 Add a test for EVP_PKEY_*_check functions for "DSA" keys 2fc2e37b28 When a private key is validated and there is no private key, return early. Build log ended with (last 100 lines): clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_i2d_fp.d.tmp -MT crypto/asn1/libcrypto-lib-a_i2d_fp.o -c -o crypto/asn1/libcrypto-lib-a_i2d_fp.o ../openssl/crypto/asn1/a_i2d_fp.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_int.d.tmp -MT crypto/asn1/libcrypto-lib-a_int.o -c -o crypto/asn1/libcrypto-lib-a_int.o ../openssl/crypto/asn1/a_int.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_mbstr.d.tmp -MT crypto/asn1/libcrypto-lib-a_mbstr.o -c -o crypto/asn1/libcrypto-lib-a_mbstr.o ../openssl/crypto/asn1/a_mbstr.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_object.d.tmp -MT crypto/asn1/libcrypto-lib-a_object.o -c -o crypto/asn1/libcrypto-lib-a_object.o ../openssl/crypto/asn1/a_object.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_octet.d.tmp -MT crypto/asn1/libcrypto-lib-a_octet.o -c -o crypto/asn1/libcrypto-lib-a_octet.o ../openssl/crypto/asn1/a_octet.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_print.d.tmp -MT crypto/asn1/libcrypto-lib-a_print.o -c -o crypto/asn1/libcrypto-lib-a_print.o ../openssl/crypto/asn1/a_print.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_sign.d.tmp -MT crypto/asn1/libcrypto-lib-a_sign.o -c -o crypto/asn1/libcrypto-lib-a_sign.o ../openssl/crypto/asn1/a_sign.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_strex.d.tmp -MT crypto/asn1/libcrypto-lib-a_strex.o -c -o crypto/asn1/libcrypto-lib-a_strex.o ../openssl/crypto/asn1/a_strex.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_strnid.d.tmp -MT crypto/asn1/libcrypto-lib-a_strnid.o -c -o crypto/asn1/libcrypto-lib-a_strnid.o ../openssl/crypto/asn1/a_strnid.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_time.d.tmp -MT crypto/asn1/libcrypto-lib-a_time.o -c -o crypto/asn1/libcrypto-lib-a_time.o ../openssl/crypto/asn1/a_time.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_type.d.tmp -MT crypto/asn1/libcrypto-lib-a_type.o -c -o crypto/asn1/libcrypto-lib-a_type.o ../openssl/crypto/asn1/a_type.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_utctm.d.tmp -MT crypto/asn1/libcrypto-lib-a_utctm.o -c -o crypto/asn1/libcrypto-lib-a_utctm.o ../openssl/crypto/asn1/a_utctm.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_utf8.d.tmp -MT crypto/asn1/libcrypto-lib-a_utf8.o -c -o crypto/asn1/libcrypto-lib-a_utf8.o ../openssl/crypto/asn1/a_utf8.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_verify.d.tmp -MT crypto/asn1/libcrypto-lib-a_verify.o -c -o crypto/asn1/libcrypto-lib-a_verify.o ../openssl/crypto/asn1/a_verify.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-ameth_lib.d.tmp -MT crypto/asn1/libcrypto-lib-ameth_lib.o -c -o crypto/asn1/libcrypto-lib-ameth_lib.o ../openssl/crypto/asn1/ameth_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_err.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_err.o -c -o crypto/asn1/libcrypto-lib-asn1_err.o ../openssl/crypto/asn1/asn1_err.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_gen.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_gen.o -c -o crypto/asn1/libcrypto-lib-asn1_gen.o ../openssl/crypto/asn1/asn1_gen.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_item_list.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_item_list.o -c -o crypto/asn1/libcrypto-lib-asn1_item_list.o ../openssl/crypto/asn1/asn1_item_list.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_lib.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_lib.o -c -o crypto/asn1/libcrypto-lib-asn1_lib.o ../openssl/crypto/asn1/asn1_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_par.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_par.o -c -o crypto/asn1/libcrypto-lib-asn1_par.o ../openssl/crypto/asn1/asn1_par.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn_mime.d.tmp -MT crypto/asn1/libcrypto-lib-asn_mime.o -c -o crypto/asn1/libcrypto-lib-asn_mime.o ../openssl/crypto/asn1/asn_mime.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn_moid.d.tmp -MT crypto/asn1/libcrypto-lib-asn_moid.o -c -o crypto/asn1/libcrypto-lib-asn_moid.o ../openssl/crypto/asn1/asn_moid.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn_mstbl.d.tmp -MT crypto/asn1/libcrypto-lib-asn_mstbl.o -c -o crypto/asn1/libcrypto-lib-asn_mstbl.o ../openssl/crypto/asn1/asn_mstbl.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn_pack.d.tmp -MT crypto/asn1/libcrypto-lib-asn_pack.o -c -o crypto/asn1/libcrypto-lib-asn_pack.o ../openssl/crypto/asn1/asn_pack.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-bio_asn1.d.tmp -MT crypto/asn1/libcrypto-lib-bio_asn1.o -c -o crypto/asn1/libcrypto-lib-bio_asn1.o ../openssl/crypto/asn1/bio_asn1.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-bio_ndef.d.tmp -MT crypto/asn1/libcrypto-lib-bio_ndef.o -c -o crypto/asn1/libcrypto-lib-bio_ndef.o ../openssl/crypto/asn1/bio_ndef.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-d2i_param.d.tmp -MT crypto/asn1/libcrypto-lib-d2i_param.o -c -o crypto/asn1/libcrypto-lib-d2i_param.o ../openssl/crypto/asn1/d2i_param.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-d2i_pr.d.tmp -MT crypto/asn1/libcrypto-lib-d2i_pr.o -c -o crypto/asn1/libcrypto-lib-d2i_pr.o ../openssl/crypto/asn1/d2i_pr.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-d2i_pu.d.tmp -MT crypto/asn1/libcrypto-lib-d2i_pu.o -c -o crypto/asn1/libcrypto-lib-d2i_pu.o ../openssl/crypto/asn1/d2i_pu.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-evp_asn1.d.tmp -MT crypto/asn1/libcrypto-lib-evp_asn1.o -c -o crypto/asn1/libcrypto-lib-evp_asn1.o ../openssl/crypto/asn1/evp_asn1.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-f_int.d.tmp -MT crypto/asn1/libcrypto-lib-f_int.o -c -o crypto/asn1/libcrypto-lib-f_int.o ../openssl/crypto/asn1/f_int.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-f_string.d.tmp -MT crypto/asn1/libcrypto-lib-f_string.o -c -o crypto/asn1/libcrypto-lib-f_string.o ../openssl/crypto/asn1/f_string.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-i2d_param.d.tmp -MT crypto/asn1/libcrypto-lib-i2d_param.o -c -o crypto/asn1/libcrypto-lib-i2d_param.o ../openssl/crypto/asn1/i2d_param.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-i2d_pr.d.tmp -MT crypto/asn1/libcrypto-lib-i2d_pr.o -c -o crypto/asn1/libcrypto-lib-i2d_pr.o ../openssl/crypto/asn1/i2d_pr.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-i2d_pu.d.tmp -MT crypto/asn1/libcrypto-lib-i2d_pu.o -c -o crypto/asn1/libcrypto-lib-i2d_pu.o ../openssl/crypto/asn1/i2d_pu.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-n_pkey.d.tmp -MT crypto/asn1/libcrypto-lib-n_pkey.o -c -o crypto/asn1/libcrypto-lib-n_pkey.o ../openssl/crypto/asn1/n_pkey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-nsseq.d.tmp -MT crypto/asn1/libcrypto-lib-nsseq.o -c -o crypto/asn1/libcrypto-lib-nsseq.o ../openssl/crypto/asn1/nsseq.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-p5_pbe.d.tmp -MT crypto/asn1/libcrypto-lib-p5_pbe.o -c -o crypto/asn1/libcrypto-lib-p5_pbe.o ../openssl/crypto/asn1/p5_pbe.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-p5_pbev2.d.tmp -MT crypto/asn1/libcrypto-lib-p5_pbev2.o -c -o crypto/asn1/libcrypto-lib-p5_pbev2.o ../openssl/crypto/asn1/p5_pbev2.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-p5_scrypt.d.tmp -MT crypto/asn1/libcrypto-lib-p5_scrypt.o -c -o crypto/asn1/libcrypto-lib-p5_scrypt.o ../openssl/crypto/asn1/p5_scrypt.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-p8_pkey.d.tmp -MT crypto/asn1/libcrypto-lib-p8_pkey.o -c -o crypto/asn1/libcrypto-lib-p8_pkey.o ../openssl/crypto/asn1/p8_pkey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-t_bitst.d.tmp -MT crypto/asn1/libcrypto-lib-t_bitst.o -c -o crypto/asn1/libcrypto-lib-t_bitst.o ../openssl/crypto/asn1/t_bitst.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-t_pkey.d.tmp -MT crypto/asn1/libcrypto-lib-t_pkey.o -c -o crypto/asn1/libcrypto-lib-t_pkey.o ../openssl/crypto/asn1/t_pkey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-t_spki.d.tmp -MT crypto/asn1/libcrypto-lib-t_spki.o -c -o crypto/asn1/libcrypto-lib-t_spki.o ../openssl/crypto/asn1/t_spki.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_dec.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_dec.o -c -o crypto/asn1/libcrypto-lib-tasn_dec.o ../openssl/crypto/asn1/tasn_dec.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_enc.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_enc.o -c -o crypto/asn1/libcrypto-lib-tasn_enc.o ../openssl/crypto/asn1/tasn_enc.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_fre.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_fre.o -c -o crypto/asn1/libcrypto-lib-tasn_fre.o ../openssl/crypto/asn1/tasn_fre.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_new.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_new.o -c -o crypto/asn1/libcrypto-lib-tasn_new.o ../openssl/crypto/asn1/tasn_new.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_prn.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_prn.o -c -o crypto/asn1/libcrypto-lib-tasn_prn.o ../openssl/crypto/asn1/tasn_prn.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_scn.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_scn.o -c -o crypto/asn1/libcrypto-lib-tasn_scn.o ../openssl/crypto/asn1/tasn_scn.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_typ.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_typ.o -c -o crypto/asn1/libcrypto-lib-tasn_typ.o ../openssl/crypto/asn1/tasn_typ.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_utl.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_utl.o -c -o crypto/asn1/libcrypto-lib-tasn_utl.o ../openssl/crypto/asn1/tasn_utl.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_algor.d.tmp -MT crypto/asn1/libcrypto-lib-x_algor.o -c -o crypto/asn1/libcrypto-lib-x_algor.o ../openssl/crypto/asn1/x_algor.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_bignum.d.tmp -MT crypto/asn1/libcrypto-lib-x_bignum.o -c -o crypto/asn1/libcrypto-lib-x_bignum.o ../openssl/crypto/asn1/x_bignum.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_info.d.tmp -MT crypto/asn1/libcrypto-lib-x_info.o -c -o crypto/asn1/libcrypto-lib-x_info.o ../openssl/crypto/asn1/x_info.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_int64.d.tmp -MT crypto/asn1/libcrypto-lib-x_int64.o -c -o crypto/asn1/libcrypto-lib-x_int64.o ../openssl/crypto/asn1/x_int64.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_long.d.tmp -MT crypto/asn1/libcrypto-lib-x_long.o -c -o crypto/asn1/libcrypto-lib-x_long.o ../openssl/crypto/asn1/x_long.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_pkey.d.tmp -MT crypto/asn1/libcrypto-lib-x_pkey.o -c -o crypto/asn1/libcrypto-lib-x_pkey.o ../openssl/crypto/asn1/x_pkey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_sig.d.tmp -MT crypto/asn1/libcrypto-lib-x_sig.o -c -o crypto/asn1/libcrypto-lib-x_sig.o ../openssl/crypto/asn1/x_sig.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_spki.d.tmp -MT crypto/asn1/libcrypto-lib-x_spki.o -c -o crypto/asn1/libcrypto-lib-x_spki.o ../openssl/crypto/asn1/x_spki.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_val.d.tmp -MT crypto/asn1/libcrypto-lib-x_val.o -c -o crypto/asn1/libcrypto-lib-x_val.o ../openssl/crypto/asn1/x_val.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/arch/libcrypto-lib-async_null.d.tmp -MT crypto/async/arch/libcrypto-lib-async_null.o -c -o crypto/async/arch/libcrypto-lib-async_null.o ../openssl/crypto/async/arch/async_null.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/arch/libcrypto-lib-async_posix.d.tmp -MT crypto/async/arch/libcrypto-lib-async_posix.o -c -o crypto/async/arch/libcrypto-lib-async_posix.o ../openssl/crypto/async/arch/async_posix.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/arch/libcrypto-lib-async_win.d.tmp -MT crypto/async/arch/libcrypto-lib-async_win.o -c -o crypto/async/arch/libcrypto-lib-async_win.o ../openssl/crypto/async/arch/async_win.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/libcrypto-lib-async.d.tmp -MT crypto/async/libcrypto-lib-async.o -c -o crypto/async/libcrypto-lib-async.o ../openssl/crypto/async/async.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/libcrypto-lib-async_err.d.tmp -MT crypto/async/libcrypto-lib-async_err.o -c -o crypto/async/libcrypto-lib-async_err.o ../openssl/crypto/async/async_err.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/libcrypto-lib-async_wait.d.tmp -MT crypto/async/libcrypto-lib-async_wait.o -c -o crypto/async/libcrypto-lib-async_wait.o ../openssl/crypto/async/async_wait.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_cfb64.d.tmp -MT crypto/bf/libcrypto-lib-bf_cfb64.o -c -o crypto/bf/libcrypto-lib-bf_cfb64.o ../openssl/crypto/bf/bf_cfb64.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_ecb.d.tmp -MT crypto/bf/libcrypto-lib-bf_ecb.o -c -o crypto/bf/libcrypto-lib-bf_ecb.o ../openssl/crypto/bf/bf_ecb.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_enc.d.tmp -MT crypto/bf/libcrypto-lib-bf_enc.o -c -o crypto/bf/libcrypto-lib-bf_enc.o ../openssl/crypto/bf/bf_enc.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_ofb64.d.tmp -MT crypto/bf/libcrypto-lib-bf_ofb64.o -c -o crypto/bf/libcrypto-lib-bf_ofb64.o ../openssl/crypto/bf/bf_ofb64.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_skey.d.tmp -MT crypto/bf/libcrypto-lib-bf_skey.o -c -o crypto/bf/libcrypto-lib-bf_skey.o ../openssl/crypto/bf/bf_skey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_addr.d.tmp -MT crypto/bio/libcrypto-lib-b_addr.o -c -o crypto/bio/libcrypto-lib-b_addr.o ../openssl/crypto/bio/b_addr.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_dump.d.tmp -MT crypto/bio/libcrypto-lib-b_dump.o -c -o crypto/bio/libcrypto-lib-b_dump.o ../openssl/crypto/bio/b_dump.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_print.d.tmp -MT crypto/bio/libcrypto-lib-b_print.o -c -o crypto/bio/libcrypto-lib-b_print.o ../openssl/crypto/bio/b_print.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_sock.d.tmp -MT crypto/bio/libcrypto-lib-b_sock.o -c -o crypto/bio/libcrypto-lib-b_sock.o ../openssl/crypto/bio/b_sock.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_sock2.d.tmp -MT crypto/bio/libcrypto-lib-b_sock2.o -c -o crypto/bio/libcrypto-lib-b_sock2.o ../openssl/crypto/bio/b_sock2.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_buff.d.tmp -MT crypto/bio/libcrypto-lib-bf_buff.o -c -o crypto/bio/libcrypto-lib-bf_buff.o ../openssl/crypto/bio/bf_buff.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_lbuf.d.tmp -MT crypto/bio/libcrypto-lib-bf_lbuf.o -c -o crypto/bio/libcrypto-lib-bf_lbuf.o ../openssl/crypto/bio/bf_lbuf.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_nbio.d.tmp -MT crypto/bio/libcrypto-lib-bf_nbio.o -c -o crypto/bio/libcrypto-lib-bf_nbio.o ../openssl/crypto/bio/bf_nbio.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_null.d.tmp -MT crypto/bio/libcrypto-lib-bf_null.o -c -o crypto/bio/libcrypto-lib-bf_null.o ../openssl/crypto/bio/bf_null.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_prefix.d.tmp -MT crypto/bio/libcrypto-lib-bf_prefix.o -c -o crypto/bio/libcrypto-lib-bf_prefix.o ../openssl/crypto/bio/bf_prefix.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bio_cb.d.tmp -MT crypto/bio/libcrypto-lib-bio_cb.o -c -o crypto/bio/libcrypto-lib-bio_cb.o ../openssl/crypto/bio/bio_cb.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bio_err.d.tmp -MT crypto/bio/libcrypto-lib-bio_err.o -c -o crypto/bio/libcrypto-lib-bio_err.o ../openssl/crypto/bio/bio_err.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bio_lib.d.tmp -MT crypto/bio/libcrypto-lib-bio_lib.o -c -o crypto/bio/libcrypto-lib-bio_lib.o ../openssl/crypto/bio/bio_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bio_meth.d.tmp -MT crypto/bio/libcrypto-lib-bio_meth.o -c -o crypto/bio/libcrypto-lib-bio_meth.o ../openssl/crypto/bio/bio_meth.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bss_acpt.d.tmp -MT crypto/bio/libcrypto-lib-bss_acpt.o -c -o crypto/bio/libcrypto-lib-bss_acpt.o ../openssl/crypto/bio/bss_acpt.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bss_bio.d.tmp -MT crypto/bio/libcrypto-lib-bss_bio.o -c -o crypto/bio/libcrypto-lib-bss_bio.o ../openssl/crypto/bio/bss_bio.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bss_conn.d.tmp -MT crypto/bio/libcrypto-lib-bss_conn.o -c -o crypto/bio/libcrypto-lib-bss_conn.o ../openssl/crypto/bio/bss_conn.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bss_dgram.d.tmp -MT crypto/bio/libcrypto-lib-bss_dgram.o -c -o crypto/bio/libcrypto-lib-bss_dgram.o ../openssl/crypto/bio/bss_dgram.c ../openssl/crypto/bio/bio_lib.c:791:9: error: unused variable 'fd' [-Werror,-Wunused-variable] int fd; ^ 1 error generated. Makefile:12954: recipe for target 'crypto/bio/libcrypto-lib-bio_lib.o' failed make[1]: *** [crypto/bio/libcrypto-lib-bio_lib.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3009: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Tue May 5 04:56:42 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 05 May 2020 04:56:42 +0000 Subject: Build failed: openssl master.33804 Message-ID: <20200505045642.1.EB55F7BF566BF735@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue May 5 05:50:56 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 05 May 2020 05:50:56 +0000 Subject: Build completed: openssl master.33805 Message-ID: <20200505055056.1.C5620960D85A15EE@appveyor.com> An HTML attachment was scrubbed... URL: From dev at ddvo.net Tue May 5 08:28:35 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Tue, 05 May 2020 08:28:35 +0000 Subject: [openssl] master update Message-ID: <1588667315.487432.8145.nullmailer@dev.openssl.org> The branch master has been updated via 278260bfa238aefef5a1abe2043d2f812c3a4bd5 (commit) from e307e616f25a6b7b0f343fc1e62a35b2cba888f3 (commit) - Log ----------------------------------------------------------------- commit 278260bfa238aefef5a1abe2043d2f812c3a4bd5 Author: Dr. David von Oheimb Date: Thu Apr 30 19:31:07 2020 +0200 Strengthen X509_STORE_CTX_print_verify_cb() to print expected host etc. Add X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), and X509_VERIFY_PARAM_get1_ip_asc() to support this, as well as the internal helper function ipaddr_to_asc(), which is used also for simplifying other IP address output functions. Reviewed-by: Matt Caswell Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11693) ----------------------------------------------------------------------- Summary of changes: crypto/x509/t_x509.c | 49 ++++++++++++++++----- crypto/x509/v3_addr.c | 1 + crypto/x509/v3_alt.c | 50 +++++---------------- crypto/x509/v3_ncons.c | 31 +++++-------- crypto/x509/v3_utl.c | 75 ++++++++++++++++++++++++-------- crypto/x509/x509_vpm.c | 42 +++++++++++++++--- doc/man3/X509_VERIFY_PARAM_set_flags.pod | 24 +++++++++- include/internal/cryptlib.h | 1 + include/openssl/x509_vfy.h | 3 ++ util/libcrypto.num | 3 ++ 10 files changed, 187 insertions(+), 92 deletions(-) diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index e3c21b084d..75d688c50e 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -452,17 +452,46 @@ int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx) { if (ok == 0 && ctx != NULL) { int cert_error = X509_STORE_CTX_get_error(ctx); - int depth = X509_STORE_CTX_get_error_depth(ctx); - X509 *cert = X509_STORE_CTX_get_current_cert(ctx); BIO *bio = BIO_new(BIO_s_mem()); /* may be NULL */ - BIO_printf(bio, "%s at depth=%d error=%d (%s)\n", + BIO_printf(bio, "%s at depth = %d error = %d (%s)\n", X509_STORE_CTX_get0_parent_ctx(ctx) != NULL - ? "CRL path validation" : "certificate verification", - depth, cert_error, - X509_verify_cert_error_string(cert_error)); - BIO_printf(bio, "failure for:\n"); - x509_print_ex_brief(bio, cert, X509_FLAG_NO_EXTENSIONS); + ? "CRL path validation" + : "Certificate verification", + X509_STORE_CTX_get_error_depth(ctx), + cert_error, X509_verify_cert_error_string(cert_error)); + { + X509_STORE *ts = X509_STORE_CTX_get0_store(ctx); + X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts); + char *str; + int idx = 0; + + switch (cert_error) { + case X509_V_ERR_HOSTNAME_MISMATCH: + BIO_printf(bio, "Expected hostname(s) = "); + while ((str = X509_VERIFY_PARAM_get0_host(vpm, idx++)) != NULL) + BIO_printf(bio, "%s%s", idx == 1 ? "" : ", ", str); + BIO_printf(bio, "\n"); + break; + case X509_V_ERR_EMAIL_MISMATCH: + str = X509_VERIFY_PARAM_get0_email(vpm); + if (str != NULL) + BIO_printf(bio, "Expected email address = %s\n", str); + break; + case X509_V_ERR_IP_ADDRESS_MISMATCH: + str = X509_VERIFY_PARAM_get1_ip_asc(vpm); + if (str != NULL) + BIO_printf(bio, "Expected IP address = %s\n", str); + OPENSSL_free(str); + break; + default: + break; + } + } + + BIO_printf(bio, "Failure for:\n"); + x509_print_ex_brief(bio, X509_STORE_CTX_get_current_cert(ctx), + X509_FLAG_NO_EXTENSIONS); if (cert_error == X509_V_ERR_CERT_UNTRUSTED || cert_error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT || cert_error == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN @@ -470,9 +499,9 @@ int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx) || cert_error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY || cert_error == X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER || cert_error == X509_V_ERR_STORE_LOOKUP) { - BIO_printf(bio, "non-trusted certs:\n"); + BIO_printf(bio, "Non-trusted certs:\n"); print_certs(bio, X509_STORE_CTX_get0_untrusted(ctx)); - BIO_printf(bio, "certs in trust store:\n"); + BIO_printf(bio, "Certs in trust store:\n"); print_store_certs(bio, X509_STORE_CTX_get0_store(ctx)); } X509err(0, X509_R_CERTIFICATE_VERIFICATION_FAILED); diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c index 51f5cd8fa9..943423f301 100644 --- a/crypto/x509/v3_addr.c +++ b/crypto/x509/v3_addr.c @@ -144,6 +144,7 @@ static int i2r_address(BIO *out, return 0; BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); break; + /* TODO possibly combine with ipaddr_to_asc() */ case IANA_AFI_IPV6: if (!addr_expand(addr, bs, 16, fill)) return 0; diff --git a/crypto/x509/v3_alt.c b/crypto/x509/v3_alt.c index 98ff0bca94..45f7bac271 100644 --- a/crypto/x509/v3_alt.c +++ b/crypto/x509/v3_alt.c @@ -82,10 +82,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret) { - unsigned char *p; char othername[300]; - char oline[256], htmp[5]; - int i; + char oline[256], *tmp; switch (gen->type) { case GEN_OTHERNAME: @@ -183,26 +181,10 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, break; case GEN_IPADD: - p = gen->d.ip->data; - if (gen->d.ip->length == 4) - BIO_snprintf(oline, sizeof(oline), "%d.%d.%d.%d", - p[0], p[1], p[2], p[3]); - else if (gen->d.ip->length == 16) { - oline[0] = 0; - for (i = 0; i < 8; i++) { - BIO_snprintf(htmp, sizeof(htmp), "%X", p[0] << 8 | p[1]); - p += 2; - strcat(oline, htmp); - if (i != 7) - strcat(oline, ":"); - } - } else { - if (!X509V3_add_value("IP Address", "", &ret)) - return NULL; - break; - } - if (!X509V3_add_value("IP Address", oline, &ret)) - return NULL; + tmp = ipaddr_to_asc(gen->d.ip->data, gen->d.ip->length); + if (tmp == NULL || !X509V3_add_value("IP Address", tmp, &ret)) + ret = NULL; + OPENSSL_free(tmp); break; case GEN_RID: @@ -216,8 +198,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) { - unsigned char *p; - int i, nid; + char *tmp; + int nid; switch (gen->type) { case GEN_OTHERNAME: @@ -288,19 +270,11 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) break; case GEN_IPADD: - p = gen->d.ip->data; - if (gen->d.ip->length == 4) - BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]); - else if (gen->d.ip->length == 16) { - BIO_printf(out, "IP Address"); - for (i = 0; i < 8; i++) { - BIO_printf(out, ":%X", p[0] << 8 | p[1]); - p += 2; - } - } else { - BIO_printf(out, "IP Address:"); - break; - } + tmp = ipaddr_to_asc(gen->d.ip->data, gen->d.ip->length); + if (tmp == NULL) + return 0; + BIO_printf(out, "IP Address:%s", tmp); + OPENSSL_free(tmp); break; case GEN_RID: diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c index 88ad8ba74f..d7b82b775e 100644 --- a/crypto/x509/v3_ncons.c +++ b/crypto/x509/v3_ncons.c @@ -192,26 +192,17 @@ static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) { - int i, len; - unsigned char *p; - p = ip->data; - len = ip->length; - BIO_puts(bp, "IP:"); - if (len == 8) { - BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d", - p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]); - } else if (len == 32) { - for (i = 0; i < 16; i++) { - BIO_printf(bp, "%X", p[0] << 8 | p[1]); - p += 2; - if (i == 7) - BIO_puts(bp, "/"); - else if (i != 15) - BIO_puts(bp, ":"); - } - } else - BIO_printf(bp, "IP Address:"); - return 1; + /* ip->length should be 8 or 32 and len1 == len2 == 4 or len1 == len2 == 16 */ + int len1 = ip->length >= 16 ? 16 : ip->length >= 4 ? 4 : ip->length; + int len2 = ip->length - len1; + char *ip1 = ipaddr_to_asc(ip->data, len1); + char *ip2 = ipaddr_to_asc(ip->data + len1, len2); + int ret = ret = ip1 != NULL && ip2 != NULL + && BIO_printf(bp, "IP:%s/%s", ip1, ip2) > 0; + + OPENSSL_free(ip1); + OPENSSL_free(ip2); + return ret; } #define NAME_CHECK_MAX (1 << 20) diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c index 4be395397c..aefb589743 100644 --- a/crypto/x509/v3_utl.c +++ b/crypto/x509/v3_utl.c @@ -31,7 +31,8 @@ static int sk_strcmp(const char *const *a, const char *const *b); static STACK_OF(OPENSSL_STRING) *get_email(const X509_NAME *name, GENERAL_NAMES *gens); static void str_free(OPENSSL_STRING str); -static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email); +static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, + const ASN1_IA5STRING *email); static int ipv4_from_asc(unsigned char *v4, const char *in); static int ipv6_from_asc(unsigned char *v6, const char *in); @@ -178,6 +179,7 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) ASN1_INTEGER *aint; int isneg, ishex; int ret; + if (value == NULL) { X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_INVALID_NULL_VALUE); return NULL; @@ -190,14 +192,16 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) if (value[0] == '-') { value++; isneg = 1; - } else + } else { isneg = 0; + } if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) { value += 2; ishex = 1; - } else + } else { ishex = 0; + } if (ishex) ret = BN_hex2bn(&bn, value); @@ -297,6 +301,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) STACK_OF(CONF_VALUE) *values = NULL; char *linebuf; int state; + /* We are going to modify the line so copy it first */ linebuf = OPENSSL_strdup(line); if (linebuf == NULL) { @@ -382,6 +387,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) static char *strip_spaces(char *name) { char *p, *q; + /* Skip over leading spaces */ p = name; while (*p && ossl_isspace(*p)) @@ -407,6 +413,7 @@ int v3_name_cmp(const char *name, const char *cmp) { int len, ret; char c; + len = strlen(cmp); if ((ret = strncmp(name, cmp, len))) return ret; @@ -502,9 +509,11 @@ static void str_free(OPENSSL_STRING str) OPENSSL_free(str); } -static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email) +static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, + const ASN1_IA5STRING *email) { char *emtmp; + /* First some sanity checks */ if (email->type != V_ASN1_IA5STRING) return 1; @@ -519,7 +528,7 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email return 1; emtmp = OPENSSL_strdup((char *)email->data); if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) { - OPENSSL_free(emtmp); /* free on push failure */ + OPENSSL_free(emtmp); /* free on push failure */ X509_email_free(*sk); *sk = NULL; return 0; @@ -576,9 +585,10 @@ static int equal_nocase(const unsigned char *pattern, size_t pattern_len, skip_prefix(&pattern, &pattern_len, subject_len, flags); if (pattern_len != subject_len) return 0; - while (pattern_len) { + while (pattern_len != 0) { unsigned char l = *pattern; unsigned char r = *subject; + /* The pattern must not contain NUL characters. */ if (l == 0) return 0; @@ -617,6 +627,7 @@ static int equal_email(const unsigned char *a, size_t a_len, unsigned int unused_flags) { size_t i = a_len; + if (a_len != b_len) return 0; /* @@ -704,6 +715,7 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, size_t i; int state = LABEL_START; int dots = 0; + for (i = 0; i < len; ++i) { /* * Locate first and only legal wildcard, either at the start @@ -745,8 +757,9 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, if ((state & LABEL_START) != 0) return NULL; state |= LABEL_HYPHEN; - } else + } else { return NULL; + } } /* @@ -862,6 +875,7 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { GENERAL_NAME *gen; ASN1_STRING *cstr; + gen = sk_GENERAL_NAME_value(gens, i); if (gen->type != check_type) continue; @@ -961,6 +975,29 @@ int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags) return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL); } +char *ipaddr_to_asc(unsigned char *p, int len) +{ + char buf[40], *out; + + switch (len) { + case 4: /* IPv4 */ + BIO_snprintf(buf, sizeof(buf), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); + break; + /* TODO possibly combine with static i2r_address() in v3_addr.c */ + case 16: /* IPv6 */ + for (out = buf; out < buf + 8 * 3; out += 3) { + BIO_snprintf(out, 3 + 1, "%X:", p[0] << 8 | p[1]); + p += 2; + } + out[-1] = '\0'; + break; + default: + BIO_snprintf(buf, sizeof(buf), "", len); + break; + } + return OPENSSL_strdup(buf); +} + /* * Convert IP addresses both IPv4 and IPv6 into an OCTET STRING compatible * with RFC3280. @@ -1050,6 +1087,7 @@ int a2i_ipadd(unsigned char *ipout, const char *ipasc) static int ipv4_from_asc(unsigned char *v4, const char *in) { int a0, a1, a2, a3; + if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) return 0; if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) @@ -1076,6 +1114,7 @@ typedef struct { static int ipv6_from_asc(unsigned char *v6, const char *in) { IPV6_STAT v6stat; + v6stat.total = 0; v6stat.zero_pos = -1; v6stat.zero_cnt = 0; @@ -1098,21 +1137,19 @@ static int ipv6_from_asc(unsigned char *v6, const char *in) if (v6stat.total == 16) return 0; /* More than three zeroes is an error */ - if (v6stat.zero_cnt > 3) + if (v6stat.zero_cnt > 3) { return 0; /* Can only have three zeroes if nothing else present */ - else if (v6stat.zero_cnt == 3) { + } else if (v6stat.zero_cnt == 3) { if (v6stat.total > 0) return 0; - } - /* Can only have two zeroes if at start or end */ - else if (v6stat.zero_cnt == 2) { + } else if (v6stat.zero_cnt == 2) { + /* Can only have two zeroes if at start or end */ if ((v6stat.zero_pos != 0) && (v6stat.zero_pos != v6stat.total)) return 0; - } else + } else { /* Can only have one zero if *not* start or end */ - { if ((v6stat.zero_pos == 0) || (v6stat.zero_pos == v6stat.total)) return 0; @@ -1131,8 +1168,9 @@ static int ipv6_from_asc(unsigned char *v6, const char *in) memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, v6stat.tmp + v6stat.zero_pos, v6stat.total - v6stat.zero_pos); - } else + } else { memcpy(v6, v6stat.tmp, 16); + } return 1; } @@ -1140,6 +1178,7 @@ static int ipv6_from_asc(unsigned char *v6, const char *in) static int ipv6_cb(const char *elem, int len, void *usr) { IPV6_STAT *s = usr; + /* Error if 16 bytes written */ if (s->total == 16) return 0; @@ -1203,6 +1242,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, CONF_VALUE *v; int i, mval, spec_char, plus_char; char *p, *type; + if (!nm) return 0; @@ -1217,7 +1257,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, spec_char = ((*p == ':') || (*p == ',') || (*p == '.')); #else spec_char = ((*p == os_toascii[':']) || (*p == os_toascii[',']) - || (*p == os_toascii['.'])); + || (*p == os_toascii['.'])); #endif if (spec_char) { p++; @@ -1234,8 +1274,9 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, if (plus_char) { mval = -1; type++; - } else + } else { mval = 0; + } if (!X509_NAME_add_entry_by_txt(nm, type, chtype, (unsigned char *)v->value, -1, -1, mval)) diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index c3af2d3d78..f87dfd0726 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -146,14 +146,14 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) /* Macro to test if a field should be copied from src to dest */ #define test_x509_verify_param_copy(field, def) \ - (to_overwrite || \ - ((src->field != def) && (to_default || (dest->field == def)))) + (to_overwrite \ + || ((src->field != def) && (to_default || (dest->field == def)))) /* Macro to test and copy a field if necessary */ #define x509_verify_param_copy(field, def) \ - if (test_x509_verify_param_copy(field, def)) \ - dest->field = src->field + if (test_x509_verify_param_copy(field, def)) \ + dest->field = src->field; int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, const X509_VERIFY_PARAM *src) @@ -243,14 +243,16 @@ int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, static int int_x509_param_set1(char **pdest, size_t *pdestlen, const char *src, size_t srclen) { - void *tmp; + char *tmp; if (src) { if (srclen == 0) srclen = strlen(src); - tmp = OPENSSL_memdup(src, srclen); + tmp = OPENSSL_malloc(srclen + 1); if (tmp == NULL) return 0; + memcpy(tmp, src, srclen); + tmp[srclen] = '\0'; /* enforce NUL termination */ } else { tmp = NULL; srclen = 0; @@ -379,6 +381,11 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, return 1; } +char *X509_VERIFY_PARAM_get0_host(X509_VERIFY_PARAM *param, int idx) +{ + return sk_OPENSSL_STRING_value(param->hosts, idx); +} + int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const char *name, size_t namelen) { @@ -425,6 +432,11 @@ void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *to, from->peername = NULL; } +char *X509_VERIFY_PARAM_get0_email(X509_VERIFY_PARAM *param) +{ + return param->email; +} + int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, size_t emaillen) { @@ -432,6 +444,24 @@ int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, email, emaillen); } +static unsigned char +*int_X509_VERIFY_PARAM_get0_ip(X509_VERIFY_PARAM *param, size_t *plen) +{ + if (param == NULL || param->ip == NULL) + return NULL; + if (plen != NULL) + *plen = param->iplen; + return param->ip; +} + +char *X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM *param) +{ + size_t iplen; + unsigned char *ip = int_X509_VERIFY_PARAM_get0_ip(param, &iplen); + + return ip == NULL ? NULL : ipaddr_to_asc(ip, iplen); +} + int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, size_t iplen) { diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 27e0a73969..f34020cbaa 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -10,11 +10,13 @@ X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_get_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, +X509_VERIFY_PARAM_get0_host, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get_hostflags, X509_VERIFY_PARAM_get0_peername, -X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, +X509_VERIFY_PARAM_get0_email, X509_VERIFY_PARAM_set1_email, +X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_get1_ip_asc, X509_VERIFY_PARAM_set1_ip_asc - X509 verification parameters @@ -50,6 +52,7 @@ X509_VERIFY_PARAM_set1_ip_asc int auth_level); int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); + char *X509_VERIFY_PARAM_get0_host(X509_VERIFY_PARAM *param, int n); int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const char *name, size_t namelen); int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, @@ -58,8 +61,10 @@ X509_VERIFY_PARAM_set1_ip_asc unsigned int flags); unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_peername(const X509_VERIFY_PARAM *param); + char *X509_VERIFY_PARAM_get0_email(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, size_t emaillen); + char *X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, size_t iplen); int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); @@ -128,6 +133,11 @@ Security level 1 requires at least 80-bit-equivalent security and is broadly interoperable, though it will, for example, reject MD5 signatures or RSA keys shorter than 1024 bits. +X509_VERIFY_PARAM_get0_host() returns the Bth expected DNS hostname that has +been set using X509_VERIFY_PARAM_set1_host() or X509_VERIFY_PARAM_add1_host(). +To obtain all names start with B = 0 and increment B as long as no NULL +pointer is returned. + X509_VERIFY_PARAM_set1_host() sets the expected DNS hostname to B clearing any previously specified hostname. If B is NULL, or empty the list of hostnames is cleared, and @@ -177,12 +187,17 @@ string is allocated by the library and is no longer valid once the associated B argument is freed. Applications must not free the return value. +X509_VERIFY_PARAM_get0_email() returns the expected RFC822 email address. + X509_VERIFY_PARAM_set1_email() sets the expected RFC822 email address to B. If B is NUL-terminated, B may be zero, otherwise B must be set to the length of B. When an email address is specified, certificate verification automatically invokes L. +X509_VERIFY_PARAM_get1_ip_asc() returns the expected IP address as a string. +The caller is responsible for freeing it. + X509_VERIFY_PARAM_set1_ip() sets the expected IP address to B. The B argument is in binary format, in network byte-order and B must be set to 4 for IPv4 and 16 for IPv6. When an IP @@ -205,6 +220,10 @@ X509_VERIFY_PARAM_set1_email(), X509_VERIFY_PARAM_set1_ip() and X509_VERIFY_PARAM_set1_ip_asc() return 1 for success and 0 for failure. +X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), and +X509_VERIFY_PARAM_get1_ip_asc(), return the string pointers pecified above +or NULL if the respective value has not been set or on error. + X509_VERIFY_PARAM_get_flags() returns the current verification flags. X509_VERIFY_PARAM_get_hostflags() returns any current host flags. @@ -374,6 +393,9 @@ and has no effect. The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. +The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), +and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index 615cd21ae8..03f147888a 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -238,5 +238,6 @@ static ossl_inline void ossl_sleep(unsigned long millis) char *sk_ASN1_UTF8STRING2text(STACK_OF(ASN1_UTF8STRING) *text, const char *sep, size_t max_len); +char *ipaddr_to_asc(unsigned char *p, int len); #endif diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 84b076a1cb..92aed08380 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -585,6 +585,7 @@ int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, uint32_t flags); uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); +char *X509_VERIFY_PARAM_get0_host(X509_VERIFY_PARAM *param, int idx); int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const char *name, size_t namelen); int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, @@ -594,8 +595,10 @@ void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_peername(const X509_VERIFY_PARAM *param); void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); +char *X509_VERIFY_PARAM_get0_email(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, size_t emaillen); +char *X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, size_t iplen); int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, diff --git a/util/libcrypto.num b/util/libcrypto.num index 82ae2e7e84..32942a53de 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5072,6 +5072,9 @@ EVP_PKEY_CTX_set_dh_paramgen_generator ? 3_0_0 EXIST::FUNCTION:DH EVP_PKEY_CTX_set_dh_nid ? 3_0_0 EXIST::FUNCTION:DH EVP_PKEY_CTX_set_dh_rfc5114 ? 3_0_0 EXIST::FUNCTION:DH EVP_PKEY_CTX_set_dhx_rfc5114 ? 3_0_0 EXIST::FUNCTION:DH +X509_VERIFY_PARAM_get0_host ? 3_0_0 EXIST::FUNCTION: +X509_VERIFY_PARAM_get0_email ? 3_0_0 EXIST::FUNCTION: +X509_VERIFY_PARAM_get1_ip_asc ? 3_0_0 EXIST::FUNCTION: X509_verify_ex ? 3_0_0 EXIST::FUNCTION: X509_REQ_verify_ex ? 3_0_0 EXIST::FUNCTION: X509_ALGOR_copy ? 3_0_0 EXIST::FUNCTION: From openssl at openssl.org Tue May 5 10:39:25 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 05 May 2020 10:39:25 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1588675165.482238.9800.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 200e5ee5a4 Fix reason code clash 6d81bb2676 util/perl/OpenSSL/OID.pm: remove the included unit test c450922c8c Add solaris assembler fixes for legacy provider e0624f0d70 Add default property API's to enable and test for fips e908f292de make update for SSL_new_session_ticket f0049b86cc Add test for SSL_new_session_ticket() 3bfacb5fd4 Add SSL_new_session_ticket() API 6250282f7f Fix whitespace nit in ossl_statem_server_pre_work 9011309618 Add a test for EVP_PKEY_*_check functions for "DSA" keys 2fc2e37b28 When a private key is validated and there is no private key, return early. Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1984, 637 wallclock secs ( 7.73 usr 1.56 sys + 601.43 cusr 42.24 csys = 652.96 CPU) Result: FAIL Makefile:3035: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3033: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue May 5 12:11:50 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 05 May 2020 12:11:50 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1588680710.449330.27743.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 200e5ee5a4 Fix reason code clash 6d81bb2676 util/perl/OpenSSL/OID.pm: remove the included unit test c450922c8c Add solaris assembler fixes for legacy provider e0624f0d70 Add default property API's to enable and test for fips e908f292de make update for SSL_new_session_ticket f0049b86cc Add test for SSL_new_session_ticket() 3bfacb5fd4 Add SSL_new_session_ticket() API 6250282f7f Fix whitespace nit in ossl_statem_server_pre_work 9011309618 Add a test for EVP_PKEY_*_check functions for "DSA" keys 2fc2e37b28 When a private key is validated and there is no private key, return early. Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslprovider.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=197, Tests=1901, 587 wallclock secs ( 7.03 usr 1.71 sys + 558.70 cusr 38.66 csys = 606.10 CPU) Result: FAIL Makefile:3043: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:3041: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Tue May 5 12:11:45 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 05 May 2020 12:11:45 +0000 Subject: Build failed: openssl master.33810 Message-ID: <20200505121145.1.CF317E85DB64B87C@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue May 5 12:51:05 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 05 May 2020 12:51:05 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1588683065.175983.3460.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 200e5ee5a4 Fix reason code clash 6d81bb2676 util/perl/OpenSSL/OID.pm: remove the included unit test c450922c8c Add solaris assembler fixes for legacy provider e0624f0d70 Add default property API's to enable and test for fips e908f292de make update for SSL_new_session_ticket f0049b86cc Add test for SSL_new_session_ticket() 3bfacb5fd4 Add SSL_new_session_ticket() API 6250282f7f Fix whitespace nit in ossl_statem_server_pre_work 9011309618 Add a test for EVP_PKEY_*_check functions for "DSA" keys 2fc2e37b28 When a private key is validated and there is no private key, return early. Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1986, 623 wallclock secs ( 7.86 usr 1.46 sys + 590.20 cusr 39.03 csys = 638.55 CPU) Result: FAIL Makefile:3053: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3051: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue May 5 14:06:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 05 May 2020 14:06:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1588687615.728139.19776.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 200e5ee5a4 Fix reason code clash 6d81bb2676 util/perl/OpenSSL/OID.pm: remove the included unit test c450922c8c Add solaris assembler fixes for legacy provider e0624f0d70 Add default property API's to enable and test for fips e908f292de make update for SSL_new_session_ticket f0049b86cc Add test for SSL_new_session_ticket() 3bfacb5fd4 Add SSL_new_session_ticket() API 6250282f7f Fix whitespace nit in ossl_statem_server_pre_work 9011309618 Add a test for EVP_PKEY_*_check functions for "DSA" keys 2fc2e37b28 When a private key is validated and there is no private key, return early. Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslprovider.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=197, Tests=1901, 533 wallclock secs ( 6.46 usr 1.64 sys + 505.86 cusr 35.23 csys = 549.19 CPU) Result: FAIL Makefile:3039: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:3037: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue May 5 14:46:20 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 05 May 2020 14:46:20 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1588689980.448094.27978.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 200e5ee5a4 Fix reason code clash 6d81bb2676 util/perl/OpenSSL/OID.pm: remove the included unit test c450922c8c Add solaris assembler fixes for legacy provider e0624f0d70 Add default property API's to enable and test for fips e908f292de make update for SSL_new_session_ticket f0049b86cc Add test for SSL_new_session_ticket() 3bfacb5fd4 Add SSL_new_session_ticket() API 6250282f7f Fix whitespace nit in ossl_statem_server_pre_work 9011309618 Add a test for EVP_PKEY_*_check functions for "DSA" keys 2fc2e37b28 When a private key is validated and there is no private key, return early. Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1986, 661 wallclock secs ( 8.00 usr 1.44 sys + 623.68 cusr 42.89 csys = 676.01 CPU) Result: FAIL Makefile:3046: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3044: recipe for target 'tests' failed make: *** [tests] Error 2 From tmraz at fedoraproject.org Tue May 5 16:27:57 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Tue, 05 May 2020 16:27:57 +0000 Subject: [openssl] master update Message-ID: <1588696077.541364.27062.nullmailer@dev.openssl.org> The branch master has been updated via 6763f9c7e62aeba0d083be1608c88d85110976cb (commit) from 278260bfa238aefef5a1abe2043d2f812c3a4bd5 (commit) - Log ----------------------------------------------------------------- commit 6763f9c7e62aeba0d083be1608c88d85110976cb Author: Christian Heimes Date: Mon May 4 14:26:12 2020 +0200 Use fips=yes consistently in documentation The documentation for ``EVP_default_properties_is_fips_enabled()`` uses ``fips=yes`` in one place and ``fips=true`` in another place. Stick to ``fips=yes`` like everywhere else. Signed-off-by: Christian Heimes Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11723) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_set_default_properties.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/EVP_set_default_properties.pod b/doc/man3/EVP_set_default_properties.pod index 1981ff12c1..9135742bb2 100644 --- a/doc/man3/EVP_set_default_properties.pod +++ b/doc/man3/EVP_set_default_properties.pod @@ -44,7 +44,7 @@ EVP_set_default_properties() and EVP_default_properties_enable_fips() return 1 on success, or 0 on failure. An error is placed on the the error stack if a failure occurs. -EVP_default_properties_is_fips_enabled() returns 1 if the 'fips=true' default +EVP_default_properties_is_fips_enabled() returns 1 if the 'fips=yes' default property is set for the given I, otherwise it returns 0. =head1 SEE ALSO From builds at travis-ci.org Tue May 5 17:26:34 2020 From: builds at travis-ci.org (Travis CI) Date: Tue, 05 May 2020 17:26:34 +0000 Subject: Errored: openssl/openssl#34386 (master - 6763f9c) In-Reply-To: Message-ID: <5eb1a1caeb6a_13fcdf2e166f8120541@travis-tasks-7b989fcdbc-khzk2.mail> Build Update for openssl/openssl ------------------------------------- Build: #34386 Status: Errored Duration: 52 mins and 19 secs Commit: 6763f9c (master) Author: Christian Heimes Message: Use fips=yes consistently in documentation The documentation for ``EVP_default_properties_is_fips_enabled()`` uses ``fips=yes`` in one place and ``fips=true`` in another place. Stick to ``fips=yes`` like everywhere else. Signed-off-by: Christian Heimes Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11723) View the changeset: https://github.com/openssl/openssl/compare/278260bfa238...6763f9c7e62a View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/683465306?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kaduk at mit.edu Wed May 6 04:18:44 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Wed, 06 May 2020 04:18:44 +0000 Subject: [openssl] master update Message-ID: <1588738724.758086.10592.nullmailer@dev.openssl.org> The branch master has been updated via 35774d5594af9beeb73792742b7ed901d202be70 (commit) from 6763f9c7e62aeba0d083be1608c88d85110976cb (commit) - Log ----------------------------------------------------------------- commit 35774d5594af9beeb73792742b7ed901d202be70 Author: Benjamin Kaduk Date: Mon May 4 11:50:25 2020 -0700 Fix up whitespace nits introduced by PR #11416 Expand a couple literal tabs, and de-indent the body of a function. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11728) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 10 +++++----- ssl/ssl_local.h | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index fde726e0ba..fef50eea7f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2305,11 +2305,11 @@ int SSL_renegotiate_pending(const SSL *s) int SSL_new_session_ticket(SSL *s) { - if (SSL_in_init(s) || SSL_IS_FIRST_HANDSHAKE(s) || !s->server - || !SSL_IS_TLS13(s)) - return 0; - s->ext.extra_tickets_expected++; - return 1; + if (SSL_in_init(s) || SSL_IS_FIRST_HANDSHAKE(s) || !s->server + || !SSL_IS_TLS13(s)) + return 0; + s->ext.extra_tickets_expected++; + return 1; } long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index de7e9fde48..e938504d3e 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -1539,8 +1539,8 @@ struct ssl_st { /* RFC4507 session ticket expected to be received or sent */ int ticket_expected; - /* TLS 1.3 tickets requested by the application. */ - int extra_tickets_expected; + /* TLS 1.3 tickets requested by the application. */ + int extra_tickets_expected; # ifndef OPENSSL_NO_EC size_t ecpointformats_len; /* our list */ From builds at travis-ci.org Wed May 6 05:04:05 2020 From: builds at travis-ci.org (Travis CI) Date: Wed, 06 May 2020 05:04:05 +0000 Subject: Passed: openssl/openssl#34403 (master - 35774d5) In-Reply-To: Message-ID: <5eb24544d44a6_13f8adf798fac356bd@travis-tasks-5949445458-vhft2.mail> Build Update for openssl/openssl ------------------------------------- Build: #34403 Status: Passed Duration: 44 mins and 51 secs Commit: 35774d5 (master) Author: Benjamin Kaduk Message: Fix up whitespace nits introduced by PR #11416 Expand a couple literal tabs, and de-indent the body of a function. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11728) View the changeset: https://github.com/openssl/openssl/compare/6763f9c7e62a...35774d5594af View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/683678108?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed May 6 05:26:56 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 06 May 2020 05:26:56 +0000 Subject: Build failed: openssl master.33844 Message-ID: <20200506052656.1.572457F83C874FD3@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed May 6 05:59:03 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 06 May 2020 05:59:03 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1588744743.655643.29078.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 6763f9c7e6 Use fips=yes consistently in documentation 278260bfa2 Strengthen X509_STORE_CTX_print_verify_cb() to print expected host etc. e307e616f2 Improve SSL_shutdown documentation. 3327c8d6f3 Fix aix compile error in cmp_ctx_test.c 95cf64404c Fix incorrect default keysize for CAST ofb and cfb modes. b756626a37 Allow OSSL_PARAM_get_octet_string() to pass a NULL buffer 86dc26baf6 Add some tests for the newly added raw private/public key functions 2b1bc78acc Document the new raw private/public key functions 262ff12347 Implement key match functionality for ECX keys 48b4b10449 Fix the KEYNID2TYPE macro d4fe478df0 Don't export ECX key data twice c19d897850 Ensure EVP_PKEY_get_raw_[private|public]_key work with provider keys f3336f4050 Add the library ctx into an ECX_KEY 969024b458 Add the ability to ECX to import keys with only the private key a6f8a834ba Ensure OSSL_PARAM_BLD_free() can accept a NULL 1c4f340dd3 Make EVP_new_raw_[private|public]_key provider aware 7421f08500 rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes. 0c27ce7322 rand_unix.c: Only enable hack for old FreeBSD versions on FreeBSD e2e4b784e6 rand_unix.c: Include correct headers for sysctl() on NetBSD e4ec769eb9 CIFuzz turning dry_run off 12cbb8e049 WPACKET: don't write DER length when we don't want to Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1984, 645 wallclock secs ( 7.66 usr 1.42 sys + 609.61 cusr 42.02 csys = 660.71 CPU) Result: FAIL Makefile:3042: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3040: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Wed May 6 06:20:49 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 06 May 2020 06:20:49 +0000 Subject: Build completed: openssl master.33845 Message-ID: <20200506062049.1.F9626A274A479FF5@appveyor.com> An HTML attachment was scrubbed... URL: From tmraz at fedoraproject.org Wed May 6 10:33:05 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Wed, 06 May 2020 10:33:05 +0000 Subject: [openssl] master update Message-ID: <1588761185.759033.19858.nullmailer@dev.openssl.org> The branch master has been updated via 500a7615173c8ae2362a05e1affd376ab2b41a94 (commit) from 35774d5594af9beeb73792742b7ed901d202be70 (commit) - Log ----------------------------------------------------------------- commit 500a7615173c8ae2362a05e1affd376ab2b41a94 Author: Tomas Mraz Date: Tue May 5 09:52:25 2020 +0200 The synthesized OPENSSL_VERSION_NUMBER must be long (to keep API compatibility with older releases) Fixes #11716 Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/11732) ----------------------------------------------------------------------- Summary of changes: include/openssl/opensslv.h.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/openssl/opensslv.h.in b/include/openssl/opensslv.h.in index ffd2bfff32..d9eee21c2d 100644 --- a/include/openssl/opensslv.h.in +++ b/include/openssl/opensslv.h.in @@ -91,9 +91,9 @@ extern "C" { /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE -# define _OPENSSL_VERSION_PRE_RELEASE 0x0 +# define _OPENSSL_VERSION_PRE_RELEASE 0x0L # else -# define _OPENSSL_VERSION_PRE_RELEASE 0xf +# define _OPENSSL_VERSION_PRE_RELEASE 0xfL # endif # define OPENSSL_VERSION_NUMBER \ ( (OPENSSL_VERSION_MAJOR<<28) \ From matt at openssl.org Wed May 6 10:48:23 2020 From: matt at openssl.org (Matt Caswell) Date: Wed, 06 May 2020 10:48:23 +0000 Subject: [openssl] master update Message-ID: <1588762103.685018.1674.nullmailer@dev.openssl.org> The branch master has been updated via 15dd075f708c58bbbbd18f98608fecfcb97f693a (commit) via 6ed34b3eff68b79ce9fb00d84c95c950d8bc7bdd (commit) from 500a7615173c8ae2362a05e1affd376ab2b41a94 (commit) - Log ----------------------------------------------------------------- commit 15dd075f708c58bbbbd18f98608fecfcb97f693a Author: Matt Caswell Date: Fri May 1 15:15:13 2020 +0100 Fix a memory leak in CONF .include handling If OPENSSL_CONF_INCLUDE has been set then we may leak the "include" buffer. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11691) commit 6ed34b3eff68b79ce9fb00d84c95c950d8bc7bdd Author: Matt Caswell Date: Thu Apr 30 16:08:57 2020 +0100 Centralise Environment Variables for the tests The test_includes test was failing if OPENSSL_CONF_INCLUDE happened to be set in the user's environment. To ensure that no tests accidentally use this or other enviroment variables from the user's environment we automatically set them centrally for all tests. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11691) ----------------------------------------------------------------------- Summary of changes: crypto/conf/conf_def.c | 9 +++------ test/README | 4 ++++ test/recipes/03-test_fipsinstall.t | 1 - test/recipes/30-test_afalg.t | 4 +--- test/recipes/30-test_evp.t | 2 -- test/recipes/30-test_evp_fetch_prov.t | 3 --- test/recipes/70-test_comp.t | 1 - test/recipes/70-test_sslmessages.t | 1 - test/recipes/70-test_tls13kexmodes.t | 1 - test/recipes/70-test_tls13messages.t | 2 -- test/recipes/70-test_tls13psk.t | 1 - test/recipes/80-test_ct.t | 2 +- test/recipes/80-test_ssl_new.t | 3 --- test/recipes/80-test_ssl_old.t | 4 ---- test/recipes/90-test_includes.t | 2 ++ test/recipes/90-test_sslapi.t | 3 --- test/recipes/90-test_sslprovider.t | 3 --- test/run_tests.pl | 6 +++++- 18 files changed, 16 insertions(+), 36 deletions(-) diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 9dbda10edf..6efe291ac8 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -420,6 +420,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) OPENSSL_strlcpy(include_path, include_dir, newlen); OPENSSL_strlcat(include_path, "/", newlen); OPENSSL_strlcat(include_path, include, newlen); + OPENSSL_free(include); } else { include_path = include; } @@ -429,15 +430,11 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) next = process_include(include_path, &dirctx, &dirpath); if (include_path != dirpath) { /* dirpath will contain include in case of a directory */ - OPENSSL_free(include); - if (include_path != include) - OPENSSL_free(include_path); + OPENSSL_free(include_path); } #else next = BIO_new_file(include_path, "r"); - OPENSSL_free(include); - if (include_path != include) - OPENSSL_free(include_path); + OPENSSL_free(include_path); #endif if (next != NULL) { diff --git a/test/README b/test/README index 17dffa0e7f..9094d9a38d 100644 --- a/test/README +++ b/test/README @@ -151,3 +151,7 @@ works fine and can be used in place of: The former produces a more meaningful message on failure than the latter. +Note that the test infrastructure automatically sets up all required environment +variables (such as OPENSSL_MODULES, OPENSSL_CONF etc) for the tests. Individual +tests may choose to override the default settings as required. + diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index b35ddfc7b0..16ae955663 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -27,7 +27,6 @@ plan skip_all => "Test only supported in a fips build" if disabled("fips"); plan tests => 12; my $infile = bldtop_file('providers', platform->dso('fips')); -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); # fail if no module name ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', diff --git a/test/recipes/30-test_afalg.t b/test/recipes/30-test_afalg.t index 363f4d4c0b..98ffc9908c 100644 --- a/test/recipes/30-test_afalg.t +++ b/test/recipes/30-test_afalg.t @@ -7,7 +7,7 @@ # https://www.openssl.org/source/license.html use strict; -use OpenSSL::Test qw/:DEFAULT bldtop_dir/; +use OpenSSL::Test qw/:DEFAULT/; use OpenSSL::Test::Utils; my $test_name = "test_afalg"; @@ -18,6 +18,4 @@ plan skip_all => "$test_name not supported for this build" plan tests => 1; -$ENV{OPENSSL_ENGINES} = bldtop_dir("engines"); - ok(run(test(["afalgtest"])), "running afalgtest"); diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index 88eb41e1c1..5f7585cc79 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -80,8 +80,6 @@ plan tests => unless ($no_fips) { my $infile = bldtop_file('providers', platform->dso('fips')); - $ENV{OPENSSL_MODULES} = bldtop_dir("providers"); - $ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); ok(run(app(['openssl', 'fipsinstall', '-out', bldtop_file('providers', 'fipsmodule.cnf'), diff --git a/test/recipes/30-test_evp_fetch_prov.t b/test/recipes/30-test_evp_fetch_prov.t index be06716b44..a49a66fee6 100644 --- a/test/recipes/30-test_evp_fetch_prov.t +++ b/test/recipes/30-test_evp_fetch_prov.t @@ -24,9 +24,6 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); my @types = ( "digest", "cipher" ); -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); -$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); - my @setups = (); my @testdata = ( { config => srctop_file("test", "default.cnf"), diff --git a/test/recipes/70-test_comp.t b/test/recipes/70-test_comp.t index 4a00652c93..2ac168c252 100644 --- a/test/recipes/70-test_comp.t +++ b/test/recipes/70-test_comp.t @@ -28,7 +28,6 @@ plan skip_all => "$test_name needs TLSv1.3 or TLSv1.2 enabled" if disabled("tls1_3") && disabled("tls1_2"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); use constant { MULTIPLE_COMPRESSIONS => 0, diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t index b90eae57d4..3f57af62d5 100644 --- a/test/recipes/70-test_sslmessages.t +++ b/test/recipes/70-test_sslmessages.t @@ -30,7 +30,6 @@ plan skip_all => "$test_name needs TLS enabled" || (!disabled("tls1_3") && disabled("tls1_2")); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); my $proxy = TLSProxy::Proxy->new( undef, diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t index 2751a3f174..6648376c0c 100644 --- a/test/recipes/70-test_tls13kexmodes.t +++ b/test/recipes/70-test_tls13kexmodes.t @@ -32,7 +32,6 @@ plan skip_all => "$test_name needs EC enabled" if disabled("ec"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); @handmessages = ( diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t index 21fd6f2894..3113294f06 100644 --- a/test/recipes/70-test_tls13messages.t +++ b/test/recipes/70-test_tls13messages.t @@ -32,8 +32,6 @@ plan skip_all => "$test_name needs EC enabled" if disabled("ec"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); - @handmessages = ( [TLSProxy::Message::MT_CLIENT_HELLO, diff --git a/test/recipes/70-test_tls13psk.t b/test/recipes/70-test_tls13psk.t index f20150f623..66582b7d8e 100644 --- a/test/recipes/70-test_tls13psk.t +++ b/test/recipes/70-test_tls13psk.t @@ -28,7 +28,6 @@ plan skip_all => "$test_name needs TLSv1.3 enabled" if disabled("tls1_3"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); my $proxy = TLSProxy::Proxy->new( undef, diff --git a/test/recipes/80-test_ct.t b/test/recipes/80-test_ct.t index 8350467f7e..33cb71583b 100644 --- a/test/recipes/80-test_ct.t +++ b/test/recipes/80-test_ct.t @@ -11,7 +11,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir/; use OpenSSL::Test::Simple; setup("test_ct"); -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); + $ENV{CT_DIR} = srctop_dir("test", "ct"); $ENV{CERTS_DIR} = srctop_dir("test", "certs"); simple_test("test_ct", "ct_test", "ct", "ec"); diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 8a26119f86..f105a39ce0 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -26,10 +26,7 @@ use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); -$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.cnf.in")); map { s/;.*// } @conf_srcs if $^O eq "VMS"; diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 42963c364a..e01137d593 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -24,10 +24,6 @@ use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); use platform; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); -$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); - my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk, $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3, diff --git a/test/recipes/90-test_includes.t b/test/recipes/90-test_includes.t index 301f6c1560..add3813a64 100644 --- a/test/recipes/90-test_includes.t +++ b/test/recipes/90-test_includes.t @@ -10,6 +10,8 @@ setup("test_includes"); plan skip_all => "test_includes doesn't work without posix-io" if disabled("posix-io"); +delete $ENV{OPENSSL_CONF_INCLUDE}; + plan tests => # The number of tests being performed 5 + ($^O eq "VMS" ? 2 : 0); diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t index b89b783805..e25ca0ba3e 100644 --- a/test/recipes/90-test_sslapi.t +++ b/test/recipes/90-test_sslapi.t @@ -30,9 +30,6 @@ plan tests => (undef, my $tmpfilename) = tempfile(); -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); -$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); - ok(run(test(["sslapitest", srctop_dir("test", "certs"), srctop_file("test", "recipes", "90-test_sslapi_data", "passwd.txt"), $tmpfilename, "default", diff --git a/test/recipes/90-test_sslprovider.t b/test/recipes/90-test_sslprovider.t index 793756bc6d..1a2a28557e 100644 --- a/test/recipes/90-test_sslprovider.t +++ b/test/recipes/90-test_sslprovider.t @@ -23,9 +23,6 @@ plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" plan tests => 3; -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); -$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); - SKIP: { skip "Skipping FIPS installation", 1 if disabled("fips"); diff --git a/test/run_tests.pl b/test/run_tests.pl index bb91761563..0ed768ed41 100644 --- a/test/run_tests.pl +++ b/test/run_tests.pl @@ -27,7 +27,11 @@ my $bldtop = $ENV{BLDTOP} || $ENV{TOP}; my $recipesdir = catdir($srctop, "test", "recipes"); my $libdir = rel2abs(catdir($srctop, "util", "perl")); -$ENV{OPENSSL_CONF} = catdir($srctop, "apps", "openssl.cnf"); +$ENV{OPENSSL_CONF} = rel2abs(catdir($srctop, "apps", "openssl.cnf")); +$ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "providers")); +$ENV{OPENSSL_MODULES} = rel2abs(catdir($bldtop, "providers")); +$ENV{OPENSSL_ENGINES} = rel2abs(catdir($bldtop, "engines")); +$ENV{CTLOG_FILE} = rel2abs(catdir($srctop, "test", "ct", "log_list.cnf")); my %tapargs = ( verbosity => $ENV{HARNESS_VERBOSE} ? 1 : 0, From matt at openssl.org Wed May 6 10:57:16 2020 From: matt at openssl.org (Matt Caswell) Date: Wed, 06 May 2020 10:57:16 +0000 Subject: [openssl] master update Message-ID: <1588762636.298392.11097.nullmailer@dev.openssl.org> The branch master has been updated via a96e6c347bc1da9964ffe941608b11cf030320ef (commit) via 4264ecd4cebf7cee4bd437f1739e9f4297ae5b70 (commit) from 15dd075f708c58bbbbd18f98608fecfcb97f693a (commit) - Log ----------------------------------------------------------------- commit a96e6c347bc1da9964ffe941608b11cf030320ef Author: Matt Caswell Date: Fri May 1 12:24:57 2020 +0100 Extend test_ssl_get_shared_ciphers Ensure we test scenarios where a FIPS peer is communication with a non-FIPS peer. Check that a FIPS client doesn't offer ciphersuites it doesn't have, and that a FIPS server only chooses ciphersuites it can support. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11700) commit 4264ecd4cebf7cee4bd437f1739e9f4297ae5b70 Author: Matt Caswell Date: Fri May 1 09:17:40 2020 +0100 Don't offer or accept ciphersuites that we can't support We were not correctly detecting whether TLSv1.3 ciphersuites could actually be supported by the available provider implementations. For example a FIPS client would still offer CHACHA20-POLY1305 based ciphersuites even though it couldn't actually use them. Similarly on the server would try to use CHACHA20-POLY1305 and then fail the handshake. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11700) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_ciph.c | 12 ++++++++++-- test/sslapitest.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 65 insertions(+), 5 deletions(-) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 9ee1fc7fa9..7b3a5e7c89 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1596,8 +1596,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, /* Add TLSv1.3 ciphers first - we always prefer those if possible */ for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { - if (!sk_SSL_CIPHER_push(cipherstack, - sk_SSL_CIPHER_value(tls13_ciphersuites, i))) { + const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); + + /* Don't include any TLSv1.3 ciphers that are disabled */ + if ((sslc->algorithm_enc & disabled_enc) != 0 + || (ssl_cipher_table_mac[sslc->algorithm2 + & SSL_HANDSHAKE_MAC_MASK].mask + & disabled_mac_mask) != 0) + continue; + + if (!sk_SSL_CIPHER_push(cipherstack, sslc)) { sk_SSL_CIPHER_free(cipherstack); return NULL; } diff --git a/test/sslapitest.c b/test/sslapitest.c index b8bad61fd2..6889607662 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -6208,6 +6208,7 @@ static struct { const char *srvrciphers; const char *srvrtls13ciphers; const char *shared; + const char *fipsshared; } shared_ciphers_data[] = { /* * We can't establish a connection (even in TLSv1.1) with these ciphersuites if @@ -6220,14 +6221,29 @@ static struct { NULL, "AES256-SHA:DHE-RSA-AES128-SHA", NULL, + "AES256-SHA", "AES256-SHA" }, +# if !defined(OPENSSL_NO_CHACHA) \ + && !defined(OPENSSL_NO_POLY1305) \ + && !defined(OPENSSL_NO_EC) + { + TLS1_2_VERSION, + "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305", + NULL, + "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305", + NULL, + "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305", + "AES128-SHA" + }, +# endif { TLS1_2_VERSION, "AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA", NULL, "AES128-SHA:DHE-RSA-AES256-SHA:AES256-SHA", NULL, + "AES128-SHA:AES256-SHA", "AES128-SHA:AES256-SHA" }, { @@ -6236,6 +6252,7 @@ static struct { NULL, "AES128-SHA:DHE-RSA-AES128-SHA", NULL, + "AES128-SHA", "AES128-SHA" }, #endif @@ -6252,7 +6269,8 @@ static struct { "AES256-SHA:AES128-SHA256", NULL, "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:" - "TLS_AES_128_GCM_SHA256:AES256-SHA" + "TLS_AES_128_GCM_SHA256:AES256-SHA", + "TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:AES256-SHA" }, #endif #ifndef OPENSSL_NO_TLS1_3 @@ -6262,17 +6280,39 @@ static struct { "TLS_AES_256_GCM_SHA384", "AES256-SHA", "TLS_AES_256_GCM_SHA384", + "TLS_AES_256_GCM_SHA384", "TLS_AES_256_GCM_SHA384" }, #endif }; -static int test_ssl_get_shared_ciphers(int tst) +static int int_test_ssl_get_shared_ciphers(int tst, int clnt) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; char buf[1024]; + OPENSSL_CTX *tmplibctx = OPENSSL_CTX_new(); + + if (!TEST_ptr(tmplibctx)) + goto end; + + /* + * Regardless of whether we're testing with the FIPS provider loaded into + * libctx, we want one peer to always use the full set of ciphersuites + * available. Therefore we use a separate libctx with the default provider + * loaded into it. We run the same tests twice - once with the client side + * having the full set of ciphersuites and once with the server side. + */ + if (clnt) { + cctx = SSL_CTX_new_with_libctx(tmplibctx, NULL, TLS_client_method()); + if (!TEST_ptr(cctx)) + goto end; + } else { + sctx = SSL_CTX_new_with_libctx(tmplibctx, NULL, TLS_server_method()); + if (!TEST_ptr(sctx)) + goto end; + } if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), @@ -6301,7 +6341,11 @@ static int test_ssl_get_shared_ciphers(int tst) goto end; if (!TEST_ptr(SSL_get_shared_ciphers(serverssl, buf, sizeof(buf))) - || !TEST_int_eq(strcmp(buf, shared_ciphers_data[tst].shared), 0)) { + || !TEST_int_eq(strcmp(buf, + is_fips + ? shared_ciphers_data[tst].fipsshared + : shared_ciphers_data[tst].shared), + 0)) { TEST_info("Shared ciphers are: %s\n", buf); goto end; } @@ -6313,10 +6357,18 @@ static int test_ssl_get_shared_ciphers(int tst) SSL_free(clientssl); SSL_CTX_free(sctx); SSL_CTX_free(cctx); + OPENSSL_CTX_free(tmplibctx); return testresult; } +static int test_ssl_get_shared_ciphers(int tst) +{ + return int_test_ssl_get_shared_ciphers(tst, 0) + && int_test_ssl_get_shared_ciphers(tst, 1); +} + + static const char *appdata = "Hello World"; static int gen_tick_called, dec_tick_called, tick_key_cb_called; static int tick_key_renew = 0; From builds at travis-ci.org Wed May 6 12:54:57 2020 From: builds at travis-ci.org (Travis CI) Date: Wed, 06 May 2020 12:54:57 +0000 Subject: Errored: openssl/openssl#34413 (add_STORE_load_key_cert_crl - c76296c) In-Reply-To: Message-ID: <5eb2b3a05e6ab_13fae56997a0c63513@travis-tasks-6c7df7d7f5-rfbzx.mail> Build Update for openssl/openssl ------------------------------------- Build: #34413 Status: Errored Duration: 40 mins and 56 secs Commit: c76296c (add_STORE_load_key_cert_crl) Author: Dr. David von Oheimb Message: Use OSSL_STORE for load_key() and load_pubkey() in apps/lib/apps.c This also adds STORE_load_key_cert_crl(), STORE_load_pkey(), STORE_load_cert(), STORE_load_crl(), get_passwd(), cleanse(), and clear_free() to be used also in apps/cmp.c etc. View the changeset: https://github.com/openssl/openssl/commit/c76296c55a87 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/683796910?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From beldmit at gmail.com Wed May 6 14:53:50 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Wed, 06 May 2020 14:53:50 +0000 Subject: [openssl] master update Message-ID: <1588776830.896475.26250.nullmailer@dev.openssl.org> The branch master has been updated via edbb56ee4fafc07eb77747ad25278a04b89adc09 (commit) from a96e6c347bc1da9964ffe941608b11cf030320ef (commit) - Log ----------------------------------------------------------------- commit edbb56ee4fafc07eb77747ad25278a04b89adc09 Author: Dmitry Belyavskiy Date: Tue May 5 15:26:32 2020 +0300 s_server normal shutdown Partially fixes #11209 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11734) ----------------------------------------------------------------------- Summary of changes: apps/include/s_apps.h | 1 + apps/lib/s_socket.c | 21 +++++++++++++++++++++ apps/s_client.c | 21 --------------------- apps/s_server.c | 8 +++----- 4 files changed, 25 insertions(+), 26 deletions(-) diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h index 1bbe5fe09d..baedbee9d3 100644 --- a/apps/include/s_apps.h +++ b/apps/include/s_apps.h @@ -32,6 +32,7 @@ int init_client(int *sock, const char *host, const char *port, const char *bindhost, const char *bindport, int family, int type, int protocol); int should_retry(int i); +void do_ssl_shutdown(SSL *ssl); long bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c index 7dd95e9f0e..52c4a0a764 100644 --- a/apps/lib/s_socket.c +++ b/apps/lib/s_socket.c @@ -392,4 +392,25 @@ int do_server(int *accept_sock, const char *host, const char *port, return ret; } +void do_ssl_shutdown(SSL *ssl) +{ + int ret; + + do { + /* We only do unidirectional shutdown */ + ret = SSL_shutdown(ssl); + if (ret < 0) { + switch (SSL_get_error(ssl, ret)) { + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_ASYNC: + case SSL_ERROR_WANT_ASYNC_JOB: + /* We just do busy waiting. Nothing clever */ + continue; + } + ret = 0; + } + } while (ret < 0); +} + #endif /* OPENSSL_NO_SOCK */ diff --git a/apps/s_client.c b/apps/s_client.c index eb4dbdcaa2..875ebf2253 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -98,27 +98,6 @@ static int restore_errno(void) return ret; } -static void do_ssl_shutdown(SSL *ssl) -{ - int ret; - - do { - /* We only do unidirectional shutdown */ - ret = SSL_shutdown(ssl); - if (ret < 0) { - switch (SSL_get_error(ssl, ret)) { - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_ASYNC: - case SSL_ERROR_WANT_ASYNC_JOB: - /* We just do busy waiting. Nothing clever */ - continue; - } - ret = 0; - } - } while (ret < 0); -} - /* Default PSK identity and key */ static char *psk_identity = "Client_identity"; diff --git a/apps/s_server.c b/apps/s_server.c index 23c762ba9f..4904a21b7a 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1884,7 +1884,6 @@ int s_server_main(int argc, char *argv[]) } BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix); } - SSL_CTX_set_quiet_shutdown(ctx, 1); if (exc != NULL) ssl_ctx_set_excert(ctx, exc); @@ -1982,7 +1981,6 @@ int s_server_main(int argc, char *argv[]) } BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix); } - SSL_CTX_set_quiet_shutdown(ctx2, 1); if (exc != NULL) ssl_ctx_set_excert(ctx2, exc); @@ -2770,7 +2768,7 @@ static int sv_body(int s, int stype, int prot, unsigned char *context) err: if (con != NULL) { BIO_printf(bio_s_out, "shutting down SSL\n"); - SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); + do_ssl_shutdown(con); SSL_free(con); } BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); @@ -3439,7 +3437,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context) } end: /* make sure we re-use sessions */ - SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); + do_ssl_shutdown(con); err: OPENSSL_free(buf); @@ -3593,7 +3591,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context) } end: /* make sure we re-use sessions */ - SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); + do_ssl_shutdown(con); err: From no-reply at appveyor.com Wed May 6 14:55:20 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 06 May 2020 14:55:20 +0000 Subject: Build failed: openssl add_STORE_load_key_cert_crl.33856 Message-ID: <20200506145520.1.64662CF5C4AF7C5A@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed May 6 18:17:11 2020 From: levitte at openssl.org (Richard Levitte) Date: Wed, 06 May 2020 18:17:11 +0000 Subject: [openssl] master update Message-ID: <1588789031.358905.30217.nullmailer@dev.openssl.org> The branch master has been updated via 4975e8b4d2cfab923d522840533334a1bbd754b8 (commit) from edbb56ee4fafc07eb77747ad25278a04b89adc09 (commit) - Log ----------------------------------------------------------------- commit 4975e8b4d2cfab923d522840533334a1bbd754b8 Author: Richard Levitte Date: Tue May 5 16:53:43 2020 +0200 Configure: avoid perl regexp bugs It seems that in older perl versions '(?P' doesn't interact very well with '(?|' or '(?:'. Since we make extensive use of '(?P' in build.info parsing, we avoid combining that with '(?|' and '(?:' when parsing build.info variables, and end up parsing variable modifier twice (first generally, and then parse that result into the modifier components). Fixes #11694 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11737) ----------------------------------------------------------------------- Summary of changes: Configure | 58 ++++++++++++++++++++++++++-------------------------------- 1 file changed, 26 insertions(+), 32 deletions(-) diff --git a/Configure b/Configure index 4a23d26a9b..7738073455 100755 --- a/Configure +++ b/Configure @@ -1831,23 +1831,13 @@ if ($builder eq "unified") { my $variable_name_re = qr/(?P[[:alpha:]][[:alnum:]_]*)/; # Value modifier syntaxes my $variable_subst_re = qr/\/(?P(?:\\\/|.)*?)\/(?P.*?)/; - # Put it all together - my $variable_re = qr/\$ - (?| - # Simple case, just the name - ${variable_name_re} - | - # Expressive case, with braces and possible - # modifier expressions - \{ - ${variable_name_re} - (?: - # Pile on modifier expressions, - # separated by | - ${variable_subst_re} - ) - \} - )/x; + # Variable reference + my $variable_simple_re = qr/(?(?:\\\/|.)*?)\}/; + # Tie it all together + my $variable_re = qr/${variable_simple_re}|${variable_w_mod_re}/; + my $expand_variables = sub { my $value = ''; my $value_rest = shift; @@ -1856,25 +1846,29 @@ if ($builder eq "unified") { print STDERR "DEBUG[\$expand_variables] Parsed '$value_rest' ...\n" } - while ($value_rest =~ /(? Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 6763f9c7e6 Use fips=yes consistently in documentation 278260bfa2 Strengthen X509_STORE_CTX_print_verify_cb() to print expected host etc. e307e616f2 Improve SSL_shutdown documentation. 3327c8d6f3 Fix aix compile error in cmp_ctx_test.c 95cf64404c Fix incorrect default keysize for CAST ofb and cfb modes. b756626a37 Allow OSSL_PARAM_get_octet_string() to pass a NULL buffer 86dc26baf6 Add some tests for the newly added raw private/public key functions 2b1bc78acc Document the new raw private/public key functions 262ff12347 Implement key match functionality for ECX keys 48b4b10449 Fix the KEYNID2TYPE macro d4fe478df0 Don't export ECX key data twice c19d897850 Ensure EVP_PKEY_get_raw_[private|public]_key work with provider keys f3336f4050 Add the library ctx into an ECX_KEY 969024b458 Add the ability to ECX to import keys with only the private key a6f8a834ba Ensure OSSL_PARAM_BLD_free() can accept a NULL 1c4f340dd3 Make EVP_new_raw_[private|public]_key provider aware 7421f08500 rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes. 0c27ce7322 rand_unix.c: Only enable hack for old FreeBSD versions on FreeBSD e2e4b784e6 rand_unix.c: Include correct headers for sysctl() on NetBSD e4ec769eb9 CIFuzz turning dry_run off 12cbb8e049 WPACKET: don't write DER length when we don't want to Build log ended with (last 100 lines): clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_dup.d.tmp -MT crypto/asn1/libcrypto-lib-a_dup.o -c -o crypto/asn1/libcrypto-lib-a_dup.o ../openssl/crypto/asn1/a_dup.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_gentm.d.tmp -MT crypto/asn1/libcrypto-lib-a_gentm.o -c -o crypto/asn1/libcrypto-lib-a_gentm.o ../openssl/crypto/asn1/a_gentm.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_i2d_fp.d.tmp -MT crypto/asn1/libcrypto-lib-a_i2d_fp.o -c -o crypto/asn1/libcrypto-lib-a_i2d_fp.o ../openssl/crypto/asn1/a_i2d_fp.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_int.d.tmp -MT crypto/asn1/libcrypto-lib-a_int.o -c -o crypto/asn1/libcrypto-lib-a_int.o ../openssl/crypto/asn1/a_int.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_mbstr.d.tmp -MT crypto/asn1/libcrypto-lib-a_mbstr.o -c -o crypto/asn1/libcrypto-lib-a_mbstr.o ../openssl/crypto/asn1/a_mbstr.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_object.d.tmp -MT crypto/asn1/libcrypto-lib-a_object.o -c -o crypto/asn1/libcrypto-lib-a_object.o ../openssl/crypto/asn1/a_object.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_octet.d.tmp -MT crypto/asn1/libcrypto-lib-a_octet.o -c -o crypto/asn1/libcrypto-lib-a_octet.o ../openssl/crypto/asn1/a_octet.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_print.d.tmp -MT crypto/asn1/libcrypto-lib-a_print.o -c -o crypto/asn1/libcrypto-lib-a_print.o ../openssl/crypto/asn1/a_print.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_sign.d.tmp -MT crypto/asn1/libcrypto-lib-a_sign.o -c -o crypto/asn1/libcrypto-lib-a_sign.o ../openssl/crypto/asn1/a_sign.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_strex.d.tmp -MT crypto/asn1/libcrypto-lib-a_strex.o -c -o crypto/asn1/libcrypto-lib-a_strex.o ../openssl/crypto/asn1/a_strex.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_strnid.d.tmp -MT crypto/asn1/libcrypto-lib-a_strnid.o -c -o crypto/asn1/libcrypto-lib-a_strnid.o ../openssl/crypto/asn1/a_strnid.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_time.d.tmp -MT crypto/asn1/libcrypto-lib-a_time.o -c -o crypto/asn1/libcrypto-lib-a_time.o ../openssl/crypto/asn1/a_time.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_type.d.tmp -MT crypto/asn1/libcrypto-lib-a_type.o -c -o crypto/asn1/libcrypto-lib-a_type.o ../openssl/crypto/asn1/a_type.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_utctm.d.tmp -MT crypto/asn1/libcrypto-lib-a_utctm.o -c -o crypto/asn1/libcrypto-lib-a_utctm.o ../openssl/crypto/asn1/a_utctm.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_utf8.d.tmp -MT crypto/asn1/libcrypto-lib-a_utf8.o -c -o crypto/asn1/libcrypto-lib-a_utf8.o ../openssl/crypto/asn1/a_utf8.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_verify.d.tmp -MT crypto/asn1/libcrypto-lib-a_verify.o -c -o crypto/asn1/libcrypto-lib-a_verify.o ../openssl/crypto/asn1/a_verify.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-ameth_lib.d.tmp -MT crypto/asn1/libcrypto-lib-ameth_lib.o -c -o crypto/asn1/libcrypto-lib-ameth_lib.o ../openssl/crypto/asn1/ameth_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_err.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_err.o -c -o crypto/asn1/libcrypto-lib-asn1_err.o ../openssl/crypto/asn1/asn1_err.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_gen.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_gen.o -c -o crypto/asn1/libcrypto-lib-asn1_gen.o ../openssl/crypto/asn1/asn1_gen.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_item_list.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_item_list.o -c -o crypto/asn1/libcrypto-lib-asn1_item_list.o ../openssl/crypto/asn1/asn1_item_list.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_lib.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_lib.o -c -o crypto/asn1/libcrypto-lib-asn1_lib.o ../openssl/crypto/asn1/asn1_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_par.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_par.o -c -o crypto/asn1/libcrypto-lib-asn1_par.o ../openssl/crypto/asn1/asn1_par.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn_mime.d.tmp -MT crypto/asn1/libcrypto-lib-asn_mime.o -c -o crypto/asn1/libcrypto-lib-asn_mime.o ../openssl/crypto/asn1/asn_mime.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn_moid.d.tmp -MT crypto/asn1/libcrypto-lib-asn_moid.o -c -o crypto/asn1/libcrypto-lib-asn_moid.o ../openssl/crypto/asn1/asn_moid.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn_mstbl.d.tmp -MT crypto/asn1/libcrypto-lib-asn_mstbl.o -c -o crypto/asn1/libcrypto-lib-asn_mstbl.o ../openssl/crypto/asn1/asn_mstbl.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn_pack.d.tmp -MT crypto/asn1/libcrypto-lib-asn_pack.o -c -o crypto/asn1/libcrypto-lib-asn_pack.o ../openssl/crypto/asn1/asn_pack.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-bio_asn1.d.tmp -MT crypto/asn1/libcrypto-lib-bio_asn1.o -c -o crypto/asn1/libcrypto-lib-bio_asn1.o ../openssl/crypto/asn1/bio_asn1.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-bio_ndef.d.tmp -MT crypto/asn1/libcrypto-lib-bio_ndef.o -c -o crypto/asn1/libcrypto-lib-bio_ndef.o ../openssl/crypto/asn1/bio_ndef.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-d2i_param.d.tmp -MT crypto/asn1/libcrypto-lib-d2i_param.o -c -o crypto/asn1/libcrypto-lib-d2i_param.o ../openssl/crypto/asn1/d2i_param.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-d2i_pr.d.tmp -MT crypto/asn1/libcrypto-lib-d2i_pr.o -c -o crypto/asn1/libcrypto-lib-d2i_pr.o ../openssl/crypto/asn1/d2i_pr.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-d2i_pu.d.tmp -MT crypto/asn1/libcrypto-lib-d2i_pu.o -c -o crypto/asn1/libcrypto-lib-d2i_pu.o ../openssl/crypto/asn1/d2i_pu.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-evp_asn1.d.tmp -MT crypto/asn1/libcrypto-lib-evp_asn1.o -c -o crypto/asn1/libcrypto-lib-evp_asn1.o ../openssl/crypto/asn1/evp_asn1.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-f_int.d.tmp -MT crypto/asn1/libcrypto-lib-f_int.o -c -o crypto/asn1/libcrypto-lib-f_int.o ../openssl/crypto/asn1/f_int.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-f_string.d.tmp -MT crypto/asn1/libcrypto-lib-f_string.o -c -o crypto/asn1/libcrypto-lib-f_string.o ../openssl/crypto/asn1/f_string.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-i2d_param.d.tmp -MT crypto/asn1/libcrypto-lib-i2d_param.o -c -o crypto/asn1/libcrypto-lib-i2d_param.o ../openssl/crypto/asn1/i2d_param.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-i2d_pr.d.tmp -MT crypto/asn1/libcrypto-lib-i2d_pr.o -c -o crypto/asn1/libcrypto-lib-i2d_pr.o ../openssl/crypto/asn1/i2d_pr.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-i2d_pu.d.tmp -MT crypto/asn1/libcrypto-lib-i2d_pu.o -c -o crypto/asn1/libcrypto-lib-i2d_pu.o ../openssl/crypto/asn1/i2d_pu.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-n_pkey.d.tmp -MT crypto/asn1/libcrypto-lib-n_pkey.o -c -o crypto/asn1/libcrypto-lib-n_pkey.o ../openssl/crypto/asn1/n_pkey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-nsseq.d.tmp -MT crypto/asn1/libcrypto-lib-nsseq.o -c -o crypto/asn1/libcrypto-lib-nsseq.o ../openssl/crypto/asn1/nsseq.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-p5_pbe.d.tmp -MT crypto/asn1/libcrypto-lib-p5_pbe.o -c -o crypto/asn1/libcrypto-lib-p5_pbe.o ../openssl/crypto/asn1/p5_pbe.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-p5_pbev2.d.tmp -MT crypto/asn1/libcrypto-lib-p5_pbev2.o -c -o crypto/asn1/libcrypto-lib-p5_pbev2.o ../openssl/crypto/asn1/p5_pbev2.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-p5_scrypt.d.tmp -MT crypto/asn1/libcrypto-lib-p5_scrypt.o -c -o crypto/asn1/libcrypto-lib-p5_scrypt.o ../openssl/crypto/asn1/p5_scrypt.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-p8_pkey.d.tmp -MT crypto/asn1/libcrypto-lib-p8_pkey.o -c -o crypto/asn1/libcrypto-lib-p8_pkey.o ../openssl/crypto/asn1/p8_pkey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-t_bitst.d.tmp -MT crypto/asn1/libcrypto-lib-t_bitst.o -c -o crypto/asn1/libcrypto-lib-t_bitst.o ../openssl/crypto/asn1/t_bitst.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-t_pkey.d.tmp -MT crypto/asn1/libcrypto-lib-t_pkey.o -c -o crypto/asn1/libcrypto-lib-t_pkey.o ../openssl/crypto/asn1/t_pkey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-t_spki.d.tmp -MT crypto/asn1/libcrypto-lib-t_spki.o -c -o crypto/asn1/libcrypto-lib-t_spki.o ../openssl/crypto/asn1/t_spki.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_dec.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_dec.o -c -o crypto/asn1/libcrypto-lib-tasn_dec.o ../openssl/crypto/asn1/tasn_dec.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_enc.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_enc.o -c -o crypto/asn1/libcrypto-lib-tasn_enc.o ../openssl/crypto/asn1/tasn_enc.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_fre.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_fre.o -c -o crypto/asn1/libcrypto-lib-tasn_fre.o ../openssl/crypto/asn1/tasn_fre.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_new.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_new.o -c -o crypto/asn1/libcrypto-lib-tasn_new.o ../openssl/crypto/asn1/tasn_new.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_prn.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_prn.o -c -o crypto/asn1/libcrypto-lib-tasn_prn.o ../openssl/crypto/asn1/tasn_prn.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_scn.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_scn.o -c -o crypto/asn1/libcrypto-lib-tasn_scn.o ../openssl/crypto/asn1/tasn_scn.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_typ.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_typ.o -c -o crypto/asn1/libcrypto-lib-tasn_typ.o ../openssl/crypto/asn1/tasn_typ.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_utl.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_utl.o -c -o crypto/asn1/libcrypto-lib-tasn_utl.o ../openssl/crypto/asn1/tasn_utl.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_algor.d.tmp -MT crypto/asn1/libcrypto-lib-x_algor.o -c -o crypto/asn1/libcrypto-lib-x_algor.o ../openssl/crypto/asn1/x_algor.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_bignum.d.tmp -MT crypto/asn1/libcrypto-lib-x_bignum.o -c -o crypto/asn1/libcrypto-lib-x_bignum.o ../openssl/crypto/asn1/x_bignum.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_info.d.tmp -MT crypto/asn1/libcrypto-lib-x_info.o -c -o crypto/asn1/libcrypto-lib-x_info.o ../openssl/crypto/asn1/x_info.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_int64.d.tmp -MT crypto/asn1/libcrypto-lib-x_int64.o -c -o crypto/asn1/libcrypto-lib-x_int64.o ../openssl/crypto/asn1/x_int64.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_long.d.tmp -MT crypto/asn1/libcrypto-lib-x_long.o -c -o crypto/asn1/libcrypto-lib-x_long.o ../openssl/crypto/asn1/x_long.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_pkey.d.tmp -MT crypto/asn1/libcrypto-lib-x_pkey.o -c -o crypto/asn1/libcrypto-lib-x_pkey.o ../openssl/crypto/asn1/x_pkey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_sig.d.tmp -MT crypto/asn1/libcrypto-lib-x_sig.o -c -o crypto/asn1/libcrypto-lib-x_sig.o ../openssl/crypto/asn1/x_sig.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_spki.d.tmp -MT crypto/asn1/libcrypto-lib-x_spki.o -c -o crypto/asn1/libcrypto-lib-x_spki.o ../openssl/crypto/asn1/x_spki.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_val.d.tmp -MT crypto/asn1/libcrypto-lib-x_val.o -c -o crypto/asn1/libcrypto-lib-x_val.o ../openssl/crypto/asn1/x_val.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/arch/libcrypto-lib-async_null.d.tmp -MT crypto/async/arch/libcrypto-lib-async_null.o -c -o crypto/async/arch/libcrypto-lib-async_null.o ../openssl/crypto/async/arch/async_null.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/arch/libcrypto-lib-async_posix.d.tmp -MT crypto/async/arch/libcrypto-lib-async_posix.o -c -o crypto/async/arch/libcrypto-lib-async_posix.o ../openssl/crypto/async/arch/async_posix.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/arch/libcrypto-lib-async_win.d.tmp -MT crypto/async/arch/libcrypto-lib-async_win.o -c -o crypto/async/arch/libcrypto-lib-async_win.o ../openssl/crypto/async/arch/async_win.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/libcrypto-lib-async.d.tmp -MT crypto/async/libcrypto-lib-async.o -c -o crypto/async/libcrypto-lib-async.o ../openssl/crypto/async/async.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/libcrypto-lib-async_err.d.tmp -MT crypto/async/libcrypto-lib-async_err.o -c -o crypto/async/libcrypto-lib-async_err.o ../openssl/crypto/async/async_err.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/libcrypto-lib-async_wait.d.tmp -MT crypto/async/libcrypto-lib-async_wait.o -c -o crypto/async/libcrypto-lib-async_wait.o ../openssl/crypto/async/async_wait.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_cfb64.d.tmp -MT crypto/bf/libcrypto-lib-bf_cfb64.o -c -o crypto/bf/libcrypto-lib-bf_cfb64.o ../openssl/crypto/bf/bf_cfb64.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_ecb.d.tmp -MT crypto/bf/libcrypto-lib-bf_ecb.o -c -o crypto/bf/libcrypto-lib-bf_ecb.o ../openssl/crypto/bf/bf_ecb.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_enc.d.tmp -MT crypto/bf/libcrypto-lib-bf_enc.o -c -o crypto/bf/libcrypto-lib-bf_enc.o ../openssl/crypto/bf/bf_enc.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_ofb64.d.tmp -MT crypto/bf/libcrypto-lib-bf_ofb64.o -c -o crypto/bf/libcrypto-lib-bf_ofb64.o ../openssl/crypto/bf/bf_ofb64.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_skey.d.tmp -MT crypto/bf/libcrypto-lib-bf_skey.o -c -o crypto/bf/libcrypto-lib-bf_skey.o ../openssl/crypto/bf/bf_skey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_addr.d.tmp -MT crypto/bio/libcrypto-lib-b_addr.o -c -o crypto/bio/libcrypto-lib-b_addr.o ../openssl/crypto/bio/b_addr.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_dump.d.tmp -MT crypto/bio/libcrypto-lib-b_dump.o -c -o crypto/bio/libcrypto-lib-b_dump.o ../openssl/crypto/bio/b_dump.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_print.d.tmp -MT crypto/bio/libcrypto-lib-b_print.o -c -o crypto/bio/libcrypto-lib-b_print.o ../openssl/crypto/bio/b_print.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_sock.d.tmp -MT crypto/bio/libcrypto-lib-b_sock.o -c -o crypto/bio/libcrypto-lib-b_sock.o ../openssl/crypto/bio/b_sock.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_sock2.d.tmp -MT crypto/bio/libcrypto-lib-b_sock2.o -c -o crypto/bio/libcrypto-lib-b_sock2.o ../openssl/crypto/bio/b_sock2.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_buff.d.tmp -MT crypto/bio/libcrypto-lib-bf_buff.o -c -o crypto/bio/libcrypto-lib-bf_buff.o ../openssl/crypto/bio/bf_buff.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_lbuf.d.tmp -MT crypto/bio/libcrypto-lib-bf_lbuf.o -c -o crypto/bio/libcrypto-lib-bf_lbuf.o ../openssl/crypto/bio/bf_lbuf.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_nbio.d.tmp -MT crypto/bio/libcrypto-lib-bf_nbio.o -c -o crypto/bio/libcrypto-lib-bf_nbio.o ../openssl/crypto/bio/bf_nbio.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_null.d.tmp -MT crypto/bio/libcrypto-lib-bf_null.o -c -o crypto/bio/libcrypto-lib-bf_null.o ../openssl/crypto/bio/bf_null.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_prefix.d.tmp -MT crypto/bio/libcrypto-lib-bf_prefix.o -c -o crypto/bio/libcrypto-lib-bf_prefix.o ../openssl/crypto/bio/bf_prefix.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bio_cb.d.tmp -MT crypto/bio/libcrypto-lib-bio_cb.o -c -o crypto/bio/libcrypto-lib-bio_cb.o ../openssl/crypto/bio/bio_cb.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bio_err.d.tmp -MT crypto/bio/libcrypto-lib-bio_err.o -c -o crypto/bio/libcrypto-lib-bio_err.o ../openssl/crypto/bio/bio_err.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bio_lib.d.tmp -MT crypto/bio/libcrypto-lib-bio_lib.o -c -o crypto/bio/libcrypto-lib-bio_lib.o ../openssl/crypto/bio/bio_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bio_meth.d.tmp -MT crypto/bio/libcrypto-lib-bio_meth.o -c -o crypto/bio/libcrypto-lib-bio_meth.o ../openssl/crypto/bio/bio_meth.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bss_acpt.d.tmp -MT crypto/bio/libcrypto-lib-bss_acpt.o -c -o crypto/bio/libcrypto-lib-bss_acpt.o ../openssl/crypto/bio/bss_acpt.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bss_bio.d.tmp -MT crypto/bio/libcrypto-lib-bss_bio.o -c -o crypto/bio/libcrypto-lib-bss_bio.o ../openssl/crypto/bio/bss_bio.c ../openssl/crypto/bio/bio_lib.c:791:9: error: unused variable 'fd' [-Werror,-Wunused-variable] int fd; ^ 1 error generated. Makefile:12945: recipe for target 'crypto/bio/libcrypto-lib-bio_lib.o' failed make[1]: *** [crypto/bio/libcrypto-lib-bio_lib.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3000: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From shane.lontis at oracle.com Thu May 7 05:26:59 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Thu, 07 May 2020 05:26:59 +0000 Subject: [openssl] master update Message-ID: <1588829219.252360.13077.nullmailer@dev.openssl.org> The branch master has been updated via 9f2058611f7aec733d4a476f4f28c895d9e5667b (commit) from 4975e8b4d2cfab923d522840533334a1bbd754b8 (commit) - Log ----------------------------------------------------------------- commit 9f2058611f7aec733d4a476f4f28c895d9e5667b Author: Shane Lontis Date: Tue May 5 16:51:32 2020 +1000 Remove cipher table lookup from EVP_CipherInit_ex Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11731) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_enc.c | 160 --------------------------------------------------- 1 file changed, 160 deletions(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 0f7b0a7dde..0f6fbb64ec 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -84,8 +84,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) ENGINE *tmpimpl = NULL; #endif - const EVP_CIPHER *tmpcipher; - /* * enc == 1 means we are encrypting. * enc == 0 means we are decrypting. @@ -137,164 +135,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ctx->fetched_cipher = NULL; goto legacy; } - - tmpcipher = (cipher == NULL) ? ctx->cipher : cipher; - - if (tmpcipher->prov == NULL) { - switch(tmpcipher->nid) { - case NID_undef: - case NID_aes_256_ecb: - case NID_aes_192_ecb: - case NID_aes_128_ecb: - case NID_aes_256_cbc: - case NID_aes_192_cbc: - case NID_aes_128_cbc: - case NID_aes_256_ofb128: - case NID_aes_192_ofb128: - case NID_aes_128_ofb128: - case NID_aes_256_cfb128: - case NID_aes_192_cfb128: - case NID_aes_128_cfb128: - case NID_aes_256_cfb1: - case NID_aes_192_cfb1: - case NID_aes_128_cfb1: - case NID_aes_256_cfb8: - case NID_aes_192_cfb8: - case NID_aes_128_cfb8: - case NID_aes_256_ctr: - case NID_aes_192_ctr: - case NID_aes_128_ctr: - case NID_aes_128_xts: - case NID_aes_256_xts: - case NID_aes_256_ocb: - case NID_aes_192_ocb: - case NID_aes_128_ocb: - case NID_aes_256_gcm: - case NID_aes_192_gcm: - case NID_aes_128_gcm: - case NID_aes_256_siv: - case NID_aes_192_siv: - case NID_aes_128_siv: - case NID_aes_256_cbc_hmac_sha256: - case NID_aes_128_cbc_hmac_sha256: - case NID_aes_256_cbc_hmac_sha1: - case NID_aes_128_cbc_hmac_sha1: - case NID_id_aes256_wrap: - case NID_id_aes256_wrap_pad: - case NID_id_aes192_wrap: - case NID_id_aes192_wrap_pad: - case NID_id_aes128_wrap: - case NID_id_aes128_wrap_pad: - case NID_aria_256_gcm: - case NID_aria_192_gcm: - case NID_aria_128_gcm: - case NID_aes_256_ccm: - case NID_aes_192_ccm: - case NID_aes_128_ccm: - case NID_aria_256_ccm: - case NID_aria_192_ccm: - case NID_aria_128_ccm: - case NID_aria_256_ecb: - case NID_aria_192_ecb: - case NID_aria_128_ecb: - case NID_aria_256_cbc: - case NID_aria_192_cbc: - case NID_aria_128_cbc: - case NID_aria_256_ofb128: - case NID_aria_192_ofb128: - case NID_aria_128_ofb128: - case NID_aria_256_cfb128: - case NID_aria_192_cfb128: - case NID_aria_128_cfb128: - case NID_aria_256_cfb1: - case NID_aria_192_cfb1: - case NID_aria_128_cfb1: - case NID_aria_256_cfb8: - case NID_aria_192_cfb8: - case NID_aria_128_cfb8: - case NID_aria_256_ctr: - case NID_aria_192_ctr: - case NID_aria_128_ctr: - case NID_camellia_256_ecb: - case NID_camellia_192_ecb: - case NID_camellia_128_ecb: - case NID_camellia_256_cbc: - case NID_camellia_192_cbc: - case NID_camellia_128_cbc: - case NID_camellia_256_ofb128: - case NID_camellia_192_ofb128: - case NID_camellia_128_ofb128: - case NID_camellia_256_cfb128: - case NID_camellia_192_cfb128: - case NID_camellia_128_cfb128: - case NID_camellia_256_cfb1: - case NID_camellia_192_cfb1: - case NID_camellia_128_cfb1: - case NID_camellia_256_cfb8: - case NID_camellia_192_cfb8: - case NID_camellia_128_cfb8: - case NID_camellia_256_ctr: - case NID_camellia_192_ctr: - case NID_camellia_128_ctr: - case NID_des_ede3_cbc: - case NID_des_ede3_ecb: - case NID_des_ede3_ofb64: - case NID_des_ede3_cfb64: - case NID_des_ede3_cfb8: - case NID_des_ede3_cfb1: - case NID_des_ede_cbc: - case NID_des_ede_ecb: - case NID_des_ede_ofb64: - case NID_des_ede_cfb64: - case NID_desx_cbc: - case NID_des_cbc: - case NID_des_ecb: - case NID_des_cfb1: - case NID_des_cfb8: - case NID_des_cfb64: - case NID_des_ofb64: - case NID_id_smime_alg_CMS3DESwrap: - case NID_bf_cbc: - case NID_bf_ecb: - case NID_bf_cfb64: - case NID_bf_ofb64: - case NID_idea_cbc: - case NID_idea_ecb: - case NID_idea_cfb64: - case NID_idea_ofb64: - case NID_cast5_cbc: - case NID_cast5_ecb: - case NID_cast5_cfb64: - case NID_cast5_ofb64: - case NID_seed_cbc: - case NID_seed_ecb: - case NID_seed_cfb128: - case NID_seed_ofb128: - case NID_sm4_cbc: - case NID_sm4_ecb: - case NID_sm4_ctr: - case NID_sm4_cfb128: - case NID_sm4_ofb128: - case NID_rc4: - case NID_rc4_40: - case NID_rc5_cbc: - case NID_rc5_ecb: - case NID_rc5_cfb64: - case NID_rc5_ofb64: - case NID_rc2_cbc: - case NID_rc2_40_cbc: - case NID_rc2_64_cbc: - case NID_rc2_cfb64: - case NID_rc2_ofb64: - case NID_chacha20: - case NID_chacha20_poly1305: - case NID_rc4_hmac_md5: - break; - default: - goto legacy; - } - } - /* * Ensure a context left lying around from last time is cleared * (legacy code) From shane.lontis at oracle.com Thu May 7 05:32:27 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Thu, 07 May 2020 05:32:27 +0000 Subject: [openssl] master update Message-ID: <1588829547.723169.17493.nullmailer@dev.openssl.org> The branch master has been updated via 5e77b79a8c47f0801f656cfccfcbaaa3ca1035b4 (commit) from 9f2058611f7aec733d4a476f4f28c895d9e5667b (commit) - Log ----------------------------------------------------------------- commit 5e77b79a8c47f0801f656cfccfcbaaa3ca1035b4 Author: Shane Lontis Date: Thu May 7 15:31:05 2020 +1000 Remove gen_get_params & gen_gettable_params from keygen operation EVP_PKEY_CTX_gettable_params() was missing code for the keygen operation. After adding it it was noticed that it is probably not required for this type, so instead the gen_get_params and gen_gettable_params have been remnoved from the provider interface. gen_get_params was only implemented for ec to get the curve name. This seems redundant since normally you would set parameters into the keygen_init() and then generate a key. Normally you would expect to extract data from the key - not the object that we just set up to do the keygen. Added a simple settable and gettable test into a test that does keygen. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11683) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_local.h | 2 -- crypto/evp/keymgmt_meth.c | 34 +------------------------ crypto/evp/pmeth_gn.c | 5 ++-- crypto/evp/pmeth_lib.c | 11 +------- doc/man7/provider-keymgmt.pod | 12 --------- include/crypto/evp.h | 4 --- include/openssl/core_numbers.h | 6 ++--- providers/implementations/keymgmt/ec_kmgmt.c | 38 ---------------------------- test/dsatest.c | 5 ++++ 9 files changed, 12 insertions(+), 105 deletions(-) diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index 4c822aa7d3..de7d69a26c 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -86,8 +86,6 @@ struct evp_keymgmt_st { OSSL_OP_keymgmt_gen_set_template_fn *gen_set_template; OSSL_OP_keymgmt_gen_set_params_fn *gen_set_params; OSSL_OP_keymgmt_gen_settable_params_fn *gen_settable_params; - OSSL_OP_keymgmt_gen_get_params_fn *gen_get_params; - OSSL_OP_keymgmt_gen_gettable_params_fn *gen_gettable_params; OSSL_OP_keymgmt_gen_fn *gen; OSSL_OP_keymgmt_gen_cleanup_fn *gen_cleanup; diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index 172dd21a71..b75d02f136 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -39,7 +39,7 @@ static void *keymgmt_from_dispatch(int name_id, { EVP_KEYMGMT *keymgmt = NULL; int setparamfncnt = 0, getparamfncnt = 0; - int setgenparamfncnt = 0, getgenparamfncnt = 0; + int setgenparamfncnt = 0; int importfncnt = 0, exportfncnt = 0; if ((keymgmt = keymgmt_new()) == NULL) { @@ -77,20 +77,6 @@ static void *keymgmt_from_dispatch(int name_id, OSSL_get_OP_keymgmt_gen_settable_params(fns); } break; - case OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS: - if (keymgmt->gen_get_params == NULL) { - getgenparamfncnt++; - keymgmt->gen_get_params = - OSSL_get_OP_keymgmt_gen_get_params(fns); - } - break; - case OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS: - if (keymgmt->gen_gettable_params == NULL) { - getgenparamfncnt++; - keymgmt->gen_gettable_params = - OSSL_get_OP_keymgmt_gen_gettable_params(fns); - } - break; case OSSL_FUNC_KEYMGMT_GEN: if (keymgmt->gen == NULL) keymgmt->gen = OSSL_get_OP_keymgmt_gen(fns); @@ -186,7 +172,6 @@ static void *keymgmt_from_dispatch(int name_id, || (getparamfncnt != 0 && getparamfncnt != 2) || (setparamfncnt != 0 && setparamfncnt != 2) || (setgenparamfncnt != 0 && setgenparamfncnt != 2) - || (getgenparamfncnt != 0 && getgenparamfncnt != 2) || (importfncnt != 0 && importfncnt != 2) || (exportfncnt != 0 && exportfncnt != 2) || (keymgmt->gen != NULL @@ -342,23 +327,6 @@ const OSSL_PARAM *evp_keymgmt_gen_settable_params(const EVP_KEYMGMT *keymgmt) return keymgmt->gen_settable_params(provctx); } -int evp_keymgmt_gen_get_params(const EVP_KEYMGMT *keymgmt, void *genctx, - OSSL_PARAM params[]) -{ - if (keymgmt->gen_get_params == NULL) - return 0; - return keymgmt->gen_get_params(genctx, params); -} - -const OSSL_PARAM *evp_keymgmt_gen_gettable_params(const EVP_KEYMGMT *keymgmt) -{ - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); - - if (keymgmt->gen_gettable_params == NULL) - return NULL; - return keymgmt->gen_gettable_params(provctx); -} - void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, OSSL_CALLBACK *cb, void *cbarg) { diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index dc1dad86ba..a775d2bee7 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -210,8 +210,9 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) { char curve_name[OSSL_MAX_NAME_SIZE] = ""; - if (EVP_PKEY_CTX_get_ec_paramgen_curve_name(ctx, curve_name, - sizeof(curve_name)) < 1 + if (!EVP_PKEY_get_utf8_string_param(*ppkey, OSSL_PKEY_PARAM_EC_NAME, + curve_name, sizeof(curve_name), + NULL) || strcmp(curve_name, "SM2") != 0) goto end; } diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index e262e87319..3476d83ea6 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -613,12 +613,6 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) && ctx->op.ciph.cipher->get_ctx_params != NULL) return ctx->op.ciph.cipher->get_ctx_params(ctx->op.ciph.ciphprovctx, params); - if (EVP_PKEY_CTX_IS_GEN_OP(ctx) - && ctx->op.keymgmt.genctx != NULL - && ctx->keymgmt != NULL - && ctx->keymgmt->gen_get_params != NULL) - return evp_keymgmt_gen_get_params(ctx->keymgmt, ctx->op.keymgmt.genctx, - params); return 0; } @@ -632,12 +626,10 @@ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx) && ctx->op.sig.signature != NULL && ctx->op.sig.signature->gettable_ctx_params != NULL) return ctx->op.sig.signature->gettable_ctx_params(); - if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) && ctx->op.ciph.cipher != NULL && ctx->op.ciph.cipher->gettable_ctx_params != NULL) return ctx->op.ciph.cipher->gettable_ctx_params(); - return NULL; } @@ -656,8 +648,7 @@ const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx) && ctx->op.ciph.cipher->settable_ctx_params != NULL) return ctx->op.ciph.cipher->settable_ctx_params(); if (EVP_PKEY_CTX_IS_GEN_OP(ctx) - && ctx->keymgmt != NULL - && ctx->keymgmt->gen_settable_params != NULL) + && ctx->keymgmt != NULL) return evp_keymgmt_gen_settable_params(ctx->keymgmt); return NULL; diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod index 0669585b1a..4202a77b54 100644 --- a/doc/man7/provider-keymgmt.pod +++ b/doc/man7/provider-keymgmt.pod @@ -22,8 +22,6 @@ provider-keymgmt - The KEYMGMT library E-E provider functions int OP_keymgmt_gen_set_template(void *genctx, void *template); int OP_keymgmt_gen_set_params(void *genctx, const OSSL_PARAM params[]); const OSSL_PARAM *OP_keymgmt_gen_settable_params(void *provctx); - int OP_keymgmt_gen_get_params(void *genctx, const OSSL_PARAM params[]); - const OSSL_PARAM *OP_keymgmt_gen_gettable_params(void *provctx); void *OP_keymgmt_gen(void *genctx, OSSL_CALLBACK *cb, void *cbarg); void OP_keymgmt_gen_cleanup(void *genctx); @@ -93,8 +91,6 @@ macros in L, as follows: OP_keymgmt_gen_set_template OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE OP_keymgmt_gen_set_params OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS OP_keymgmt_gen_settable_params OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS - OP_keymgmt_gen_get_params OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS - OP_keymgmt_gen_gettable_params OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS OP_keymgmt_gen OSSL_FUNC_KEYMGMT_GEN OP_keymgmt_gen_cleanup OSSL_FUNC_KEYMGMT_GEN_CLEANUP @@ -213,7 +209,6 @@ OP_keymgmt_free() should free the passed I. OP_keymgmt_gen_init(), OP_keymgmt_gen_set_template(), OP_keymgmt_gen_set_params(), OP_keymgmt_gen_settable_params(), -OP_keymgmt_gen_get_params(), OP_keymgmt_gen_gettable_params(), OP_keymgmt_gen() and OP_keymgmt_gen_cleanup() work together as a more elaborate context based key object constructor. @@ -235,13 +230,6 @@ OP_keymgmt_gen_settable_params() should return a constant array of descriptor B, for parameters that OP_keymgmt_gen_set_params() can handle. -OP_keymgmt_gen_get_params() should extract information data associated -with the key object generation context I. - -OP_keymgmt_gen_gettable_params() should return a constant array of -descriptor B, for parameters that OP_keymgmt_gen_get_params() -can handle. - OP_keymgmt_gen() should perform the key object generation itself, and return the result. The callback I should be called at regular intervals with indications on how the key object generation diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 852e82518e..ee4b6221e6 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -678,10 +678,6 @@ int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx, const OSSL_PARAM params[]); const OSSL_PARAM * evp_keymgmt_gen_settable_params(const EVP_KEYMGMT *keymgmt); -int evp_keymgmt_gen_get_params(const EVP_KEYMGMT *keymgmt, void *genctx, - OSSL_PARAM params[]); -const OSSL_PARAM * -evp_keymgmt_gen_gettable_params(const EVP_KEYMGMT *keymgmt); void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, OSSL_CALLBACK *cb, void *cbarg); void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx); diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index aaf281b1fe..2cf2f27715 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -392,10 +392,8 @@ OSSL_CORE_MAKE_FUNC(void *, OP_keymgmt_new, (void *provctx)) # define OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE 3 # define OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS 4 # define OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS 5 -# define OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS 6 -# define OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS 7 -# define OSSL_FUNC_KEYMGMT_GEN 8 -# define OSSL_FUNC_KEYMGMT_GEN_CLEANUP 9 +# define OSSL_FUNC_KEYMGMT_GEN 6 +# define OSSL_FUNC_KEYMGMT_GEN_CLEANUP 7 OSSL_CORE_MAKE_FUNC(void *, OP_keymgmt_gen_init, (void *provctx, int selection)) OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_gen_set_template, diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 9466b4fd0b..a48b279547 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -31,8 +31,6 @@ static OSSL_OP_keymgmt_gen_init_fn ec_gen_init; static OSSL_OP_keymgmt_gen_set_template_fn ec_gen_set_template; static OSSL_OP_keymgmt_gen_set_params_fn ec_gen_set_params; static OSSL_OP_keymgmt_gen_settable_params_fn ec_gen_settable_params; -static OSSL_OP_keymgmt_gen_get_params_fn ec_gen_get_params; -static OSSL_OP_keymgmt_gen_gettable_params_fn ec_gen_gettable_params; static OSSL_OP_keymgmt_gen_fn ec_gen; static OSSL_OP_keymgmt_gen_cleanup_fn ec_gen_cleanup; static OSSL_OP_keymgmt_free_fn ec_freedata; @@ -679,39 +677,6 @@ static const OSSL_PARAM *ec_gen_settable_params(void *provctx) return settable; } -static int ec_gen_get_params(void *genctx, OSSL_PARAM params[]) -{ - struct ec_gen_ctx *gctx = genctx; - OSSL_PARAM *p; - - if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_EC_NAME)) != NULL) { - int nid = EC_GROUP_get_curve_name(gctx->gen_group); - int ret = 0; - const char *curve_name = ec_curve_nid2name(nid); - - switch (p->data_type) { - case OSSL_PARAM_UTF8_STRING: - ret = OSSL_PARAM_set_utf8_string(p, curve_name); - break; - case OSSL_PARAM_UTF8_PTR: - ret = OSSL_PARAM_set_utf8_ptr(p, curve_name); - break; - } - return ret; - } - return 1; -} - -static const OSSL_PARAM *ec_gen_gettable_params(void *provctx) -{ - static OSSL_PARAM gettable[] = { - { OSSL_PKEY_PARAM_EC_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, - OSSL_PARAM_END - }; - - return gettable; -} - static int ec_gen_assign_group(EC_KEY *ec, EC_GROUP *group) { if (group == NULL) { @@ -767,9 +732,6 @@ const OSSL_DISPATCH ec_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))ec_gen_set_params }, { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, (void (*)(void))ec_gen_settable_params }, - { OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS, (void (*)(void))ec_gen_get_params }, - { OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS, - (void (*)(void))ec_gen_gettable_params }, { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))ec_gen }, { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))ec_gen_cleanup }, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ec_freedata }, diff --git a/test/dsatest.c b/test/dsatest.c index eac4a17ed1..c9857d6c67 100644 --- a/test/dsatest.c +++ b/test/dsatest.c @@ -155,6 +155,7 @@ static int dsa_keygen_test(void) unsigned char seed_out[32]; char group_out[32]; size_t len = 0; + const OSSL_PARAM *settables = NULL; static const unsigned char seed_data[] = { 0xa6, 0xf5, 0x28, 0x8c, 0x50, 0x77, 0xa5, 0x68, 0x6d, 0x3a, 0xf5, 0xf1, 0xc6, 0x4c, 0xdc, 0x35, @@ -244,6 +245,10 @@ static int dsa_keygen_test(void) goto end; if (!TEST_ptr(pg_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)) || !TEST_int_gt(EVP_PKEY_paramgen_init(pg_ctx), 0) + || !TEST_ptr_null(EVP_PKEY_CTX_gettable_params(pg_ctx)) + || !TEST_ptr(settables = EVP_PKEY_CTX_settable_params(pg_ctx)) + || !TEST_ptr(OSSL_PARAM_locate_const(settables, + OSSL_PKEY_PARAM_FFC_PBITS)) || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(pg_ctx, 2048)) || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(pg_ctx, 224)) || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_seed(pg_ctx, seed_data, From shane.lontis at oracle.com Thu May 7 05:36:47 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Thu, 07 May 2020 05:36:47 +0000 Subject: [openssl] master update Message-ID: <1588829807.589779.13845.nullmailer@dev.openssl.org> The branch master has been updated via 3bf26eb335a0b4613fa1dd844afb146ba0b8b959 (commit) from 5e77b79a8c47f0801f656cfccfcbaaa3ca1035b4 (commit) - Log ----------------------------------------------------------------- commit 3bf26eb335a0b4613fa1dd844afb146ba0b8b959 Author: Shane Lontis Date: Fri May 1 10:31:27 2020 +1000 Add OIDS for md4 and ripemd160 to der_rsa Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11696) ----------------------------------------------------------------------- Summary of changes: providers/common/der/RSA.asn1 | 11 +++++++++++ providers/common/der/der_rsa.c.in | 3 +++ 2 files changed, 14 insertions(+) diff --git a/providers/common/der/RSA.asn1 b/providers/common/der/RSA.asn1 index 7bce636029..66511be50e 100644 --- a/providers/common/der/RSA.asn1 +++ b/providers/common/der/RSA.asn1 @@ -86,3 +86,14 @@ id-rsassa-pkcs1-v1_5-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 13 } id-rsassa-pkcs1-v1_5-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 14 } id-rsassa-pkcs1-v1_5-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 15 } id-rsassa-pkcs1-v1_5-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 16 } + + +-- ------------------------------------------------------------------- +-- These OID's exist in the codebase but may need to be deprecated at some point. +-- mdc2 and md5_sha1 have been omitted as they do not look like valid entries. + +md4WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 3 } + +ripemd160WithRSAEncryption OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) teletrust(36) algorithm(3) signatureAlgorithm(3) rsaSignature(1) 2 +} diff --git a/providers/common/der/der_rsa.c.in b/providers/common/der/der_rsa.c.in index 5abf079398..cdff722818 100644 --- a/providers/common/der/der_rsa.c.in +++ b/providers/common/der/der_rsa.c.in @@ -53,6 +53,9 @@ int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, #ifndef FIPS_MODULE MD_CASE(md2); MD_CASE(md5); + MD_CASE(md4); + MD_CASE(ripemd160); +/* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */ #endif MD_CASE(sha1); MD_CASE(sha224); From shane.lontis at oracle.com Thu May 7 06:01:30 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Thu, 07 May 2020 06:01:30 +0000 Subject: [openssl] master update Message-ID: <1588831290.704556.29921.nullmailer@dev.openssl.org> The branch master has been updated via 45c236ad1f1c881281017941a0e7126735a190e8 (commit) from 3bf26eb335a0b4613fa1dd844afb146ba0b8b959 (commit) - Log ----------------------------------------------------------------- commit 45c236ad1f1c881281017941a0e7126735a190e8 Author: Shane Lontis Date: Thu Apr 30 13:41:05 2020 +1000 Add RSA SHA512 truncated digest support Partial Fix for #11648. Some additional work still needs to be done to support RSA-PSS mode. RSA legacy digests will be addressed in another PR. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11681) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_pmeth.c | 2 ++ include/openssl/core_names.h | 2 ++ providers/common/der/der_rsa.c.in | 2 ++ providers/implementations/signature/rsa.c | 2 ++ test/recipes/30-test_evp_data/evppkey.txt | 13 +++++++++++++ 5 files changed, 21 insertions(+) diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 70944c638e..e899fbd605 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -382,6 +382,8 @@ static int check_padding_md(const EVP_MD *md, int padding) case NID_sha256: case NID_sha384: case NID_sha512: + case NID_sha512_224: + case NID_sha512_256: case NID_md5: case NID_md5_sha1: case NID_md2: diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 4bc151c162..6e93738ae0 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -94,6 +94,8 @@ extern "C" { #define OSSL_DIGEST_NAME_SHA2_256 "SHA2-256" #define OSSL_DIGEST_NAME_SHA2_384 "SHA2-384" #define OSSL_DIGEST_NAME_SHA2_512 "SHA2-512" +#define OSSL_DIGEST_NAME_SHA2_512_224 "SHA2-512/224" +#define OSSL_DIGEST_NAME_SHA2_512_256 "SHA2-512/256" #define OSSL_DIGEST_NAME_MD2 "MD2" #define OSSL_DIGEST_NAME_MD4 "MD4" #define OSSL_DIGEST_NAME_MDC2 "MDC2" diff --git a/providers/common/der/der_rsa.c.in b/providers/common/der/der_rsa.c.in index cdff722818..bc7c0095e9 100644 --- a/providers/common/der/der_rsa.c.in +++ b/providers/common/der/der_rsa.c.in @@ -62,6 +62,8 @@ int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, MD_CASE(sha256); MD_CASE(sha384); MD_CASE(sha512); + MD_CASE(sha512_224); + MD_CASE(sha512_256); MD_CASE(sha3_224); MD_CASE(sha3_256); MD_CASE(sha3_384); diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index fdcdb56194..0670447480 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -129,6 +129,8 @@ static int rsa_get_md_nid(const EVP_MD *md) { NID_sha256, OSSL_DIGEST_NAME_SHA2_256 }, { NID_sha384, OSSL_DIGEST_NAME_SHA2_384 }, { NID_sha512, OSSL_DIGEST_NAME_SHA2_512 }, + { NID_sha512_224, OSSL_DIGEST_NAME_SHA2_512_224 }, + { NID_sha512_256, OSSL_DIGEST_NAME_SHA2_512_256 }, { NID_md5, OSSL_DIGEST_NAME_MD5 }, { NID_md5_sha1, OSSL_DIGEST_NAME_MD5_SHA1 }, { NID_md2, OSSL_DIGEST_NAME_MD2 }, diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt index e4b6497b48..1d5274f103 100644 --- a/test/recipes/30-test_evp_data/evppkey.txt +++ b/test/recipes/30-test_evp_data/evppkey.txt @@ -142,6 +142,19 @@ Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad +# Truncated digest +Sign = RSA-2048 +Availablein = default +Ctrl = digest:SHA512-224 +Input = "0123456789ABCDEF123456789ABC" +Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17 + +Verify = RSA-2048 +Availablein = default +Ctrl = digest:SHA512-224 +Input = "0123456789ABCDEF123456789ABC" +Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17 + VerifyRecover = RSA-2048 Availablein = default Ctrl = digest:SHA1 From shane.lontis at oracle.com Thu May 7 06:09:32 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Thu, 07 May 2020 06:09:32 +0000 Subject: [openssl] master update Message-ID: <1588831772.444577.4196.nullmailer@dev.openssl.org> The branch master has been updated via 31b069ecea2c567de22b3874c8e71cc37c921ec9 (commit) from 45c236ad1f1c881281017941a0e7126735a190e8 (commit) - Log ----------------------------------------------------------------- commit 31b069ecea2c567de22b3874c8e71cc37c921ec9 Author: Shane Lontis Date: Thu May 7 16:08:18 2020 +1000 Remove legacy FIPS_mode functions Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11680) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 7 +++++++ crypto/build.info | 2 +- crypto/o_fips.c | 24 ------------------------ include/openssl/crypto.h | 3 --- util/libcrypto.num | 4 ++-- 5 files changed, 10 insertions(+), 30 deletions(-) delete mode 100644 crypto/o_fips.c diff --git a/CHANGES.md b/CHANGES.md index b11ca85c65..6da7bcde72 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,6 +24,13 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] ### +* Removed FIPS_mode() and FIPS_mode_set(). These functions are legacy API's + that are not applicable to the new provider model. Applications should + instead use EVP_default_properties_is_fips_enabled() and + EVP_default_properties_enable_fips(). + + *Shane Lontis* + * Deprecated EC_POINT_set_Jprojective_coordinates_GFp() and EC_POINT_get_Jprojective_coordinates_GFp(). These functions are not widely used and applications should instead use the diff --git a/crypto/build.info b/crypto/build.info index 860b8bb823..3537bbcc26 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -77,7 +77,7 @@ $UTIL_DEFINE=$CPUIDDEF SOURCE[../libcrypto]=$UTIL_COMMON \ mem.c mem_sec.c \ cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \ - o_fopen.c getenv.c o_init.c o_fips.c init.c trace.c provider.c \ + o_fopen.c getenv.c o_init.c init.c trace.c provider.c \ $UPLINKSRC SOURCE[../providers/libfips.a]=$UTIL_COMMON SOURCE[../providers/liblegacy.a]=$UTIL_COMMON diff --git a/crypto/o_fips.c b/crypto/o_fips.c deleted file mode 100644 index ac768e5aa3..0000000000 --- a/crypto/o_fips.c +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" - -int FIPS_mode(void) -{ - /* This version of the library does not support FIPS mode. */ - return 0; -} - -int FIPS_mode_set(int r) -{ - if (r == 0) - return 1; - CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED); - return 0; -} diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 0b3a20dfd2..3cca316cd4 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -377,9 +377,6 @@ ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line int OPENSSL_isservice(void); -int FIPS_mode(void); -int FIPS_mode_set(int r); - void OPENSSL_init(void); # ifdef OPENSSL_SYS_UNIX void OPENSSL_fork_prepare(void); diff --git a/util/libcrypto.num b/util/libcrypto.num index 32942a53de..e91c265e20 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -490,7 +490,7 @@ X509_CRL_print 499 3_0_0 EXIST::FUNCTION: WHIRLPOOL_Update 500 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,WHIRLPOOL DSA_get_ex_data 501 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA BN_copy 502 3_0_0 EXIST::FUNCTION: -FIPS_mode_set 503 3_0_0 EXIST::FUNCTION: +FIPS_mode_set 503 3_0_0 NOEXIST::FUNCTION: X509_VERIFY_PARAM_add0_policy 504 3_0_0 EXIST::FUNCTION: PKCS7_cert_from_signer_info 505 3_0_0 EXIST::FUNCTION: X509_TRUST_get_trust 506 3_0_0 EXIST::FUNCTION: @@ -2534,7 +2534,7 @@ OPENSSL_strnlen 2587 3_0_0 EXIST::FUNCTION: IDEA_ecb_encrypt 2588 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA ASN1_STRING_set_default_mask 2589 3_0_0 EXIST::FUNCTION: TS_VERIFY_CTX_add_flags 2590 3_0_0 EXIST::FUNCTION:TS -FIPS_mode 2591 3_0_0 EXIST::FUNCTION: +FIPS_mode 2591 3_0_0 NOEXIST::FUNCTION: d2i_ASN1_UNIVERSALSTRING 2592 3_0_0 EXIST::FUNCTION: NAME_CONSTRAINTS_free 2593 3_0_0 EXIST::FUNCTION: EC_GROUP_get_order 2594 3_0_0 EXIST::FUNCTION:EC From builds at travis-ci.org Thu May 7 06:27:48 2020 From: builds at travis-ci.org (Travis CI) Date: Thu, 07 May 2020 06:27:48 +0000 Subject: Canceled: openssl/openssl#34431 (master - 9f20586) In-Reply-To: Message-ID: <5eb3aa63a994f_13fc54eed5f641219aa@travis-tasks-84dbfc4c47-f87sv.mail> Build Update for openssl/openssl ------------------------------------- Build: #34431 Status: Canceled Duration: 50 mins and 50 secs Commit: 9f20586 (master) Author: Shane Lontis Message: Remove cipher table lookup from EVP_CipherInit_ex Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11731) View the changeset: https://github.com/openssl/openssl/compare/4975e8b4d2cf...9f2058611f7a View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/684123328?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From beldmit at gmail.com Thu May 7 07:56:32 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Thu, 07 May 2020 07:56:32 +0000 Subject: [openssl] master update Message-ID: <1588838192.043645.832.nullmailer@dev.openssl.org> The branch master has been updated via 2b5e12f5096e1fba7dd91a682f4c34759469c34b (commit) from 31b069ecea2c567de22b3874c8e71cc37c921ec9 (commit) - Log ----------------------------------------------------------------- commit 2b5e12f5096e1fba7dd91a682f4c34759469c34b Author: Jakub Zelenka Date: Sun Apr 12 21:29:41 2020 +0100 Add documentation for CMS_EnvelopedData_create() Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/11529) ----------------------------------------------------------------------- Summary of changes: doc/man3/CMS_EnvelopedData_create.pod | 52 +++++++++++++++++++++++++++++++++++ util/missingcrypto.txt | 1 - 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 doc/man3/CMS_EnvelopedData_create.pod diff --git a/doc/man3/CMS_EnvelopedData_create.pod b/doc/man3/CMS_EnvelopedData_create.pod new file mode 100644 index 0000000000..625daa8029 --- /dev/null +++ b/doc/man3/CMS_EnvelopedData_create.pod @@ -0,0 +1,52 @@ +=pod + +=head1 NAME + +CMS_EnvelopedData_create - Create CMS envelope + +=head1 SYNOPSIS + + #include + + CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); + +=head1 DESCRIPTION + +CMS_EnvelopedData_create() creates a B structure with +a type B. B is the symmetric cipher to use. + +The algorithm passed in the B parameter must support ASN1 encoding of +its parameters. + +The recipients can be added later using L or +L. + +The B structure needs to be finalized using L +and then freed using L. + +=head1 NOTES + +Although CMS_EnvelopedData_create() allocates a new B +structure it is usually not used in applications. The wrappers +L and L are often used instead. + +=head1 RETURN VALUES + +If the allocation fails, CMS_EnvelopedData_create() returns NULL and sets +an error code that can be obtained by L. +Otherwise it returns a pointer to the newly allocated structure. + +=head1 SEE ALSO + +L, L, L, L + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index a84428d733..0f53ea5e55 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -314,7 +314,6 @@ CMS_ContentInfo_it(3) CMS_EncryptedData_decrypt(3) CMS_EncryptedData_encrypt(3) CMS_EncryptedData_set1_key(3) -CMS_EnvelopedData_create(3) CMS_ReceiptRequest_it(3) CMS_RecipientEncryptedKey_cert_cmp(3) CMS_RecipientEncryptedKey_get0_id(3) From openssl at openssl.org Thu May 7 10:37:47 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 07 May 2020 10:37:47 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1588847867.682505.1997.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 6763f9c7e6 Use fips=yes consistently in documentation 278260bfa2 Strengthen X509_STORE_CTX_print_verify_cb() to print expected host etc. e307e616f2 Improve SSL_shutdown documentation. 3327c8d6f3 Fix aix compile error in cmp_ctx_test.c 95cf64404c Fix incorrect default keysize for CAST ofb and cfb modes. b756626a37 Allow OSSL_PARAM_get_octet_string() to pass a NULL buffer 86dc26baf6 Add some tests for the newly added raw private/public key functions 2b1bc78acc Document the new raw private/public key functions 262ff12347 Implement key match functionality for ECX keys 48b4b10449 Fix the KEYNID2TYPE macro d4fe478df0 Don't export ECX key data twice c19d897850 Ensure EVP_PKEY_get_raw_[private|public]_key work with provider keys f3336f4050 Add the library ctx into an ECX_KEY 969024b458 Add the ability to ECX to import keys with only the private key a6f8a834ba Ensure OSSL_PARAM_BLD_free() can accept a NULL 1c4f340dd3 Make EVP_new_raw_[private|public]_key provider aware 7421f08500 rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes. 0c27ce7322 rand_unix.c: Only enable hack for old FreeBSD versions on FreeBSD e2e4b784e6 rand_unix.c: Include correct headers for sysctl() on NetBSD e4ec769eb9 CIFuzz turning dry_run off 12cbb8e049 WPACKET: don't write DER length when we don't want to Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1984, 650 wallclock secs ( 7.95 usr 1.32 sys + 612.30 cusr 44.34 csys = 665.91 CPU) Result: FAIL Makefile:3038: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3036: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu May 7 12:12:39 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 07 May 2020 12:12:39 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1588853559.564133.20126.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 6763f9c7e6 Use fips=yes consistently in documentation 278260bfa2 Strengthen X509_STORE_CTX_print_verify_cb() to print expected host etc. e307e616f2 Improve SSL_shutdown documentation. 3327c8d6f3 Fix aix compile error in cmp_ctx_test.c 95cf64404c Fix incorrect default keysize for CAST ofb and cfb modes. b756626a37 Allow OSSL_PARAM_get_octet_string() to pass a NULL buffer 86dc26baf6 Add some tests for the newly added raw private/public key functions 2b1bc78acc Document the new raw private/public key functions 262ff12347 Implement key match functionality for ECX keys 48b4b10449 Fix the KEYNID2TYPE macro d4fe478df0 Don't export ECX key data twice c19d897850 Ensure EVP_PKEY_get_raw_[private|public]_key work with provider keys f3336f4050 Add the library ctx into an ECX_KEY 969024b458 Add the ability to ECX to import keys with only the private key a6f8a834ba Ensure OSSL_PARAM_BLD_free() can accept a NULL 1c4f340dd3 Make EVP_new_raw_[private|public]_key provider aware 7421f08500 rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes. 0c27ce7322 rand_unix.c: Only enable hack for old FreeBSD versions on FreeBSD e2e4b784e6 rand_unix.c: Include correct headers for sysctl() on NetBSD e4ec769eb9 CIFuzz turning dry_run off 12cbb8e049 WPACKET: don't write DER length when we don't want to Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslprovider.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=197, Tests=1901, 557 wallclock secs ( 6.58 usr 1.72 sys + 524.73 cusr 40.79 csys = 573.82 CPU) Result: FAIL Makefile:3042: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:3040: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu May 7 12:53:04 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 07 May 2020 12:53:04 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1588855984.662294.28301.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 6763f9c7e6 Use fips=yes consistently in documentation 278260bfa2 Strengthen X509_STORE_CTX_print_verify_cb() to print expected host etc. e307e616f2 Improve SSL_shutdown documentation. 3327c8d6f3 Fix aix compile error in cmp_ctx_test.c 95cf64404c Fix incorrect default keysize for CAST ofb and cfb modes. b756626a37 Allow OSSL_PARAM_get_octet_string() to pass a NULL buffer 86dc26baf6 Add some tests for the newly added raw private/public key functions 2b1bc78acc Document the new raw private/public key functions 262ff12347 Implement key match functionality for ECX keys 48b4b10449 Fix the KEYNID2TYPE macro d4fe478df0 Don't export ECX key data twice c19d897850 Ensure EVP_PKEY_get_raw_[private|public]_key work with provider keys f3336f4050 Add the library ctx into an ECX_KEY 969024b458 Add the ability to ECX to import keys with only the private key a6f8a834ba Ensure OSSL_PARAM_BLD_free() can accept a NULL 1c4f340dd3 Make EVP_new_raw_[private|public]_key provider aware 7421f08500 rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes. 0c27ce7322 rand_unix.c: Only enable hack for old FreeBSD versions on FreeBSD e2e4b784e6 rand_unix.c: Include correct headers for sysctl() on NetBSD e4ec769eb9 CIFuzz turning dry_run off 12cbb8e049 WPACKET: don't write DER length when we don't want to Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1986, 658 wallclock secs ( 7.87 usr 1.61 sys + 621.16 cusr 43.53 csys = 674.17 CPU) Result: FAIL Makefile:3035: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3033: recipe for target 'tests' failed make: *** [tests] Error 2 From beldmit at gmail.com Thu May 7 13:15:26 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Thu, 07 May 2020 13:15:26 +0000 Subject: [openssl] master update Message-ID: <1588857326.779973.16806.nullmailer@dev.openssl.org> The branch master has been updated via 90fc2c26df23811be080093772b2161850385863 (commit) from 2b5e12f5096e1fba7dd91a682f4c34759469c34b (commit) - Log ----------------------------------------------------------------- commit 90fc2c26df23811be080093772b2161850385863 Author: Nikolay Morozov Date: Sat May 2 12:22:43 2020 +0300 SSL_OP_DISABLE_TLSEXT_CA_NAMES option implementation Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/11709) ----------------------------------------------------------------------- Summary of changes: apps/s_server.c | 12 +++++++++++- doc/man1/openssl-s_server.pod.in | 7 +++++++ doc/man3/SSL_CONF_cmd.pod | 4 ++++ doc/man3/SSL_CTX_set_options.pod | 8 +++++++- include/openssl/ssl.h | 3 ++- ssl/ssl_conf.c | 5 +++-- ssl/statem/statem_lib.c | 2 +- test/sslapitest.c | 34 +++++++++++++++++++++++++++------- 8 files changed, 62 insertions(+), 13 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 4904a21b7a..7ac4221860 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -761,7 +761,7 @@ typedef enum OPTION_choice { OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG, - OPT_HTTP_SERVER_BINMODE, + OPT_HTTP_SERVER_BINMODE, OPT_NOCANAMES, OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, @@ -952,6 +952,8 @@ const OPTIONS s_server_options[] = { {"anti_replay", OPT_ANTI_REPLAY, '-', "Switch on anti-replay protection (default)"}, {"no_anti_replay", OPT_NO_ANTI_REPLAY, '-', "Switch off anti-replay protection"}, {"http_server_binmode", OPT_HTTP_SERVER_BINMODE, '-', "opening files in binary mode when acting as http server (-WWW and -HTTP)"}, + {"no_ca_names", OPT_NOCANAMES, '-', + "Disable TLS Extension CA Names"}, {"stateless", OPT_STATELESS, '-', "Require TLSv1.3 cookies"}, #ifndef OPENSSL_NO_SSL3 {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"}, @@ -1089,6 +1091,7 @@ int s_server_main(int argc, char *argv[]) const char *keylog_file = NULL; int max_early_data = -1, recv_max_early_data = -1; char *psksessf = NULL; + int no_ca_names = 0; #ifndef OPENSSL_NO_SCTP int sctp_label_bug = 0; #endif @@ -1655,6 +1658,9 @@ int s_server_main(int argc, char *argv[]) case OPT_HTTP_SERVER_BINMODE: http_server_binmode = 1; break; + case OPT_NOCANAMES: + no_ca_names = 1; + break; case OPT_SENDFILE: #ifndef OPENSSL_NO_KTLS use_sendfile = 1; @@ -1900,6 +1906,10 @@ int s_server_main(int argc, char *argv[]) SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC); } + if (no_ca_names) { + SSL_CTX_set_options(ctx, SSL_OP_DISABLE_TLSEXT_CA_NAMES); + } + if (max_send_fragment > 0 && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) { BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n", diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index fb8df53906..c9f4bfc11b 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -46,6 +46,7 @@ B B [B<-www>] [B<-WWW>] [B<-http_server_binmode>] +[B<-no_ca_names>] [B<-servername>] [B<-servername_fatal>] [B<-tlsextdebug>] @@ -411,6 +412,12 @@ Neither of these options can be used in conjunction with B<-early_data>. When acting as web-server (using option B<-WWW> or B<-HTTP>) open files requested by the client in binary mode. +=item B<-no_ca_names> + +Disable TLS Extension CA Names. You may want to disable it for security reasons +or for compatibility with some Windows TLS implementations crashing when this +extension is larger than 1024 bytes. + =item B<-id_prefix> I Generate SSL/TLS session IDs prefixed by I. This is mostly useful diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 73c50da8f4..b060449390 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -507,6 +507,10 @@ B: use extended master secret extension, enabled by default. Inverse of B: that is, B<-ExtendedMasterSecret> is the same as setting B. +B: use CA names extension, enabled by +default. Inverse of B: that is, +B<-CANames> is the same as setting B. + =item B The B argument is a comma separated list of flags to set. diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index dd89125db4..39cb2ec30e 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -67,6 +67,12 @@ The following B options are available: Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. +=item SSL_OP_DISABLE_TLSEXT_CA_NAMES + +Disable TLS Extension CA Names. You may want to disable it for security reasons +or for compatibility with some Windows TLS implementations crashing when this +extension is larger than 1024 bytes. + =item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol @@ -378,7 +384,7 @@ The B option was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index f293b035e3..74d4e305e1 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -331,9 +331,10 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); /* * Reserved value (until OpenSSL 3.0.0) 0x00000080U * Reserved value (until OpenSSL 3.0.0) 0x00000100U - * Reserved value (until OpenSSL 3.0.0) 0x00000200U */ +# define SSL_OP_DISABLE_TLSEXT_CA_NAMES 0x00000200U + /* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ # define SSL_OP_ALLOW_NO_DHE_KEX 0x00000400U diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 9408acc89e..aefe8ad203 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -383,7 +383,8 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA), SSL_FLAG_TBL("MiddleboxCompat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT), SSL_FLAG_TBL_INV("AntiReplay", SSL_OP_NO_ANTI_REPLAY), - SSL_FLAG_TBL_INV("ExtendedMasterSecret", SSL_OP_NO_EXTENDED_MASTER_SECRET) + SSL_FLAG_TBL_INV("ExtendedMasterSecret", SSL_OP_NO_EXTENDED_MASTER_SECRET), + SSL_FLAG_TBL_INV("CANames", SSL_OP_DISABLE_TLSEXT_CA_NAMES) }; if (value == NULL) return -3; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 262fe355f3..36cdc1be58 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -2342,7 +2342,7 @@ int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt) return 0; } - if (ca_sk != NULL) { + if ((ca_sk != NULL) && !(s->options & SSL_OP_DISABLE_TLSEXT_CA_NAMES)) { int i; for (i = 0; i < sk_X509_NAME_num(ca_sk); i++) { diff --git a/test/sslapitest.c b/test/sslapitest.c index 6889607662..ea86b13f80 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1481,7 +1481,7 @@ static SSL_SESSION *get_session_cb(SSL *ssl, const unsigned char *id, int len, } static int execute_test_session(int maxprot, int use_int_cache, - int use_ext_cache) + int use_ext_cache, long s_options) { SSL_CTX *sctx = NULL, *cctx = NULL; SSL *serverssl1 = NULL, *clientssl1 = NULL; @@ -1524,6 +1524,10 @@ static int execute_test_session(int maxprot, int use_int_cache, | SSL_SESS_CACHE_NO_INTERNAL_STORE); } + if (s_options) { + SSL_CTX_set_options(sctx, s_options); + } + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL, NULL)) || !TEST_true(create_ssl_connection(serverssl1, clientssl1, @@ -1768,12 +1772,12 @@ static int execute_test_session(int maxprot, int use_int_cache, static int test_session_with_only_int_cache(void) { #ifndef OPENSSL_NO_TLS1_3 - if (!execute_test_session(TLS1_3_VERSION, 1, 0)) + if (!execute_test_session(TLS1_3_VERSION, 1, 0, 0)) return 0; #endif #ifndef OPENSSL_NO_TLS1_2 - return execute_test_session(TLS1_2_VERSION, 1, 0); + return execute_test_session(TLS1_2_VERSION, 1, 0, 0); #else return 1; #endif @@ -1782,12 +1786,12 @@ static int test_session_with_only_int_cache(void) static int test_session_with_only_ext_cache(void) { #ifndef OPENSSL_NO_TLS1_3 - if (!execute_test_session(TLS1_3_VERSION, 0, 1)) + if (!execute_test_session(TLS1_3_VERSION, 0, 1, 0)) return 0; #endif #ifndef OPENSSL_NO_TLS1_2 - return execute_test_session(TLS1_2_VERSION, 0, 1); + return execute_test_session(TLS1_2_VERSION, 0, 1, 0); #else return 1; #endif @@ -1796,17 +1800,32 @@ static int test_session_with_only_ext_cache(void) static int test_session_with_both_cache(void) { #ifndef OPENSSL_NO_TLS1_3 - if (!execute_test_session(TLS1_3_VERSION, 1, 1)) + if (!execute_test_session(TLS1_3_VERSION, 1, 1, 0)) + return 0; +#endif + +#ifndef OPENSSL_NO_TLS1_2 + return execute_test_session(TLS1_2_VERSION, 1, 1, 0); +#else + return 1; +#endif +} + +static int test_session_wo_ca_names(void) +{ +#ifndef OPENSSL_NO_TLS1_3 + if (!execute_test_session(TLS1_3_VERSION, 1, 0, SSL_OP_DISABLE_TLSEXT_CA_NAMES)) return 0; #endif #ifndef OPENSSL_NO_TLS1_2 - return execute_test_session(TLS1_2_VERSION, 1, 1); + return execute_test_session(TLS1_2_VERSION, 1, 0, SSL_OP_DISABLE_TLSEXT_CA_NAMES); #else return 1; #endif } + #ifndef OPENSSL_NO_TLS1_3 static SSL_SESSION *sesscache[6]; static int do_cache; @@ -7585,6 +7604,7 @@ int setup_tests(void) ADD_TEST(test_session_with_only_int_cache); ADD_TEST(test_session_with_only_ext_cache); ADD_TEST(test_session_with_both_cache); + ADD_TEST(test_session_wo_ca_names); #ifndef OPENSSL_NO_TLS1_3 ADD_ALL_TESTS(test_stateful_tickets, 3); ADD_ALL_TESTS(test_stateless_tickets, 3); From openssl at openssl.org Thu May 7 14:12:02 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 07 May 2020 14:12:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1588860722.757070.12233.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 6763f9c7e6 Use fips=yes consistently in documentation 278260bfa2 Strengthen X509_STORE_CTX_print_verify_cb() to print expected host etc. e307e616f2 Improve SSL_shutdown documentation. 3327c8d6f3 Fix aix compile error in cmp_ctx_test.c 95cf64404c Fix incorrect default keysize for CAST ofb and cfb modes. b756626a37 Allow OSSL_PARAM_get_octet_string() to pass a NULL buffer 86dc26baf6 Add some tests for the newly added raw private/public key functions 2b1bc78acc Document the new raw private/public key functions 262ff12347 Implement key match functionality for ECX keys 48b4b10449 Fix the KEYNID2TYPE macro d4fe478df0 Don't export ECX key data twice c19d897850 Ensure EVP_PKEY_get_raw_[private|public]_key work with provider keys f3336f4050 Add the library ctx into an ECX_KEY 969024b458 Add the ability to ECX to import keys with only the private key a6f8a834ba Ensure OSSL_PARAM_BLD_free() can accept a NULL 1c4f340dd3 Make EVP_new_raw_[private|public]_key provider aware 7421f08500 rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes. 0c27ce7322 rand_unix.c: Only enable hack for old FreeBSD versions on FreeBSD e2e4b784e6 rand_unix.c: Include correct headers for sysctl() on NetBSD e4ec769eb9 CIFuzz turning dry_run off 12cbb8e049 WPACKET: don't write DER length when we don't want to Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslprovider.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=197, Tests=1901, 573 wallclock secs ( 6.63 usr 1.66 sys + 541.86 cusr 39.72 csys = 589.87 CPU) Result: FAIL Makefile:3046: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:3044: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.org Thu May 7 14:01:17 2020 From: builds at travis-ci.org (Travis CI) Date: Thu, 07 May 2020 14:01:17 +0000 Subject: Broken: openssl/openssl#34449 (master - 90fc2c2) In-Reply-To: Message-ID: <5eb414abd5bd_13fc928bc5940191064@travis-tasks-86d57954fc-4ndgl.mail> Build Update for openssl/openssl ------------------------------------- Build: #34449 Status: Broken Duration: 18 mins and 37 secs Commit: 90fc2c2 (master) Author: Nikolay Morozov Message: SSL_OP_DISABLE_TLSEXT_CA_NAMES option implementation Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/11709) View the changeset: https://github.com/openssl/openssl/compare/2b5e12f5096e...90fc2c26df23 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/684257692?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu May 7 14:51:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 07 May 2020 14:51:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1588863115.898638.20349.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 6763f9c7e6 Use fips=yes consistently in documentation 278260bfa2 Strengthen X509_STORE_CTX_print_verify_cb() to print expected host etc. e307e616f2 Improve SSL_shutdown documentation. 3327c8d6f3 Fix aix compile error in cmp_ctx_test.c 95cf64404c Fix incorrect default keysize for CAST ofb and cfb modes. b756626a37 Allow OSSL_PARAM_get_octet_string() to pass a NULL buffer 86dc26baf6 Add some tests for the newly added raw private/public key functions 2b1bc78acc Document the new raw private/public key functions 262ff12347 Implement key match functionality for ECX keys 48b4b10449 Fix the KEYNID2TYPE macro d4fe478df0 Don't export ECX key data twice c19d897850 Ensure EVP_PKEY_get_raw_[private|public]_key work with provider keys f3336f4050 Add the library ctx into an ECX_KEY 969024b458 Add the ability to ECX to import keys with only the private key a6f8a834ba Ensure OSSL_PARAM_BLD_free() can accept a NULL 1c4f340dd3 Make EVP_new_raw_[private|public]_key provider aware 7421f08500 rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes. 0c27ce7322 rand_unix.c: Only enable hack for old FreeBSD versions on FreeBSD e2e4b784e6 rand_unix.c: Include correct headers for sysctl() on NetBSD e4ec769eb9 CIFuzz turning dry_run off 12cbb8e049 WPACKET: don't write DER length when we don't want to Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1986, 653 wallclock secs ( 8.43 usr 2.01 sys + 612.64 cusr 44.63 csys = 667.71 CPU) Result: FAIL Makefile:3049: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3047: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Thu May 7 15:20:25 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 07 May 2020 15:20:25 +0000 Subject: Build failed: openssl master.33884 Message-ID: <20200507152025.1.CD875067ED39EA27@appveyor.com> An HTML attachment was scrubbed... URL: From matthias.st.pierre at ncp-e.com Thu May 7 17:19:26 2020 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Thu, 07 May 2020 17:19:26 +0000 Subject: [openssl] master update Message-ID: <1588871966.887359.17100.nullmailer@dev.openssl.org> The branch master has been updated via 73d6b4efe6835a6c97ce61df6bf339b0903e5b7a (commit) from 90fc2c26df23811be080093772b2161850385863 (commit) - Log ----------------------------------------------------------------- commit 73d6b4efe6835a6c97ce61df6bf339b0903e5b7a Author: Dr. Matthias St. Pierre Date: Wed May 6 17:24:13 2020 +0200 Fix use-after-free in BIO_C_SET_SSL callback Since the BIO_SSL structure was renewed by `ssl_free(b)/ssl_new(b)`, the `bs` pointer needs to be updated before assigning to `bs->ssl`. Thanks to @suishixingkong for reporting the issue and providing a fix. Closes #10539 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11746) ----------------------------------------------------------------------- Summary of changes: ssl/bio_ssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index b44ec3e5e1..ca364fd14f 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -284,6 +284,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) ssl_free(b); if (!ssl_new(b)) return 0; + bs = BIO_get_data(b); } BIO_set_shutdown(b, num); ssl = (SSL *)ptr; From matthias.st.pierre at ncp-e.com Thu May 7 17:22:02 2020 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Thu, 07 May 2020 17:22:02 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1588872122.344372.19338.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via d07e8b0ae66e96cda9c803de36e977fb7dfe941a (commit) from 184b0f14173fd69120767d86227d1db3a4e60ec0 (commit) - Log ----------------------------------------------------------------- commit d07e8b0ae66e96cda9c803de36e977fb7dfe941a Author: Dr. Matthias St. Pierre Date: Wed May 6 17:24:13 2020 +0200 Fix use-after-free in BIO_C_SET_SSL callback Since the BIO_SSL structure was renewed by `ssl_free(b)/ssl_new(b)`, the `bs` pointer needs to be updated before assigning to `bs->ssl`. Thanks to @suishixingkong for reporting the issue and providing a fix. Closes #10539 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11746) (cherry picked from commit 73d6b4efe6835a6c97ce61df6bf339b0903e5b7a) ----------------------------------------------------------------------- Summary of changes: ssl/bio_ssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index ab9e6668cd..efa23bf1b1 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -284,6 +284,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) ssl_free(b); if (!ssl_new(b)) return 0; + bs = BIO_get_data(b); } BIO_set_shutdown(b, num); ssl = (SSL *)ptr; From no-reply at appveyor.com Thu May 7 17:43:28 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 07 May 2020 17:43:28 +0000 Subject: Build failed: openssl master.33888 Message-ID: <20200507174328.1.41BCB8331FCD936E@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu May 7 18:03:55 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 07 May 2020 18:03:55 +0000 Subject: Build failed: openssl master.33889 Message-ID: <20200507180355.1.2741DFC345FA5969@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu May 7 18:08:03 2020 From: builds at travis-ci.org (Travis CI) Date: Thu, 07 May 2020 18:08:03 +0000 Subject: Fixed: openssl/openssl#34453 (master - 73d6b4e) In-Reply-To: Message-ID: <5eb44e834bc7a_13fe3babd89bc1029f1@travis-tasks-76ddbb56dd-m9wvw.mail> Build Update for openssl/openssl ------------------------------------- Build: #34453 Status: Fixed Duration: 48 mins and 13 secs Commit: 73d6b4e (master) Author: Dr. Matthias St. Pierre Message: Fix use-after-free in BIO_C_SET_SSL callback Since the BIO_SSL structure was renewed by `ssl_free(b)/ssl_new(b)`, the `bs` pointer needs to be updated before assigning to `bs->ssl`. Thanks to @suishixingkong for reporting the issue and providing a fix. Closes #10539 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11746) View the changeset: https://github.com/openssl/openssl/compare/90fc2c26df23...73d6b4efe683 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/684366838?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu May 7 19:10:23 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 07 May 2020 19:10:23 +0000 Subject: Build completed: openssl master.33890 Message-ID: <20200507191023.1.3FD1A68276891BA9@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri May 8 02:39:56 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 08 May 2020 02:39:56 +0000 Subject: Build failed: openssl master.33904 Message-ID: <20200508023956.1.3779840EAC15C904@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri May 8 03:33:39 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 08 May 2020 03:33:39 +0000 Subject: Build completed: openssl master.33905 Message-ID: <20200508033339.1.C3626C4A5603DD0F@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri May 8 04:41:33 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 08 May 2020 04:41:33 +0000 Subject: Build failed: openssl master.33906 Message-ID: <20200508044133.1.1DEAEC9A444B49A7@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri May 8 06:12:44 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 08 May 2020 06:12:44 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1588918364.847377.24453.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 73d6b4efe6 Fix use-after-free in BIO_C_SET_SSL callback 90fc2c26df SSL_OP_DISABLE_TLSEXT_CA_NAMES option implementation 2b5e12f509 Add documentation for CMS_EnvelopedData_create() 31b069ecea Remove legacy FIPS_mode functions 45c236ad1f Add RSA SHA512 truncated digest support 3bf26eb335 Add OIDS for md4 and ripemd160 to der_rsa 5e77b79a8c Remove gen_get_params & gen_gettable_params from keygen operation 9f2058611f Remove cipher table lookup from EVP_CipherInit_ex 4975e8b4d2 Configure: avoid perl regexp bugs edbb56ee4f s_server normal shutdown a96e6c347b Extend test_ssl_get_shared_ciphers 4264ecd4ce Don't offer or accept ciphersuites that we can't support 15dd075f70 Fix a memory leak in CONF .include handling 6ed34b3eff Centralise Environment Variables for the tests 500a761517 The synthesized OPENSSL_VERSION_NUMBER must be long 35774d5594 Fix up whitespace nits introduced by PR #11416 Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1984, 668 wallclock secs ( 8.86 usr 1.66 sys + 624.35 cusr 44.11 csys = 678.98 CPU) Result: FAIL Makefile:3039: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3037: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Fri May 8 06:15:16 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 08 May 2020 06:15:16 +0000 Subject: Build completed: openssl master.33907 Message-ID: <20200508061516.1.4B92B039EFB0186D@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri May 8 08:24:15 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 08 May 2020 08:24:15 +0000 Subject: Build failed: openssl master.33909 Message-ID: <20200508082415.1.CA32DCDF5564F439@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri May 8 09:26:03 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 08 May 2020 09:26:03 +0000 Subject: Build failed: openssl master.33910 Message-ID: <20200508092603.1.9ADBC060B001C75E@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri May 8 10:52:10 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 08 May 2020 10:52:10 +0000 Subject: Build completed: openssl master.33911 Message-ID: <20200508105210.1.677D6BEFC7EB3E0E@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri May 8 11:47:11 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 08 May 2020 11:47:11 +0000 Subject: Build failed: openssl master.33912 Message-ID: <20200508114711.1.62A93A65A6BE8E3D@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri May 8 12:44:36 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 08 May 2020 12:44:36 +0000 Subject: Build completed: openssl master.33913 Message-ID: <20200508124436.1.7E941EFE79ECCA62@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Fri May 8 13:16:00 2020 From: levitte at openssl.org (Richard Levitte) Date: Fri, 08 May 2020 13:16:00 +0000 Subject: [openssl] master update Message-ID: <1588943760.485587.13292.nullmailer@dev.openssl.org> The branch master has been updated via c7fa92979c5964966efa298bf2a40ff451ee7482 (commit) from 73d6b4efe6835a6c97ce61df6bf339b0903e5b7a (commit) - Log ----------------------------------------------------------------- commit c7fa92979c5964966efa298bf2a40ff451ee7482 Author: Richard Levitte Date: Wed May 6 20:48:25 2020 +0200 EVP: when setting the operation to EVP_PKEY_OP_UNDEFINED, clean up! There were a few instances where we set the EVP_PKEY_CTX operation to EVP_PKEY_OP_UNDEFINED, but forgot to clean up first. After the operation is made undefined, there's no way to know what should be cleaned away, so that must be done first, in all spots. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11750) ----------------------------------------------------------------------- Summary of changes: crypto/evp/exchange.c | 1 + crypto/evp/pmeth_fn.c | 9 ++++----- crypto/evp/pmeth_gn.c | 4 +++- crypto/evp/signature.c | 1 + 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 6423fd9eff..26d7e1ce95 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -264,6 +264,7 @@ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) return ret ? 1 : 0; err: + evp_pkey_ctx_free_old_ops(ctx); ctx->operation = EVP_PKEY_OP_UNDEFINED; return 0; diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c index 4d8d3e91b1..8bc59c40b9 100644 --- a/crypto/evp/pmeth_fn.c +++ b/crypto/evp/pmeth_fn.c @@ -126,11 +126,8 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation) goto err; } - if (ret <= 0) { - cipher->freectx(ctx->op.ciph.ciphprovctx); - ctx->op.ciph.ciphprovctx = NULL; + if (ret <= 0) goto err; - } return 1; legacy: @@ -162,8 +159,10 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation) } err: - if (ret <= 0) + if (ret <= 0) { + evp_pkey_ctx_free_old_ops(ctx); ctx->operation = EVP_PKEY_OP_UNDEFINED; + } return ret; } diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index a775d2bee7..fb861d2487 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -93,8 +93,10 @@ static int gen_init(EVP_PKEY_CTX *ctx, int operation) #endif end: - if (ret <= 0 && ctx != NULL) + if (ret <= 0 && ctx != NULL) { + evp_pkey_ctx_free_old_ops(ctx); ctx->operation = EVP_PKEY_OP_UNDEFINED; + } return ret; not_supported: diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c index d845ac12db..b7a7f79606 100644 --- a/crypto/evp/signature.c +++ b/crypto/evp/signature.c @@ -503,6 +503,7 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation) return ret; err: + evp_pkey_ctx_free_old_ops(ctx); ctx->operation = EVP_PKEY_OP_UNDEFINED; return ret; } From bernd.edlinger at hotmail.de Fri May 8 13:38:19 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Fri, 08 May 2020 13:38:19 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1588945099.222018.26972.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 6b057f75074a9061147d7e64fc77db85e310db47 (commit) from d07e8b0ae66e96cda9c803de36e977fb7dfe941a (commit) - Log ----------------------------------------------------------------- commit 6b057f75074a9061147d7e64fc77db85e310db47 Author: Bernd Edlinger Date: Fri Apr 24 01:28:07 2020 +0200 Remove AES bitsliced S-box implementation from Boyar and Peralta [extended tests] Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11626) ----------------------------------------------------------------------- Summary of changes: crypto/aes/aes_core.c | 351 -------------------------------------------------- crypto/evp/e_aes.c | 5 - 2 files changed, 356 deletions(-) diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index 687dd5829b..ad00c729e7 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -673,357 +673,6 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, InvCipher(in, out, rk, key->rounds); } - -# ifndef OPENSSL_SMALL_FOOTPRINT -void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - const unsigned char *ivec); - -static void RawToBits(const u8 raw[64], u64 bits[8]) -{ - int i, j; - u64 in, out; - - memset(bits, 0, 64); - for (i = 0; i < 8; i++) { - in = 0; - for (j = 0; j < 8; j++) - in |= ((u64)raw[i * 8 + j]) << (8 * j); - out = in & 0xF0F0F0F00F0F0F0FuLL; - out |= (in & 0x0F0F0F0F00000000uLL) >> 28; - out |= (in & 0x00000000F0F0F0F0uLL) << 28; - in = out & 0xCCCC3333CCCC3333uLL; - in |= (out & 0x3333000033330000uLL) >> 14; - in |= (out & 0x0000CCCC0000CCCCuLL) << 14; - out = in & 0xAA55AA55AA55AA55uLL; - out |= (in & 0x5500550055005500uLL) >> 7; - out |= (in & 0x00AA00AA00AA00AAuLL) << 7; - for (j = 0; j < 8; j++) { - bits[j] |= (out & 0xFFuLL) << (8 * i); - out = out >> 8; - } - } -} - -static void BitsToRaw(const u64 bits[8], u8 raw[64]) -{ - int i, j; - u64 in, out; - - for (i = 0; i < 8; i++) { - in = 0; - for (j = 0; j < 8; j++) - in |= ((bits[j] >> (8 * i)) & 0xFFuLL) << (8 * j); - out = in & 0xF0F0F0F00F0F0F0FuLL; - out |= (in & 0x0F0F0F0F00000000uLL) >> 28; - out |= (in & 0x00000000F0F0F0F0uLL) << 28; - in = out & 0xCCCC3333CCCC3333uLL; - in |= (out & 0x3333000033330000uLL) >> 14; - in |= (out & 0x0000CCCC0000CCCCuLL) << 14; - out = in & 0xAA55AA55AA55AA55uLL; - out |= (in & 0x5500550055005500uLL) >> 7; - out |= (in & 0x00AA00AA00AA00AAuLL) << 7; - for (j = 0; j < 8; j++) { - raw[i * 8 + j] = (u8)out; - out = out >> 8; - } - } -} - -static void BitsXtime(u64 state[8]) -{ - u64 b; - - b = state[7]; - state[7] = state[6]; - state[6] = state[5]; - state[5] = state[4]; - state[4] = state[3] ^ b; - state[3] = state[2] ^ b; - state[2] = state[1]; - state[1] = state[0] ^ b; - state[0] = b; -} - -/* - * This S-box implementation follows a circuit described in - * Boyar and Peralta: "A new combinational logic minimization - * technique with applications to cryptology." - * https://eprint.iacr.org/2009/191.pdf - * - * The math is similar to above, in that it uses - * a tower field of GF(2^2^2^2) but with a different - * basis representation, that is better suited to - * logic designs. - */ -static void BitsSub(u64 state[8]) -{ - u64 x0, x1, x2, x3, x4, x5, x6, x7; - u64 y1, y2, y3, y4, y5, y6, y7, y8, y9, y10, y11; - u64 y12, y13, y14, y15, y16, y17, y18, y19, y20, y21; - u64 t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11; - u64 t12, t13, t14, t15, t16, t17, t18, t19, t20, t21; - u64 t22, t23, t24, t25, t26, t27, t28, t29, t30, t31; - u64 t32, t33, t34, t35, t36, t37, t38, t39, t40, t41; - u64 t42, t43, t44, t45, t46, t47, t48, t49, t50, t51; - u64 t52, t53, t54, t55, t56, t57, t58, t59, t60, t61; - u64 t62, t63, t64, t65, t66, t67; - u64 z0, z1, z2, z3, z4, z5, z6, z7, z8, z9, z10, z11; - u64 z12, z13, z14, z15, z16, z17; - u64 s0, s1, s2, s3, s4, s5, s6, s7; - - x7 = state[0]; - x6 = state[1]; - x5 = state[2]; - x4 = state[3]; - x3 = state[4]; - x2 = state[5]; - x1 = state[6]; - x0 = state[7]; - y14 = x3 ^ x5; - y13 = x0 ^ x6; - y9 = x0 ^ x3; - y8 = x0 ^ x5; - t0 = x1 ^ x2; - y1 = t0 ^ x7; - y4 = y1 ^ x3; - y12 = y13 ^ y14; - y2 = y1 ^ x0; - y5 = y1 ^ x6; - y3 = y5 ^ y8; - t1 = x4 ^ y12; - y15 = t1 ^ x5; - y20 = t1 ^ x1; - y6 = y15 ^ x7; - y10 = y15 ^ t0; - y11 = y20 ^ y9; - y7 = x7 ^ y11; - y17 = y10 ^ y11; - y19 = y10 ^ y8; - y16 = t0 ^ y11; - y21 = y13 ^ y16; - y18 = x0 ^ y16; - t2 = y12 & y15; - t3 = y3 & y6; - t4 = t3 ^ t2; - t5 = y4 & x7; - t6 = t5 ^ t2; - t7 = y13 & y16; - t8 = y5 & y1; - t9 = t8 ^ t7; - t10 = y2 & y7; - t11 = t10 ^ t7; - t12 = y9 & y11; - t13 = y14 & y17; - t14 = t13 ^ t12; - t15 = y8 & y10; - t16 = t15 ^ t12; - t17 = t4 ^ t14; - t18 = t6 ^ t16; - t19 = t9 ^ t14; - t20 = t11 ^ t16; - t21 = t17 ^ y20; - t22 = t18 ^ y19; - t23 = t19 ^ y21; - t24 = t20 ^ y18; - t25 = t21 ^ t22; - t26 = t21 & t23; - t27 = t24 ^ t26; - t28 = t25 & t27; - t29 = t28 ^ t22; - t30 = t23 ^ t24; - t31 = t22 ^ t26; - t32 = t31 & t30; - t33 = t32 ^ t24; - t34 = t23 ^ t33; - t35 = t27 ^ t33; - t36 = t24 & t35; - t37 = t36 ^ t34; - t38 = t27 ^ t36; - t39 = t29 & t38; - t40 = t25 ^ t39; - t41 = t40 ^ t37; - t42 = t29 ^ t33; - t43 = t29 ^ t40; - t44 = t33 ^ t37; - t45 = t42 ^ t41; - z0 = t44 & y15; - z1 = t37 & y6; - z2 = t33 & x7; - z3 = t43 & y16; - z4 = t40 & y1; - z5 = t29 & y7; - z6 = t42 & y11; - z7 = t45 & y17; - z8 = t41 & y10; - z9 = t44 & y12; - z10 = t37 & y3; - z11 = t33 & y4; - z12 = t43 & y13; - z13 = t40 & y5; - z14 = t29 & y2; - z15 = t42 & y9; - z16 = t45 & y14; - z17 = t41 & y8; - t46 = z15 ^ z16; - t47 = z10 ^ z11; - t48 = z5 ^ z13; - t49 = z9 ^ z10; - t50 = z2 ^ z12; - t51 = z2 ^ z5; - t52 = z7 ^ z8; - t53 = z0 ^ z3; - t54 = z6 ^ z7; - t55 = z16 ^ z17; - t56 = z12 ^ t48; - t57 = t50 ^ t53; - t58 = z4 ^ t46; - t59 = z3 ^ t54; - t60 = t46 ^ t57; - t61 = z14 ^ t57; - t62 = t52 ^ t58; - t63 = t49 ^ t58; - t64 = z4 ^ t59; - t65 = t61 ^ t62; - t66 = z1 ^ t63; - s0 = t59 ^ t63; - s6 = ~(t56 ^ t62); - s7 = ~(t48 ^ t60); - t67 = t64 ^ t65; - s3 = t53 ^ t66; - s4 = t51 ^ t66; - s5 = t47 ^ t65; - s1 = ~(t64 ^ s3); - s2 = ~(t55 ^ t67); - state[0] = s7; - state[1] = s6; - state[2] = s5; - state[3] = s4; - state[4] = s3; - state[5] = s2; - state[6] = s1; - state[7] = s0; -} - -static void BitsShiftRows(u64 state[8]) -{ - u64 s, s0; - int i; - - for (i = 0; i < 8; i++) { - s = state[i]; - s0 = s & 0x1111111111111111uLL; - s0 |= ((s & 0x2220222022202220uLL) >> 4) | ((s & 0x0002000200020002uLL) << 12); - s0 |= ((s & 0x4400440044004400uLL) >> 8) | ((s & 0x0044004400440044uLL) << 8); - s0 |= ((s & 0x8000800080008000uLL) >> 12) | ((s & 0x0888088808880888uLL) << 4); - state[i] = s0; - } -} - -static void BitsMixColumns(u64 state[8]) -{ - u64 s1, s; - u64 s0[8]; - int i; - - for (i = 0; i < 8; i++) { - s1 = state[i]; - s = s1; - s ^= ((s & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((s & 0x3333333333333333uLL) << 2); - s ^= ((s & 0xAAAAAAAAAAAAAAAAuLL) >> 1) | ((s & 0x5555555555555555uLL) << 1); - s ^= s1; - s0[i] = s; - } - BitsXtime(state); - for (i = 0; i < 8; i++) { - s1 = state[i]; - s = s0[i]; - s ^= s1; - s ^= ((s1 & 0xEEEEEEEEEEEEEEEEuLL) >> 1) | ((s1 & 0x1111111111111111uLL) << 3); - state[i] = s; - } -} - -static void BitsAddRoundKey(u64 state[8], const u64 key[8]) -{ - int i; - - for (i = 0; i < 8; i++) - state[i] ^= key[i]; -} - -void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - const unsigned char *ivec) -{ - struct { - u8 cipher[64]; - u64 state[8]; - u64 rd_key[AES_MAXNR + 1][8]; - } *bs; - u32 ctr32; - int i; - - ctr32 = GETU32(ivec + 12); - if (blocks >= 4 - && (bs = OPENSSL_malloc(sizeof(*bs)))) { - for (i = 0; i < key->rounds + 1; i++) { - memcpy(bs->cipher + 0, &key->rd_key[4 * i], 16); - memcpy(bs->cipher + 16, bs->cipher, 16); - memcpy(bs->cipher + 32, bs->cipher, 32); - RawToBits(bs->cipher, bs->rd_key[i]); - } - while (blocks) { - memcpy(bs->cipher, ivec, 12); - PUTU32(bs->cipher + 12, ctr32); - ctr32++; - memcpy(bs->cipher + 16, ivec, 12); - PUTU32(bs->cipher + 28, ctr32); - ctr32++; - memcpy(bs->cipher + 32, ivec, 12); - PUTU32(bs->cipher + 44, ctr32); - ctr32++; - memcpy(bs->cipher + 48, ivec, 12); - PUTU32(bs->cipher + 60, ctr32); - ctr32++; - RawToBits(bs->cipher, bs->state); - BitsAddRoundKey(bs->state, bs->rd_key[0]); - for (i = 1; i < key->rounds; i++) { - BitsSub(bs->state); - BitsShiftRows(bs->state); - BitsMixColumns(bs->state); - BitsAddRoundKey(bs->state, bs->rd_key[i]); - } - BitsSub(bs->state); - BitsShiftRows(bs->state); - BitsAddRoundKey(bs->state, bs->rd_key[key->rounds]); - BitsToRaw(bs->state, bs->cipher); - for (i = 0; i < 64 && blocks; i++) { - out[i] = in[i] ^ bs->cipher[i]; - if ((i & 15) == 15) - blocks--; - } - in += i; - out += i; - } - OPENSSL_clear_free(bs, sizeof(*bs)); - } else { - unsigned char cipher[16]; - - while (blocks) { - memcpy(cipher, ivec, 12); - PUTU32(cipher + 12, ctr32); - AES_encrypt(cipher, cipher, key); - for (i = 0; i < 16; i++) - out[i] = in[i] ^ cipher[i]; - in += 16; - out += 16; - ctr32++; - blocks--; - } - } -} -# endif #elif !defined(AES_ASM) /*- Te0[x] = S [x].[02, 01, 01, 03]; diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index a1b7d50bbf..405ddbf9bf 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -130,11 +130,6 @@ void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); #endif -#if !defined(AES_ASM) && !defined(AES_CTR_ASM) \ - && defined(OPENSSL_AES_CONST_TIME) \ - && !defined(OPENSSL_SMALL_FOOTPRINT) -# define AES_CTR_ASM -#endif #ifdef AES_CTR_ASM void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, size_t blocks, const AES_KEY *key, From builds at travis-ci.org Fri May 8 14:06:01 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 08 May 2020 14:06:01 +0000 Subject: Errored: openssl/openssl#34474 (master - c7fa929) In-Reply-To: Message-ID: <5eb567491412f_13fa759e15934484eb@travis-tasks-5f858fc6d7-dqpzp.mail> Build Update for openssl/openssl ------------------------------------- Build: #34474 Status: Errored Duration: 40 mins and 0 secs Commit: c7fa929 (master) Author: Richard Levitte Message: EVP: when setting the operation to EVP_PKEY_OP_UNDEFINED, clean up! There were a few instances where we set the EVP_PKEY_CTX operation to EVP_PKEY_OP_UNDEFINED, but forgot to clean up first. After the operation is made undefined, there's no way to know what should be cleaned away, so that must be done first, in all spots. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11750) View the changeset: https://github.com/openssl/openssl/compare/73d6b4efe683...c7fa92979c59 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/684668599?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthias.st.pierre at ncp-e.com Fri May 8 14:23:33 2020 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Fri, 08 May 2020 14:23:33 +0000 Subject: [openssl] master update Message-ID: <1588947813.777658.20156.nullmailer@dev.openssl.org> The branch master has been updated via 257e9d03b028402089c9f98f3acb25ba668c09af (commit) via 4ef0ddc9d8ee829bf9dceae73f7a48a55f512739 (commit) from c7fa92979c5964966efa298bf2a40ff451ee7482 (commit) - Log ----------------------------------------------------------------- commit 257e9d03b028402089c9f98f3acb25ba668c09af Author: Rich Salz Date: Thu May 7 13:44:01 2020 +0200 Fix issues reported by markdownlint Reviewed-by: Tomas Mraz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/11739) commit 4ef0ddc9d8ee829bf9dceae73f7a48a55f512739 Author: Rich Salz Date: Thu May 7 13:42:14 2020 +0200 travis: enable markdownlint checks Reviewed-by: Tomas Mraz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/11739) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 8 +- ACKNOWLEDGEMENTS.md | 1 - AUTHORS.md | 58 +- CHANGES.md | 817 +++++++++++------------- CONTRIBUTING.md | 4 +- INSTALL.md | 312 ++++----- NEWS.md | 296 +++++---- README.md | 58 +- SUPPORT.md | 15 +- dev/release-aux/README.md | 42 +- dev/release-aux/fixup-CHANGES.md-postrelease.pl | 4 +- dev/release-aux/fixup-NEWS.md-postrelease.pl | 4 +- fuzz/README.md | 20 +- test/README.ssltest.md | 97 ++- util/markdownlint.rb | 21 + 15 files changed, 834 insertions(+), 923 deletions(-) create mode 100644 util/markdownlint.rb diff --git a/.travis.yml b/.travis.yml index 4c49c3449f..2bc040fe28 100644 --- a/.travis.yml +++ b/.travis.yml @@ -135,7 +135,7 @@ jobs: script: true - os: linux compiler: gcc - env: CONFIGURE_TARGET="linux-generic32" CONFIG_OPTS="--strict-warnings no-shared no-dso no-pic no-aria no-async no-autoload-config no-blake2 no-bf no-camellia no-cast no-chacha no-cmac no-cms no-cmp no-comp no-ct no-des no-dgram no-dh no-dsa no-dtls no-ec2m no-engine no-filenames no-gost no-idea no-ktls no-mdc2 no-md4 no-multiblock no-nextprotoneg no-ocsp no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rmd160 no-seed no-siphash no-siv no-sm2 no-sm3 no-sm4 no-srp no-srtp no-ssl3 no-ssl3-method no-ts no-ui-console no-whirlpool no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT" + env: CONFIGURE_TARGET="linux-generic32" MARKDOWNLINT="yes" CONFIG_OPTS="--strict-warnings no-shared no-dso no-pic no-aria no-async no-autoload-config no-blake2 no-bf no-camellia no-cast no-chacha no-cmac no-cms no-cmp no-comp no-ct no-des no-dgram no-dh no-dsa no-dtls no-ec2m no-engine no-filenames no-gost no-idea no-ktls no-mdc2 no-md4 no-multiblock no-nextprotoneg no-ocsp no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rmd160 no-seed no-siphash no-siv no-sm2 no-sm3 no-sm4 no-srp no-srtp no-ssl3 no-ssl3-method no-ts no-ui-console no-whirlpool no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT" before_script: @@ -204,6 +204,12 @@ script: echo -e '\052\052 FAILED -- MAKE DOC-NITS'; travis_terminate 1; fi + - if test -n "$MARKDOWNLINT" ; then + echo -e "====START MARKDOWNLINT===="; + gem install mdl || travis_terminate 1; + mdl -s util/markdownlint.rb . || travis_terminate 1; + echo -e "====END MARKDOWNLINT===="; + fi - if ! $make2; then echo -e '\052\052 FAILED -- MAKE'; travis_terminate 1; diff --git a/ACKNOWLEDGEMENTS.md b/ACKNOWLEDGEMENTS.md index baf7743c8e..dae83457db 100644 --- a/ACKNOWLEDGEMENTS.md +++ b/ACKNOWLEDGEMENTS.md @@ -3,6 +3,5 @@ Acknowlegements Please see our [Thanks!][] page for the current acknowledgements. - [Thanks!]: https://www.openssl.org/community/thanks.html diff --git a/AUTHORS.md b/AUTHORS.md index e9ff5441b9..af72f43b08 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -7,40 +7,38 @@ since in some cases, their employer may be the copyright holder. To see the full list of contributors, see the revision history in source control. - Groups ------ - * OpenSSL Software Services, Inc. - * OpenSSL Software Foundation, Inc. - + * OpenSSL Software Services, Inc. + * OpenSSL Software Foundation, Inc. Individuals ----------- - * Andy Polyakov - * Ben Laurie - * Ben Kaduk - * Bernd Edlinger - * Bodo M?ller - * David Benjamin - * Emilia K?sper - * Eric Young - * Geoff Thorpe - * Holger Reif - * Kurt Roeckx - * Lutz J?nicke - * Mark J. Cox - * Matt Caswell - * Matthias St. Pierre - * Nils Larsch - * Paul Dale - * Paul C. Sutton - * Ralf S. Engelschall - * Rich Salz - * Richard Levitte - * Stephen Henson - * Steve Marquess - * Tim Hudson - * Ulf M?ller - * Viktor Dukhovni + * Andy Polyakov + * Ben Laurie + * Ben Kaduk + * Bernd Edlinger + * Bodo M?ller + * David Benjamin + * Emilia K?sper + * Eric Young + * Geoff Thorpe + * Holger Reif + * Kurt Roeckx + * Lutz J?nicke + * Mark J. Cox + * Matt Caswell + * Matthias St. Pierre + * Nils Larsch + * Paul Dale + * Paul C. Sutton + * Ralf S. Engelschall + * Rich Salz + * Richard Levitte + * Stephen Henson + * Steve Marquess + * Tim Hudson + * Ulf M?ller + * Viktor Dukhovni diff --git a/CHANGES.md b/CHANGES.md index 6da7bcde72..2835322bdf 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -7,7 +7,6 @@ pick the appropriate release branch. [log]: https://github.com/openssl/openssl/commits/ - OpenSSL Releases ---------------- @@ -22,7 +21,7 @@ OpenSSL Releases OpenSSL 3.0 ----------- -### Changes between 1.1.1 and 3.0 [xx XXX xxxx] ### +### Changes between 1.1.1 and 3.0 [xx XXX xxxx] * Removed FIPS_mode() and FIPS_mode_set(). These functions are legacy API's that are not applicable to the new provider model. Applications should @@ -87,7 +86,6 @@ OpenSSL 3.0 *Matthias St. Pierre* - * The test suite is changed to preserve results of each test recipe. A new directory test-runs/ with subdirectories named like the test recipes are created in the build tree for this purpose. @@ -335,7 +333,7 @@ OpenSSL 3.0 *Paul Dale* - * Corrected the documentation of the return values from the EVP_DigestSign* + * Corrected the documentation of the return values from the `EVP_DigestSign*` set of functions. The documentation mentioned negative values for some errors, but this was never the case, so the mention of negative values was removed. @@ -422,10 +420,10 @@ OpenSSL 3.0 replaced with no-ops. *Rich Salz* - + * Added documentation for the STACK API. OpenSSL only defines the STACK functions where they are used. - + *Rich Salz* * Introduced a new method type and API, OSSL_SERIALIZER, to @@ -589,7 +587,6 @@ OpenSSL 3.0 $ mms /macro=(VF=1) test ! OpenVMS $ nmake VF=1 test # Windows - *Richard Levitte* * For built-in EC curves, ensure an EC_GROUP built from the curve name is @@ -641,7 +638,7 @@ OpenSSL 3.0 when primes for RSA keys are computed. Since we previously always generated primes == 2 (mod 3) for RSA keys, the 2-prime and 3-prime RSA modules were easy to distinguish, since - N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting + `N = p*q = 1 (mod 3)`, but `N = p*q*r = 2 (mod 3)`. Therefore fingerprinting 2-prime vs. 3-prime RSA keys was possible by computing N mod 3. This avoids possible fingerprinting of newly generated RSA modules. @@ -692,7 +689,7 @@ OpenSSL 3.0 *Paul Dale* - * {CRYPTO,OPENSSL}_mem_debug_{push,pop} are now no-ops and have been + * `{CRYPTO,OPENSSL}_mem_debug_{push,pop}` are now no-ops and have been deprecated. *Rich Salz* @@ -807,7 +804,7 @@ OpenSSL 3.0 *Paul Dale* * Added newline escaping functionality to a filename when using openssl dgst. - This output format is to replicate the output format found in the '*sum' + This output format is to replicate the output format found in the `*sum` checksum programs. This aims to preserve backward compatibility. *Matt Eaton, Richard Levitte, and Paul Dale* @@ -967,7 +964,7 @@ OpenSSL 3.0 the attacked described in "Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC" by Phillip Rogaway. Details of this attack can be obtained from: - http://web.cs.ucdavis.edu/%7Erogaway/papers/offsets.pdf + *Paul Dale* @@ -988,14 +985,12 @@ OpenSSL 3.0 *Boris Pismenny* - OpenSSL 1.1.1 ------------- -### Changes between 1.1.1e and 1.1.1f [xx XXX xxxx] ### +### Changes between 1.1.1e and 1.1.1f [xx XXX xxxx] - -### Changes between 1.1.1d and 1.1.1e [17 Mar 2020] ### +### Changes between 1.1.1d and 1.1.1e [17 Mar 2020] * Properly detect EOF while reading in libssl. Previously if we hit an EOF while reading in libssl then we would report an error back to the @@ -1039,7 +1034,7 @@ OpenSSL 1.1.1 *Richard Levitte* * Added newline escaping functionality to a filename when using openssl dgst. - This output format is to replicate the output format found in the '*sum' + This output format is to replicate the output format found in the `*sum` checksum programs. This aims to preserve backward compatibility. *Matt Eaton, Richard Levitte, and Paul Dale* @@ -1049,7 +1044,7 @@ OpenSSL 1.1.1 *Jon Spillett* -### Changes between 1.1.1c and 1.1.1d [10 Sep 2019] ### +### Changes between 1.1.1c and 1.1.1d [10 Sep 2019] * Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the @@ -1154,7 +1149,7 @@ OpenSSL 1.1.1 *Matthias St. Pierre* -### Changes between 1.1.1b and 1.1.1c [28 May 2019] ### +### Changes between 1.1.1b and 1.1.1c [28 May 2019] * Add build tests for C++. These are generated files that only do one thing, to include one public OpenSSL head file each. This tests that @@ -1245,7 +1240,7 @@ OpenSSL 1.1.1 *Paul Yang* -### Changes between 1.1.1a and 1.1.1b [26 Feb 2019] ### +### Changes between 1.1.1a and 1.1.1b [26 Feb 2019] * Change the info callback signals for the start and end of a post-handshake message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START @@ -1259,7 +1254,7 @@ OpenSSL 1.1.1 *Matt Caswell* -### Changes between 1.1.1 and 1.1.1a [20 Nov 2018] ### +### Changes between 1.1.1 and 1.1.1a [20 Nov 2018] * Timing vulnerability in DSA signature generation @@ -1292,7 +1287,7 @@ OpenSSL 1.1.1 automatically and is fully functional even without additional randomness provided by the application. -### Changes between 1.1.0i and 1.1.1 [11 Sep 2018] ### +### Changes between 1.1.0i and 1.1.1 [11 Sep 2018] * Add a new ClientHello callback. Provides a callback interface that gives the application the ability to adjust the nascent SSL object at the @@ -1562,7 +1557,7 @@ OpenSSL 1.1.1 * Support for TLSv1.3 added. Note that users upgrading from an earlier version of OpenSSL should review their configuration settings to ensure that they are still appropriate for TLSv1.3. For further information see: - https://wiki.openssl.org/index.php/TLS1.3 + *Matt Caswell* @@ -1815,7 +1810,7 @@ OpenSSL 1.1.1 * 'openssl passwd' can now produce SHA256 and SHA512 based output, using the algorithm defined in - https://www.akkadia.org/drepper/SHA-crypt.txt + *Richard Levitte* @@ -1835,8 +1830,7 @@ OpenSSL 1.1.1 OpenSSL 1.1.0 ------------- - -### Changes between 1.1.0k and 1.1.0l [10 Sep 2019] ### +### Changes between 1.1.0k and 1.1.0l [10 Sep 2019] * For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key @@ -1882,7 +1876,7 @@ OpenSSL 1.1.0 *Richard Levitte* -### Changes between 1.1.0j and 1.1.0k [28 May 2019] ### +### Changes between 1.1.0j and 1.1.0k [28 May 2019] * Change the default RSA, DSA and DH size to 2048 bit instead of 1024. This changes the size when using the genpkey app when no size is given. It @@ -1945,7 +1939,7 @@ OpenSSL 1.1.0 *Richard Levitte* -### Changes between 1.1.0i and 1.1.0j [20 Nov 2018] ### +### Changes between 1.1.0i and 1.1.0j [20 Nov 2018] * Timing vulnerability in DSA signature generation @@ -1975,7 +1969,7 @@ OpenSSL 1.1.0 *Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley* -### Changes between 1.1.0h and 1.1.0i [14 Aug 2018] ### +### Changes between 1.1.0h and 1.1.0i [14 Aug 2018] * Client DoS due to large DH parameter @@ -2060,7 +2054,7 @@ OpenSSL 1.1.0 *Matt Caswell* -### Changes between 1.1.0g and 1.1.0h [27 Mar 2018] ### +### Changes between 1.1.0g and 1.1.0h [27 Mar 2018] * Constructed ASN.1 types with a recursive definition could exceed the stack @@ -2139,7 +2133,7 @@ OpenSSL 1.1.0 *Andy Polyakov* -### Changes between 1.1.0f and 1.1.0g [2 Nov 2017] ### +### Changes between 1.1.0f and 1.1.0g [2 Nov 2017] * bn_sqrx8x_internal carry bug on x86_64 @@ -2174,7 +2168,7 @@ OpenSSL 1.1.0 *Rich Salz* -### Changes between 1.1.0e and 1.1.0f [25 May 2017] ### +### Changes between 1.1.0e and 1.1.0f [25 May 2017] * Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target platform rather than 'mingw'. @@ -2187,7 +2181,7 @@ OpenSSL 1.1.0 *Richard Levitte* -### Changes between 1.1.0d and 1.1.0e [16 Feb 2017] ### +### Changes between 1.1.0d and 1.1.0e [16 Feb 2017] * Encrypt-Then-Mac renegotiation crash @@ -2201,7 +2195,7 @@ OpenSSL 1.1.0 *Matt Caswell* -### Changes between 1.1.0c and 1.1.0d [26 Jan 2017] ### +### Changes between 1.1.0c and 1.1.0d [26 Jan 2017] * Truncated packet could crash via OOB read @@ -2247,11 +2241,11 @@ OpenSSL 1.1.0 *Andy Polyakov* -### Changes between 1.1.0b and 1.1.0c [10 Nov 2016] ### +### Changes between 1.1.0b and 1.1.0c [10 Nov 2016] * ChaCha20/Poly1305 heap-buffer-overflow - TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to + TLS connections using `*-CHACHA20-POLY1305` ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. @@ -2303,7 +2297,7 @@ OpenSSL 1.1.0 *Richard Levitte* -### Changes between 1.1.0a and 1.1.0b [26 Sep 2016] ### +### Changes between 1.1.0a and 1.1.0b [26 Sep 2016] * Fix Use After Free for large message sizes @@ -2321,7 +2315,7 @@ OpenSSL 1.1.0 *Matt Caswell* -### Changes between 1.1.0 and 1.1.0a [22 Sep 2016] ### +### Changes between 1.1.0 and 1.1.0a [22 Sep 2016] * OCSP Status Request extension unbounded memory growth @@ -2400,7 +2394,7 @@ OpenSSL 1.1.0 *Andy Polyakov* -### Changes between 1.0.2h and 1.1.0 [25 Aug 2016] ### +### Changes between 1.0.2h and 1.1.0 [25 Aug 2016] * Windows command-line tool supports UTF-8 opt-in option for arguments and console input. Setting OPENSSL_WIN32_UTF8 environment variable @@ -2443,8 +2437,8 @@ OpenSSL 1.1.0 *Joseph Wylie Yandle, Rich Salz* - * The stack and lhash API's were renamed to start with OPENSSL_SK_ - and OPENSSL_LH_, respectively. The old names are available + * The stack and lhash API's were renamed to start with `OPENSSL_SK_` + and `OPENSSL_LH_`, respectively. The old names are available with API compatibility. They new names are now completely documented. *Rich Salz* @@ -2622,12 +2616,12 @@ OpenSSL 1.1.0 *Todd Short* * Changes to the DEFAULT cipherlist: - - Prefer (EC)DHE handshakes over plain RSA. - - Prefer AEAD ciphers over legacy ciphers. - - Prefer ECDSA over RSA when both certificates are available. - - Prefer TLSv1.2 ciphers/PRF. - - Remove DSS, SEED, IDEA, CAMELLIA, and AES-CCM from the - default cipherlist. + - Prefer (EC)DHE handshakes over plain RSA. + - Prefer AEAD ciphers over legacy ciphers. + - Prefer ECDSA over RSA when both certificates are available. + - Prefer TLSv1.2 ciphers/PRF. + - Remove DSS, SEED, IDEA, CAMELLIA, and AES-CCM from the + default cipherlist. *Emilia K?sper* @@ -2789,8 +2783,8 @@ OpenSSL 1.1.0 * The signature of the session callback configured with SSL_CTX_sess_set_get_cb was changed. The read-only input buffer - was explicitly marked as 'const unsigned char*' instead of - 'unsigned char*'. + was explicitly marked as `const unsigned char*` instead of + `unsigned char*`. *Emilia K?sper* @@ -2822,7 +2816,7 @@ OpenSSL 1.1.0 Makefile. Instead, Configure produces a perl module in configdata.pm which holds most of the config data (in the hash table %config), the target data that comes from the target - configuration in one of the Configurations/*.conf files (in + configuration in one of the `Configurations/*.conf~ files (in %target). *Richard Levitte* @@ -2851,7 +2845,7 @@ OpenSSL 1.1.0 * The GOST engine was out of date and therefore it has been removed. An up to date GOST engine is now being maintained in an external repository. - See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains + See: . Libssl still retains support for GOST ciphersuites (these are only activated if a GOST engine is present). @@ -3205,7 +3199,7 @@ OpenSSL 1.1.0 * Added support for OCB mode. OpenSSL has been granted a patent license compatible with the OpenSSL license for use of OCB. Details are available - at https://www.openssl.org/source/OCB-patent-grant-OpenSSL.pdf. Support + at . Support for OCB can be removed by calling config with no-ocb. *Matt Caswell* @@ -3244,16 +3238,16 @@ OpenSSL 1.1.0 *Rich Salz* * Clean up OPENSSL_NO_xxx #define's - - Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF - - Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx - - OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC - - OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 - - OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO - - Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY - OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP - OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK - OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY - - Remove MS_STATIC; it's a relic from platforms <32 bits. + - Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF + - Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx + - OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC + - OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 + - OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO + - Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY + OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP + OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK + OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY + - Remove MS_STATIC; it's a relic from platforms <32 bits. *Rich Salz* @@ -3311,7 +3305,7 @@ OpenSSL 1.1.0 * Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: - http://eprint.iacr.org/2014/140 + Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix [CVE-2014-0076][] @@ -3336,7 +3330,6 @@ OpenSSL 1.1.0 WARNING: EXPERIMENTAL, SUBJECT TO CHANGE. - *Steve Henson* * Add EVP support for key wrapping algorithms, to avoid problems with @@ -3542,7 +3535,7 @@ OpenSSL 1.1.0 *Steve Henson* * Initial, experimental EVP support for AES-GCM. AAD can be input by - setting output buffer to NULL. The *Final function must be + setting output buffer to NULL. The `*Final` function must be called although it will not retrieve any additional data. The tag can be set or retrieved with a ctrl. The IV length is by default 12 bytes (96 bits) but can be set to an alternative value. If the IV @@ -3634,7 +3627,7 @@ OpenSSL 1.1.0 OpenSSL 1.0.2 ------------- -### Changes between 1.0.2s and 1.0.2t [10 Sep 2019] ### +### Changes between 1.0.2s and 1.0.2t [10 Sep 2019] * For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key @@ -3680,7 +3673,7 @@ OpenSSL 1.0.2 *Richard Levitte* -### Changes between 1.0.2r and 1.0.2s [28 May 2019] ### +### Changes between 1.0.2r and 1.0.2s [28 May 2019] * Change the default RSA, DSA and DH size to 2048 bit instead of 1024. This changes the size when using the genpkey app when no size is given. It @@ -3699,7 +3692,7 @@ OpenSSL 1.0.2 *Matthias St. Pierre* -### Changes between 1.0.2q and 1.0.2r [26 Feb 2019] ### +### Changes between 1.0.2q and 1.0.2r [26 Feb 2019] * 0-byte record padding oracle @@ -3728,7 +3721,7 @@ OpenSSL 1.0.2 *Richard Levitte* -### Changes between 1.0.2p and 1.0.2q [20 Nov 2018] ### +### Changes between 1.0.2p and 1.0.2q [20 Nov 2018] * Microarchitecture timing vulnerability in ECC scalar multiplication @@ -3761,7 +3754,7 @@ OpenSSL 1.0.2 *Nicola Tuveri* -### Changes between 1.0.2o and 1.0.2p [14 Aug 2018] ### +### Changes between 1.0.2o and 1.0.2p [14 Aug 2018] * Client DoS due to large DH parameter @@ -3828,7 +3821,7 @@ OpenSSL 1.0.2 *Emilia K?sper* -### Changes between 1.0.2n and 1.0.2o [27 Mar 2018] ### +### Changes between 1.0.2n and 1.0.2o [27 Mar 2018] * Constructed ASN.1 types with a recursive definition could exceed the stack @@ -3844,7 +3837,7 @@ OpenSSL 1.0.2 *Matt Caswell* -### Changes between 1.0.2m and 1.0.2n [7 Dec 2017] ### +### Changes between 1.0.2m and 1.0.2n [7 Dec 2017] * Read/write after SSL object in error state @@ -3891,7 +3884,7 @@ OpenSSL 1.0.2 *Andy Polyakov* -### Changes between 1.0.2l and 1.0.2m [2 Nov 2017] ### +### Changes between 1.0.2l and 1.0.2m [2 Nov 2017] * bn_sqrx8x_internal carry bug on x86_64 @@ -3926,14 +3919,14 @@ OpenSSL 1.0.2 *Rich Salz* -### Changes between 1.0.2k and 1.0.2l [25 May 2017] ### +### Changes between 1.0.2k and 1.0.2l [25 May 2017] * Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target platform rather than 'mingw'. *Richard Levitte* -### Changes between 1.0.2j and 1.0.2k [26 Jan 2017] ### +### Changes between 1.0.2j and 1.0.2k [26 Jan 2017] * Truncated packet could crash via OOB read @@ -3998,7 +3991,7 @@ OpenSSL 1.0.2 *Matt Caswell* -### Changes between 1.0.2i and 1.0.2j [26 Sep 2016] ### +### Changes between 1.0.2i and 1.0.2j [26 Sep 2016] * Missing CRL sanity check @@ -4011,7 +4004,7 @@ OpenSSL 1.0.2 *Matt Caswell* -### Changes between 1.0.2h and 1.0.2i [22 Sep 2016] ### +### Changes between 1.0.2h and 1.0.2i [22 Sep 2016] * OCSP Status Request extension unbounded memory growth @@ -4182,7 +4175,7 @@ OpenSSL 1.0.2 *Stephen Henson* -### Changes between 1.0.2g and 1.0.2h [3 May 2016] ### +### Changes between 1.0.2g and 1.0.2h [3 May 2016] * Prevent padding oracle in AES-NI CBC MAC check @@ -4210,7 +4203,7 @@ OpenSSL 1.0.2 corruption. Internally to OpenSSL the EVP_EncodeUpdate() function is primarily used by - the PEM_write_bio* family of functions. These are mainly used within the + the `PEM_write_bio*` family of functions. These are mainly used within the OpenSSL command line applications, so any application which processes data from an untrusted source and outputs it as a PEM file should be considered vulnerable to this issue. User applications that call these APIs directly @@ -4287,7 +4280,7 @@ OpenSSL 1.0.2 *Kurt Roeckx* -### Changes between 1.0.2f and 1.0.2g [1 Mar 2016] ### +### Changes between 1.0.2f and 1.0.2g [1 Mar 2016] * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will not @@ -4372,10 +4365,10 @@ OpenSSL 1.0.2 *Matt Caswell* - * Fix memory issues in BIO_*printf functions + * Fix memory issues in `BIO_*printf` functions The internal |fmtstr| function used in processing a "%s" format string in - the BIO_*printf functions could overflow while calculating the length of a + the `BIO_*printf` functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an @@ -4387,7 +4380,7 @@ OpenSSL 1.0.2 The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data - is passed to the BIO_*printf functions. If applications use these functions + is passed to the `BIO_*printf` functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from @@ -4415,7 +4408,7 @@ OpenSSL 1.0.2 This issue was reported to OpenSSL by Yuval Yarom, The University of Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and Nadia Heninger, University of Pennsylvania with more information at - http://cachebleed.info. + . [CVE-2016-0702][] *Andy Polyakov* @@ -4427,7 +4420,8 @@ OpenSSL 1.0.2 *Emilia K?sper* -### Changes between 1.0.2e and 1.0.2f [28 Jan 2016] ### +### Changes between 1.0.2e and 1.0.2f [28 Jan 2016] + * DH small subgroups Historically OpenSSL only ever generated DH parameters based on "safe" @@ -4473,7 +4467,7 @@ OpenSSL 1.0.2 *Viktor Dukhovni* -### Changes between 1.0.2d and 1.0.2e [3 Dec 2015] ### +### Changes between 1.0.2d and 1.0.2e [3 Dec 2015] * BN_mod_exp may produce incorrect results on x86_64 @@ -4536,7 +4530,7 @@ OpenSSL 1.0.2 *Rich Salz and Ismo Puustinen * -### Changes between 1.0.2c and 1.0.2d [9 Jul 2015] ### +### Changes between 1.0.2c and 1.0.2d [9 Jul 2015] * Alternate chains certificate forgery @@ -4552,7 +4546,7 @@ OpenSSL 1.0.2 *Matt Caswell* -### Changes between 1.0.2b and 1.0.2c [12 Jun 2015] ### +### Changes between 1.0.2b and 1.0.2c [12 Jun 2015] * Fix HMAC ABI incompatibility. The previous version introduced an ABI incompatibility in the handling of HMAC. The previous ABI has now been @@ -4560,7 +4554,7 @@ OpenSSL 1.0.2 *Matt Caswell* -### Changes between 1.0.2a and 1.0.2b [11 Jun 2015] ### +### Changes between 1.0.2a and 1.0.2b [11 Jun 2015] * Malformed ECParameters causes infinite loop @@ -4639,7 +4633,7 @@ OpenSSL 1.0.2 *Emilia Kasper* -### Changes between 1.0.2 and 1.0.2a [19 Mar 2015] ### +### Changes between 1.0.2 and 1.0.2a [19 Mar 2015] * ClientHello sigalgs DoS fix @@ -4815,7 +4809,7 @@ OpenSSL 1.0.2 *Kurt Roeckx* -### Changes between 1.0.1l and 1.0.2 [22 Jan 2015] ### +### Changes between 1.0.1l and 1.0.2 [22 Jan 2015] * Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g. ARMv5 through ARMv8, as opposite to "locking" it to single one. @@ -4966,7 +4960,7 @@ OpenSSL 1.0.2 *Steve Henson* - * SSL_CONF* functions. These provide a common framework for application + * `SSL_CONF*` functions. These provide a common framework for application configuration using configuration files or command lines. *Steve Henson* @@ -5034,7 +5028,6 @@ OpenSSL 1.0.2 Note: if the CERT based stores are not set then the parent SSL_CTX store is used to retain compatibility with existing behaviour. - *Steve Henson* * New function ssl_set_client_disabled to set a ciphersuite disabled @@ -5210,11 +5203,10 @@ OpenSSL 1.0.2 X509_CINF_set_modified, X509_CINF_get_issuer, X509_CINF_get_extensions and X509_CINF_get_signature were reverted post internal team review. - OpenSSL 1.0.1 ------------- -### Changes between 1.0.1t and 1.0.1u [22 Sep 2016] ### +### Changes between 1.0.1t and 1.0.1u [22 Sep 2016] * OCSP Status Request extension unbounded memory growth @@ -5385,7 +5377,7 @@ OpenSSL 1.0.1 *Stephen Henson* -### Changes between 1.0.1s and 1.0.1t [3 May 2016] ### +### Changes between 1.0.1s and 1.0.1t [3 May 2016] * Prevent padding oracle in AES-NI CBC MAC check @@ -5413,7 +5405,7 @@ OpenSSL 1.0.1 corruption. Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by - the PEM_write_bio* family of functions. These are mainly used within the + the `PEM_write_bio*` family of functions. These are mainly used within the OpenSSL command line applications, so any application which processes data from an untrusted source and outputs it as a PEM file should be considered vulnerable to this issue. User applications that call these APIs directly @@ -5490,7 +5482,7 @@ OpenSSL 1.0.1 *Kurt Roeckx* -### Changes between 1.0.1r and 1.0.1s [1 Mar 2016] ### +### Changes between 1.0.1r and 1.0.1s [1 Mar 2016] * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will not @@ -5575,10 +5567,10 @@ OpenSSL 1.0.1 *Matt Caswell* - * Fix memory issues in BIO_*printf functions + * Fix memory issues in `BIO_*printf` functions The internal |fmtstr| function used in processing a "%s" format string in - the BIO_*printf functions could overflow while calculating the length of a + the `BIO_*printf` functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an @@ -5590,7 +5582,7 @@ OpenSSL 1.0.1 The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data - is passed to the BIO_*printf functions. If applications use these functions + is passed to the `BIO_*printf` functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from @@ -5618,7 +5610,7 @@ OpenSSL 1.0.1 This issue was reported to OpenSSL by Yuval Yarom, The University of Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and Nadia Heninger, University of Pennsylvania with more information at - http://cachebleed.info. + . [CVE-2016-0702][] *Andy Polyakov* @@ -5630,7 +5622,7 @@ OpenSSL 1.0.1 *Emilia K?sper* -### Changes between 1.0.1q and 1.0.1r [28 Jan 2016] ### +### Changes between 1.0.1q and 1.0.1r [28 Jan 2016] * Protection for DH small subgroup attacks @@ -5657,7 +5649,7 @@ OpenSSL 1.0.1 *Kurt Roeckx* -### Changes between 1.0.1p and 1.0.1q [3 Dec 2015] ### +### Changes between 1.0.1p and 1.0.1q [3 Dec 2015] * Certificate verify crash with missing PSS parameter @@ -5700,7 +5692,7 @@ OpenSSL 1.0.1 *Rich Salz and Ismo Puustinen * -### Changes between 1.0.1o and 1.0.1p [9 Jul 2015] ### +### Changes between 1.0.1o and 1.0.1p [9 Jul 2015] * Alternate chains certificate forgery @@ -5727,12 +5719,13 @@ OpenSSL 1.0.1 *Stephen Henson* -### Changes between 1.0.1n and 1.0.1o [12 Jun 2015] ### +### Changes between 1.0.1n and 1.0.1o [12 Jun 2015] + * Fix HMAC ABI incompatibility. The previous version introduced an ABI incompatibility in the handling of HMAC. The previous ABI has now been restored. -### Changes between 1.0.1m and 1.0.1n [11 Jun 2015] ### +### Changes between 1.0.1m and 1.0.1n [11 Jun 2015] * Malformed ECParameters causes infinite loop @@ -5813,7 +5806,7 @@ OpenSSL 1.0.1 *Kurt Roeckx and Emilia Kasper* -### Changes between 1.0.1l and 1.0.1m [19 Mar 2015] ### +### Changes between 1.0.1l and 1.0.1m [19 Mar 2015] * Segmentation fault in ASN1_TYPE_cmp fix @@ -5897,13 +5890,13 @@ OpenSSL 1.0.1 *Kurt Roeckx* -### Changes between 1.0.1k and 1.0.1l [15 Jan 2015] ### +### Changes between 1.0.1k and 1.0.1l [15 Jan 2015] * Build fixes for the Windows and OpenVMS platforms *Matt Caswell and Richard Levitte* -### Changes between 1.0.1j and 1.0.1k [8 Jan 2015] ### +### Changes between 1.0.1j and 1.0.1k [8 Jan 2015] * Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer @@ -6045,7 +6038,7 @@ OpenSSL 1.0.1 *Emilia K?sper* -### Changes between 1.0.1i and 1.0.1j [15 Oct 2014] ### +### Changes between 1.0.1i and 1.0.1j [15 Oct 2014] * SRTP Memory Leak. @@ -6098,10 +6091,9 @@ OpenSSL 1.0.1 Note: this is a precautionary measure and no attacks are currently known. - *Steve Henson* -### Changes between 1.0.1h and 1.0.1i [6 Aug 2014] ### +### Changes between 1.0.1h and 1.0.1i [6 Aug 2014] * Fix SRP buffer overrun vulnerability. Invalid parameters passed to the SRP code can be overrun an internal buffer. Add sanity check that @@ -6197,7 +6189,7 @@ OpenSSL 1.0.1 *Bodo Moeller* -### Changes between 1.0.1g and 1.0.1h [5 Jun 2014] ### +### Changes between 1.0.1g and 1.0.1h [5 Jun 2014] * Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL @@ -6248,7 +6240,7 @@ OpenSSL 1.0.1 *mancha * -### Changes between 1.0.1f and 1.0.1g [7 Apr 2014] ### +### Changes between 1.0.1f and 1.0.1g [7 Apr 2014] * A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or @@ -6263,7 +6255,7 @@ OpenSSL 1.0.1 * Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: - http://eprint.iacr.org/2014/140 + Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix [CVE-2014-0076][] @@ -6277,10 +6269,9 @@ OpenSSL 1.0.1 less that 512 pad with a dummy extension containing zeroes so it is at least 512 bytes long. - *Adam Langley, Steve Henson* -### Changes between 1.0.1e and 1.0.1f [6 Jan 2014] ### +### Changes between 1.0.1e and 1.0.1f [6 Jan 2014] * Fix for TLS record tampering bug. A carefully crafted invalid handshake could crash OpenSSL with a NULL pointer exception. @@ -6302,20 +6293,20 @@ OpenSSL 1.0.1 *Rob Stradling, Adam Langley* -### Changes between 1.0.1d and 1.0.1e [11 Feb 2013] ### +### Changes between 1.0.1d and 1.0.1e [11 Feb 2013] * Correct fix for CVE-2013-0169. The original didn't work on AES-NI supporting platforms or when small records were transferred. *Andy Polyakov, Steve Henson* -### Changes between 1.0.1c and 1.0.1d [5 Feb 2013] ### +### Changes between 1.0.1c and 1.0.1d [5 Feb 2013] * Make the decoding of SSLv3, TLS and DTLS CBC records constant time. This addresses the flaw in CBC record processing discovered by Nadhem Alfardan and Kenny Paterson. Details of this attack can be found - at: http://www.isg.rhul.ac.uk/tls/ + at: Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London @@ -6346,7 +6337,7 @@ OpenSSL 1.0.1 * Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. - See http://rt.openssl.org/Ticket/Display.html?id=2836. + See . *Rob Stradling * @@ -6359,7 +6350,7 @@ OpenSSL 1.0.1 *Steve Henson* -### Changes between 1.0.1b and 1.0.1c [10 May 2012] ### +### Changes between 1.0.1b and 1.0.1c [10 May 2012] * Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and DTLS to fix DoS attack. @@ -6380,7 +6371,7 @@ OpenSSL 1.0.1 *Steve Henson* -### Changes between 1.0.1a and 1.0.1b [26 Apr 2012] ### +### Changes between 1.0.1a and 1.0.1b [26 Apr 2012] * OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and 1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately @@ -6405,7 +6396,7 @@ OpenSSL 1.0.1 *Andy Polyakov* -### Changes between 1.0.1 and 1.0.1a [19 Apr 2012] ### +### Changes between 1.0.1 and 1.0.1a [19 Apr 2012] * Check for potentially exploitable overflows in asn1_d2i_read_bio BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer @@ -6440,7 +6431,7 @@ OpenSSL 1.0.1 *Andy Polyakov* -### Changes between 1.0.0h and 1.0.1 [14 Mar 2012] ### +### Changes between 1.0.0h and 1.0.1 [14 Mar 2012] * Add compatibility with old MDC2 signatures which use an ASN1 OCTET STRING form instead of a DigestInfo. @@ -6477,12 +6468,12 @@ OpenSSL 1.0.1 * Extensive assembler packs updates, most notably: - - x86[_64]: AES-NI, PCLMULQDQ, RDRAND support; - - x86[_64]: SSSE3 support (SHA1, vector-permutation AES); - - x86_64: bit-sliced AES implementation; - - ARM: NEON support, contemporary platforms optimizations; - - s390x: z196 support; - - *: GHASH and GF(2^m) multiplication implementations; + - x86[_64]: AES-NI, PCLMULQDQ, RDRAND support; + - x86[_64]: SSSE3 support (SHA1, vector-permutation AES); + - x86_64: bit-sliced AES implementation; + - ARM: NEON support, contemporary platforms optimizations; + - s390x: z196 support; + - `*`: GHASH and GF(2^m) multiplication implementations; *Andy Polyakov* @@ -6500,7 +6491,7 @@ OpenSSL 1.0.1 *Eric Rescorla* * Add Next Protocol Negotiation, - http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be + . Can be disabled with a no-npn flag to config or Configure. Code donated by Google. @@ -6608,7 +6599,7 @@ OpenSSL 1.0.1 * Add GCM support to TLS library. Some custom code is needed to split the IV between the fixed (from PRF) and explicit (from TLS record) portions. This adds all GCM ciphersuites supported by RFC5288 and - RFC5289. Generalise some AES* cipherstrings to include GCM and + RFC5289. Generalise some `AES*` cipherstrings to include GCM and add a special AESGCM string for GCM only. *Steve Henson* @@ -6670,7 +6661,7 @@ OpenSSL 1.0.1 * Low level digest APIs are not approved in FIPS mode: any attempt to use these will cause a fatal error. Applications that *really* want - to use them can use the private_* version instead. + to use them can use the `private_*` version instead. *Steve Henson* @@ -6782,7 +6773,7 @@ OpenSSL 1.0.1 OpenSSL 1.0.0 ------------- -### Changes between 1.0.0s and 1.0.0t [3 Dec 2015] ### +### Changes between 1.0.0s and 1.0.0t [3 Dec 2015] * X509_ATTRIBUTE memory leak @@ -6807,7 +6798,7 @@ OpenSSL 1.0.0 *Stephen Henson* -### Changes between 1.0.0r and 1.0.0s [11 Jun 2015] ### +### Changes between 1.0.0r and 1.0.0s [11 Jun 2015] * Malformed ECParameters causes infinite loop @@ -6880,7 +6871,7 @@ OpenSSL 1.0.0 *Matt Caswell* -### Changes between 1.0.0q and 1.0.0r [19 Mar 2015] ### +### Changes between 1.0.0q and 1.0.0r [19 Mar 2015] * Segmentation fault in ASN1_TYPE_cmp fix @@ -6964,13 +6955,13 @@ OpenSSL 1.0.0 *Kurt Roeckx* -### Changes between 1.0.0p and 1.0.0q [15 Jan 2015] ### +### Changes between 1.0.0p and 1.0.0q [15 Jan 2015] * Build fixes for the Windows and OpenVMS platforms *Matt Caswell and Richard Levitte* -### Changes between 1.0.0o and 1.0.0p [8 Jan 2015] ### +### Changes between 1.0.0o and 1.0.0p [8 Jan 2015] * Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer @@ -7041,7 +7032,7 @@ OpenSSL 1.0.0 *Andy Polyakov* - * Fix various certificate fingerprint issues. + *) Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. @@ -7079,7 +7070,7 @@ OpenSSL 1.0.0 *Steve Henson* -### Changes between 1.0.0n and 1.0.0o [15 Oct 2014] ### +### Changes between 1.0.0n and 1.0.0o [15 Oct 2014] * Session Ticket Memory Leak. @@ -7117,10 +7108,9 @@ OpenSSL 1.0.0 Note: this is a precautionary measure and no attacks are currently known. - *Steve Henson* -### Changes between 1.0.0m and 1.0.0n [6 Aug 2014] ### +### Changes between 1.0.0m and 1.0.0n [6 Aug 2014] * OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client @@ -7183,7 +7173,7 @@ OpenSSL 1.0.0 *Bodo Moeller* -### Changes between 1.0.0l and 1.0.0m [5 Jun 2014] ### +### Changes between 1.0.0l and 1.0.0m [5 Jun 2014] * Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL @@ -7237,14 +7227,14 @@ OpenSSL 1.0.0 * Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: - http://eprint.iacr.org/2014/140 + Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix [CVE-2014-0076][] *Yuval Yarom and Naomi Benger* -### Changes between 1.0.0k and 1.0.0l [6 Jan 2014] ### +### Changes between 1.0.0k and 1.0.0l [6 Jan 2014] * Keep original DTLS digest and encryption contexts in retransmission structures so we can use the previous session parameters if they need @@ -7261,13 +7251,13 @@ OpenSSL 1.0.0 *Rob Stradling, Adam Langley* -### Changes between 1.0.0j and 1.0.0k [5 Feb 2013] ### +### Changes between 1.0.0j and 1.0.0k [5 Feb 2013] * Make the decoding of SSLv3, TLS and DTLS CBC records constant time. This addresses the flaw in CBC record processing discovered by Nadhem Alfardan and Kenny Paterson. Details of this attack can be found - at: http://www.isg.rhul.ac.uk/tls/ + at: Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London @@ -7285,7 +7275,7 @@ OpenSSL 1.0.0 * Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. - See http://rt.openssl.org/Ticket/Display.html?id=2836. + See . (This is a backport) *Rob Stradling * @@ -7294,7 +7284,7 @@ OpenSSL 1.0.0 *Steve Henson* -### Changes between 1.0.0i and 1.0.0j [10 May 2012] ### +### Changes between 1.0.0i and 1.0.0j [10 May 2012] [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after OpenSSL 1.0.1.] @@ -7313,7 +7303,7 @@ OpenSSL 1.0.1.] *Steve Henson* -### Changes between 1.0.0h and 1.0.0i [19 Apr 2012] ### +### Changes between 1.0.0h and 1.0.0i [19 Apr 2012] * Check for potentially exploitable overflows in asn1_d2i_read_bio BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer @@ -7325,7 +7315,7 @@ OpenSSL 1.0.1.] *Adam Langley (Google), Tavis Ormandy, Google Security Team* -### Changes between 1.0.0g and 1.0.0h [12 Mar 2012] ### +### Changes between 1.0.0g and 1.0.0h [12 Mar 2012] * Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness in CMS and PKCS7 code. When RSA decryption fails use a random key for @@ -7345,7 +7335,7 @@ OpenSSL 1.0.1.] *Steve Henson* -### Changes between 1.0.0f and 1.0.0g [18 Jan 2012] ### +### Changes between 1.0.0f and 1.0.0g [18 Jan 2012] * Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. Thanks to Antonio Martin, Enterprise Secure Access Research and @@ -7354,7 +7344,7 @@ OpenSSL 1.0.1.] *Antonio Martin* -### Changes between 1.0.0e and 1.0.0f [4 Jan 2012] ### +### Changes between 1.0.0e and 1.0.0f [4 Jan 2012] * Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption @@ -7362,7 +7352,7 @@ OpenSSL 1.0.1.] the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can be found at: - http://www.isg.rhul.ac.uk/~kp/dtls.pdf + Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann @@ -7405,7 +7395,7 @@ OpenSSL 1.0.1.] *Emilia K?sper (Google)* * Fix the BIO_f_buffer() implementation (which was mixing different - interpretations of the '..._len' fields). + interpretations of the `..._len` fields). *Adam Langley (Google)* @@ -7424,7 +7414,7 @@ OpenSSL 1.0.1.] *Bob Buckholz (Google)* -### Changes between 1.0.0d and 1.0.0e [6 Sep 2011] ### +### Changes between 1.0.0d and 1.0.0e [6 Sep 2011] * Fix bug where CRLs with nextUpdate in the past are sometimes accepted by initialising X509_STORE_CTX properly. [CVE-2011-3207][] @@ -7448,13 +7438,11 @@ OpenSSL 1.0.1.] * Add protection against ECDSA timing attacks as mentioned in the paper by Billy Bob Brumley and Nicola Tuveri, see: - - http://eprint.iacr.org/2011/232.pdf - + *Billy Bob Brumley and Nicola Tuveri* -### Changes between 1.0.0c and 1.0.0d [8 Feb 2011] ### +### Changes between 1.0.0c and 1.0.0d [8 Feb 2011] * Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 @@ -7466,7 +7454,7 @@ OpenSSL 1.0.1.] *Steve Henson* -### Changes between 1.0.0b and 1.0.0c [2 Dec 2010] ### +### Changes between 1.0.0b and 1.0.0c [2 Dec 2010] * Disable code workaround for ancient and obsolete Netscape browsers and servers: an attacker can use it in a ciphersuite downgrade attack. @@ -7480,7 +7468,7 @@ OpenSSL 1.0.1.] *Ben Laurie* -### Changes between 1.0.0a and 1.0.0b [16 Nov 2010] ### +### Changes between 1.0.0a and 1.0.0b [16 Nov 2010] * Fix extension code to avoid race conditions which can result in a buffer overrun vulnerability: resumed sessions must not be modified as they can @@ -7493,14 +7481,14 @@ OpenSSL 1.0.1.] *Steve Henson* -### Changes between 1.0.0 and 1.0.0a [01 Jun 2010] ### +### Changes between 1.0.0 and 1.0.0a [01 Jun 2010] * Check return value of int_rsa_verify in pkey_rsa_verifyrecover [CVE-2010-1633][] *Steve Henson, Peter-Michael Hager * -### Changes between 0.9.8n and 1.0.0 [29 Mar 2010] ### +### Changes between 0.9.8n and 1.0.0 [29 Mar 2010] * Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher context. The operation can be customised via the ctrl mechanism in @@ -7576,7 +7564,7 @@ OpenSSL 1.0.1.] * Add "missing" function EVP_MD_flags() (without this the only way to retrieve a digest flags is by accessing the structure directly. Update - EVP_MD_do_all*() and EVP_CIPHER_do_all*() to include the name a digest + `EVP_MD_do_all*()` and `EVP_CIPHER_do_all*()` to include the name a digest or cipher is registered as in the "from" argument. Print out all registered digests in the dgst usage message instead of manually attempting to work them out. @@ -7610,7 +7598,6 @@ OpenSSL 1.0.1.] and this works for ENGINE based algorithms too. - *Steve Henson* * Update Gost ENGINE to support parameter files. @@ -7663,7 +7650,7 @@ OpenSSL 1.0.1.] * New function OPENSSL_gmtime_adj() to add a specific number of days and seconds to a tm structure directly, instead of going through OS specific date routines. This avoids any issues with OS routines such - as the year 2038 bug. New *_adj() functions for ASN1 time structures + as the year 2038 bug. New `*_adj()` functions for ASN1 time structures and X509_time_adj_ex() to cover the extended range. The existing X509_time_adj() is still usable and will no longer have any date issues. @@ -7881,13 +7868,11 @@ OpenSSL 1.0.1.] SSL_set_options(ssl, SSL_OP_NO_SSLv2) is especially recommended for applications that need to enforce opaque PRF input. - *Bodo Moeller* * Update ssl code to support digests other than SHA1+MD5 for handshake MAC. - *Victor B. Wagner * * Add RFC4507 support to OpenSSL. This includes the corrections in @@ -7931,7 +7916,7 @@ OpenSSL 1.0.1.] *Steve Henson* * Experimental support for use of HMAC via EVP_PKEY interface. This - allows HMAC to be handled via the EVP_DigestSign*() interface. The + allows HMAC to be handled via the `EVP_DigestSign*()` interface. The EVP_PKEY "key" in this case is the HMAC key, potentially allowing ENGINE support for HMAC keys which are unextractable. New -mac and -macopt options to dgst utility. @@ -7939,7 +7924,7 @@ OpenSSL 1.0.1.] *Steve Henson* * New option -sigopt to dgst utility. Update dgst to use - EVP_Digest{Sign,Verify}*. These two changes make it possible to use + `EVP_Digest{Sign,Verify}*`. These two changes make it possible to use alternative signing parameters such as X9.31 or PSS in the dgst utility. @@ -8148,7 +8133,6 @@ OpenSSL 1.0.1.] AECDH - anonymous ECDH EECDH - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH") - *Bodo Moeller* * Add additional S/MIME capabilities for AES and GOST ciphers if supported. @@ -8167,8 +8151,8 @@ OpenSSL 1.0.1.] *Steve Henson* - * New functions EVP_Digest{Sign,Verify)*. These are enhanced versions of - EVP_{Sign,Verify}* which allow an application to customise the signature + * New functions `EVP_Digest{Sign,Verify)*`. These are enhanced versions of + `EVP_{Sign,Verify}*` which allow an application to customise the signature process. *Steve Henson* @@ -8276,8 +8260,8 @@ OpenSSL 1.0.1.] *Steve Henson* * Add functions for main EVP_PKEY_method operations. The undocumented - functions EVP_PKEY_{encrypt,decrypt} have been renamed to - EVP_PKEY_{encrypt,decrypt}_old. + functions `EVP_PKEY_{encrypt,decrypt}` have been renamed to + `EVP_PKEY_{encrypt,decrypt}_old`. *Steve Henson* @@ -8343,7 +8327,6 @@ OpenSSL 1.0.1.] SSL_get_psk_identity SSL_use_psk_identity_hint - *Mika Kousa and Pasi Eronen of Nokia Corporation* * Add RFC 3161 compliant time stamp request creation, response generation @@ -8354,7 +8337,7 @@ OpenSSL 1.0.1.] * Add initial support for TLS extensions, specifically for the server_name extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now have new members for a host name. The SSL data structure has an - additional member SSL_CTX *initial_ctx so that new sessions can be + additional member `SSL_CTX *initial_ctx` so that new sessions can be stored in that context to allow for session resumption, even after the SSL has been switched to a new SSL_CTX in reaction to a client's server_name extension. @@ -8383,7 +8366,6 @@ OpenSSL 1.0.1.] default is a warning; it becomes fatal with the '-servername_fatal' option. - *Peter Sylvester, Remy Allais, Christophe Renou* * Whirlpool hash implementation is added. @@ -8468,7 +8450,7 @@ OpenSSL 1.0.1.] OpenSSL 0.9.x ------------- -### Changes between 0.9.8m and 0.9.8n [24 Mar 2010] ### +### Changes between 0.9.8m and 0.9.8n [24 Mar 2010] * When rejecting SSL/TLS records due to an incorrect version number, never update s->server with a new major version number. As of @@ -8485,7 +8467,7 @@ OpenSSL 0.9.x *Tomas Hoger * -### Changes between 0.9.8l and 0.9.8m [25 Feb 2010] ### +### Changes between 0.9.8l and 0.9.8m [25 Feb 2010] * Always check bn_wexpand() return values for failure. [CVE-2009-3245][] @@ -8669,11 +8651,11 @@ OpenSSL 0.9.x *Darryl Miles * - * Add 2.5.4.* OIDs + * Add `2.5.4.*` OIDs *Ilya O. * -### Changes between 0.9.8k and 0.9.8l [5 Nov 2009] ### +### Changes between 0.9.8k and 0.9.8l [5 Nov 2009] * Disable renegotiation completely - this fixes a severe security problem [CVE-2009-3555][] at the cost of breaking all @@ -8684,10 +8666,10 @@ OpenSSL 0.9.x *Ben Laurie* -### Changes between 0.9.8j and 0.9.8k [25 Mar 2009] ### +### Changes between 0.9.8j and 0.9.8k [25 Mar 2009] * Don't set val to NULL when freeing up structures, it is freed up by - underlying code. If sizeof(void *) > sizeof(long) this can result in + underlying code. If `sizeof(void *) > sizeof(long)` this can result in zeroing past the valid field. [CVE-2009-0789][] *Paolo Ganci * @@ -8738,7 +8720,7 @@ OpenSSL 0.9.x *Ben Laurie* -### Changes between 0.9.8i and 0.9.8j [07 Jan 2009] ### +### Changes between 0.9.8i and 0.9.8j [07 Jan 2009] * Properly check EVP_VerifyFinal() and similar return values [CVE-2008-5077][]. @@ -8785,7 +8767,7 @@ OpenSSL 0.9.x *Bodo Moeller* -### Changes between 0.9.8h and 0.9.8i [15 Sep 2008] ### +### Changes between 0.9.8h and 0.9.8i [15 Sep 2008] * Fix NULL pointer dereference if a DTLS server received ChangeCipherSpec as first record [CVE-2009-1386][]. @@ -8793,7 +8775,7 @@ OpenSSL 0.9.x *PR #1679* * Fix a state transition in s3_srvr.c and d1_srvr.c - (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...). + (was using SSL3_ST_CW_CLNT_HELLO_B, should be `..._ST_SW_SRVR_...`). *Nagendra Modadugu* @@ -8805,7 +8787,6 @@ OpenSSL 0.9.x So now fix this for real by retiring the MONT_HELPER macro in crypto/rsa/rsa_eay.c. - *Bodo Moeller; problem pointed out by Marius Schilder* * Various precautionary measures: @@ -8822,7 +8803,6 @@ OpenSSL 0.9.x - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG builds. - *Neel Mehta, Bodo Moeller* * Allow engines to be "soft loaded" - i.e. optionally don't die if @@ -8859,7 +8839,7 @@ OpenSSL 0.9.x *Steve Henson* -### Changes between 0.9.8g and 0.9.8h [28 May 2008] ### +### Changes between 0.9.8g and 0.9.8h [28 May 2008] * Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake which could lead to a client crash as found using the @@ -8914,7 +8894,6 @@ OpenSSL 0.9.x namely BN_from_montgomery_word. (To enable this otherwise, e.g. x86_64, try `-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD`.) - *Andy Polyakov (backport partially by Bodo Moeller)* * Add TLS session ticket callback. This allows an application to set @@ -9011,7 +8990,7 @@ OpenSSL 0.9.x *Steve Henson* -### Changes between 0.9.8f and 0.9.8g [19 Oct 2007] ### +### Changes between 0.9.8f and 0.9.8g [19 Oct 2007] * Fix various bugs: + Binary incompatibility of ssl_ctx_st structure @@ -9021,7 +9000,7 @@ OpenSSL 0.9.x *Andy Polyakov, Steve Henson* -### Changes between 0.9.8e and 0.9.8f [11 Oct 2007] ### +### Changes between 0.9.8e and 0.9.8f [11 Oct 2007] * DTLS Handshake overhaul. There were longstanding issues with OpenSSL DTLS implementation, which were making it impossible for @@ -9065,7 +9044,7 @@ OpenSSL 0.9.x * Add initial support for TLS extensions, specifically for the server_name extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now have new members for a host name. The SSL data structure has an - additional member SSL_CTX *initial_ctx so that new sessions can be + additional member `SSL_CTX *initial_ctx` so that new sessions can be stored in that context to allow for session resumption, even after the SSL has been switched to a new SSL_CTX in reaction to a client's server_name extension. @@ -9094,7 +9073,6 @@ OpenSSL 0.9.x default is a warning; it becomes fatal with the '-servername_fatal' option. - *Peter Sylvester, Remy Allais, Christophe Renou, Steve Henson* * Add AES and SSE2 assembly language support to VC++ build. @@ -9119,7 +9097,7 @@ OpenSSL 0.9.x *Dean Gaudet (Google)* * Add the Korean symmetric 128-bit cipher SEED (see - http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and + ) and add SEED ciphersuites from RFC 4162: TLS_RSA_WITH_SEED_CBC_SHA = "SEED-SHA" @@ -9136,7 +9114,7 @@ OpenSSL 0.9.x * Mitigate branch prediction attacks, which can be practical if a single processor is shared, allowing a spy process to extract information. For detailed background information, see - http://eprint.iacr.org/2007/039 (O. Aciicmez, S. Gueron, + (O. Aciicmez, S. Gueron, J.-P. Seifert, "New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures"). The core of the change are new versions BN_div_no_branch() and @@ -9161,14 +9139,13 @@ OpenSSL 0.9.x BN_BLINDING_new() will now use BN_dup() for the modulus so that the BN_BLINDING structure gets an independent copy of the - modulus. This means that the previous "BIGNUM *m" argument to + modulus. This means that the previous `BIGNUM *m` argument to BN_BLINDING_new() and to BN_BLINDING_create_param() now - essentially becomes "const BIGNUM *m", although we can't actually + essentially becomes `const BIGNUM *m`, although we can't actually change this in the header file before 0.9.9. It allows RSA_setup_blinding() to use BN_with_flags() on the modulus to enable BN_FLG_CONSTTIME. - *Matthew D Wood (Intel Corp)* * In the SSL/TLS server implementation, be strict about session ID @@ -9193,7 +9170,7 @@ OpenSSL 0.9.x not complete and could lead to a possible single byte overflow [CVE-2007-5135][] [Ben Laurie] -### Changes between 0.9.8d and 0.9.8e [23 Feb 2007] ### +### Changes between 0.9.8d and 0.9.8e [23 Feb 2007] * Since AES128 and AES256 (and similarly Camellia128 and Camellia256) share a single mask bit in the logic of @@ -9235,7 +9212,7 @@ OpenSSL 0.9.x *Goetz Babin-Ebell* -### Changes between 0.9.8c and 0.9.8d [28 Sep 2006] ### +### Changes between 0.9.8c and 0.9.8d [28 Sep 2006] * Introduce limits to prevent malicious keys being able to cause a denial of service. [CVE-2006-2940][] @@ -9278,10 +9255,9 @@ OpenSSL 0.9.x definition to split the single 'unsigned long mask' bitmap into multiple values to extend the available space. - *Bodo Moeller* -### Changes between 0.9.8b and 0.9.8c [05 Sep 2006] ### +### Changes between 0.9.8b and 0.9.8c [05 Sep 2006] * Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher [CVE-2006-4339][] [Ben Laurie and Google Security Team] @@ -9308,9 +9284,9 @@ OpenSSL 0.9.x * Disable rogue ciphersuites: - - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") - - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") - - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") + - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") + - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") + - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really @@ -9329,7 +9305,7 @@ OpenSSL 0.9.x * Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key versions), which is now available for royalty-free use - (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html). + (see ). Also, add Camellia TLS ciphersuites from RFC 4132. To minimize changes between patchlevels in the OpenSSL 0.9.8 @@ -9347,7 +9323,7 @@ OpenSSL 0.9.x *Steve Henson* -### Changes between 0.9.8a and 0.9.8b [04 May 2006] ### +### Changes between 0.9.8a and 0.9.8b [04 May 2006] * When applying a cipher rule check to see if string match is an explicit cipher suite and only match that one cipher suite if it is. @@ -9373,7 +9349,7 @@ OpenSSL 0.9.x * Fixes and enhancements to zlib compression code. We now only use "zlib1.dll" and use the default `__cdecl` calling convention on Win32 to conform with the standards mentioned here: - http://www.zlib.net/DLL_FAQ.txt + Static zlib linking now works on Windows and the new --with-zlib-include --with-zlib-lib options to Configure can be used to supply the location of the headers and library. Gracefully handle case where zlib library @@ -9398,7 +9374,7 @@ OpenSSL 0.9.x *Richard Levitte* -### Changes between 0.9.8 and 0.9.8a [11 Oct 2005] ### +### Changes between 0.9.8 and 0.9.8a [11 Oct 2005] * Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING (part of SSL_OP_ALL). This option used to disable the @@ -9408,7 +9384,7 @@ OpenSSL 0.9.x *Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center for Information Security, National Institute of Advanced Industrial - Science and Technology [AIST*, Japan)] + Science and Technology [AIST], Japan)* * Add two function to clear and return the verify parameter flags. @@ -9442,7 +9418,7 @@ OpenSSL 0.9.x *Steve Henson* -### Changes between 0.9.7h and 0.9.8 [05 Jul 2005] ### +### Changes between 0.9.7h and 0.9.8 [05 Jul 2005] [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after OpenSSL 0.9.8.] @@ -9532,7 +9508,6 @@ OpenSSL 0.9.8.] fee for non-commercial use. As before, "no-idea" can be used to avoid this algorithm.) - *Bodo Moeller* * Add processing of proxy certificates (see RFC 3820). This work was @@ -9555,7 +9530,6 @@ OpenSSL 0.9.8.] The blank line is mandatory. - *Steve Henson* * New arguments -certform, -keyform and -pass for s_client and s_server @@ -9579,7 +9553,7 @@ OpenSSL 0.9.8.] *Michal Ludvig , with help from Andy Polyakov* - * Deprecate BN_[get|set]_params() functions (they were ignored internally). + * Deprecate `BN_[get|set]_params()` functions (they were ignored internally). *Geoff Thorpe* @@ -9728,7 +9702,7 @@ OpenSSL 0.9.8.] to clean up those corresponding objects before destroying the hash table (and losing the object pointers). So some over-zealous constifications in LHASH have been relaxed so that lh_insert() does not take (nor store) the - objects as "const" and the lh_doall[_arg] callback wrappers are not + objects as "const" and the `lh_doall[_arg]` callback wrappers are not prototyped to have "const" restrictions on the object pointers they are given (and so aren't required to cast them away any more). @@ -9737,8 +9711,9 @@ OpenSSL 0.9.8.] * The tmdiff.h API was so ugly and minimal that our own timing utility (speed) prefers to use its own implementation. The two implementations haven't been consolidated as yet (volunteers?) but the tmdiff API has had - its object type properly exposed (MS_TM) instead of casting to/from "char - *". This may still change yet if someone realises MS_TM and "ms_time_***" + its object type properly exposed (MS_TM) instead of casting to/from + `char *`. This may still change yet if someone realises MS_TM and + `ms_time_***` aren't necessarily the greatest nomenclatures - but this is what was used internally to the implementation so I've used that for now. @@ -9971,7 +9946,7 @@ OpenSSL 0.9.8.] * Change the "progress" mechanism used in key-generation and primality testing to functions that take a new BN_GENCB pointer in - place of callback/argument pairs. The new API functions have "_ex" + place of callback/argument pairs. The new API functions have `_ex` postfixes and the older functions are reimplemented as wrappers for the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide declarations of the old functions to help (graceful) attempts to @@ -10132,8 +10107,7 @@ OpenSSL 0.9.8.] * Add named elliptic curves over binary fields from X9.62, SECG, and WAP/WTLS; add OIDs that were still missing. - *Sheueling Chang Shantz and Douglas Stebila - (Sun Microsystems Laboratories)* + *Sheueling Chang Shantz and Douglas Stebila (Sun Microsystems Laboratories)* * Extend the EC library for elliptic curves over binary fields (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/). @@ -10157,16 +10131,15 @@ OpenSSL 0.9.8.] As binary polynomials are represented as BIGNUMs, various members of the EC_GROUP and EC_POINT data structures can be shared between the implementations for prime fields and binary fields; - the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m) - are essentially identical to their ..._GFp counterparts. - (For simplicity, the '..._GFp' prefix has been dropped from + the above `..._GF2m functions` (except for EX_GROUP_new_curve_GF2m) + are essentially identical to their `..._GFp` counterparts. + (For simplicity, the `..._GFp` prefix has been dropped from various internal method names.) An internal 'field_div' method (similar to 'field_mul' and 'field_sqr') has been added; this is used only for binary fields. - *Sheueling Chang Shantz and Douglas Stebila - (Sun Microsystems Laboratories)* + *Sheueling Chang Shantz and Douglas Stebila (Sun Microsystems Laboratories)* * Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult() through methods ('mul', 'precompute_mult'). @@ -10175,21 +10148,18 @@ OpenSSL 0.9.8.] and 'ec_wNAF_precomputed_mult') remain the default if these methods are undefined. - *Sheueling Chang Shantz and Douglas Stebila - (Sun Microsystems Laboratories)* + *Sheueling Chang Shantz and Douglas Stebila (Sun Microsystems Laboratories)* * New function EC_GROUP_get_degree, which is defined through EC_METHOD. For curves over prime fields, this returns the bit length of the modulus. - *Sheueling Chang Shantz and Douglas Stebila - (Sun Microsystems Laboratories)* + *Sheueling Chang Shantz and Douglas Stebila (Sun Microsystems Laboratories)* * New functions EC_GROUP_dup, EC_POINT_dup. (These simply call ..._new and ..._copy). - *Sheueling Chang Shantz and Douglas Stebila - (Sun Microsystems Laboratories)* + *Sheueling Chang Shantz and Douglas Stebila (Sun Microsystems Laboratories)* * Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c. Polynomials are represented as BIGNUMs (where the sign bit is not @@ -10242,8 +10212,7 @@ OpenSSL 0.9.8.] if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the copyright notice in crypto/bn/bn_gf2m.c before enabling it). - *Sheueling Chang Shantz and Douglas Stebila - (Sun Microsystems Laboratories)* + *Sheueling Chang Shantz and Douglas Stebila (Sun Microsystems Laboratories)* * Add new error code 'ERR_R_DISABLED' that can be used when some functionality is disabled at compile-time. @@ -10366,7 +10335,7 @@ OpenSSL 0.9.8.] *Richard Levitte* -### Changes between 0.9.7l and 0.9.7m [23 Feb 2007] ### +### Changes between 0.9.7l and 0.9.7m [23 Feb 2007] * Cleanse PEM buffers before freeing them since they may contain sensitive data. @@ -10416,7 +10385,7 @@ OpenSSL 0.9.8.] *Steve Henson* -### Changes between 0.9.7k and 0.9.7l [28 Sep 2006] ### +### Changes between 0.9.7k and 0.9.7l [28 Sep 2006] * Introduce limits to prevent malicious keys being able to cause a denial of service. [CVE-2006-2940][] @@ -10444,7 +10413,7 @@ OpenSSL 0.9.8.] *Bodo Moeller* -### Changes between 0.9.7j and 0.9.7k [05 Sep 2006] ### +### Changes between 0.9.7j and 0.9.7k [05 Sep 2006] * Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher [CVE-2006-4339][] [Ben Laurie and Google Security Team] @@ -10457,9 +10426,9 @@ OpenSSL 0.9.8.] * Disable rogue ciphersuites: - - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") - - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") - - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") + - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") + - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") + - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really @@ -10476,7 +10445,7 @@ OpenSSL 0.9.8.] *Bodo Moeller* -### Changes between 0.9.7i and 0.9.7j [04 May 2006] ### +### Changes between 0.9.7i and 0.9.7j [04 May 2006] * Adapt fipsld and the build system to link against the validated FIPS module in FIPS mode. @@ -10494,7 +10463,7 @@ OpenSSL 0.9.8.] *Steve Henson* -### Changes between 0.9.7h and 0.9.7i [14 Oct 2005] ### +### Changes between 0.9.7h and 0.9.7i [14 Oct 2005] * Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS. The value now differs depending on if you build for FIPS or not. @@ -10504,7 +10473,7 @@ OpenSSL 0.9.8.] *Andy Polyakov* -### Changes between 0.9.7g and 0.9.7h [11 Oct 2005] ### +### Changes between 0.9.7g and 0.9.7h [11 Oct 2005] * Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING (part of SSL_OP_ALL). This option used to disable the @@ -10514,7 +10483,7 @@ OpenSSL 0.9.8.] *Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center for Information Security, National Institute of Advanced Industrial - Science and Technology [AIST*, Japan)] + Science and Technology [AIST, Japan)]* * Minimal support for X9.31 signatures and PSS padding modes. This is mainly for FIPS compliance and not fully integrated at this stage. @@ -10542,7 +10511,6 @@ OpenSSL 0.9.8.] RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or DH_FLAG_NO_EXP_CONSTTIME, respectively, is set. - *Matthew D Wood (Intel Corp), with some changes by Bodo Moeller* * Change the client implementation for SSLv23_method() and @@ -10570,7 +10538,7 @@ OpenSSL 0.9.8.] *Steve Henson* -### Changes between 0.9.7f and 0.9.7g [11 Apr 2005] ### +### Changes between 0.9.7f and 0.9.7g [11 Apr 2005] [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after OpenSSL 0.9.8.] @@ -10595,7 +10563,7 @@ OpenSSL 0.9.8.] *Richard Levitte* -### Changes between 0.9.7e and 0.9.7f [22 Mar 2005] ### +### Changes between 0.9.7e and 0.9.7f [22 Mar 2005] * Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating server and client random values. Previously @@ -10658,15 +10626,15 @@ OpenSSL 0.9.8.] side effect always do the following basic checks on extensions, not just when there's an associated purpose to the check: - - if there is an unhandled critical extension (unless the user - has chosen to ignore this fault) - - if the path length has been exceeded (if one is set at all) - - that certain extensions fit the associated purpose (if one has - been given) + - if there is an unhandled critical extension (unless the user + has chosen to ignore this fault) + - if the path length has been exceeded (if one is set at all) + - that certain extensions fit the associated purpose (if one has + been given) *Richard Levitte* -### Changes between 0.9.7d and 0.9.7e [25 Oct 2004] ### +### Changes between 0.9.7d and 0.9.7e [25 Oct 2004] * Avoid a race condition when CRLs are checked in a multi threaded environment. This would happen due to the reordering of the revoked @@ -10694,7 +10662,7 @@ OpenSSL 0.9.8.] *Steve Henson* -### Changes between 0.9.7c and 0.9.7d [17 Mar 2004] ### +### Changes between 0.9.7c and 0.9.7d [17 Mar 2004] * Fix null-pointer assignment in do_change_cipher_spec() revealed by using the Codenomicon TLS Test Tool [CVE-2004-0079][] @@ -10747,7 +10715,7 @@ OpenSSL 0.9.8.] *Steve Henson* -### Changes between 0.9.7b and 0.9.7c [30 Sep 2003] ### +### Changes between 0.9.7b and 0.9.7c [30 Sep 2003] * Fix various bugs revealed by running the NISCC test suite: @@ -10759,7 +10727,6 @@ OpenSSL 0.9.8.] If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. - *Steve Henson* * New -ignore_err option in ocsp application to stop the server @@ -10806,7 +10773,7 @@ OpenSSL 0.9.8.] *Steve Henson* -### Changes between 0.9.7a and 0.9.7b [10 Apr 2003] ### +### Changes between 0.9.7a and 0.9.7b [10 Apr 2003] * Countermeasure against the Klima-Pokorny-Rosa extension of Bleichbacher's attack on PKCS #1 v1.5 padding: treat @@ -10846,7 +10813,7 @@ OpenSSL 0.9.8.] *Ulf Moeller* -### Changes between 0.9.7 and 0.9.7a [19 Feb 2003] ### +### Changes between 0.9.7 and 0.9.7a [19 Feb 2003] * In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked via timing by performing a MAC computation even if incorrect @@ -10937,7 +10904,7 @@ OpenSSL 0.9.8.] *Richard Levitte & Kris Kennaway * -### Changes between 0.9.6h and 0.9.7 [31 Dec 2002] ### +### Changes between 0.9.6h and 0.9.7 [31 Dec 2002] [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after OpenSSL 0.9.7.] @@ -11181,7 +11148,7 @@ OpenSSL 0.9.7.] * Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this allows existing EVP_CIPHER_CTX structures to be reused after - calling EVP_*Final(). This behaviour is used by encryption + calling `EVP_*Final()`. This behaviour is used by encryption BIOs and some applications. This has the side effect that applications must explicitly clean up cipher contexts with EVP_CIPHER_CTX_cleanup() or they will leak memory. @@ -11436,12 +11403,12 @@ OpenSSL 0.9.7.] *Massimiliano Pala madwolf at openca.org* - * Change all functions with names starting with des_ to be starting - with DES_ instead. Add wrappers that are compatible with libdes, - but are named _ossl_old_des_*. Finally, add macros that map the - des_* symbols to the corresponding _ossl_old_des_* if libdes + * Change all functions with names starting with `des_` to be starting + with `DES_` instead. Add wrappers that are compatible with libdes, + but are named `_ossl_old_des_*`. Finally, add macros that map the + `des_*` symbols to the corresponding `_ossl_old_des_*` if libdes compatibility is desired. If OpenSSL 0.9.6c compatibility is - desired, the des_* symbols will be mapped to DES_*, with one + desired, the `des_*` symbols will be mapped to `DES_*`, with one exception. Since we provide two compatibility mappings, the user needs to @@ -11459,7 +11426,7 @@ OpenSSL 0.9.7.] won't work. NOTE: This is a major break of an old API into a new one. Software - authors are encouraged to switch to the DES_ style functions. Some + authors are encouraged to switch to the `DES_` style functions. Some time in the future, des_old.h and the libdes compatibility functions will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the default), and then completely removed. @@ -11519,7 +11486,7 @@ OpenSSL 0.9.7.] deal more passive and at run-time, operations deal directly with RSA_METHODs, DSA_METHODs (etc) as they did before, rather than dereferencing through an ENGINE pointer any more. Also, the ENGINE - functions dealing with BN_MOD_EXP[_CRT] handlers have been removed - + functions dealing with `BN_MOD_EXP[_CRT]` handlers have been removed - they were not being used by the framework as there is no concept of a BIGNUM_METHOD and they could not be generalised to the new 'ENGINE_TABLE' mechanism that underlies the new code. Similarly, @@ -11533,7 +11500,7 @@ OpenSSL 0.9.7.] *Steve Henson* * Change mkdef.pl to sort symbols that get the same entry number, - and make sure the automatically generated functions ERR_load_* + and make sure the automatically generated functions `ERR_load_*` become part of libeay.num as well. *Richard Levitte* @@ -11565,7 +11532,7 @@ OpenSSL 0.9.7.] *Steve Henson* * Make maximum certificate chain size accepted from the peer application - settable (SSL*_get/set_max_cert_list()), as proposed by + settable (`SSL*_get/set_max_cert_list()`), as proposed by "Douglas E. Engert" . *Lutz Jaenicke* @@ -11659,7 +11626,7 @@ OpenSSL 0.9.7.] *Geoff Thorpe* - * Give DH, DSA, and RSA types their own "**_up_ref()" function to increment + * Give DH, DSA, and RSA types their own `*_up_ref()` function to increment reference counts. This performs normal REF_PRINT/REF_CHECK macros on the operation, and provides a more encapsulated way for external code (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code @@ -11707,7 +11674,6 @@ OpenSSL 0.9.7.] EVP_DigestFinal(&md, out, NULL); EVP_MD_CTX_cleanup(&md); /* new function call */ - *Ben Laurie* * Make DES key schedule conform to the usual scheme, as well as @@ -11738,8 +11704,8 @@ OpenSSL 0.9.7.] *Ben Laurie* - * Change historical references to {NID,SN,LN}_des_ede and ede3 to add the - correct _ecb suffix. + * Change historical references to `{NID,SN,LN}_des_ede` and ede3 to add the + correct `_ecb suffix`. *Ben Laurie* @@ -11756,17 +11722,16 @@ OpenSSL 0.9.7.] *Richard Levitte* * Changes to Kerberos SSL for RFC 2712 compliance: - 1. Implemented real KerberosWrapper, instead of just using - KRB5 AP_REQ message. [Thanks to Simon Wilkinson ] - 2. Implemented optional authenticator field of KerberosWrapper. + 1. Implemented real KerberosWrapper, instead of just using + KRB5 AP_REQ message. [Thanks to Simon Wilkinson ] + 2. Implemented optional authenticator field of KerberosWrapper. Added openssl-style ASN.1 macros for Kerberos ticket, ap_req, and authenticator structs; see crypto/krb5/. Generalized Kerberos calls to support multiple Kerberos libraries. - *Vern Staats , - Jeffrey Altman - via Richard Levitte* + *Vern Staats , Jeffrey Altman + via Richard Levitte* * Cause 'openssl speed' to use fully hard-coded DSA keys as it already does with RSA. testdsa.h now has 'priv_key/pub_key' @@ -12108,7 +12073,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *Bodo Moeller* - * Modify EVP_Digest*() routines so they now return values. Although the + * Modify `EVP_Digest*()` routines so they now return values. Although the internal software routines can never fail additional hardware versions might. @@ -12254,14 +12219,14 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k * Make all configuration macros available for application by making sure they are available in opensslconf.h, by giving them names starting - with "OPENSSL_" to avoid conflicts with other packages and by making + with `OPENSSL_` to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h. Additionally, it is now possible to define configuration/platform- specific names (called "system identities"). In the C code, these - are prefixed with "OPENSSL_SYSNAME_". e_os2.h will create another - macro with the name beginning with "OPENSSL_SYS_", which is determined - from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on + are prefixed with `OPENSSL_SYSNAME_`. e_os2.h will create another + macro with the name beginning with `OPENSSL_SYS_`, which is determined + from `OPENSSL_SYSNAME_*` or compiler-specific macros depending on what is available. *Richard Levitte* @@ -12310,7 +12275,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k * Disable stdin buffering in load_cert (apps/apps.c) so that no certs are skipped when using openssl x509 multiple times on a single input file, - e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) ' prints the status of the cert with + `openssl ca -status ` prints the status of the cert with the given serial number (according to the index file). - 'openssl ca -updatedb' updates the expiry status of certificates + `openssl ca -updatedb` updates the expiry status of certificates in the index file. *Massimiliano Pala * @@ -12504,7 +12469,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k * Allowing defining memory allocation callbacks that will be given file name and line number information in additional arguments - (a const char* and an int). The basic functionality remains, as + (a `const char*` and an int). The basic functionality remains, as well as the original possibility to just replace malloc(), realloc() and free() by functions that do not know about these additional arguments. To register and find out the current @@ -12517,9 +12482,9 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k CRYPTO_get_locked_mem_ex_functions These work the same way as CRYPTO_set_mem_functions and friends. - CRYPTO_get_[locked_]mem_functions now writes 0 where such an + `CRYPTO_get_[locked_]mem_functions` now writes 0 where such an extended allocation function is enabled. - Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where + Similarly, `CRYPTO_get_[locked_]mem_ex_functions` writes 0 where a conventional allocation function is enabled. *Richard Levitte, Bodo Moeller* @@ -12627,7 +12592,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k * New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These replace the old function pointer based I/O routines. Change most of - the *_d2i_bio() and *_d2i_fp() functions to use these. + the `*_d2i_bio()` and `*_d2i_fp()` functions to use these. *Steve Henson* @@ -12754,7 +12719,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k * Added Kerberos Cipher Suites to be used with TLS, as written in RFC 2712. *Veers Staats , - Jeffrey Altman , via Richard Levitte* + Jeffrey Altman , via Richard Levitte* * Reformat the FAQ so the different questions and answers can be divided in sections depending on the subject. @@ -12820,7 +12785,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *Bodo Moeller* - * Move BN_mod_... functions into new file crypto/bn/bn_mod.c + * Move `BN_mod_...` functions into new file crypto/bn/bn_mod.c (except for exponentiation, which stays in crypto/bn/bn_exp.c, and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c) and add new functions: @@ -12984,7 +12949,7 @@ ndif * NCONF changes. NCONF_get_number() has no error checking at all. As a replacement, - NCONF_get_number_e() is defined (_e for "error checking") and is + NCONF_get_number_e() is defined (`_e` for "error checking") and is promoted strongly. The old NCONF_get_number is kept around for binary backward compatibility. Make it possible for methods to load from something other than a BIO, @@ -13018,14 +12983,14 @@ ndif *Richard Levitte* -### Changes between 0.9.6l and 0.9.6m [17 Mar 2004] ### +### Changes between 0.9.6l and 0.9.6m [17 Mar 2004] * Fix null-pointer assignment in do_change_cipher_spec() revealed by using the Codenomicon TLS Test Tool [CVE-2004-0079][] *Joe Orton, Steve Henson* -### Changes between 0.9.6k and 0.9.6l [04 Nov 2003] ### +### Changes between 0.9.6k and 0.9.6l [04 Nov 2003] * Fix additional bug revealed by the NISCC test suite: @@ -13034,7 +12999,7 @@ ndif *Steve Henson* -### Changes between 0.9.6j and 0.9.6k [30 Sep 2003] ### +### Changes between 0.9.6j and 0.9.6k [30 Sep 2003] * Fix various bugs revealed by running the NISCC test suite: @@ -13044,7 +13009,6 @@ ndif If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. - *Steve Henson* * In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate @@ -13064,7 +13028,7 @@ ndif *Richard Levitte* -### Changes between 0.9.6i and 0.9.6j [10 Apr 2003] ### +### Changes between 0.9.6i and 0.9.6j [10 Apr 2003] * Countermeasure against the Klima-Pokorny-Rosa extension of Bleichbacher's attack on PKCS #1 v1.5 padding: treat @@ -13092,7 +13056,7 @@ ndif *Bodo Moeller* -### Changes between 0.9.6h and 0.9.6i [19 Feb 2003] ### +### Changes between 0.9.6h and 0.9.6i [19 Feb 2003] * In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked via timing by performing a MAC computation even if incorrect @@ -13104,7 +13068,7 @@ ndif Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion)* -### Changes between 0.9.6g and 0.9.6h [5 Dec 2002] ### +### Changes between 0.9.6g and 0.9.6h [5 Dec 2002] * New function OPENSSL_cleanse(), which is used to cleanse a section of memory from its contents. This is done with a counter that will @@ -13184,20 +13148,19 @@ ndif *Steve Henson* -### Changes between 0.9.6f and 0.9.6g [9 Aug 2002] ### +### Changes between 0.9.6f and 0.9.6g [9 Aug 2002] * [In 0.9.6g-engine release:] - Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall'). + Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use `_stdcall`). *Lynn Gazis * -### Changes between 0.9.6e and 0.9.6f [8 Aug 2002] ### +### Changes between 0.9.6e and 0.9.6f [8 Aug 2002] * Fix ASN1 checks. Check for overflow by comparing with LONG_MAX and get fix the header length calculation. *Florian Weimer , - Alon Kantor (and others), - Steve Henson* + Alon Kantor (and others), Steve Henson* * Use proper error handling instead of 'assertions' in buffer overflow checks added in 0.9.6e. This prevents DoS (the @@ -13205,7 +13168,7 @@ ndif *Arne Ansper , Bodo Moeller* -### Changes between 0.9.6d and 0.9.6e [30 Jul 2002] ### +### Changes between 0.9.6d and 0.9.6e [30 Jul 2002] * Add various sanity checks to asn1_get_length() to reject the ASN1 length bytes if they exceed sizeof(long), will appear @@ -13259,7 +13222,7 @@ ndif * Various temporary buffers to hold ASCII versions of integers were too small for 64 bit platforms. [CVE-2002-0655][] - *Matthew Byng-Maddick and Ben Laurie (CHATS)> + *Matthew Byng-Maddick and Ben Laurie (CHATS)>* * Remote buffer overflow in SSL3 protocol - an attacker could supply an oversized session ID to a client. [CVE-2002-0656][] @@ -13271,14 +13234,14 @@ ndif *Ben Laurie (CHATS)* -### Changes between 0.9.6c and 0.9.6d [9 May 2002] ### +### Changes between 0.9.6c and 0.9.6d [9 May 2002] * Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not encoded as NULL) with id-dsa-with-sha1. *Nils Larsch ; problem pointed out by Bodo Moeller* - * Check various X509_...() return values in apps/req.c. + * Check various `X509_...()` return values in apps/req.c. *Nils Larsch * @@ -13414,12 +13377,12 @@ ndif *D P Chang * -### Changes between 0.9.6b and 0.9.6c [21 dec 2001] ### +### Changes between 0.9.6b and 0.9.6c [21 dec 2001] * Fix BN_rand_range bug pointed out by Dominikus Scherkl . (The previous implementation - worked incorrectly for those cases where range = 10..._2 and - 3*range is two bits longer than range.) + worked incorrectly for those cases where range = `10..._2` and + `3*range` is two bits longer than range.) *Bodo Moeller* @@ -13490,7 +13453,7 @@ ndif instead. BIO_gethostbyname() does not know what timeouts are appropriate, so entries would stay in cache even when they have become invalid. - *Bodo Moeller; problem pointed out by Rich Salz + *Bodo Moeller; problem pointed out by Rich Salz * * Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when faced with a pathologically small ClientHello fragment that does @@ -13587,7 +13550,7 @@ ndif *Lutz Jaenicke* - * Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long](). + * Add alert descriptions for TLSv1 to `SSL_alert_desc_string[_long]()`. *Lutz Jaenicke* @@ -13693,7 +13656,7 @@ ndif *Richard Levitte* -### Changes between 0.9.6a and 0.9.6b [9 Jul 2001] ### +### Changes between 0.9.6a and 0.9.6b [9 Jul 2001] * Change ssleay_rand_bytes (crypto/rand/md_rand.c) to avoid a SSLeay/OpenSSL PRNG weakness pointed out by @@ -13739,7 +13702,7 @@ ndif *Bodo Moeller* - * Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is + * Don't change `*pointer` in CRYPTO_add_lock() is add_lock_callback is used: it isn't thread safe and the add_lock_callback should handle that itself. @@ -13821,7 +13784,7 @@ ndif *Bodo Moeller* -### Changes between 0.9.6 and 0.9.6a [5 Apr 2001] ### +### Changes between 0.9.6 and 0.9.6a [5 Apr 2001] * Fix a couple of memory leaks in PKCS7_dataDecode() @@ -13859,7 +13822,7 @@ ndif * Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton: On the Importance of Eliminating Errors in Cryptographic Computations, J. Cryptology 14 (2001) 2, 101-119, - http://theory.stanford.edu/~dabo/papers/faults.ps.gz). + ). *Ulf Moeller* @@ -13900,7 +13863,7 @@ ndif *Bodo Moeller* - * Replace rdtsc with _emit statements for VC++ version 5. + * Replace rdtsc with `_emit` statements for VC++ version 5. *Jeremy Cooper * @@ -13944,7 +13907,7 @@ ndif * Fix CPU detection on Irix 6.x. *Kurt Hockenbury and - "Bruce W. Forsberg" * + "Bruce W. Forsberg" * * Fix X509_NAME bug which produced incorrect encoding if X509_NAME was empty. @@ -13967,7 +13930,7 @@ ndif *Ulf Moeller, Bodo Moeller* - * In the NCONF_...-based implementations for CONF_... queries + * In the `NCONF_...`-based implementations for `CONF_...` queries (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using a temporary CONF structure with the data component set to NULL (which gives segmentation faults in lh_retrieve). @@ -14050,8 +14013,8 @@ ndif *Bodo Moeller; problem reported by Eric Day * - * In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c), - obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}. + * In `RSA_eay_public_{en,ed}crypt` and RSA_eay_mod_exp (rsa_eay.c), + obtain lock CRYPTO_LOCK_RSA before setting `rsa->_method_mod_{n,p,q}`. (RSA objects have a reference count access to which is protected by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c], @@ -14163,7 +14126,7 @@ ndif *Lutz Jaenicke* -### Changes between 0.9.5a and 0.9.6 [24 Sep 2000] ### +### Changes between 0.9.5a and 0.9.6 [24 Sep 2000] * In ssl23_get_client_hello, generate an error message when faced with an initial SSL 3.0/TLS record that is too small to contain the @@ -14283,7 +14246,7 @@ ndif *Ben Laurie* - * Add a few more EBCDIC conditionals that make `req' and `x509' + * Add a few more EBCDIC conditionals that make `req` and `x509` work better on such systems. *Martin Kraemer * @@ -14407,7 +14370,7 @@ ndif *Andreas Schneider * * A demo state-machine implementation was sponsored by - Nuron (http://www.nuron.com/) and is now available in + Nuron () and is now available in demos/state_machine. *Ben Laurie* @@ -14463,13 +14426,12 @@ ndif and as before, if none of those prefixes are present at the beginning of the string, LOG_ERR is chosen. - On Win32, the LOG_* levels are mapped according to this: + On Win32, the `LOG_*` levels are mapped according to this: LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE LOG_WARNING => EVENTLOG_WARNING_TYPE LOG_NOTICE, LOG_INFO, LOG_DEBUG => EVENTLOG_INFORMATION_TYPE - *Richard Levitte* * Made it possible to reconfigure with just the configuration @@ -14551,8 +14513,8 @@ ndif *Steve Henson* - * crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock), - not read locks (CRYPTO_r_[un]lock). + * crypto/err.c locking bugfix: Use write locks (`CRYPTO_w_[un]lock`), + not read locks (`CRYPTO_r_[un]lock`). *Bodo Moeller* @@ -14588,7 +14550,7 @@ ndif *Steve Henson* - * New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT + * New ASN1 functions, `i2c_*` and `c2i_*` for INTEGER and BIT STRING types. These convert content octets to and from the underlying type. The actual tag and length octets are already assumed to have been read in and checked. These @@ -14646,7 +14608,7 @@ ndif * Reorganisation of the stack code. The macros are now all collected in safestack.h . Each macro is defined in terms of - a "stack macro" of the form SKM_(type, a, b). The + a "stack macro" of the form `SKM_(type, a, b)`. The DEBUG_SAFESTACK is now handled in terms of function casts, this has the advantage of retaining type safety without the use of additional functions. If DEBUG_SAFESTACK is not defined @@ -14689,7 +14651,7 @@ ndif *Bodo Moeller* - * Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5 + * Increase maximum window size in `BN_mod_exp_...` to 6 bits instead of 5 (meaning that now 2^5 values will be precomputed, which is only 4 KB plus overhead for 1024 bit moduli). This makes exponentiations about 0.5 % faster for 1024 bit @@ -14729,7 +14691,7 @@ ndif also involved a cleanup of sorts in safestack.h to more correctly map type-safe stack functions onto their plain stack counterparts. This work has also resulted in a variety of "const"ifications of - lots of the code, especially "_cmp" operations which should normally + lots of the code, especially `_cmp` operations which should normally be prototyped with "const" parameters anyway. *Geoff Thorpe* @@ -14792,7 +14754,7 @@ ndif *Bodo Moeller* - * Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag; + * Call dh_tmp_cb (set by `..._TMP_DH_CB`) with correct 'is_export' flag; i.e. non-zero for export ciphersuites, zero otherwise. Previous versions had this flag inverted, inconsistent with rsa_tmp_cb (..._TMP_RSA_CB). @@ -14882,13 +14844,13 @@ ndif * CONF library reworked to become more general. A new CONF configuration file reader "class" is implemented as well as a - new functions (NCONF_*, for "New CONF") to handle it. The now - old CONF_* functions are still there, but are reimplemented to + new functions (`NCONF_*`, for "New CONF") to handle it. The now + old `CONF_*` functions are still there, but are reimplemented to work in terms of the new functions. Also, a set of functions to handle the internal storage of the configuration data is provided to make it easier to write new configuration file reader "classes" (I can definitely see something reading a - configuration file in XML format, for example), called _CONF_*, + configuration file in XML format, for example), called `_CONF_*`, or "the configuration storage API"... The new configuration file reading functions are: @@ -14903,12 +14865,12 @@ ndif NCONF_default and NCONF_WIN32 are method (or "class") choosers, NCONF_new creates a new CONF object. This works in the same way as other interfaces in OpenSSL, like the BIO interface. - NCONF_dump_* dump the internal storage of the configuration file, + `NCONF_dump_*` dump the internal storage of the configuration file, which is useful for debugging. All other functions take the same - arguments as the old CONF_* functions with the exception of the - first that must be a `CONF *' instead of a `LHASH *'. + arguments as the old `CONF_*` functions with the exception of the + first that must be a `CONF *` instead of a `LHASH *`. - To make it easier to use the new classes with the old CONF_* functions, + To make it easier to use the new classes with the old `CONF_*` functions, the function CONF_set_default_method is provided. *Richard Levitte* @@ -14926,7 +14888,7 @@ ndif *Geoff Thorpe, with contributions from Richard Levitte* -### Changes between 0.9.5 and 0.9.5a [1 Apr 2000] ### +### Changes between 0.9.5 and 0.9.5a [1 Apr 2000] * Make sure _lrotl and _lrotr are only used with MSVC. @@ -14953,7 +14915,7 @@ ndif * des_quad_cksum() byte order bug fix. *Ulf M?ller, using the problem description in krb4-0.9.7, where - the solution is attributed to Derrick J Brashear * + the solution is attributed to Derrick J Brashear * * Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly discouraged. @@ -15081,7 +15043,7 @@ ndif *Lutz Behnke * -### Changes between 0.9.4 and 0.9.5 [28 Feb 2000] ### +### Changes between 0.9.4 and 0.9.5 [28 Feb 2000] * PKCS7_encrypt() was adding text MIME headers twice because they were added manually and by SMIME_crlf_copy(). @@ -15114,7 +15076,7 @@ ndif * Change names of new functions to the new get1/get0 naming convention: After 'get1', the caller owns a reference count - and has to call ..._free; 'get0' returns a pointer to some + and has to call `..._free`; 'get0' returns a pointer to some data structure without incrementing reference counters. (Some of the existing 'get' functions increment a reference counter, some don't.) @@ -15130,7 +15092,7 @@ ndif * Fix potential buffer overrun problem in BIO_printf(). *Ulf M?ller, using public domain code by Patrick Powell; problem - pointed out by David Sacerdote * + pointed out by David Sacerdote * * Support EGD . New functions RAND_egd() and RAND_status(). In the command line application, @@ -15157,23 +15119,23 @@ ndif *Steve Henson* - * ..._ctrl functions now have corresponding ..._callback_ctrl functions - where the 'void *' argument is replaced by a function pointer argument. - Previously 'void *' was abused to point to functions, which works on + * `..._ctrl` functions now have corresponding `..._callback_ctrl` functions + where the `void *` argument is replaced by a function pointer argument. + Previously `void *` was abused to point to functions, which works on many platforms, but is not correct. As these functions are usually called by macros defined in OpenSSL header files, most source code should work without changes. *Richard Levitte* - * (which is created by Configure) now contains + * `` (which is created by Configure) now contains sections with information on -D... compiler switches used for compiling the library so that applications can see them. To enable - one of these sections, a pre-processor symbol OPENSSL_..._DEFINES + one of these sections, a pre-processor symbol `OPENSSL_..._DEFINES` must be defined. E.g., #define OPENSSL_ALGORITHM_DEFINES #include - defines all pertinent NO_ symbols, such as NO_IDEA, NO_RSA, etc. + defines all pertinent `NO_` symbols, such as NO_IDEA, NO_RSA, etc. *Richard Levitte, Ulf and Bodo M?ller* @@ -15248,7 +15210,7 @@ ndif *Andy Polyakov* * Bug fix for BN_div() when the first words of num and divisor are - equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0). + equal (it gave wrong results if `(rem=(n1-q*d0)&BN_MASK2) < d0)`. *Ulf M?ller* @@ -15267,7 +15229,7 @@ ndif *Ulf M?ller* - * Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and + * Change the `SSLeay_add_all_*()` functions to `OpenSSL_add_all_*()` and include a #define from the old name to the new. The original intent was that statically linked binaries could for example just call SSLeay_add_all_ciphers() to just add ciphers to the table and not @@ -15292,7 +15254,7 @@ ndif *Martin Kraemer * * Source code cleanups: use const where appropriate, eliminate casts, - use void * instead of char * in lhash. + use `void *` instead of `char *` in lhash. *Ulf M?ller* @@ -15367,7 +15329,7 @@ ndif *Ulf M?ller, Bodo M?ller* * Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes - used (char *) instead of (void *) and had casts all over the place. + used `char *` instead of `void *` and had casts all over the place. *Steve Henson* @@ -15432,7 +15394,7 @@ ndif *Steve Henson* * Changes to X509_ATTRIBUTE utilities. These have been renamed from - X509_*() to X509at_*() on the grounds that they don't handle X509 + `X509_*()` to `X509at_*()` on the grounds that they don't handle X509 structures and behave in an analogous way to the X509v3 functions: they shouldn't be called directly but wrapper functions should be used instead. @@ -15447,7 +15409,7 @@ ndif * Add missing #ifndefs that caused missing symbols when building libssl as a shared library without RSA. Use #ifndef NO_SSL2 instead of - NO_RSA in ssl/s2*.c. + NO_RSA in `ssl/s2*.c`. *Kris Kennaway , modified by Ulf M?ller* @@ -15760,8 +15722,8 @@ ndif There are two big advantages in doing things this way. The extensions can be looked up immediately and no longer need to be "added" using X509V3_add_standard_extensions(): this function now does nothing. - *Side note: I get *lots* of email saying the extension code doesn't - work because people forget to call this function* + Side note: I get *lots* of email saying the extension code doesn't + work because people forget to call this function. Also no dynamic allocation is done unless new extensions are added: so if we don't add custom extensions there is no need to call X509V3_EXT_cleanup(). @@ -15841,10 +15803,10 @@ ndif it clearly returns an error if you try to read the wrong kind of key. Added a -pubkey option to the 'x509' utility to output the public key. - Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*() - (renamed to EVP_PKEY_get1_*() in the OpenSSL 0.9.5 release) and add - EVP_PKEY_rset_*() functions (renamed to EVP_PKEY_set1_*()) - that do the same as the EVP_PKEY_assign_*() except they up the + Also rename the `EVP_PKEY_get_*()` to `EVP_PKEY_rget_*()` + (renamed to `EVP_PKEY_get1_*()` in the OpenSSL 0.9.5 release) and add + `EVP_PKEY_rset_*()` functions (renamed to `EVP_PKEY_set1_*()`) + that do the same as the `EVP_PKEY_assign_*()` except they up the reference count of the added key (they don't "swallow" the supplied key). @@ -15979,7 +15941,7 @@ ndif *Steve Henson* - * Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD). + * Fix assembler for Alpha (tested only on DEC OSF not Linux or `*BSD`). The problem was that one of the replacement routines had not been working since SSLeay releases. For now the offending routine has been replaced with non-optimised assembler. Even so, this now gives around 95% @@ -16070,8 +16032,8 @@ ndif *Steve Henson* * Add function equivalents to the various macros in asn1.h. The old - macros are retained with an M_ prefix. Code inside the library can - use the M_ macros. External code (including the openssl utility) + macros are retained with an `M_` prefix. Code inside the library can + use the `M_` macros. External code (including the openssl utility) should *NOT* in order to be "shared library friendly". *Steve Henson* @@ -16090,7 +16052,7 @@ ndif *Steve Henson* - * New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search + * New `X509V3_{X509,CRL,REVOKED}_get_d2i()` functions. These will search for, obtain and decode and extension and obtain its critical flag. This allows all the necessary extension code to be handled in a single function call. @@ -16152,7 +16114,7 @@ ndif usual with these problems it takes *ages* to find and the fix is trivial: move one line. - *Steve Henson, reported by ian at uns.ns.ac.yu (Ivan Nejgebauer) * + *Steve Henson, reported by ian at uns.ns.ac.yu (Ivan Nejgebauer)* * Ugly workaround to get s_client and s_server working under Windows. The old code wouldn't work because it needed to select() on sockets and the @@ -16329,13 +16291,13 @@ ndif *Bodo Moeller* -### Changes between 0.9.3a and 0.9.4 [09 Aug 1999] ### +### Changes between 0.9.3a and 0.9.4 [09 Aug 1999] * Install libRSAglue.a when OpenSSL is built with RSAref. *Ralf S. Engelschall* - * A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency. + * A few more `#ifndef NO_FP_API / #endif` pairs for consistency. *Andrija Antonijevic * @@ -16350,7 +16312,7 @@ ndif For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is much faster than DH_generate_parameters (which creates parameters - where p = 2*q + 1), and also the smaller q makes DH computations + where `p = 2*q + 1`), and also the smaller q makes DH computations much more efficient (160-bit exponentiation instead of 1024-bit exponentiation); so this provides a convenient way to support DHE ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of @@ -16398,7 +16360,7 @@ ndif to ....(char *buf, int size, int rwflag, void *userdata); so that applications can pass data to their callbacks: - The PEM[_ASN1]_{read,write}... functions and macros now take an + The `PEM[_ASN1]_{read,write}...` functions and macros now take an additional void * argument, which is just handed through whenever the password callback is called. @@ -16455,7 +16417,7 @@ ndif 1. Casts to avoid "loss of data" warnings in p5_crpt2.c 2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned comparison" warnings. - 3. Add sk__sort to DEF file generator and do make update. + 3. Add `sk__sort` to DEF file generator and do make update. *Steve Henson* @@ -16548,8 +16510,7 @@ ndif store the length when it is first determined and use it later, rather than trying to keep track of where data is copied and updating it to point to the end. - *Steve Henson, reported by Brien Wheeler - * + *Steve Henson, reported by Brien Wheeler * * Add a new function PKCS7_signatureVerify. This allows the verification of a PKCS#7 signature but with the signing certificate passed to the @@ -16560,7 +16521,7 @@ ndif *Steve Henson* - * Complete the PEM_* macros with DECLARE_PEM versions to replace the + * Complete the `PEM_*` macros with DECLARE_PEM versions to replace the function prototypes in pem.h, also change util/mkdef.pl to add the necessary function names. @@ -16618,7 +16579,7 @@ ndif *Steve Henson* * Fix determination of Perl interpreter: A perl or perl5 - _directory_ in $PATH was also accepted as the interpreter. + *directory* in $PATH was also accepted as the interpreter. *Ralf S. Engelschall* @@ -16647,7 +16608,6 @@ ndif *Bodo Moeller* -f 0 * DES CBC did not update the IV. Weird. *Ben Laurie* @@ -16728,7 +16688,7 @@ ndif *Martin Kraemer * - * Make callbacks for key generation use void * instead of char *. + * Make callbacks for key generation use `void *` instead of `char *`. *Ben Laurie* @@ -16744,8 +16704,7 @@ ndif *Bodo Moeller* - -### Changes between 0.9.3 and 0.9.3a [29 May 1999] ### +### Changes between 0.9.3 and 0.9.3a [29 May 1999] * New configuration variant "sco5-gcc". @@ -16778,8 +16737,7 @@ ndif *Richard Levitte* - -### Changes between 0.9.2b and 0.9.3 [24 May 1999] ### +### Changes between 0.9.2b and 0.9.3 [24 May 1999] * Bignum library bug fix. IRIX 6 passes "make test" now! This also avoids the problems with SC4.2 and unpatched SC5. @@ -16846,8 +16804,8 @@ ndif *Steve Henson* * Make SSL library a little more fool-proof by not requiring any longer - that SSL_set_{accept,connect}_state be called before - SSL_{accept,connect} may be used (SSL_set_..._state is omitted + that `SSL_set_{accept,connect}_state` be called before + `SSL_{accept,connect}` may be used (`SSL_set_..._state` is omitted in many applications because usually everything *appeared* to work as intended anyway -- now it really works as intended). @@ -16857,9 +16815,9 @@ ndif *Ulf M?ller* - * Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall + * Fix various things to let OpenSSL even pass "egcc -pipe -O2 -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes - -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+ + -Wmissing-declarations -Wnested-externs -Winline" with EGCS 1.1.2+ *Ralf S. Engelschall* @@ -16871,7 +16829,7 @@ ndif * Create a duplicate of the SSL_CTX's CERT in SSL_new instead of copying pointers. The cert_st handling is changed by this in various ways (and thus what used to be known as ctx->default_cert - is now called ctx->cert, since we don't resort to s->ctx->[default_]cert + is now called ctx->cert, since we don't resort to `s->ctx->[default_]cert` any longer when s->cert does not give us what we need). ssl_cert_instantiate becomes obsolete by this change. As soon as we've got the new code right (possibly it already is?), @@ -16880,7 +16838,7 @@ ndif Note that using the SSL API in certain dirty ways now will result in different behaviour than observed with earlier library versions: - Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx) + Changing settings for an `SSL_CTX *ctx` after having done s = SSL_new(ctx) does not influence s as it used to. In order to clean up things more thoroughly, inside SSL_SESSION @@ -16942,7 +16900,7 @@ ndif *Anonymous* - * Add missing sk__unshift() function to safestack.h + * Add missing `sk__unshift()` function to safestack.h *Ralf S. Engelschall* @@ -17002,7 +16960,7 @@ ndif *Niels Poppe * - * New Configure option no- (rsa, idea, rc5, ...). + * New Configure option `no-` (rsa, idea, rc5, ...). *Ulf M?ller* @@ -17037,7 +16995,7 @@ ndif *Steve Henson* - * Change #include filenames from to . + * Change #include filenames from `` to ``. *Bodo Moeller* @@ -17157,16 +17115,16 @@ ndif *Ben Laurie* - * Add `openssl ca -revoke ' facility which revokes a certificate - specified in by updating the entry in the index.txt file. + * Add `openssl ca -revoke ` facility which revokes a certificate + specified in `` by updating the entry in the index.txt file. This way one no longer has to edit the index.txt file manually for revoking a certificate. The -revoke option does the gory details now. *Massimiliano Pala , Ralf S. Engelschall* - * Fix `openssl crl -noout -text' combination where `-noout' killed the - `-text' option at all and this way the `-noout -text' combination was - inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'. + * Fix `openssl crl -noout -text` combination where `-noout` killed the + `-text` option at all and this way the `-noout -text` combination was + inconsistent in `openssl crl` with the friends in `openssl x509|rsa|dsa`. *Ralf S. Engelschall* @@ -17176,12 +17134,12 @@ ndif *Ralf S. Engelschall* - * Bugfix: In test/testenc, don't test "openssl " for + * Bugfix: In test/testenc, don't test `openssl ` for ciphers that were excluded, e.g. by -DNO_IDEA. Also, test all available ciphers including rc5, which was forgotten until now. In order to let the testing shell script know which algorithms are available, a new (up to now undocumented) command - "openssl list-cipher-commands" is used. + `openssl list-cipher-commands` is used. *Bodo Moeller* @@ -17270,8 +17228,7 @@ ndif *Soren S. Jorvang * - -### Changes between 0.9.1c and 0.9.2b [22 Mar 1999] ### +### Changes between 0.9.1c and 0.9.2b [22 Mar 1999] * Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still doesn't work when the session is reused. Coming soon! @@ -17401,13 +17358,14 @@ ndif * Add a useful kludge to allow package maintainers to specify compiler and other platforms details on the command line without having to patch the - Configure script every time: One now can use ``perl Configure - :

'', i.e. platform ids are allowed to have details appended + Configure script every time: One now can use + `perl Configure :
`, + i.e. platform ids are allowed to have details appended to them (separated by colons). This is treated as there would be a static - pre-configured entry in Configure's %table under key with value -
and ``perl Configure '' is called. So, when you want to + pre-configured entry in Configure's %table under key `` with value + `
` and `perl Configure ` is called. So, when you want to perform a quick test-compile under FreeBSD 3.1 with pgcc and without - assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"'' + assembler stuff you can use `perl Configure "FreeBSD-elf:pgcc:-O6:::"` now, which overrides the FreeBSD-elf entry on-the-fly. *Ralf S. Engelschall* @@ -17468,7 +17426,7 @@ ndif *Steve Henson* - * Added the new `Includes OpenSSL Cryptography Software' button as + * Added the new 'Includes OpenSSL Cryptography Software' button as doc/openssl_button.{gif,html} which is similar in style to the old SSLeay button and can be used by applications based on OpenSSL to show the relationship to the OpenSSL project. @@ -17504,7 +17462,7 @@ ndif * Experiment with doxygen documentation. Currently only partially applied to ssl/ssl_lib.c. - See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with + See , and run doxygen with openssl.doxy as the configuration file. *Ben Laurie* @@ -17550,13 +17508,13 @@ ndif *Richard Levitte * - * Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c + * Fix `port` variable from `int` to `unsigned int` in crypto/bio/b_sock.c *Richard Levitte * * Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal() - from `int' to `unsigned int' because it's a length and initialized by - EVP_DigestFinal() which expects an `unsigned int *'. + from `int` to `unsigned int` because it is a length and initialized by + EVP_DigestFinal() which expects an `unsigned int *`. *Richard Levitte * @@ -17628,7 +17586,7 @@ ndif foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure against Bleichbacher's attack on RSA. *Ulf Moeller , reformatted, corrected and integrated by - Ben Laurie* + Ben Laurie* * Updates to the new SSL compression code @@ -17708,7 +17666,7 @@ ndif *Steve Henson* - * Overhauled the Perl interface (perl/*): + * Overhauled the Perl interface: - ported BN stuff to OpenSSL's different BN library - made the perl/ source tree CVS-aware - renamed the package from SSLeay to OpenSSL (the files still contain @@ -17747,7 +17705,7 @@ ndif *Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)* - * Make sure `make rehash' target really finds the `openssl' program. + * Make sure `make rehash` target really finds the `openssl` program. *Ralf S. Engelschall, Matthias Loepfe * @@ -17760,7 +17718,7 @@ ndif *Alan Batie * - * Fixed ms/32all.bat script: `no_asm' -> `no-asm' + * Fixed ms/32all.bat script: `no_asm` -> `no-asm` *Rainer W. Gerling * @@ -17913,7 +17871,7 @@ ndif *Steve Henson* - * Make _all_ *_free functions accept a NULL pointer. + * Make *all* `*_free` functions accept a NULL pointer. *Frans Heymans * @@ -17976,10 +17934,10 @@ ndif *Steve Henson and Ben Laurie* - * First cut of a cleanup for apps/. First the `ssleay' program is now named - `openssl' and second, the shortcut symlinks for the `openssl ' + * First cut of a cleanup for apps/. First the `ssleay` program is now named + `openssl` and second, the shortcut symlinks for the `openssl ` are no longer created. This way we have a single and consistent command - line interface `openssl ', similar to `cvs '. + line interface `openssl `, similar to `cvs `. *Ralf S. Engelschall, Paul Sutton and Ben Laurie* @@ -18072,8 +18030,7 @@ ndif *Ben Laurie* - -### Changes between 0.9.1b and 0.9.1c [23-Dec-1998] ### +### Changes between 0.9.1b and 0.9.1c [23-Dec-1998] * Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and changed SSLeay to OpenSSL in version strings. @@ -18094,7 +18051,7 @@ ndif *Andrew Cooke / Interrader Ldt., Ralf S. Engelschall* - * Fixed nasty rehash problem under `make -f Makefile.ssl links' + * Fixed nasty rehash problem under `make -f Makefile.ssl links` when "ssleay" is still not found. *Ralf S. Engelschall* @@ -18146,8 +18103,7 @@ ndif *The OpenSSL Project* - -### Changes between 0.9.0b and 0.9.1b [not released] ### +### Changes between 0.9.0b and 0.9.1b [not released] * Updated a few CA certificates under certs/ @@ -18278,7 +18234,6 @@ ndif *Edward Bishop * - [CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7a9fa2b4ec..23756a5d4a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -5,7 +5,6 @@ Please visit our [Getting Started][gs] page for other ideas about how to contrib [gs]: https://www.openssl.org/community/getting-started.html - Development is done on GitHub in the [openssl/openssl][gh] repository. [gh]: https://github.com/openssl/openssl @@ -30,14 +29,17 @@ guidelines: [CLA]: https://www.openssl.org/policies/cla.html To amend a missing "`CLA: trivial`" line after submission, do the following: + ``` git commit --amend [add the line, save and quit the editor] git push -f ``` + 2. All source files should start with the following text (with appropriate comment characters at the start of each line and the year(s) updated): + ``` Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved. diff --git a/INSTALL.md b/INSTALL.md index e19f6693dd..d4da50c7f7 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1,4 +1,3 @@ - Build and Install ================= @@ -12,36 +11,35 @@ Table of Contents - [Prerequisites](#prerequisites) - [Notational Conventions](#notational-conventions) - [Quick Installation Guide](#quick-installation-guide) - - [Building OpenSSL](#building-openssl) - - [Installing OpenSSL](#installing-openssl) + - [Building OpenSSL](#building-openssl) + - [Installing OpenSSL](#installing-openssl) - [Configuration Options](#configuration-options) - - [API Level](#api-level) - - [Cross Compile Prefix](#cross-compile-prefix) - - [Build Type](#build-type) - - [Directories](#directories) - - [Compiler Warnings](#compiler-warnings) - - [ZLib Flags](#zlib-flags) - - [Seeding the Random Generator](#seeding-the-random-generator) - - [Enable and Disable Features](#enable-and-disable-features) - - [Displaying configuration data](#displaying-configuration-data) + - [API Level](#api-level) + - [Cross Compile Prefix](#cross-compile-prefix) + - [Build Type](#build-type) + - [Directories](#directories) + - [Compiler Warnings](#compiler-warnings) + - [ZLib Flags](#zlib-flags) + - [Seeding the Random Generator](#seeding-the-random-generator) + - [Enable and Disable Features](#enable-and-disable-features) + - [Displaying configuration data](#displaying-configuration-data) - [Installation Steps in Detail](#installation-steps-in-detail) - - [Configure](#configure-openssl) - - [Build](#build-openssl) - - [Test](#test-openssl) - - [Install](#install-openssl) + - [Configure](#configure-openssl) + - [Build](#build-openssl) + - [Test](#test-openssl) + - [Install](#install-openssl) - [Advanced Build Options](#advanced-build-options) - - [Environment Variables](#environment-variables) - - [Makefile Targets](#makefile-targets) - - [Running Selected Tests](#running-selected-tests) + - [Environment Variables](#environment-variables) + - [Makefile Targets](#makefile-targets) + - [Running Selected Tests](#running-selected-tests) - [Troubleshooting](#troubleshooting) - - [Configuration Problems](#configuration-problems) - - [Build Failures](#build-failures) - - [Test Failures](#test-failures) + - [Configuration Problems](#configuration-problems) + - [Build Failures](#build-failures) + - [Test Failures](#test-failures) - [Notes](#notes) - - [Notes on multi-threading](#notes-on-multi-threading) - - [Notes on shared libraries](#notes-on-shared-libraries) - - [Notes on random number generation](#notes-on-random-number-generation) - + - [Notes on multi-threading](#notes-on-multi-threading) + - [Notes on shared libraries](#notes-on-shared-libraries) + - [Notes on random number generation](#notes-on-random-number-generation) Prerequisites ============= @@ -67,7 +65,6 @@ issues and other details, please read one of these: * [NOTES.VALGRIND](NOTES.VALGRIND) - testing with Valgrind * [NOTES.PERL](NOTES.PERL) - some notes on Perl - Notational conventions ====================== @@ -129,7 +126,6 @@ A simple example would be which is to be understood to use the command `type` on some file name determined by the user. - **Optional Arguments** are enclosed in double square brackets. [[ options ]] @@ -138,7 +134,6 @@ Note that the notation assumes spaces around {, }, [, ], {{, }} and [[, ]]. This is to differentiate from OpenVMS directory specifications, which also use [ and ], but without spaces. - Quick Installation Guide ======================== @@ -154,13 +149,13 @@ Use the following commands to configure, build and test OpenSSL. The testing is optional, but recommended if you intend to install OpenSSL for production use. -### Unix / Linux / macOS ### +### Unix / Linux / macOS $ ./config $ make $ make test -### OpenVMS ### +### OpenVMS Use the following commands to build OpenSSL: @@ -168,7 +163,7 @@ Use the following commands to build OpenSSL: $ mms $ mms test -### Windows ### +### Windows If you are using Visual Studio, open a Developer Command Prompt and and issue the following commands to build OpenSSL. @@ -210,7 +205,7 @@ the global search path for system libraries. Finally, if you plan on using the FIPS module, you need to read the [Post-installation Notes](#post-installation-notes) further down. -### Unix / Linux / macOS ### +### Unix / Linux / macOS Depending on your distribution, you need to run the following command as root user or prepend `sudo` to the command: @@ -230,7 +225,7 @@ More precisely, the files will be installed into the subdirectories depending on the file type, as it is custom on Unix-like operating systems. -### OpenVMS ### +### OpenVMS Use the following command to install OpenSSL. @@ -243,7 +238,7 @@ By default, OpenSSL will be installed to where 'version' is the OpenSSL version number with underscores instead of periods. -### Windows ### +### Windows If you are using Visual Studio, open the Developer Command Prompt _elevated_ and issue the following command. @@ -264,8 +259,7 @@ for native binaries, or for 32bit binaries on 64bit Windows (WOW64). - -#### Installing to a different location #### +#### Installing to a different location To install OpenSSL to a different location (for example into your home directory for testing purposes) run config like this: @@ -279,11 +273,10 @@ directory for testing purposes) run config like this: $ @config --prefix=PROGRAM:[INSTALLS] --openssldir=SYS$MANAGER:[OPENSSL] Note: if you do add options to the configuration command, please make sure -you've read more than just this Quick Start, such as relevant NOTES.* files, +you've read more than just this Quick Start, such as relevant `NOTES.*` files, the options outline below, as configuration options may change the outcome in otherwise unexpected ways. - Configuration Options ===================== @@ -310,7 +303,6 @@ If you just intend to remove all deprecated APIs up to the current version entirely, just specify [no-deprecated](#no-deprecated). If `--api` isn't given, it defaults to the current (minor) OpenSSL version. - Cross Compile Prefix -------------------- @@ -333,7 +325,6 @@ mention that you have to invoke `./Configure`, not `./config`, and pass your tar name explicitly. Also, note that `--openssldir` refers to target's file system, not one you are building on. - Build Type ---------- @@ -345,11 +336,10 @@ Build OpenSSL with debugging symbols and zero optimization level. Build OpenSSL without debugging symbols. This is the default. - Directories ----------- -### libdir ### +### libdir --libdir=DIR @@ -359,7 +349,7 @@ this is "lib". Note that on Windows only static libraries (`*.lib`) will be stored in this location. Shared libraries (`*.dll`) will always be installed to the "bin" directory. -### openssldir ### +### openssldir --openssldir=DIR @@ -373,7 +363,7 @@ and key store. Defaults are: For 32bit Windows applications on Windows 64bit (WOW64), always replace `C:\Program Files` by `C:\Program Files (x86)`. -### prefix ### +### prefix --prefix=DIR @@ -383,7 +373,6 @@ The top of the installation directory tree. Defaults are: Windows: C:\Program Files\OpenSSL OpenVMS: SYS$COMMON:[OPENSSL-'version'] - Compiler Warnings ----------------- @@ -397,7 +386,7 @@ this option where possible. ZLib Flags ---------- -### with-zlib-include ### +### with-zlib-include --with-zlib-include=DIR @@ -405,7 +394,7 @@ The directory for the location of the zlib include file. This option is only necessary if [enable-zlib](#enable-zlib) is used and the include file is not already on the system include path. -### with-zlib-lib ### +### with-zlib-lib --with-zlib-lib=LIB @@ -421,7 +410,6 @@ then this flag is optional and defaults to "ZLIB1" if not provided. This flag is optional and if not provided then "GNV$LIBZSHR", "GNV$LIBZSHR32" or "GNV$LIBZSHR64" is used by default depending on the pointer size chosen. - Seeding the Random Generator ---------------------------- @@ -432,18 +420,18 @@ in order to obtain random input (a.k.a "entropy") for seeding its cryptographically secure random number generator (CSPRNG). The current seeding methods are: -### os ### +### os Use a trusted operating system entropy source. This is the default method if such an entropy source exists. -### getrandom ### +### getrandom Use the [getrandom(2)][man-getrandom] or equivalent system call. [man-getrandom]: http://man7.org/linux/man-pages/man2/getrandom.2.html -### devrandom ### +### devrandom Use the first device from the DEVRANDOM list which can be opened to read random bytes. The DEVRANDOM preprocessor constant expands to @@ -452,19 +440,19 @@ random bytes. The DEVRANDOM preprocessor constant expands to on most unix-ish operating systems. -### egd ### +### egd Check for an entropy generating daemon. -### rdcpu ### +### rdcpu Use the RDSEED or RDRAND command if provided by the CPU. -### librandom ### +### librandom Use librandom (not implemented yet). -### none ### +### none Disable automatic seeding. This is the default on some operating systems where no suitable entropy source exists, or no support for it is implemented yet. @@ -474,7 +462,6 @@ at the end of this document. [rng]: #notes-on-random-number-generation - Enable and Disable Features --------------------------- @@ -488,14 +475,13 @@ In the following list, always the non-default variant is documented: if feature xxxx is disabled by default then enable-xxxx is documented and if feature xxxx is enabled by default then no-xxxx is documented. - -### no-afalgeng ### +### no-afalgeng Don't build the AFALG engine. This option will be forced on a platform that does not support AFALG. -### enable-ktls ### +### enable-ktls Build with Kernel TLS support. @@ -505,7 +491,7 @@ TLS sockets. The Kernel may use TLS accelerators if any are available on the system. This option will be forced off on systems that do not support the Kernel TLS data-path. -### enable-asan ### +### enable-asan Build with the Address sanitiser. @@ -514,7 +500,7 @@ never be used in production environments. It will only work when used with gcc or clang and should be used in conjunction with the [no-shared](#no-shared) option. -### no-asm ### +### no-asm Do not use assembler code. @@ -522,11 +508,11 @@ This should be viewed as debugging/troubleshooting option rather than for production use. On some platforms a small amount of assembler code may still be used even with this option. -### no-async ### +### no-async Do not build support for async operations. -### no-autoalginit ### +### no-autoalginit Don't automatically load all supported ciphers and digests. @@ -536,7 +522,7 @@ size is an objective. This only affects libcrypto. Ciphers and digests will have to be loaded manually using EVP_add_cipher() and EVP_add_digest() if this option is used. This option will force a non-shared build. -### no-autoerrinit ### +### no-autoerrinit Don't automatically load all libcrypto/libssl error strings. @@ -544,14 +530,14 @@ Typically OpenSSL will automatically load human readable error strings. For a statically linked application this may be undesirable if small executable size is an objective. -### no-autoload-config ### +### no-autoload-config Don't automatically load the default openssl.cnf file. Typically OpenSSL will automatically load a system config file which configures default SSL options. -### enable-buildtest-c++ ### +### enable-buildtest-c++ While testing, generate C++ buildtest files that simply check that the public OpenSSL header files are usable standalone with C++. @@ -561,76 +547,76 @@ as configuration option, you must ensure that it's valid for both the C and the C++ compiler. If not, the C++ build test will most likely break. As an alternative, you can use the language specific variables, CFLAGS and CXXFLAGS. -### no-capieng ### +### no-capieng Don't build the CAPI engine. This option will be forced if on a platform that does not support CAPI. -### no-cmp ### +### no-cmp Don't build support for Certificate Management Protocol (CMP). -### no-cms ### +### no-cms Don't build support for Cryptographic Message Syntax (CMS). -### no-comp ### +### no-comp Don't build support for SSL/TLS compression. If this option is enabled (the default), then compression will only work if the zlib or zlib-dynamic options are also chosen. -### enable-crypto-mdebug ### +### enable-crypto-mdebug This now only enables the failed-malloc feature. -### enable-crypto-mdebug-backtrace ### +### enable-crypto-mdebug-backtrace This is a no-op; the project uses the compiler's address/leak sanitizer instead. -### no-ct ### +### no-ct Don't build support for Certificate Transparency (CT). -### no-deprecated ### +### no-deprecated Don't build with support for deprecated APIs up until and including the version given with `--api` (or the current version, if `--api` wasn't specified). -### no-dgram ### +### no-dgram Don't build support for datagram based BIOs. Selecting this option will also force the disabling of DTLS. -### no-dso ### +### no-dso Don't build support for loading Dynamic Shared Objects (DSO) -### enable-devcryptoeng ### +### enable-devcryptoeng Build the `/dev/crypto` engine. This option is automatically selected on the BSD platform, in which case it can be disabled with no-devcryptoeng. -### no-dynamic-engine ### +### no-dynamic-engine Don't build the dynamically loaded engines. This only has an effect in a shared build. -### no-ec ### +### no-ec Don't build support for Elliptic Curves. -### no-ec2m ### +### no-ec2m Don't build support for binary Elliptic Curves -### enable-ec_nistp_64_gcc_128 ### +### enable-ec_nistp_64_gcc_128 Enable support for optimised implementations of some commonly used NIST elliptic curves. @@ -643,19 +629,19 @@ This option is only supported on platforms: - supports the non-standard type `__uint128_t` - defines the built-in macro `__SIZEOF_INT128__` -### enable-egd ### +### enable-egd Build support for gathering entropy from the Entropy Gathering Daemon (EGD). -### no-engine ### +### no-engine Don't build support for loading engines. -### no-err ### +### no-err Don't compile in any error strings. -### enable-external-tests ### +### enable-external-tests Enable building of integration with external test suites. @@ -668,16 +654,16 @@ external test suites are currently supported: See the file [test/README.external]/(test/README.external) for further details. -### no-filenames ### +### no-filenames Don't compile in filename and line number information (e.g. for errors and memory allocation). -### no-fips ### +### no-fips Don't compile the FIPS provider -### enable-fuzz-libfuzzer, enable-fuzz-afl ### +### enable-fuzz-libfuzzer, enable-fuzz-afl Build with support for fuzzing using either libfuzzer or AFL. @@ -686,7 +672,7 @@ should never be used in production environments. See the file [fuzz/README.md](fuzz/README.md) for further details. -### no-gost ### +### no-gost Don't build support for GOST based ciphersuites. @@ -694,51 +680,49 @@ Note that if this feature is enabled then GOST ciphersuites are only available if the GOST algorithms are also available through loading an externally supplied engine. -### no-legacy ### +### no-legacy Don't build the legacy provider. Disabling this also disables the legacy algorithms: MD2 (already disabled by default). - -### no-makedepend ### +### no-makedepend Don't generate dependencies. -### no-module ### +### no-module Don't build any dynamically loadable engines. This also implies 'no-dynamic-engine'. -### no-multiblock ### +### no-multiblock Don't build support for writing multiple records in one go in libssl Note: this is a different capability to the pipelining functionality. -### no-nextprotoneg ### +### no-nextprotoneg Don't build support for the Next Protocol Negotiation (NPN) TLS extension. -### no-ocsp ### +### no-ocsp Don't build support for Online Certificate Status Protocol (OCSP). - -### no-padlockeng ### +### no-padlockeng Don't build the padlock engine. -### no-hw-padlock ### +### no-hw-padlock As synonyme for no-padlockeng. Deprecated and should not be used. -### no-pic ### +### no-pic Don't build with support for Position Independent Code. -### no-pinshared ### +### no-pinshared Don't pin the shared libraries. @@ -755,48 +739,47 @@ before libcrypto then a crash is likely to happen. Applications can suppress running of the atexit() handler at run time by using the OPENSSL_INIT_NO_ATEXIT option to OPENSSL_init_crypto(). See the man page for it for further details. -### no-posix-io ### +### no-posix-io Don't use POSIX IO capabilities. -### no-psk ### +### no-psk Don't build support for Pre-Shared Key based ciphersuites. -### no-rdrand ### +### no-rdrand Don't use hardware RDRAND capabilities. -### no-rfc3779 ### +### no-rfc3779 Don't build support for RFC3779, "X.509 Extensions for IP Addresses and AS Identifiers". -### sctp ### +### sctp Build support for Stream Control Transmission Protocol (SCTP). -### no-shared ### +### no-shared Do not create shared libraries, only static ones. - See [Notes on shared libraries](#notes-on-shared-libraries) below. -### no-sock ### +### no-sock Don't build support for socket BIOs. -### no-srp ### +### no-srp Don't build support for Secure Remote Password (SRP) protocol or SRP based ciphersuites. -### no-srtp ### +### no-srtp Don't build Secure Real-Time Transport Protocol (SRTP) support. -### no-sse2 ### +### no-sse2 Exclude SSE2 code paths from 32-bit x86 assembly modules. @@ -810,34 +793,34 @@ disengage SSE2 code paths upon application start-up, but if you aim for wider "audience" running such kernel, consider no-sse2. Both the 386 and no-asm options imply no-sse2. -### enable-ssl-trace ### +### enable-ssl-trace Build with the SSL Trace capabilities. This adds the "-trace" option to s_client and s_server. -### no-static-engine ### +### no-static-engine Don't build the statically linked engines. This only has an impact when not built "shared". -### no-stdio ### +### no-stdio Don't use anything from the C header file "stdio.h" that makes use of the "FILE" type. Only libcrypto and libssl can be built in this way. Using this option will suppress building the command line applications. Additionally, since the OpenSSL tests also use the command line applications, the tests will also be skipped. -### no-tests ### +### no-tests Don't build test programs or run any tests. -### no-threads ### +### no-threads Don't build with support for multi-threaded applications. -### threads ### +### threads Build with support for multi-threaded applications. Most platforms will enable this by default. However if on a platform where this is not the case then this @@ -845,17 +828,17 @@ will usually require additional system-dependent options! See [Notes on multi-threading](#notes-on-multi-threading) below. -### enable-trace ### +### enable-trace Build with support for the integrated tracing api. See manual pages OSSL_trace_set_channel(3) and OSSL_trace_enabled(3) for details. -### no-ts ### +### no-ts Don't build Time Stamping (TS) Authority support. -### enable-ubsan ### +### enable-ubsan Build with the Undefined Behaviour sanitiser (UBSAN). @@ -864,40 +847,40 @@ never be used in production environments. It will only work when used with gcc or clang and should be used in conjunction with the `-DPEDANTIC` option (or the `--strict-warnings` option). -### no-ui-console ### +### no-ui-console Don't build with the User Interface (UI) console method The User Interface console method enables text based console prompts. -### enable-unit-test ### +### enable-unit-test Enable additional unit test APIs. This should not typically be used in production deployments. -### no-uplink ### +### no-uplink Don't build support for UPLINK interface. -### enable-weak-ssl-ciphers ### +### enable-weak-ssl-ciphers Build support for SSL/TLS ciphers that are considered "weak" Enabling this includes for example the RC4 based ciphersuites. -### zlib ### +### zlib Build with support for zlib compression/decompression. -### zlib-dynamic ### +### zlib-dynamic Like the zlib option, but has OpenSSL load the zlib library dynamically when needed. This is only supported on systems where loading of shared libraries is supported. -### 386 ### +### 386 In 32-bit x86 builds, use the 80386 instruction set only in assembly modules @@ -905,7 +888,7 @@ The default x86 code is more efficient, but requires at least an 486 processor. Note: This doesn't affect compiler generated code, so this option needs to be accompanied by a corresponding compiler-specific option. -### no-{protocol} ### +### no-{protocol} no-{ssl|ssl3|tls|tls1|tls1_1|tls1_2|tls1_3|dtls|dtls1|dtls1_2} @@ -917,7 +900,7 @@ synonymous with "no-ssl3". Note this only affects version negotiation. OpenSSL will still provide the methods for applications to explicitly select the individual protocol versions. -### no-{protocol}-method ### +### no-{protocol}-method no-{ssl|ssl3|tls|tls1|tls1_1|tls1_2|tls1_3|dtls|dtls1|dtls1_2}-method @@ -929,13 +912,13 @@ TLSv1.3. Using individual protocol methods directly is deprecated. Applications should use TLS_method() instead. -### enable-{algorithm} ### +### enable-{algorithm} enable-{md2|rc5} Build with support for the specified algorithm. -### no-{algorithm} ### +### no-{algorithm} no-{aria|bf|blake2|camellia|cast|chacha|cmac| des|dh|dsa|ecdh|ecdsa|idea|md4|mdc2|ocb| @@ -946,7 +929,7 @@ Build without support for the specified algorithm. The "ripemd" algorithm is deprecated and if used is synonymous with rmd160. -### Compiler-specific options ### +### Compiler-specific options -Dxxx, -Ixxx, -Wp, -lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static @@ -977,7 +960,7 @@ encoding. Take note of the [Environment Variables](#environment-variables) documentation below and how these flags interact with those variables. -### Environment Variables ### +### Environment Variables VAR=value @@ -1054,7 +1037,7 @@ If CC is set, it is advisable to also set CXX to ensure both the C and C++ compiler are in the same "family". This becomes relevant with 'enable-external-tests' and 'enable-buildtest-c++'. -### Reconfigure ### +### Reconfigure reconf reconfigure @@ -1093,7 +1076,7 @@ Installation Steps in Detail Configure OpenSSL ----------------- -### Automatic Configuration ### +### Automatic Configuration On some platform a `config` script is available which attempts to guess your operating system (and compiler, if necessary) and calls the `Configure` @@ -1101,15 +1084,15 @@ Perl script with appropriate target based on its guess. Further options can be supplied to the `config` script, which will be passed on to the `Configure` script. -#### Unix / Linux / macOS #### +#### Unix / Linux / macOS $ ./config [[ options ]] -#### OpenVMS #### +#### OpenVMS $ @config [[ options ]] -#### Windows #### +#### Windows Automatic configuration is not available on Windows. @@ -1129,7 +1112,7 @@ On some systems, you can include debugging information as follows: $ ./config -d [[ options ]] -### Manual Configuration ### +### Manual Configuration OpenSSL knows about a range of different operating system, hardware and compiler combinations. To see the ones it knows about, run @@ -1151,8 +1134,7 @@ run: $ ./Configure linux-elf [[ options ]] - -### Creating your own Configuration ### +### Creating your own Configuration If your system isn't listed, you will have to create a configuration file named Configurations/{{ something }}.conf and add the correct @@ -1168,13 +1150,13 @@ and "descrip.mms" on OpenVMS) from a suitable template in Configurations, and defines various macros in include/openssl/configuration.h (generated from include/openssl/configuration.h.in). -### Out of Tree Builds ### +### Out of Tree Builds OpenSSL can be configured to build in a build directory separate from the source code directory. It's done by placing yourself in some other directory and invoking the configuration commands from there. -#### Unix example #### +#### Unix example $ mkdir /var/tmp/openssl-build $ cd /var/tmp/openssl-build @@ -1184,7 +1166,7 @@ or $ /PATH/TO/OPENSSL/SOURCE/Configure {{ target }} [[ options ]] -#### OpenVMS example #### +#### OpenVMS example $ set default sys$login: $ create/dir [.tmp.openssl-build] @@ -1195,7 +1177,7 @@ or $ @[PATH.TO.OPENSSL.SOURCE]Configure {{ target }} [[ options ]] -#### Windows example #### +#### Windows example $ C: $ mkdir \temp-openssl @@ -1205,7 +1187,6 @@ or Paths can be relative just as well as absolute. Configure will do its best to translate them to relative paths whenever possible. - Build OpenSSL ------------- @@ -1239,7 +1220,6 @@ your privileges temporarily if your platform allows it). If some tests fail, take a look at the [Test Failures](#test-failures) subsection of the [Troubleshooting](#troubleshooting) section. - Install OpenSSL --------------- @@ -1256,7 +1236,7 @@ The above commands will install all the software components in this directory tree under PREFIX (the directory given with `--prefix` or its default): -#### Unix / Linux / macOS #### +### Unix / Linux / macOS bin/ Contains the openssl binary and a few other utility scripts. @@ -1278,7 +1258,7 @@ its default): share/doc/openssl/html/man7 Contains the HTML rendition of the man-pages. -#### OpenVMS #### +### OpenVMS 'arch' is replaced with the architecture name, "Alpha" or "ia64", 'sover' is replaced with the shared library version (0101 for 1.1), and @@ -1299,8 +1279,7 @@ its default): [.SYSTEST] Contains the installation verification procedure. [.HTML] Contains the HTML rendition of the manual pages. - -#### Additional Directories #### +### Additional Directories Additionally, install will add the following directories under OPENSSLDIR (the directory given with `--openssldir` or its default) @@ -1328,9 +1307,10 @@ packaged, can use The specified destination directory will be prepended to all installation target paths. -### Compatibility issues with previous OpenSSL versions ### +Compatibility issues with previous OpenSSL versions +--------------------------------------------------- -#### COMPILING existing applications #### +### COMPILING existing applications Starting with version 1.1.0, OpenSSL hides a number of structures that were previously open. This includes all internal libssl structures and a number @@ -1346,7 +1326,6 @@ access a structure's field directly. Some APIs have changed as well. However, older APIs have been preserved when possible. - Post-installation Notes ----------------------- @@ -1358,11 +1337,9 @@ This involves using the following command: See the openssl-fipsinstall(1) manual for details and examples. - Advanced Build Options ====================== - Environment Variables --------------------- @@ -1437,7 +1414,6 @@ platforms. WINDRES See RC. - Makefile Targets ---------------- @@ -1530,7 +1506,7 @@ Also, all tokens except for "alltests" may have wildcards, such as *. (on Unix and Windows, BSD style wildcards are supported, while on VMS, it's VMS style wildcards) -### Examples ### +### Examples Run all tests except for the fuzz tests: @@ -1568,7 +1544,7 @@ Troubleshooting Configuration Problems ---------------------- -### Selecting the correct target ### +### Selecting the correct target The `./config` script tries hard to guess your operating system, but in some cases it does not succeed. You will see a message like the following: @@ -1616,7 +1592,7 @@ you can [raise an issue][] to ask a question yourself. More about our support resources can be found in the [SUPPORT][] file. -### Configuration Errors ### +### Configuration Errors If the `./config` or `./Configure` command fails with an error message, read the error message carefully and try to figure out whether you made @@ -1637,7 +1613,6 @@ Note: To make the output readable, pleace add a 'code fence' (three backquotes ``` - Build Failures -------------- @@ -1668,7 +1643,6 @@ encountered an OpenSSL bug, please [raise an issue][] to file a bug report. Please take the time to review the existing issues first; maybe the bug was already reported or has already been fixed. - Test Failures ------------- @@ -1713,12 +1687,11 @@ compiler optimization flags from the CFLAGS line in Makefile and run "make clean; make" or corresponding. To report a bug please open an issue on GitHub, at -https://github.com/openssl/openssl/issues. +. For more details on how the make variables TESTS can be used, see section [Running Selected Tests](#running-selected-tests) below. - Notes ===== @@ -1803,20 +1776,19 @@ to install additional support software to obtain a random seed and reseed the CSPRNG manually. Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), and the FAQ for more information. - [openssl-users]: - https://mta.openssl.org/mailman/listinfo/openssl-users + [SUPPORT]: ./SUPPORT.md [GitHub Issues]: - https://github.com/openssl/openssl/issues + [raise an issue]: - https://github.com/openssl/openssl/issues/new/choose + [10-main.conf]: Configurations/10-main.conf diff --git a/NEWS.md b/NEWS.md index 59081b0cdd..ec5e754e0b 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,4 +1,3 @@ - NEWS ==== @@ -19,7 +18,7 @@ OpenSSL Releases OpenSSL 3.0 ----------- -### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] ### +### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] * The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in the FIPS provider. None have the "fips=yes" property set and, as such, @@ -67,16 +66,16 @@ OpenSSL 3.0 OpenSSL 1.1.1 ------------- -### Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [under development] ### +### Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [under development] - * + * -### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020] ### +### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020] * Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli ([CVE-2019-1551][]) -### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] ### +### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] * Fixed a fork protection issue ([CVE-2019-1549][]) * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey @@ -93,36 +92,36 @@ OpenSSL 1.1.1 * Significantly reduce secure memory usage by the randomness pools * Revert the DEVRANDOM_WAIT feature for Linux systems -### Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019] ### +### Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019] * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543][]) -### Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019] ### +### Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019] * Change the info callback signals for the start and end of a post-handshake message exchange in TLSv1.3. * Fix a bug in DTLS over SCTP. This breaks interoperability with older versions of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. -### Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] ### +### Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] * Timing vulnerability in DSA signature generation ([CVE-2018-0734][]) * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735][]) -### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] ### +### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] * Support for TLSv1.3 added. The TLSv1.3 implementation includes: - * Fully compliant implementation of RFC8446 (TLSv1.3) on by default - * Early data (0-RTT) - * Post-handshake authentication and key update - * Middlebox Compatibility Mode - * TLSv1.3 PSKs - * Support for all five RFC8446 ciphersuites - * RSA-PSS signature algorithms (backported to TLSv1.2) - * Configurable session ticket support - * Stateless server support - * Rewrite of the packet construction code for "safer" packet handling - * Rewrite of the extension handling code + * Fully compliant implementation of RFC8446 (TLSv1.3) on by default + * Early data (0-RTT) + * Post-handshake authentication and key update + * Middlebox Compatibility Mode + * TLSv1.3 PSKs + * Support for all five RFC8446 ciphersuites + * RSA-PSS signature algorithms (backported to TLSv1.2) + * Configurable session ticket support + * Stateless server support + * Rewrite of the packet construction code for "safer" packet handling + * Rewrite of the extension handling code For further important information, see the [TLS1.3 page]( https://wiki.openssl.org/index.php/TLS1.3) in the OpenSSL Wiki. @@ -159,11 +158,10 @@ OpenSSL 1.1.1 * Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes * Rewrite of devcrypto engine - OpenSSL 1.1.0 ------------- -### Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [10 Sep 2019] ### +### Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [10 Sep 2019] * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey ([CVE-2019-1563][]) @@ -173,57 +171,57 @@ OpenSSL 1.1.0 ([CVE-2019-1547][]) * Use Windows installation paths in the mingw builds ([CVE-2019-1552][]) -### Major changes between OpenSSL 1.1.0j and OpenSSL 1.1.0k [28 May 2019] ### +### Major changes between OpenSSL 1.1.0j and OpenSSL 1.1.0k [28 May 2019] * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543][]) -### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018] ### +### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018] * Timing vulnerability in DSA signature generation ([CVE-2018-0734][]) * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735][]) -### Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018] ### +### Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018] * Client DoS due to large DH parameter ([CVE-2018-0732][]) * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737][]) -### Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018] ### +### Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018] * Constructed ASN.1 types with a recursive definition could exceed the stack ([CVE-2018-0739][]) * Incorrect CRYPTO_memcmp on HP-UX PA-RISC ([CVE-2018-0733][]) * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738][]) -### Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017] ### +### Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017] * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736][]) * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735][]) -### Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017] ### +### Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017] * config now recognises 64-bit mingw and chooses mingw64 instead of mingw -### Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017] ### +### Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017] * Encrypt-Then-Mac renegotiation crash ([CVE-2017-3733][]) -### Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017] ### +### Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017] * Truncated packet could crash via OOB read ([CVE-2017-3731][]) * Bad (EC)DHE parameters cause a client crash ([CVE-2017-3730][]) * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732][]) -### Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016] ### +### Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016] * ChaCha20/Poly1305 heap-buffer-overflow ([CVE-2016-7054][]) * CMS Null dereference ([CVE-2016-7053][]) * Montgomery multiplication may produce incorrect results ([CVE-2016-7055][]) -### Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016] ### +### Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016] * Fix Use After Free for large message sizes ([CVE-2016-6309][]) -### Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016] ### +### Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016] * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304][]) * SSL_peek() hang on empty record ([CVE-2016-6305][]) @@ -232,7 +230,7 @@ OpenSSL 1.1.0 * Excessive allocation of memory in dtls1_preprocess_fragment() ([CVE-2016-6308][]) -### Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016] ### +### Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016] * Copyright text was shrunk to a boilerplate that points to the license * "shared" builds are now the default when possible @@ -280,11 +278,10 @@ OpenSSL 1.1.0 * Support for Certificate Transparency * HKDF support. - OpenSSL 1.0.2 ------------- -### Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [10 Sep 2019] ### +### Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [10 Sep 2019] * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey ([CVE-2019-1563][]) @@ -295,54 +292,54 @@ OpenSSL 1.0.2 * Document issue with installation paths in diverse Windows builds ([CVE-2019-1552][]) -### Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2s [28 May 2019] ### +### Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2s [28 May 2019] * None -### Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019] ### +### Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019] * 0-byte record padding oracle ([CVE-2019-1559][]) -### Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018] ### +### Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018] * Microarchitecture timing vulnerability in ECC scalar multiplication ([CVE-2018-5407][]) * Timing vulnerability in DSA signature generation ([CVE-2018-0734][]) -### Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018] ### +### Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018] * Client DoS due to large DH parameter ([CVE-2018-0732][]) * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737][]) -### Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018] ### +### Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018] * Constructed ASN.1 types with a recursive definition could exceed the stack ([CVE-2018-0739][]) -### Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017] ### +### Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017] * Read/write after SSL object in error state ([CVE-2017-3737][]) * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738][]) -### Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017] ### +### Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017] * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736][]) * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735][]) -### Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017] ### +### Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017] * config now recognises 64-bit mingw and chooses mingw64 instead of mingw -### Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017] ### +### Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017] * Truncated packet could crash via OOB read ([CVE-2017-3731][]) * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732][]) * Montgomery multiplication may produce incorrect results ([CVE-2016-7055][]) -### Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016] ### +### Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016] * Missing CRL sanity check ([CVE-2016-7052][]) -### Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016] ### +### Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016] * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304][]) * SWEET32 Mitigation ([CVE-2016-2183][]) @@ -356,7 +353,7 @@ OpenSSL 1.0.2 * DTLS replay protection DoS ([CVE-2016-2181][]) * Certificate message OOB reads ([CVE-2016-6306][]) -### Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] ### +### Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107][]) * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105][]) @@ -369,7 +366,7 @@ OpenSSL 1.0.2 the default. * Only remove the SSLv2 methods with the no-ssl2-method option. -### Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] ### +### Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. * Disable SSLv2 default build, default negotiation and weak ciphers @@ -382,12 +379,12 @@ OpenSSL 1.0.2 * Fix memory issues in BIO_*printf functions ([CVE-2016-0799][]) * Fix side channel attack on modular exponentiation ([CVE-2016-0702][]) -### Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] ### +### Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] * DH small subgroups ([CVE-2016-0701][]) * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197][]) -### Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] ### +### Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2015-3193][]) * Certificate verify crash with missing PSS parameter ([CVE-2015-3194][]) @@ -396,16 +393,16 @@ OpenSSL 1.0.2 * In DSA_generate_parameters_ex, if the provided seed is too short, return an error -### Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] ### +### Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] * Alternate chains certificate forgery ([CVE-2015-1793][]) * Race condition handling PSK identify hint ([CVE-2015-3196][]) -### Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] ### +### Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] * Fix HMAC ABI incompatibility -### Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015] ### +### Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015] * Malformed ECParameters causes infinite loop ([CVE-2015-1788][]) * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789][]) @@ -413,7 +410,7 @@ OpenSSL 1.0.2 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792][]) * Race condition handling NewSessionTicket ([CVE-2015-1791][]) -### Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015] ### +### Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015] * OpenSSL 1.0.2 ClientHello sigalgs DoS fix ([CVE-2015-0291][]) * Multiblock corrupted pointer fix ([CVE-2015-0290][]) @@ -429,7 +426,7 @@ OpenSSL 1.0.2 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288][]) * Removed the export ciphers from the DEFAULT ciphers -### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015] ### +### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015] * Suite B support for TLS 1.2 and DTLS 1.2 * Support for DTLS 1.2 @@ -440,11 +437,10 @@ OpenSSL 1.0.2 * ALPN support. * CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. - OpenSSL 1.0.1 ------------- -### Major changes between OpenSSL 1.0.1t and OpenSSL 1.0.1u [22 Sep 2016] ### +### Major changes between OpenSSL 1.0.1t and OpenSSL 1.0.1u [22 Sep 2016] * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304][]) * SWEET32 Mitigation ([CVE-2016-2183][]) @@ -458,7 +454,7 @@ OpenSSL 1.0.1 * DTLS replay protection DoS ([CVE-2016-2181][]) * Certificate message OOB reads ([CVE-2016-6306][]) -### Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016] ### +### Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016] * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107][]) * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105][]) @@ -471,7 +467,7 @@ OpenSSL 1.0.1 the default. * Only remove the SSLv2 methods with the no-ssl2-method option. -### Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016] ### +### Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016] * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. * Disable SSLv2 default build, default negotiation and weak ciphers @@ -484,12 +480,12 @@ OpenSSL 1.0.1 * Fix memory issues in BIO_*printf functions ([CVE-2016-0799][]) * Fix side channel attack on modular exponentiation ([CVE-2016-0702][]) -### Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016] ### +### Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016] * Protection for DH small subgroup attacks * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197][]) -### Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015] ### +### Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015] * Certificate verify crash with missing PSS parameter ([CVE-2015-3194][]) * X509_ATTRIBUTE memory leak ([CVE-2015-3195][]) @@ -497,16 +493,16 @@ OpenSSL 1.0.1 * In DSA_generate_parameters_ex, if the provided seed is too short, return an error -### Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015] ### +### Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015] * Alternate chains certificate forgery ([CVE-2015-1793][]) * Race condition handling PSK identify hint ([CVE-2015-3196][]) -### Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015] ### +### Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015] * Fix HMAC ABI incompatibility -### Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015] ### +### Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015] * Malformed ECParameters causes infinite loop ([CVE-2015-1788][]) * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789][]) @@ -514,7 +510,7 @@ OpenSSL 1.0.1 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792][]) * Race condition handling NewSessionTicket ([CVE-2015-1791][]) -### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015] ### +### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015] * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286][]) * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287][]) @@ -524,11 +520,11 @@ OpenSSL 1.0.1 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288][]) * Removed the export ciphers from the DEFAULT ciphers -### Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] ### +### Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] * Build fixes for the Windows and OpenVMS platforms -### Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] ### +### Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] * Fix for [CVE-2014-3571][] * Fix for [CVE-2015-0206][] @@ -539,14 +535,14 @@ OpenSSL 1.0.1 * Fix for [CVE-2014-8275][] * Fix for [CVE-2014-3570][] -### Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] ### +### Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] * Fix for [CVE-2014-3513][] * Fix for [CVE-2014-3567][] * Mitigation for [CVE-2014-3566][] (SSL protocol vulnerability) * Fix for [CVE-2014-3568][] -### Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] ### +### Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] * Fix for [CVE-2014-3512][] * Fix for [CVE-2014-3511][] @@ -558,7 +554,7 @@ OpenSSL 1.0.1 * Fix for [CVE-2014-5139][] * Fix for [CVE-2014-3508][] -### Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] ### +### Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] * Fix for [CVE-2014-0224][] * Fix for [CVE-2014-0221][] @@ -567,24 +563,24 @@ OpenSSL 1.0.1 * Fix for [CVE-2014-3470][] * Fix for [CVE-2010-5298][] -### Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] ### +### Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] * Fix for [CVE-2014-0160][] * Add TLS padding extension workaround for broken servers. * Fix for [CVE-2014-0076][] -### Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] ### +### Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] * Don't include gmt_unix_time in TLS server and client random values * Fix for TLS record tampering bug [CVE-2013-4353][] * Fix for TLS version checking bug [CVE-2013-6449][] * Fix for DTLS retransmission bug [CVE-2013-6450][] -### Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013] ### +### Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013] * Corrected fix for [CVE-2013-0169][] -### Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013] ### +### Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013] * Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. * Include the fips configuration module. @@ -592,24 +588,24 @@ OpenSSL 1.0.1 * Fix for SSL/TLS/DTLS CBC plaintext recovery attack [CVE-2013-0169][] * Fix for TLS AESNI record handling flaw [CVE-2012-2686][] -### Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012] ### +### Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012] * Fix TLS/DTLS record length checking bug [CVE-2012-2333][] * Don't attempt to use non-FIPS composite ciphers in FIPS mode. -### Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012] ### +### Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012] * Fix compilation error on non-x86 platforms. * Make FIPS capable OpenSSL ciphers work in non-FIPS mode. * Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0 -### Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012] ### +### Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012] * Fix for ASN1 overflow bug [CVE-2012-2110][] * Workarounds for some servers that hang on long client hellos. * Fix SEGV in AES code. -### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012] ### +### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012] * TLS/DTLS heartbeat support. * SCTP support. @@ -622,16 +618,15 @@ OpenSSL 1.0.1 * Preliminary FIPS capability for unvalidated 2.0 FIPS module. * SRP support. - OpenSSL 1.0.0 ------------- -### Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [3 Dec 2015] ### +### Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [3 Dec 2015] * X509_ATTRIBUTE memory leak ([CVE-2015-3195][]) * Race condition handling PSK identify hint ([CVE-2015-3196][]) -### Major changes between OpenSSL 1.0.0r and OpenSSL 1.0.0s [11 Jun 2015] ### +### Major changes between OpenSSL 1.0.0r and OpenSSL 1.0.0s [11 Jun 2015] * Malformed ECParameters causes infinite loop ([CVE-2015-1788][]) * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789][]) @@ -639,7 +634,7 @@ OpenSSL 1.0.0 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792][]) * Race condition handling NewSessionTicket ([CVE-2015-1791][]) -### Major changes between OpenSSL 1.0.0q and OpenSSL 1.0.0r [19 Mar 2015] ### +### Major changes between OpenSSL 1.0.0q and OpenSSL 1.0.0r [19 Mar 2015] * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286][]) * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287][]) @@ -649,11 +644,11 @@ OpenSSL 1.0.0 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288][]) * Removed the export ciphers from the DEFAULT ciphers -### Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [15 Jan 2015] ### +### Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [15 Jan 2015] * Build fixes for the Windows and OpenVMS platforms -### Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [8 Jan 2015] ### +### Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [8 Jan 2015] * Fix for [CVE-2014-3571][] * Fix for [CVE-2015-0206][] @@ -664,14 +659,14 @@ OpenSSL 1.0.0 * Fix for [CVE-2014-8275][] * Fix for [CVE-2014-3570][] -### Major changes between OpenSSL 1.0.0n and OpenSSL 1.0.0o [15 Oct 2014] ### +### Major changes between OpenSSL 1.0.0n and OpenSSL 1.0.0o [15 Oct 2014] * Fix for [CVE-2014-3513][] * Fix for [CVE-2014-3567][] * Mitigation for [CVE-2014-3566][] (SSL protocol vulnerability) * Fix for [CVE-2014-3568][] -### Major changes between OpenSSL 1.0.0m and OpenSSL 1.0.0n [6 Aug 2014] ### +### Major changes between OpenSSL 1.0.0m and OpenSSL 1.0.0n [6 Aug 2014] * Fix for [CVE-2014-3510][] * Fix for [CVE-2014-3507][] @@ -685,9 +680,9 @@ OpenSSL 1.0.0 * EAP-FAST and other applications using tls_session_secret_cb wont resume sessions. Fixed in 1.0.0n-dev * Compilation failure of s3_pkt.c on some platforms due to missing - include. Fixed in 1.0.0n-dev + `` include. Fixed in 1.0.0n-dev -### Major changes between OpenSSL 1.0.0l and OpenSSL 1.0.0m [5 Jun 2014] ### +### Major changes between OpenSSL 1.0.0l and OpenSSL 1.0.0m [5 Jun 2014] * Fix for [CVE-2014-0224][] * Fix for [CVE-2014-0221][] @@ -697,35 +692,34 @@ OpenSSL 1.0.0 * Fix for [CVE-2014-0076][] * Fix for [CVE-2010-5298][] -### Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014] ### +### Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014] * Fix for DTLS retransmission bug [CVE-2013-6450][] -### Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013] ### +### Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013] * Fix for SSL/TLS/DTLS CBC plaintext recovery attack [CVE-2013-0169][] * Fix OCSP bad key DoS attack [CVE-2013-0166][] -### Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012] ### +### Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012] * Fix DTLS record length checking bug [CVE-2012-2333][] -### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012] ### +### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012] * Fix for ASN1 overflow bug [CVE-2012-2110][] - -### Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012] ### +### Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012] * Fix for CMS/PKCS#7 MMA [CVE-2012-0884][] * Corrected fix for [CVE-2011-4619][] * Various DTLS fixes. -### Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012] ### +### Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012] * Fix for DTLS DoS issue [CVE-2012-0050][] -### Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012] ### +### Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012] * Fix for DTLS plaintext recovery attack [CVE-2011-4108][] * Clear block padding bytes of SSL 3.0 records [CVE-2011-4576][] @@ -733,7 +727,7 @@ OpenSSL 1.0.0 * Check parameters are not NULL in GOST ENGINE [CVE-2012-0027][] * Check for malformed RFC3779 data [CVE-2011-4577][] -### Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011] ### +### Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011] * Fix for CRL vulnerability issue [CVE-2011-3207][] * Fix for ECDH crashes [CVE-2011-3210][] @@ -741,11 +735,11 @@ OpenSSL 1.0.0 * Support ECDH ciphersuites for certificates using SHA2 algorithms. * Various DTLS fixes. -### Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011] ### +### Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011] * Fix for security issue [CVE-2011-0014][] -### Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010] ### +### Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010] * Fix for security issue [CVE-2010-4180][] * Fix for [CVE-2010-4252][] @@ -753,18 +747,18 @@ OpenSSL 1.0.0 * Fix various platform compilation issues. * Corrected fix for security issue [CVE-2010-3864][]. -### Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010] ### +### Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010] * Fix for security issue [CVE-2010-3864][]. * Fix for [CVE-2010-2939][] * Fix WIN32 build system for GOST ENGINE. -### Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010] ### +### Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010] * Fix for security issue [CVE-2010-1633][]. * GOST MAC and CFB fixes. -### Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010] ### +### Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010] * RFC3280 path validation: sufficient to process PKITS tests. * Integrated support for PVK files and keyblobs. @@ -790,12 +784,12 @@ OpenSSL 1.0.0 OpenSSL 0.9.x ------------- -### Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010] ### +### Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010] * CFB cipher definition fixes. * Fix security issues [CVE-2010-0740][] and [CVE-2010-0433][]. -### Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010] ### +### Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010] * Cipher definition fixes. * Workaround for slow RAND_poll() on some WIN32 versions. @@ -807,33 +801,33 @@ OpenSSL 0.9.x * Ticket and SNI coexistence fixes. * Many fixes to DTLS handling. -### Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009] ### +### Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009] * Temporary work around for [CVE-2009-3555][]: disable renegotiation. -### Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009] ### +### Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009] * Fix various build issues. * Fix security issues ([CVE-2009-0590][], [CVE-2009-0591][], [CVE-2009-0789][]) -### Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009] ### +### Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009] * Fix security issue ([CVE-2008-5077][]) * Merge FIPS 140-2 branch code. -### Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008] ### +### Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008] * CryptoAPI ENGINE support. * Various precautionary measures. * Fix for bugs affecting certificate request creation. * Support for local machine keyset attribute in PKCS#12 files. -### Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007] ### +### Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007] * Backport of CMS functionality to 0.9.8. * Fixes for bugs introduced with 0.9.8f. -### Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007] ### +### Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007] * Add gcc 4.2 support. * Add support for AES and SSE2 assembly language optimization @@ -844,23 +838,23 @@ OpenSSL 0.9.x * RFC4507bis support. * TLS Extensions support. -### Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007] ### +### Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007] * Various ciphersuite selection fixes. * RFC3779 support. -### Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006] ### +### Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006] * Introduce limits to prevent malicious key DoS ([CVE-2006-2940][]) * Fix security issues ([CVE-2006-2937][], [CVE-2006-3737][], [CVE-2006-4343][]) * Changes to ciphersuite selection algorithm -### Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006] ### +### Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006] * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339][] * New cipher Camellia -### Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006] ### +### Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006] * Cipher string fixes. * Fixes for VC++ 2005. @@ -870,12 +864,12 @@ OpenSSL 0.9.x * Built in dynamic engine compilation support on Win32. * Fixes auto dynamic engine loading in Win32. -### Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005] ### +### Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005] * Fix potential SSL 2.0 rollback, [CVE-2005-2969][] * Extended Windows CE support -### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005] ### +### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005] * Major work on the BIGNUM library for higher efficiency and to make operations more streamlined and less contradictory. This @@ -949,36 +943,36 @@ OpenSSL 0.9.x * Added initial support for Win64. * Added alternate pkg-config files. -### Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007] ### +### Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007] * FIPS 1.1.1 module linking. * Various ciphersuite selection fixes. -### Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006] ### +### Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006] * Introduce limits to prevent malicious key DoS ([CVE-2006-2940][]) * Fix security issues ([CVE-2006-2937][], [CVE-2006-3737][], [CVE-2006-4343][]) -### Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006] ### +### Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006] * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339][] -### Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006] ### +### Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006] * Visual C++ 2005 fixes. * Update Windows build system for FIPS. -### Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005] ### +### Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005] * Give EVP_MAX_MD_SIZE its old value, except for a FIPS build. -### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005] ### +### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005] * Fix SSL 2.0 Rollback, [CVE-2005-2969][] * Allow use of fixed-length exponent on DSA signing * Default fixed-window RSA, DSA, DH private-key operations -### Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005] ### +### Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005] * More compilation issues fixed. * Adaptation to more modern Kerberos API. @@ -987,7 +981,7 @@ OpenSSL 0.9.x * More constification. * Added processing of proxy certificates (RFC 3820). -### Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005] ### +### Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005] * Several compilation issues fixed. * Many memory allocation failure checks added. @@ -995,12 +989,12 @@ OpenSSL 0.9.x * Mandatory basic checks on certificates. * Performance improvements. -### Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004] ### +### Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004] * Fix race condition in CRL checking code. * Fixes to PKCS#7 (S/MIME) code. -### Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004] ### +### Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004] * Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug * Security: Fix null-pointer assignment in do_change_cipher_spec() @@ -1008,14 +1002,14 @@ OpenSSL 0.9.x * Multiple X509 verification fixes * Speed up HMAC and other operations -### Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003] ### +### Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003] * Security: fix various ASN1 parsing bugs. * New -ignore_err option to OCSP utility. * Various interop and bug fixes in S/MIME code. * SSL/TLS protocol fix for unrequested client certificates. -### Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003] ### +### Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003] * Security: counter the Klima-Pokorny-Rosa extension of Bleichbacher's attack @@ -1026,7 +1020,7 @@ OpenSSL 0.9.x * ASN.1: treat domainComponent correctly. * Documentation: fixes and additions. -### Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003] ### +### Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003] * Security: Important security related bugfixes. * Enhanced compatibility with MIT Kerberos. @@ -1037,7 +1031,7 @@ OpenSSL 0.9.x * SSL/TLS: now handles manual certificate chain building. * SSL/TLS: certain session ID malfunctions corrected. -### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002] ### +### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002] * New library section OCSP. * Complete rewrite of ASN1 code. @@ -1083,23 +1077,23 @@ OpenSSL 0.9.x * SSL/TLS: add callback to retrieve SSL/TLS messages. * SSL/TLS: support AES cipher suites (RFC3268). -### Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003] ### +### Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003] * Security: fix various ASN1 parsing bugs. * SSL/TLS protocol fix for unrequested client certificates. -### Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003] ### +### Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003] * Security: counter the Klima-Pokorny-Rosa extension of Bleichbacher's attack * Security: make RSA blinding default. * Build: shared library support fixes. -### Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003] ### +### Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003] * Important security related bugfixes. -### Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002] ### +### Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002] * New configuration targets for Tandem OSS and A/UX. * New OIDs for Microsoft attributes. @@ -1113,25 +1107,25 @@ OpenSSL 0.9.x * Fixes for smaller building problems. * Updates of manuals, FAQ and other instructive documents. -### Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002] ### +### Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002] * Important building fixes on Unix. -### Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002] ### +### Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002] * Various important bugfixes. -### Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002] ### +### Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002] * Important security related bugfixes. * Various SSL/TLS library bugfixes. -### Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002] ### +### Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002] * Various SSL/TLS library bugfixes. * Fix DH parameter generation for 'non-standard' generators. -### Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001] ### +### Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001] * Various SSL/TLS library bugfixes. * BIGNUM library fixes. @@ -1144,7 +1138,7 @@ OpenSSL 0.9.x Broadcom and Cryptographic Appliance's keyserver [in 0.9.6c-engine release]. -### Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001] ### +### Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001] * Security fix: PRNG improvements. * Security fix: RSA OAEP check. @@ -1161,7 +1155,7 @@ OpenSSL 0.9.x * Increase default size for BIO buffering filter. * Compatibility fixes in some scripts. -### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001] ### +### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001] * Security fix: change behavior of OpenSSL to avoid using environment variables when running as root. @@ -1186,7 +1180,7 @@ OpenSSL 0.9.x * New function BN_rand_range(). * Add "-rand" option to openssl s_client and s_server. -### Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000] ### +### Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000] * Some documentation for BIO and SSL libraries. * Enhanced chain verification using key identifiers. @@ -1201,7 +1195,7 @@ OpenSSL 0.9.x [1] The support for external crypto devices is currently a separate distribution. See the file README.ENGINE. -### Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000] ### +### Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000] * Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 * Shared library support for HPUX and Solaris-gcc @@ -1210,7 +1204,7 @@ OpenSSL 0.9.x * New 'rand' application * New way to check for existence of algorithms from scripts -### Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000] ### +### Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000] * S/MIME support in new 'smime' command * Documentation for the OpenSSL command line application @@ -1246,7 +1240,7 @@ OpenSSL 0.9.x * Enhanced support for Alpha Linux * Experimental MacOS support -### Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999] ### +### Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999] * Transparent support for PKCS#8 format private keys: these are used by several software packages and are more secure than the standard @@ -1257,7 +1251,7 @@ OpenSSL 0.9.x * New pipe-like BIO that allows using the SSL library when actual I/O must be handled by the application (BIO pair) -### Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999] ### +### Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999] * Lots of enhancements and cleanups to the Configuration mechanism * RSA OEAP related fixes @@ -1272,7 +1266,7 @@ OpenSSL 0.9.x * Sparc assembler bignum implementation, optimized hash functions * Option to disable selected ciphers -### Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999] ### +### Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999] * Fixed a security hole related to session resumption * Fixed RSA encryption routines for the p < q case @@ -1295,7 +1289,7 @@ OpenSSL 0.9.x * Lots of memory leak fixes. * Lots of bug fixes. -### Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998] ### +### Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998] * Integration of the popular NO_RSA/NO_DSA patches * Initial support for compression inside the SSL record layer @@ -1307,8 +1301,6 @@ OpenSSL 0.9.x * Adjustments of the source tree for CVS * Support for various new platforms - - [CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 diff --git a/README.md b/README.md index 98a07f7f70..e566d3161c 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,11 @@ +Welcome to the OpenSSL Project +============================== + [![openssl logo][]][www.openssl.org] [![travis badge][]][travis jobs] [![appveyor badge][]][appveyor jobs] - - -Welcome to the OpenSSL Project -============================== - OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit for the Transport Layer Security (TLS) protocol formerly known as the Secure Sockets Layer (SSL) protocol. The protocol implementation is based @@ -19,7 +17,6 @@ and Tim J. Hudson. The official Home Page of the OpenSSL Project is [www.openssl.org][]. - Table of Contents ================= @@ -47,13 +44,13 @@ The OpenSSL toolkit includes: - **openssl** the OpenSSL command line tool, a swiss army knife for cryptographic tasks, testing and analyzing. It can be used for - - creation of key parameters - - creation of X.509 certificates, CSRs and CRLs - - calculation of message digests - - encryption and decryption - - SSL/TLS client and server tests - - handling of S/MIME signed or encrypted mail - - and more... + - creation of key parameters + - creation of X.509 certificates, CSRs and CRLs + - calculation of message digests + - encryption and decryption + - SSL/TLS client and server tests + - handling of S/MIME signed or encrypted mail + - and more... Download ======== @@ -70,7 +67,6 @@ of the OpenSSL toolkit are available. In particular on Linux and other Unix operating systems it is normally recommended to link against the precompiled shared libraries provided by the distributor or vendor. - For Testing and Development --------------------------- @@ -86,22 +82,21 @@ which is updated automatically from the former on every commit. A local copy of the Git Repository can be obtained by cloning it from the original OpenSSL repository using - git clone git://git.openssl.org/openssl.git + git clone git://git.openssl.org/openssl.git or from the GitHub mirror using - git clone https://github.com/openssl/openssl.git + git clone https://github.com/openssl/openssl.git If you intend to contribute to OpenSSL, either to fix bugs or contribute new features, you need to fork the OpenSSL repository openssl/openssl on GitHub and clone your public fork instead. - git clone https://github.com/yourname/openssl.git + git clone https://github.com/yourname/openssl.git This is necessary, because all development of OpenSSL nowadays is done via GitHub pull requests. For more details, see [Contributing](#contributing). - Build and Install ================= @@ -166,7 +161,6 @@ platform. The OpenSSL Project Pages at [openssl.github.io][] are a valuable source of information if you want to get familiar with our development process on GitHub. - Legalities ========== @@ -174,7 +168,6 @@ A number of nations restrict the use or export of cryptography. If you are potentially subject to such restrictions you should seek legal advice before attempting to develop or distribute cryptographic code. - Copyright ========= @@ -184,37 +177,34 @@ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. - [www.openssl.org]: - https://www.openssl.org + "OpenSSL Homepage" [git.openssl.org]: - https://git.openssl.org + "OpenSSL Git Repository" [git.openssl.org]: - https://git.openssl.org + "OpenSSL Git Repository" [github.com/openssl/openssl]: - https://github.com/openssl/openssl + "OpenSSL GitHub Mirror" [openssl.github.io]: - https://mspncp.github.io + "OpenSSL Project Pages" [wiki.openssl.org]: - https://wiki.openssl.org + "OpenSSL Wiki" - [RFC 8446]: - https://tools.ietf.org/html/rfc8446 - + [mailing lists]: https://www.openssl.org/community/mailinglists.html diff --git a/dev/release-aux/README.md b/dev/release-aux/README.md index 9d05ae5f98..01c5a20773 100644 --- a/dev/release-aux/README.md +++ b/dev/release-aux/README.md @@ -1,30 +1,30 @@ Auxilliary files for dev/release.sh =================================== -- release-state-fn.sh +- release-state-fn.sh - This is the main version and state update logic... you could say - that it's the innermost engine for the release mechanism. It - tries to be agnostic of versioning schemes, and relies on - release-version-fn.sh to supply necessary functions that are - specific for versioning schemes. - -- release-version-fn.sh + This is the main version and state update logic... you could say + that it's the innermost engine for the release mechanism. It + tries to be agnostic of versioning schemes, and relies on + release-version-fn.sh to supply necessary functions that are + specific for versioning schemes. - Supplies functions that are specific to versioning schemes: - - get_version() gets the version data from appropriate files. +- release-version-fn.sh - set_version() writes the version data to appropriate files. + Supplies functions that are specific to versioning schemes: - fixup_version() updates the version data, given a first argument - that instructs it what update to do. - -- openssl-announce-pre-release.tmpl and openssl-announce-release.tmpl + get_version() gets the version data from appropriate files. - Templates for announcements - -- fixup-*-release.pl and fixup-*-postrelease.pl + set_version() writes the version data to appropriate files. - Fixup scripts for specific files, to be done for the release - commit and for the post-release commit. + fixup_version() updates the version data, given a first argument + that instructs it what update to do. + +- openssl-announce-pre-release.tmpl and openssl-announce-release.tmpl + + Templates for announcements + +- fixup-*-release.pl and fixup-*-postrelease.pl + + Fixup scripts for specific files, to be done for the release + commit and for the post-release commit. diff --git a/dev/release-aux/fixup-CHANGES.md-postrelease.pl b/dev/release-aux/fixup-CHANGES.md-postrelease.pl index 6592635dc3..0fb2e9134f 100644 --- a/dev/release-aux/fixup-CHANGES.md-postrelease.pl +++ b/dev/release-aux/fixup-CHANGES.md-postrelease.pl @@ -18,11 +18,11 @@ if (/^### Changes between (\S+) and (\S+) \[xx XXX xxxx\]/ # If this is a pre-release, we do nothing if ($RELEASE !~ /^\d+\.\d+\.\d+-(?:alpha|beta)/) { $_ = <<_____ -### Changes between $v2 and $RELEASE_TEXT [xx XXX xxxx] ### +### Changes between $v2 and $RELEASE_TEXT [xx XXX xxxx] * -### Changes between $v1 and $v2 [$PREV_RELEASE_DATE] ### +### Changes between $v1 and $v2 [$PREV_RELEASE_DATE] _____ } } diff --git a/dev/release-aux/fixup-NEWS.md-postrelease.pl b/dev/release-aux/fixup-NEWS.md-postrelease.pl index b1d47264b0..ff41ab29df 100644 --- a/dev/release-aux/fixup-NEWS.md-postrelease.pl +++ b/dev/release-aux/fixup-NEWS.md-postrelease.pl @@ -18,11 +18,11 @@ if (/^### Major changes between OpenSSL (\S+) and OpenSSL (\S+) \[under developm # If this is a pre-release, we do nothing if ($RELEASE !~ /^\d+\.\d+\.\d+-(?:alpha|beta)/) { $_ = <<_____ -### Major changes between OpenSSL $v2 and OpenSSL $RELEASE_TEXT [under development] ### +### Major changes between OpenSSL $v2 and OpenSSL $RELEASE_TEXT [under development] * -### Major changes between OpenSSL $v1 and OpenSSL $v2 [$PREV_RELEASE_DATE] ### +### Major changes between OpenSSL $v1 and OpenSSL $v2 [$PREV_RELEASE_DATE] _____ } } diff --git a/fuzz/README.md b/fuzz/README.md index eca15886f7..c8dbf454b0 100644 --- a/fuzz/README.md +++ b/fuzz/README.md @@ -1,7 +1,10 @@ -# I Can Haz Fuzz? +Fuzzing OpenSSL +=============== + +OpenSSL can use either LibFuzzer or AFL to do fuzzing. LibFuzzer -========= +--------- How to fuzz OpenSSL with [libfuzzer](http://llvm.org/docs/LibFuzzer.html), starting from a vanilla+OpenSSH server Ubuntu install. @@ -68,7 +71,7 @@ prebuilt fuzzer library. This is represented as `$PATH_TO_LIBFUZZER_DIR` below. --debug AFL -=== +--- This is an alternative to using LibFuzzer. @@ -92,7 +95,7 @@ Run one of the fuzzers: Where $FUZZER is one of the executables in `fuzz/`. Reproducing issues -================== +------------------ If a fuzzer generates a reproducible error, you can reproduce the problem using the fuzz/*-test binaries and the file generated by the fuzzer. They binaries @@ -108,7 +111,7 @@ To reproduce the crash you can run: fuzz/$FUZZER-test $file Random numbers -============== +-------------- The client and server fuzzer normally generate random numbers as part of the TLS connection setup. This results in the coverage of the fuzzing corpus changing @@ -127,16 +130,17 @@ the same client hello with the same random number in it, and so the server, as emulated by the file, can be generated for that client hello. Coverage changes -================ +---------------- Since the corpus depends on the default behaviour of the client and the server, changes in what they send by default will have an impact on the coverage. The corpus will need to be updated in that case. Updating the corpus -=================== +------------------- The client and server corpus is generated with multiple config options: + - The options as documented above - Without enable-ec_nistp_64_gcc_128 and without --debug - With no-asm @@ -147,7 +151,7 @@ The libfuzzer merge option is used to add the additional coverage from each config to the minimal set. Minimizing the corpus -===================== +--------------------- When you have gathered corpus data from more than one fuzzer run or for any other reason want to to minimize the data diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 42a25189a2..6ae10fdc18 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -1,4 +1,5 @@ -# SSL tests +SSL tests +========= SSL testcases are configured in the `ssl-tests` directory. @@ -14,20 +15,19 @@ corresponding to the default configuration. These testcases live in For more details, see `ssl-tests/01-simple.cnf.in` for an example. -## Configuring the test +Configuring the test +-------------------- First, give your test a name. The names do not have to be unique. An example test input looks like this: -``` { name => "test-default", server => { "CipherString" => "DEFAULT" }, client => { "CipherString" => "DEFAULT" }, test => { "ExpectedResult" => "Success" }, } -``` The test section supports the following options @@ -111,19 +111,18 @@ handshake. If this is "empty" the list is expected to be empty otherwise it is a file of certificates whose subject names form the list. -## Configuring the client and server +Configuring the client and server +--------------------------------- The client and server configurations can be any valid `SSL_CTX` configurations. For details, see the manpages for `SSL_CONF_cmd`. Give your configurations as a dictionary of CONF commands, e.g. -``` -server => { - "CipherString" => "DEFAULT", - "MinProtocol" => "TLSv1", -} -``` + server => { + "CipherString" => "DEFAULT", + "MinProtocol" => "TLSv1", + } The following sections may optionally be defined: @@ -146,14 +145,12 @@ The following sections may optionally be defined: Additional handshake settings can be configured in the `extra` section of each client and server: -``` -client => { - "CipherString" => "DEFAULT", - extra => { - "ServerName" => "server2", + client => { + "CipherString" => "DEFAULT", + extra => { + "ServerName" => "server2", + } } -} -``` #### Supported client-side options @@ -202,21 +199,18 @@ automatically. Server certificate verification is requested by default. You can override these options by redefining them: -``` -client => { - "VerifyCAFile" => "/path/to/custom/file" -} -``` + client => { + "VerifyCAFile" => "/path/to/custom/file" + } or by deleting them -``` -client => { - "VerifyCAFile" => undef -} -``` + client => { + "VerifyCAFile" => undef + } -## Adding a test to the test harness +Adding a test to the test harness +--------------------------------- 1. Add a new test configuration to `test/ssl-tests`, following the examples of existing `*.cnf.in` files (for example, `01-simple.cnf.in`). @@ -224,33 +218,26 @@ client => { 2. Generate the generated `*.cnf` test input file. You can do so by running `generate_ssl_tests.pl`: -``` -$ ./config -$ cd test -$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/my.cnf.in default \ - > ssl-tests/my.cnf -``` + $ ./config + $ cd test + $ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl \ + ssl-tests/my.cnf.in default > ssl-tests/my.cnf where `my.cnf.in` is your test input file and `default` is the provider to use. For all the pre-generated test files you should use the default provider. For example, to generate the test cases in `ssl-tests/01-simple.cnf.in`, do -``` -$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/01-simple.cnf.in default > ssl-tests/01-simple.cnf -``` + $ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl \ + ssl-tests/01-simple.cnf.in default > ssl-tests/01-simple.cnf Alternatively (hackish but simple), you can comment out -``` -unlink glob $tmp_file; -``` + unlink glob $tmp_file; in `test/recipes/80-test_ssl_new.t` and run -``` -$ make TESTS=test_ssl_new test -``` + $ make TESTS=test_ssl_new test This will save the generated output in a `*.tmp` file in the build directory. @@ -258,13 +245,13 @@ This will save the generated output in a `*.tmp` file in the build directory. the test suite has any skip conditions, update those too (see `test/recipes/80-test_ssl_new.t` for details). -## Running the tests with the test harness +Running the tests with the test harness +--------------------------------------- -``` -HARNESS_VERBOSE=yes make TESTS=test_ssl_new test -``` + HARNESS_VERBOSE=yes make TESTS=test_ssl_new test -## Running a test manually +Running a test manually +----------------------- These steps are only needed during development. End users should run `make test` or follow the instructions above to run the SSL test suite. @@ -273,17 +260,13 @@ To run an SSL test manually from the command line, the `TEST_CERTS_DIR` environment variable to point to the location of the certs. E.g., from the root OpenSSL directory, do -``` -$ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs test/ssl_test \ - test/ssl-tests/01-simple.cnf -``` + $ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs test/ssl_test \ + test/ssl-tests/01-simple.cnf or for shared builds -``` -$ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs \ - util/wrap.pl test/ssl_test test/ssl-tests/01-simple.cnf -``` + $ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs \ + util/wrap.pl test/ssl_test test/ssl-tests/01-simple.cnf Note that the test expectations sometimes depend on the Configure settings. For example, the negotiated protocol depends on the set of available (enabled) diff --git a/util/markdownlint.rb b/util/markdownlint.rb new file mode 100644 index 0000000000..75eb21ecb8 --- /dev/null +++ b/util/markdownlint.rb @@ -0,0 +1,21 @@ +# markdownlint style rules for OpenSSL +# See https://github.com/markdownlint/markdownlint/blob/master/docs/RULES.md + +all + +# Use --- and === for H1 and H2. +rule 'MD003', :style => :setext_with_atx +# Code blocks are indented +rule 'MD046', :style => :indented + +# Bug in mdl, https://github.com/markdownlint/markdownlint/issues/313 +exclude_rule 'MD007' + +exclude_rule 'MD004' # Unordered list style TODO(fix?) +exclude_rule 'MD005' # Inconsistent indentation for list items at the same level +exclude_rule 'MD006' # Consider starting bulleted lists at the beginning of the line +exclude_rule 'MD014' # Dollar signs used before commands without showing output +exclude_rule 'MD024' # Multiple headers with the same content +exclude_rule 'MD025' # Multiple top level headers in the same document +exclude_rule 'MD029' # Ordered list item prefix +exclude_rule 'MD036' # Emphasis used instead of a header From builds at travis-ci.org Fri May 8 14:16:38 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 08 May 2020 14:16:38 +0000 Subject: Errored: openssl/openssl#34476 (OpenSSL_1_1_1-stable - 6b057f7) In-Reply-To: Message-ID: <5eb569c63d1b4_13f8744ac869437689@travis-tasks-5f858fc6d7-h8ksm.mail> Build Update for openssl/openssl ------------------------------------- Build: #34476 Status: Errored Duration: 22 mins and 20 secs Commit: 6b057f7 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Remove AES bitsliced S-box implementation from Boyar and Peralta [extended tests] Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11626) View the changeset: https://github.com/openssl/openssl/compare/d07e8b0ae66e...6b057f75074a View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/684682791?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri May 8 15:16:25 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 08 May 2020 15:16:25 +0000 Subject: Errored: openssl/openssl#34478 (master - 257e9d0) In-Reply-To: Message-ID: <5eb577c43793d_13f838399528c692a7@travis-tasks-5f858fc6d7-dkx2j.mail> Build Update for openssl/openssl ------------------------------------- Build: #34478 Status: Errored Duration: 52 mins and 18 secs Commit: 257e9d0 (master) Author: Rich Salz Message: Fix issues reported by markdownlint Reviewed-by: Tomas Mraz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/11739) View the changeset: https://github.com/openssl/openssl/compare/c7fa92979c59...257e9d03b028 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/684706978?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kaduk at mit.edu Fri May 8 20:54:51 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Fri, 08 May 2020 20:54:51 +0000 Subject: [openssl] master update Message-ID: <1588971291.235589.6591.nullmailer@dev.openssl.org> The branch master has been updated via 0324ffc5d5d393111288eca2c9d67f2141ed65f5 (commit) from 257e9d03b028402089c9f98f3acb25ba668c09af (commit) - Log ----------------------------------------------------------------- commit 0324ffc5d5d393111288eca2c9d67f2141ed65f5 Author: Maximilian Blenk Date: Tue Apr 7 19:33:39 2020 +0200 Fix PEM certificate loading that sometimes fails As described in https://github.com/openssl/openssl/issues/9187, the loading of PEM certificates sometimes fails if a line of base64 content has the length of a multiple of 254. The problem is in get_header_and_data(). When such a line with a length of 254 (or a multiple) has been read, the next read will only read a newline. Due to this get_header_and_data() expects to be in the header not in the data area. This commit fixes that by checking if lines have been read completely or only partially. In case of a previous partial read, a newline will be ignored. Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11741) ----------------------------------------------------------------------- Summary of changes: crypto/pem/pem_lib.c | 28 ++++++++++++++++------ test/recipes/04-test_pem.t | 3 +++ .../04-test_pem_data/cert-254-chars-at-the-end.pem | 6 +++++ .../cert-254-chars-in-the-middle.pem | 5 ++++ .../cert-oneline-multiple-of-254.pem | 3 +++ 5 files changed, 38 insertions(+), 7 deletions(-) create mode 100644 test/recipes/04-test_pem_data/cert-254-chars-at-the-end.pem create mode 100644 test/recipes/04-test_pem_data/cert-254-chars-in-the-middle.pem create mode 100644 test/recipes/04-test_pem_data/cert-oneline-multiple-of-254.pem diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index e059328aee..f5ed70d6b4 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -806,7 +806,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, { BIO *tmp = *header; char *linebuf, *p; - int len, line, ret = 0, end = 0; + int len, line, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0; /* 0 if not seen (yet), 1 if reading header, 2 if finished header */ enum header_status got_header = MAYBE_HEADER; unsigned int flags_mask; @@ -828,6 +828,14 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, goto err; } + /* + * Check if line has been read completely or if only part of the line + * has been read. Keep the previous value to ignore newlines that + * appear due to reading a line up until the char before the newline. + */ + prev_partial_line_read = partial_line_read; + partial_line_read = len == LINESIZE-1 && linebuf[LINESIZE-2] != '\n'; + if (got_header == MAYBE_HEADER) { if (memchr(linebuf, ':', len) != NULL) got_header = IN_HEADER; @@ -838,13 +846,19 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, /* Check for end of header. */ if (linebuf[0] == '\n') { - if (got_header == POST_HEADER) { - /* Another blank line is an error. */ - PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); - goto err; + /* + * If previous line has been read only partially this newline is a + * regular newline at the end of a line and not an empty line. + */ + if (!prev_partial_line_read) { + if (got_header == POST_HEADER) { + /* Another blank line is an error. */ + PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); + goto err; + } + got_header = POST_HEADER; + tmp = *data; } - got_header = POST_HEADER; - tmp = *data; continue; } diff --git a/test/recipes/04-test_pem.t b/test/recipes/04-test_pem.t index 0e6e419519..d553bec0a8 100644 --- a/test/recipes/04-test_pem.t +++ b/test/recipes/04-test_pem.t @@ -28,6 +28,8 @@ my %cert_expected = ( "cert-1023line.pem" => 1, "cert-1024line.pem" => 1, "cert-1025line.pem" => 1, + "cert-254-chars-at-the-end.pem" => 1, + "cert-254-chars-in-the-middle.pem" => 1, "cert-255line.pem" => 1, "cert-256line.pem" => 1, "cert-257line.pem" => 1, @@ -43,6 +45,7 @@ my %cert_expected = ( "cert-misalignedpad.pem" => 0, "cert-onecolumn.pem" => 1, "cert-oneline.pem" => 1, + "cert-oneline-multiple-of-254.pem" => 1, "cert-shortandlongline.pem" => 1, "cert-shortline.pem" => 1, "cert-threecolumn.pem" => 1, diff --git a/test/recipes/04-test_pem_data/cert-254-chars-at-the-end.pem b/test/recipes/04-test_pem_data/cert-254-chars-at-the-end.pem new file mode 100644 index 0000000000..0b6a3ba3ba --- /dev/null +++ b/test/recipes/04-test_pem_data/cert-254-chars-at-the-end.pem @@ -0,0 +1,6 @@ +-----BEGIN CERTIFICATE----- +MIIEcjCCAyegAwIBAgIUPLgYY73GEwkikNCKRJrcbCR+TbQwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkFVMWMwYQYDVQQIDFpUaGUgR3JlYXQgU3RhdGUgb2YgTG9uZy1XaW5kZWQgQ2VydGlmaWNhdGUgRmllbGQgTmFtZXMgV2hlcmVieSB0byBJbmNyZWFzZSB0aGUgT3V0cHV0IFNpemUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDA0MDcwMDAwNDJaFw0zMDA0MDUwMDAwNDJaMIGVMQswCQYDVQQGEwJBVTFjMGEGA1UECAxaVGhlIEdyZWF0IFN0YXRlIG9mIExvbmctV2luZGVkIENlcnRpZmljYXRlIEZpZWxkIE5hbWVzIFdoZXJlYnkgdG8gSW5jcmVhc2UgdGhlIE91dHB1dCBTaXplMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggFUMA0GCSqGSIb3DQEBAQUAA4IBQQAwggE8AoIBMwLf +mipKB41NPXrbp/T5eu+fndvZq72N/Tq0vZp2dRoz89NEFC3jYVBjp4pmVwCS9F/fGX1tnVfhb9k/4fqiI/y9lBVzxaHyMG/pt0D2nTS8iaMTM7uBeRvB5rUZlEbU8uvv4GXu3CeP/NnVceXruGbPb4IpjfoUbGLvn5oK35h8a+LNY5f7QRBlAXtUwYrdxVzT+CqQ4wIAuqoIVXgRIweveS1ArbS8hOtsVnu1bUAQVKqORHx8gtbOyiA4heTCEOkwh45YV6KW+uLI1wTeE4E9erlI4RwZ7umbBnQai/hYL//AUfQKQhpGbgfyJrS0UYY7WEP/mcFQh0U2EBTXtAy/e4XPiftViR3+pd+G2TJ/JFofDDzJRrceeo +9tUnMr0pKtU7oB77lSKgsruKKkhn6lLH8CAwEAAaNTMFEwHQYDVR0OBBYEFIkawSiFUdL6G3jw8qg1WQI8Xi4rMB8GA1UdIwQYMBaAFIkawSiFUdL6G3jw8qg1WQI8Xi4rMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggE0AAHe/+71vykcq9BQ5h2X7MpnkE5n0Yn0Xi24uuCpv59JjABmOdaeT6XBQ5UJN8WfidawgzbJ6WiWgjflaMfRfjsdCJRgvdw0gfXXXrsseJMeMYnw1hQTGuB83BKjXBdL6zb45qGf2Fgjm3aNW2NUVM+Q2QfMjo +Kx13hTyDh9l5nOhMv/Rkygcx1Row2WbkvrhxvCLxY0VhL7RuPV8K0ogKicv8VJgQriOUVTTkqBP1xUimKSTaNaZ8KAnC7thxxZHxsNa45a6AouPSzyAOPZQgCJW83OIFxvWsdYU1KvP1wmoi1XC9giSQ/5sLPu/eAYTzmY+Xd6Sq8dF8uyodeI2gFu3AzC28PVKeUriIGfxaqEUn+aXx5W+r8JTE6fQ9mBo9YxJBXG+OTIFgHR27q2dJwqK9c= +-----END CERTIFICATE----- diff --git a/test/recipes/04-test_pem_data/cert-254-chars-in-the-middle.pem b/test/recipes/04-test_pem_data/cert-254-chars-in-the-middle.pem new file mode 100644 index 0000000000..cc9076b49f --- /dev/null +++ b/test/recipes/04-test_pem_data/cert-254-chars-in-the-middle.pem @@ -0,0 +1,5 @@ +-----BEGIN CERTIFICATE----- +MIIEcjCCAyegAwIBAgIUPLgYY73GEwkikNCKRJrcbCR+TbQwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkFVMWMwYQYDVQQIDFpUaGUgR3JlYXQgU3RhdGUgb2YgTG9uZy1XaW5kZWQgQ2VydGlmaWNhdGUgRmllbGQgTmFtZXMgV2hlcmVieSB0byBJbmNyZWFzZSB0aGUgT +3V0cHV0IFNpemUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDA0MDcwMDAwNDJaFw0zMDA0MDUwMDAwNDJaMIGVMQswCQYDVQQGEwJBVTFjMGEGA1UECAxaVGhlIEdyZWF0IFN0YXRlIG9mIExvbmctV2luZGVkIENlcnRpZmljYXRlIEZpZWxkIE5hbWVzIFdoZXJlYnkgdG8gSW5jcmVhc2UgdGhlIE91dHB1dCB +TaXplMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggFUMA0GCSqGSIb3DQEBAQUAA4IBQQAwggE8AoIBMwLfmipKB41NPXrbp/T5eu+fndvZq72N/Tq0vZp2dRoz89NEFC3jYVBjp4pmVwCS9F/fGX1tnVfhb9k/4fqiI/y9lBVzxaHyMG/pt0D2nTS8iaMTM7uBeRvB5rUZlEbU8uvv4GXu3CeP/NnVceXruGbPb4IpjfoUbGLvn5oK35h8a+LNY5f7QRBlAXtUwYrdxVzT+CqQ4wIAuqoIVXgRIweveS1ArbS8hOtsVnu1bUAQVKqORHx8gtbOyiA4heTCEOkwh45YV6KW+uLI1wTeE4E9erlI4RwZ7umbBnQai/hYL//AUfQKQhpGbgfyJrS0UYY7WEP/mcFQh0U2EBTXtAy/e4XPiftViR3+pd+G2TJ/JFofDDzJRrceeo9tUnMr0pKtU7oB77lSKgsruKKkhn6lLH8CAwEAAaNTMFEwHQYDVR0OBBYEFIkawSiFUdL6G3jw8qg1WQI8Xi4rMB8GA1UdIwQYMBaAFIkawSiFUdL6G3jw8qg1WQI8Xi4rMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggE0AAHe/+71vykcq9BQ5h2X7MpnkE5n0Yn0Xi24uuCpv59JjABmOdaeT6XBQ5UJN8WfidawgzbJ6WiWgjflaMfRfjsdCJRgvdw0gfXXXrsseJMeMYnw1hQTGuB83BKjXBdL6zb45qGf2Fgjm3aNW2NUVM+Q2QfMjoKx13hTyDh9l5nOhMv/Rkygcx1Row2WbkvrhxvCLxY0VhL7RuPV8K0ogKicv8VJgQriOUVTTkqBP1xUimKSTaNaZ8KAnC7thxxZHxsNa45a6AouPSzyAOPZQgCJW83OIFxvWsdYU1KvP1wmoi1XC9giSQ/5sLPu/eAYTzmY+Xd6Sq8dF8uyodeI2gFu3AzC28PVKeUriIGfxaqEUn+aXx5W+r8JTE6fQ9mBo9YxJBXG+OTIFgHR27q2dJwqK9c= +-----END CERTIFICATE----- diff --git a/test/recipes/04-test_pem_data/cert-oneline-multiple-of-254.pem b/test/recipes/04-test_pem_data/cert-oneline-multiple-of-254.pem new file mode 100644 index 0000000000..e0af85959d --- /dev/null +++ b/test/recipes/04-test_pem_data/cert-oneline-multiple-of-254.pem @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIEcjCCAyegAwIBAgIUPLgYY73GEwkikNCKRJrcbCR+TbQwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkFVMWMwYQYDVQQIDFpUaGUgR3JlYXQgU3RhdGUgb2YgTG9uZy1XaW5kZWQgQ2VydGlmaWNhdGUgRmllbGQgTmFtZXMgV2hlcmVieSB0byBJbmNyZWFzZSB0aGUgT3V0cHV0IFNpemUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDA0MDcwMDAwNDJaFw0zMDA0MDUwMDAwNDJaMIGVMQswCQYDVQQGEwJBVTFjMGEGA1UECAxaVGhlIEdyZWF0IFN0YXRlIG9mIExvbmctV2luZGVkIENlcnRpZmljYXRlIEZpZWxkIE5hbWVzIFdoZXJlYnkgdG8gSW5jcmVhc2UgdGhlIE91dHB1dCBTaXplMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggFUMA0GCSqGSIb3DQEBAQUAA4IBQQAwggE8AoIBMwLfmipKB41NPXrbp/T5eu+fndvZq72N/Tq0vZp2dRoz89NEFC3jYVBjp4pmVwCS9F/fGX1tnVfhb9k/4fqiI/y9lBVzxaHyMG/pt0D2nTS8iaMTM7uBeRvB5rUZlEbU8uvv4GXu3CeP/NnVceXruGbPb4IpjfoUbGLvn5oK35h8a+LNY5f7QRBlAXtUwYrdxVzT+CqQ4wIAuqoIVXgRIweveS1ArbS8hOtsVnu1bUAQVKqORHx8gtbOyiA4heTCEOkwh45YV6KW+uLI1wTeE4E9erlI4RwZ7umbBnQai/hYL//AUfQKQhpGbgfyJrS0UYY7WEP/mcFQh0U2EBTXtAy/e4XPiftViR3+pd+G2TJ/JFofDDzJRrceeo9tUnMr0pKtU7oB77lSKgsruKKkhn6lLH8CAwEAAaNTMFEwHQYDVR0OBBYEFIkawSiFUdL6G3jw8qg1WQI8Xi4rMB8GA1UdIwQYMBaAFIkawSiFUdL6G3jw8qg1WQI8Xi4rMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggE0AAHe/+71vykcq9BQ5h2X7MpnkE5n0Yn0Xi24uuCpv59JjABmOdaeT6XBQ5UJN8WfidawgzbJ6WiWgjflaMfRfjsdCJRgvdw0gfXXXrsseJMeMYnw1hQTGuB83BKjXBdL6zb45qGf2Fgjm3aNW2NUVM+Q2QfMjoKx13hTyDh9l5nOhMv/Rkygcx1Row2WbkvrhxvCLxY0VhL7RuPV8K0ogKicv8VJgQriOUVTTkqBP1xUimKSTaNaZ8KAnC7thxxZHxsNa45a6AouPSzyAOPZQgCJW83OIFxvWsdYU1KvP1wmoi1XC9giSQ/5sLPu/eAYTzmY+Xd6Sq8dF8uyodeI2gFu3AzC28PVKeUriIGfxaqEUn+aXx5W+r8JTE6fQ9mBo9YxJBXG+OTIFgHR27q2dJwqK9c= +-----END CERTIFICATE----- From kaduk at mit.edu Fri May 8 21:07:19 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Fri, 08 May 2020 21:07:19 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1588972039.052956.15493.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 69296e264e58334620f541d09a4e381ee45542d4 (commit) from 6b057f75074a9061147d7e64fc77db85e310db47 (commit) - Log ----------------------------------------------------------------- commit 69296e264e58334620f541d09a4e381ee45542d4 Author: Maximilian Blenk Date: Tue Apr 7 19:33:39 2020 +0200 Fix PEM certificate loading that sometimes fails As described in https://github.com/openssl/openssl/issues/9187, the loading of PEM certificates sometimes fails if a line of base64 content has the length of a multiple of 254. The problem is in get_header_and_data(). When such a line with a length of 254 (or a multiple) has been read, the next read will only read a newline. Due to this get_header_and_data() expects to be in the header not in the data area. This commit fixes that by checking if lines have been read completely or only partially. In case of a previous partial read, a newline will be ignored. Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11741) (cherry picked from commit 0324ffc5d5d393111288eca2c9d67f2141ed65f5) ----------------------------------------------------------------------- Summary of changes: crypto/pem/pem_lib.c | 28 ++++++++++++++++------ test/recipes/04-test_pem.t | 3 +++ .../04-test_pem_data/cert-254-chars-at-the-end.pem | 6 +++++ .../cert-254-chars-in-the-middle.pem | 5 ++++ .../cert-oneline-multiple-of-254.pem | 3 +++ 5 files changed, 38 insertions(+), 7 deletions(-) create mode 100644 test/recipes/04-test_pem_data/cert-254-chars-at-the-end.pem create mode 100644 test/recipes/04-test_pem_data/cert-254-chars-in-the-middle.pem create mode 100644 test/recipes/04-test_pem_data/cert-oneline-multiple-of-254.pem diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 64baf7108e..0d79f4aea0 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -791,7 +791,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, { BIO *tmp = *header; char *linebuf, *p; - int len, line, ret = 0, end = 0; + int len, line, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0; /* 0 if not seen (yet), 1 if reading header, 2 if finished header */ enum header_status got_header = MAYBE_HEADER; unsigned int flags_mask; @@ -813,6 +813,14 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, goto err; } + /* + * Check if line has been read completely or if only part of the line + * has been read. Keep the previous value to ignore newlines that + * appear due to reading a line up until the char before the newline. + */ + prev_partial_line_read = partial_line_read; + partial_line_read = len == LINESIZE-1 && linebuf[LINESIZE-2] != '\n'; + if (got_header == MAYBE_HEADER) { if (memchr(linebuf, ':', len) != NULL) got_header = IN_HEADER; @@ -823,13 +831,19 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, /* Check for end of header. */ if (linebuf[0] == '\n') { - if (got_header == POST_HEADER) { - /* Another blank line is an error. */ - PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); - goto err; + /* + * If previous line has been read only partially this newline is a + * regular newline at the end of a line and not an empty line. + */ + if (!prev_partial_line_read) { + if (got_header == POST_HEADER) { + /* Another blank line is an error. */ + PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); + goto err; + } + got_header = POST_HEADER; + tmp = *data; } - got_header = POST_HEADER; - tmp = *data; continue; } diff --git a/test/recipes/04-test_pem.t b/test/recipes/04-test_pem.t index c321611119..e26127564f 100644 --- a/test/recipes/04-test_pem.t +++ b/test/recipes/04-test_pem.t @@ -28,6 +28,8 @@ my %cert_expected = ( "cert-1023line.pem" => 1, "cert-1024line.pem" => 1, "cert-1025line.pem" => 1, + "cert-254-chars-at-the-end.pem" => 1, + "cert-254-chars-in-the-middle.pem" => 1, "cert-255line.pem" => 1, "cert-256line.pem" => 1, "cert-257line.pem" => 1, @@ -42,6 +44,7 @@ my %cert_expected = ( "cert-misalignedpad.pem" => 0, "cert-onecolumn.pem" => 1, "cert-oneline.pem" => 1, + "cert-oneline-multiple-of-254.pem" => 1, "cert-shortandlongline.pem" => 1, "cert-shortline.pem" => 1, "cert-threecolumn.pem" => 1, diff --git a/test/recipes/04-test_pem_data/cert-254-chars-at-the-end.pem b/test/recipes/04-test_pem_data/cert-254-chars-at-the-end.pem new file mode 100644 index 0000000000..0b6a3ba3ba --- /dev/null +++ b/test/recipes/04-test_pem_data/cert-254-chars-at-the-end.pem @@ -0,0 +1,6 @@ +-----BEGIN CERTIFICATE----- +MIIEcjCCAyegAwIBAgIUPLgYY73GEwkikNCKRJrcbCR+TbQwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkFVMWMwYQYDVQQIDFpUaGUgR3JlYXQgU3RhdGUgb2YgTG9uZy1XaW5kZWQgQ2VydGlmaWNhdGUgRmllbGQgTmFtZXMgV2hlcmVieSB0byBJbmNyZWFzZSB0aGUgT3V0cHV0IFNpemUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDA0MDcwMDAwNDJaFw0zMDA0MDUwMDAwNDJaMIGVMQswCQYDVQQGEwJBVTFjMGEGA1UECAxaVGhlIEdyZWF0IFN0YXRlIG9mIExvbmctV2luZGVkIENlcnRpZmljYXRlIEZpZWxkIE5hbWVzIFdoZXJlYnkgdG8gSW5jcmVhc2UgdGhlIE91dHB1dCBTaXplMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggFUMA0GCSqGSIb3DQEBAQUAA4IBQQAwggE8AoIBMwLf +mipKB41NPXrbp/T5eu+fndvZq72N/Tq0vZp2dRoz89NEFC3jYVBjp4pmVwCS9F/fGX1tnVfhb9k/4fqiI/y9lBVzxaHyMG/pt0D2nTS8iaMTM7uBeRvB5rUZlEbU8uvv4GXu3CeP/NnVceXruGbPb4IpjfoUbGLvn5oK35h8a+LNY5f7QRBlAXtUwYrdxVzT+CqQ4wIAuqoIVXgRIweveS1ArbS8hOtsVnu1bUAQVKqORHx8gtbOyiA4heTCEOkwh45YV6KW+uLI1wTeE4E9erlI4RwZ7umbBnQai/hYL//AUfQKQhpGbgfyJrS0UYY7WEP/mcFQh0U2EBTXtAy/e4XPiftViR3+pd+G2TJ/JFofDDzJRrceeo +9tUnMr0pKtU7oB77lSKgsruKKkhn6lLH8CAwEAAaNTMFEwHQYDVR0OBBYEFIkawSiFUdL6G3jw8qg1WQI8Xi4rMB8GA1UdIwQYMBaAFIkawSiFUdL6G3jw8qg1WQI8Xi4rMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggE0AAHe/+71vykcq9BQ5h2X7MpnkE5n0Yn0Xi24uuCpv59JjABmOdaeT6XBQ5UJN8WfidawgzbJ6WiWgjflaMfRfjsdCJRgvdw0gfXXXrsseJMeMYnw1hQTGuB83BKjXBdL6zb45qGf2Fgjm3aNW2NUVM+Q2QfMjo +Kx13hTyDh9l5nOhMv/Rkygcx1Row2WbkvrhxvCLxY0VhL7RuPV8K0ogKicv8VJgQriOUVTTkqBP1xUimKSTaNaZ8KAnC7thxxZHxsNa45a6AouPSzyAOPZQgCJW83OIFxvWsdYU1KvP1wmoi1XC9giSQ/5sLPu/eAYTzmY+Xd6Sq8dF8uyodeI2gFu3AzC28PVKeUriIGfxaqEUn+aXx5W+r8JTE6fQ9mBo9YxJBXG+OTIFgHR27q2dJwqK9c= +-----END CERTIFICATE----- diff --git a/test/recipes/04-test_pem_data/cert-254-chars-in-the-middle.pem b/test/recipes/04-test_pem_data/cert-254-chars-in-the-middle.pem new file mode 100644 index 0000000000..cc9076b49f --- /dev/null +++ b/test/recipes/04-test_pem_data/cert-254-chars-in-the-middle.pem @@ -0,0 +1,5 @@ +-----BEGIN CERTIFICATE----- +MIIEcjCCAyegAwIBAgIUPLgYY73GEwkikNCKRJrcbCR+TbQwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkFVMWMwYQYDVQQIDFpUaGUgR3JlYXQgU3RhdGUgb2YgTG9uZy1XaW5kZWQgQ2VydGlmaWNhdGUgRmllbGQgTmFtZXMgV2hlcmVieSB0byBJbmNyZWFzZSB0aGUgT +3V0cHV0IFNpemUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDA0MDcwMDAwNDJaFw0zMDA0MDUwMDAwNDJaMIGVMQswCQYDVQQGEwJBVTFjMGEGA1UECAxaVGhlIEdyZWF0IFN0YXRlIG9mIExvbmctV2luZGVkIENlcnRpZmljYXRlIEZpZWxkIE5hbWVzIFdoZXJlYnkgdG8gSW5jcmVhc2UgdGhlIE91dHB1dCB +TaXplMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggFUMA0GCSqGSIb3DQEBAQUAA4IBQQAwggE8AoIBMwLfmipKB41NPXrbp/T5eu+fndvZq72N/Tq0vZp2dRoz89NEFC3jYVBjp4pmVwCS9F/fGX1tnVfhb9k/4fqiI/y9lBVzxaHyMG/pt0D2nTS8iaMTM7uBeRvB5rUZlEbU8uvv4GXu3CeP/NnVceXruGbPb4IpjfoUbGLvn5oK35h8a+LNY5f7QRBlAXtUwYrdxVzT+CqQ4wIAuqoIVXgRIweveS1ArbS8hOtsVnu1bUAQVKqORHx8gtbOyiA4heTCEOkwh45YV6KW+uLI1wTeE4E9erlI4RwZ7umbBnQai/hYL//AUfQKQhpGbgfyJrS0UYY7WEP/mcFQh0U2EBTXtAy/e4XPiftViR3+pd+G2TJ/JFofDDzJRrceeo9tUnMr0pKtU7oB77lSKgsruKKkhn6lLH8CAwEAAaNTMFEwHQYDVR0OBBYEFIkawSiFUdL6G3jw8qg1WQI8Xi4rMB8GA1UdIwQYMBaAFIkawSiFUdL6G3jw8qg1WQI8Xi4rMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggE0AAHe/+71vykcq9BQ5h2X7MpnkE5n0Yn0Xi24uuCpv59JjABmOdaeT6XBQ5UJN8WfidawgzbJ6WiWgjflaMfRfjsdCJRgvdw0gfXXXrsseJMeMYnw1hQTGuB83BKjXBdL6zb45qGf2Fgjm3aNW2NUVM+Q2QfMjoKx13hTyDh9l5nOhMv/Rkygcx1Row2WbkvrhxvCLxY0VhL7RuPV8K0ogKicv8VJgQriOUVTTkqBP1xUimKSTaNaZ8KAnC7thxxZHxsNa45a6AouPSzyAOPZQgCJW83OIFxvWsdYU1KvP1wmoi1XC9giSQ/5sLPu/eAYTzmY+Xd6Sq8dF8uyodeI2gFu3AzC28PVKeUriIGfxaqEUn+aXx5W+r8JTE6fQ9mBo9YxJBXG+OTIFgHR27q2dJwqK9c= +-----END CERTIFICATE----- diff --git a/test/recipes/04-test_pem_data/cert-oneline-multiple-of-254.pem b/test/recipes/04-test_pem_data/cert-oneline-multiple-of-254.pem new file mode 100644 index 0000000000..e0af85959d --- /dev/null +++ b/test/recipes/04-test_pem_data/cert-oneline-multiple-of-254.pem @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIEcjCCAyegAwIBAgIUPLgYY73GEwkikNCKRJrcbCR+TbQwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkFVMWMwYQYDVQQIDFpUaGUgR3JlYXQgU3RhdGUgb2YgTG9uZy1XaW5kZWQgQ2VydGlmaWNhdGUgRmllbGQgTmFtZXMgV2hlcmVieSB0byBJbmNyZWFzZSB0aGUgT3V0cHV0IFNpemUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDA0MDcwMDAwNDJaFw0zMDA0MDUwMDAwNDJaMIGVMQswCQYDVQQGEwJBVTFjMGEGA1UECAxaVGhlIEdyZWF0IFN0YXRlIG9mIExvbmctV2luZGVkIENlcnRpZmljYXRlIEZpZWxkIE5hbWVzIFdoZXJlYnkgdG8gSW5jcmVhc2UgdGhlIE91dHB1dCBTaXplMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggFUMA0GCSqGSIb3DQEBAQUAA4IBQQAwggE8AoIBMwLfmipKB41NPXrbp/T5eu+fndvZq72N/Tq0vZp2dRoz89NEFC3jYVBjp4pmVwCS9F/fGX1tnVfhb9k/4fqiI/y9lBVzxaHyMG/pt0D2nTS8iaMTM7uBeRvB5rUZlEbU8uvv4GXu3CeP/NnVceXruGbPb4IpjfoUbGLvn5oK35h8a+LNY5f7QRBlAXtUwYrdxVzT+CqQ4wIAuqoIVXgRIweveS1ArbS8hOtsVnu1bUAQVKqORHx8gtbOyiA4heTCEOkwh45YV6KW+uLI1wTeE4E9erlI4RwZ7umbBnQai/hYL//AUfQKQhpGbgfyJrS0UYY7WEP/mcFQh0U2EBTXtAy/e4XPiftViR3+pd+G2TJ/JFofDDzJRrceeo9tUnMr0pKtU7oB77lSKgsruKKkhn6lLH8CAwEAAaNTMFEwHQYDVR0OBBYEFIkawSiFUdL6G3jw8qg1WQI8Xi4rMB8GA1UdIwQYMBaAFIkawSiFUdL6G3jw8qg1WQI8Xi4rMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggE0AAHe/+71vykcq9BQ5h2X7MpnkE5n0Yn0Xi24uuCpv59JjABmOdaeT6XBQ5UJN8WfidawgzbJ6WiWgjflaMfRfjsdCJRgvdw0gfXXXrsseJMeMYnw1hQTGuB83BKjXBdL6zb45qGf2Fgjm3aNW2NUVM+Q2QfMjoKx13hTyDh9l5nOhMv/Rkygcx1Row2WbkvrhxvCLxY0VhL7RuPV8K0ogKicv8VJgQriOUVTTkqBP1xUimKSTaNaZ8KAnC7thxxZHxsNa45a6AouPSzyAOPZQgCJW83OIFxvWsdYU1KvP1wmoi1XC9giSQ/5sLPu/eAYTzmY+Xd6Sq8dF8uyodeI2gFu3AzC28PVKeUriIGfxaqEUn+aXx5W+r8JTE6fQ9mBo9YxJBXG+OTIFgHR27q2dJwqK9c= +-----END CERTIFICATE----- From builds at travis-ci.org Fri May 8 22:05:24 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 08 May 2020 22:05:24 +0000 Subject: Failed: openssl/openssl#34488 (master - 0324ffc) In-Reply-To: Message-ID: <5eb5d7a3bb1b5_13fbe0ec152bc1431ea@travis-tasks-5445df9d7d-mx6sj.mail> Build Update for openssl/openssl ------------------------------------- Build: #34488 Status: Failed Duration: 12 mins and 9 secs Commit: 0324ffc (master) Author: Maximilian Blenk Message: Fix PEM certificate loading that sometimes fails As described in https://github.com/openssl/openssl/issues/9187, the loading of PEM certificates sometimes fails if a line of base64 content has the length of a multiple of 254. The problem is in get_header_and_data(). When such a line with a length of 254 (or a multiple) has been read, the next read will only read a newline. Due to this get_header_and_data() expects to be in the header not in the data area. This commit fixes that by checking if lines have been read completely or only partially. In case of a previous partial read, a newline will be ignored. Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11741) View the changeset: https://github.com/openssl/openssl/compare/257e9d03b028...0324ffc5d5d3 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/684850902?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri May 8 22:06:13 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 08 May 2020 22:06:13 +0000 Subject: Passed: openssl/openssl#34490 (OpenSSL_1_1_1-stable - 69296e2) In-Reply-To: Message-ID: <5eb5d7d485881_13fc5a1c64d181153c5@travis-tasks-5445df9d7d-bqwjw.mail> Build Update for openssl/openssl ------------------------------------- Build: #34490 Status: Passed Duration: 6 mins and 54 secs Commit: 69296e2 (OpenSSL_1_1_1-stable) Author: Maximilian Blenk Message: Fix PEM certificate loading that sometimes fails As described in https://github.com/openssl/openssl/issues/9187, the loading of PEM certificates sometimes fails if a line of base64 content has the length of a multiple of 254. The problem is in get_header_and_data(). When such a line with a length of 254 (or a multiple) has been read, the next read will only read a newline. Due to this get_header_and_data() expects to be in the header not in the data area. This commit fixes that by checking if lines have been read completely or only partially. In case of a previous partial read, a newline will be ignored. Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11741) (cherry picked from commit 0324ffc5d5d393111288eca2c9d67f2141ed65f5) View the changeset: https://github.com/openssl/openssl/compare/6b057f75074a...69296e264e58 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/684854638?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Fri May 8 23:45:22 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 08 May 2020 23:45:22 +0000 Subject: [openssl] master update Message-ID: <1588981522.391947.6195.nullmailer@dev.openssl.org> The branch master has been updated via 8c30dfee3ea038b71f339f193331ed6ac11e3055 (commit) from 0324ffc5d5d393111288eca2c9d67f2141ed65f5 (commit) - Log ----------------------------------------------------------------- commit 8c30dfee3ea038b71f339f193331ed6ac11e3055 Author: Pauli Date: Mon Apr 20 17:22:41 2020 +1000 doc: remove deprecation notes for apps that are staying. The apps that are staying are: dhparam, dsa, dsaparam, ec, ecparam, gendsa and rsa. The rsautl app remains deprecated. The -dsaparam option to dhparam also remains deprecated. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11575) ----------------------------------------------------------------------- Summary of changes: doc/man1/openssl-dhparam.pod.in | 7 +++---- doc/man1/openssl-dsa.pod.in | 7 ------- doc/man1/openssl-dsaparam.pod.in | 7 ------- doc/man1/openssl-ec.pod.in | 7 ------- doc/man1/openssl-ecparam.pod.in | 8 -------- doc/man1/openssl-gendsa.pod.in | 7 ------- doc/man1/openssl-rsa.pod.in | 7 ------- doc/man7/EVP_PKEY-X25519.pod | 12 +++++++++--- 8 files changed, 12 insertions(+), 50 deletions(-) diff --git a/doc/man1/openssl-dhparam.pod.in b/doc/man1/openssl-dhparam.pod.in index bb40149403..91883fb840 100644 --- a/doc/man1/openssl-dhparam.pod.in +++ b/doc/man1/openssl-dhparam.pod.in @@ -30,9 +30,6 @@ B =head1 DESCRIPTION -This command has been deprecated. -The L command should be used instead. - This command is used to manipulate DH parameter files. =head1 OPTIONS @@ -62,6 +59,8 @@ as the input filename. =item B<-dsaparam> +This option is deprecated. + If this option is used, DSA rather than DH parameters are read or created; they are converted to DH format. Otherwise, "strong" primes (such that (p-1)/2 is also prime) will be used for DH parameter generation. @@ -136,7 +135,7 @@ L =head1 HISTORY -This command was deprecated in OpenSSL 3.0. +The B<-dsaparam> option was deprecated in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man1/openssl-dsa.pod.in b/doc/man1/openssl-dsa.pod.in index a035234323..f3d1a9423c 100644 --- a/doc/man1/openssl-dsa.pod.in +++ b/doc/man1/openssl-dsa.pod.in @@ -43,9 +43,6 @@ B B =head1 DESCRIPTION -This command has been deprecated. -The L command should be used instead. - This command processes DSA keys. They can be converted between various forms and their components printed out. B This command uses the traditional SSLeay compatible format for private key encryption: newer @@ -162,10 +159,6 @@ L, L, L -=head1 HISTORY - -This command was deprecated in OpenSSL 3.0. - =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-dsaparam.pod.in b/doc/man1/openssl-dsaparam.pod.in index d9775dd040..27bd6517e1 100644 --- a/doc/man1/openssl-dsaparam.pod.in +++ b/doc/man1/openssl-dsaparam.pod.in @@ -25,9 +25,6 @@ B =head1 DESCRIPTION -This command has been deprecated. -The L command should be used instead. - This command is used to manipulate or generate DSA parameter files. DSA parameter generation can be a slow process and as a result the same set of @@ -107,10 +104,6 @@ L, L, L -=head1 HISTORY - -This command was deprecated in OpenSSL 3.0. - =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-ec.pod.in b/doc/man1/openssl-ec.pod.in index f493a5373a..cad26289b4 100644 --- a/doc/man1/openssl-ec.pod.in +++ b/doc/man1/openssl-ec.pod.in @@ -38,9 +38,6 @@ B B =head1 DESCRIPTION -This command has been deprecated. -The L command should be used instead. - The L command processes EC keys. They can be converted between various forms and their components printed out. B OpenSSL uses the private key format specified in 'SEC 1: Elliptic Curve Cryptography' @@ -183,10 +180,6 @@ L, L, L -=head1 HISTORY - -This command was deprecated in OpenSSL 3.0. - =head1 COPYRIGHT Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-ecparam.pod.in b/doc/man1/openssl-ecparam.pod.in index a42fa35ee4..ff4d97ea5d 100644 --- a/doc/man1/openssl-ecparam.pod.in +++ b/doc/man1/openssl-ecparam.pod.in @@ -32,10 +32,6 @@ B =head1 DESCRIPTION -This command has been deprecated. -The L and L commands -should be used instead. - This command is used to manipulate or generate EC parameter files. OpenSSL is currently not able to generate new groups and therefore @@ -172,10 +168,6 @@ L, L, L -=head1 HISTORY - -This command was deprecated in OpenSSL 3.0. - =head1 COPYRIGHT Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-gendsa.pod.in b/doc/man1/openssl-gendsa.pod.in index 0d908e0d61..aca9bb5165 100644 --- a/doc/man1/openssl-gendsa.pod.in +++ b/doc/man1/openssl-gendsa.pod.in @@ -33,9 +33,6 @@ B B =head1 DESCRIPTION -This command has been deprecated. -The L command should be used instead. - This command generates a DSA private key from a DSA parameter file (which will be typically generated by the L command). @@ -95,10 +92,6 @@ L, L, L -=head1 HISTORY - -This command was deprecated in OpenSSL 3.0. - =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-rsa.pod.in b/doc/man1/openssl-rsa.pod.in index 59929eafa1..5dacdf9313 100644 --- a/doc/man1/openssl-rsa.pod.in +++ b/doc/man1/openssl-rsa.pod.in @@ -46,9 +46,6 @@ B B =head1 DESCRIPTION -This command has been deprecated. -The L command should be used instead. - This command processes RSA keys. They can be converted between various forms and their components printed out. B this command uses the traditional SSLeay compatible format for private key encryption: newer @@ -184,10 +181,6 @@ L, L, L -=head1 HISTORY - -This command was deprecated in OpenSSL 3.0. - =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man7/EVP_PKEY-X25519.pod b/doc/man7/EVP_PKEY-X25519.pod index dd3e68f109..58f7525fd9 100644 --- a/doc/man7/EVP_PKEY-X25519.pod +++ b/doc/man7/EVP_PKEY-X25519.pod @@ -9,12 +9,18 @@ EVP_KEYMGMT-X25519, EVP_KEYMGMT-X448, EVP_KEYMGMT-ED25519, EVP_KEYMGMT-ED448 =head1 DESCRIPTION The B, B, B and B keytypes are -implemented in OpenSSL's default provider. +implemented in OpenSSL's default and FIPS providers. These implementations +support the associated key, containing the public key I and the +private key I. + +In the FIPS provider they are non-approved algorithms and do not have the +"fips=yes" property set. =head2 Common X25519, X448, ED25519 and ED448 parameters -The following Import/Export types are available for the built-in X25519, X448, -ED25519 and X448 algorithms: +In addition to the common parameters that all keytypes should support (see +L), the implementation of these keytypes +support the following. =over 4 From no-reply at appveyor.com Sat May 9 00:08:25 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 09 May 2020 00:08:25 +0000 Subject: Build failed: openssl master.33928 Message-ID: <20200509000825.1.558AD64A227C7011@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Sat May 9 00:32:31 2020 From: builds at travis-ci.org (Travis CI) Date: Sat, 09 May 2020 00:32:31 +0000 Subject: Still Failing: openssl/openssl#34493 (master - 8c30dfe) In-Reply-To: Message-ID: <5eb5fa1f2227e_13fc480ad9484441ec@travis-tasks-7598fbcc5b-hxxxd.mail> Build Update for openssl/openssl ------------------------------------- Build: #34493 Status: Still Failing Duration: 44 mins and 15 secs Commit: 8c30dfe (master) Author: Pauli Message: doc: remove deprecation notes for apps that are staying. The apps that are staying are: dhparam, dsa, dsaparam, ec, ecparam, gendsa and rsa. The rsautl app remains deprecated. The -dsaparam option to dhparam also remains deprecated. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11575) View the changeset: https://github.com/openssl/openssl/compare/0324ffc5d5d3...8c30dfee3ea0 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/684899073?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 9 01:02:24 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 09 May 2020 01:02:24 +0000 Subject: Build completed: openssl master.33929 Message-ID: <20200509010224.1.BE662BAAC2F862B3@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 9 01:58:00 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 09 May 2020 01:58:00 +0000 Subject: Build failed: openssl master.33930 Message-ID: <20200509015800.1.E13CD6136DEFE1C6@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Sat May 9 05:03:36 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 09 May 2020 05:03:36 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1589000616.872523.11099.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 73d6b4efe6 Fix use-after-free in BIO_C_SET_SSL callback 90fc2c26df SSL_OP_DISABLE_TLSEXT_CA_NAMES option implementation 2b5e12f509 Add documentation for CMS_EnvelopedData_create() 31b069ecea Remove legacy FIPS_mode functions 45c236ad1f Add RSA SHA512 truncated digest support 3bf26eb335 Add OIDS for md4 and ripemd160 to der_rsa 5e77b79a8c Remove gen_get_params & gen_gettable_params from keygen operation 9f2058611f Remove cipher table lookup from EVP_CipherInit_ex 4975e8b4d2 Configure: avoid perl regexp bugs edbb56ee4f s_server normal shutdown a96e6c347b Extend test_ssl_get_shared_ciphers 4264ecd4ce Don't offer or accept ciphersuites that we can't support 15dd075f70 Fix a memory leak in CONF .include handling 6ed34b3eff Centralise Environment Variables for the tests 500a761517 The synthesized OPENSSL_VERSION_NUMBER must be long 35774d5594 Fix up whitespace nits introduced by PR #11416 Build log ended with (last 100 lines): clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_gentm.d.tmp -MT crypto/asn1/libcrypto-lib-a_gentm.o -c -o crypto/asn1/libcrypto-lib-a_gentm.o ../openssl/crypto/asn1/a_gentm.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_i2d_fp.d.tmp -MT crypto/asn1/libcrypto-lib-a_i2d_fp.o -c -o crypto/asn1/libcrypto-lib-a_i2d_fp.o ../openssl/crypto/asn1/a_i2d_fp.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_int.d.tmp -MT crypto/asn1/libcrypto-lib-a_int.o -c -o crypto/asn1/libcrypto-lib-a_int.o ../openssl/crypto/asn1/a_int.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_mbstr.d.tmp -MT crypto/asn1/libcrypto-lib-a_mbstr.o -c -o crypto/asn1/libcrypto-lib-a_mbstr.o ../openssl/crypto/asn1/a_mbstr.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_object.d.tmp -MT crypto/asn1/libcrypto-lib-a_object.o -c -o crypto/asn1/libcrypto-lib-a_object.o ../openssl/crypto/asn1/a_object.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_octet.d.tmp -MT crypto/asn1/libcrypto-lib-a_octet.o -c -o crypto/asn1/libcrypto-lib-a_octet.o ../openssl/crypto/asn1/a_octet.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_print.d.tmp -MT crypto/asn1/libcrypto-lib-a_print.o -c -o crypto/asn1/libcrypto-lib-a_print.o ../openssl/crypto/asn1/a_print.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_sign.d.tmp -MT crypto/asn1/libcrypto-lib-a_sign.o -c -o crypto/asn1/libcrypto-lib-a_sign.o ../openssl/crypto/asn1/a_sign.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_strex.d.tmp -MT crypto/asn1/libcrypto-lib-a_strex.o -c -o crypto/asn1/libcrypto-lib-a_strex.o ../openssl/crypto/asn1/a_strex.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_strnid.d.tmp -MT crypto/asn1/libcrypto-lib-a_strnid.o -c -o crypto/asn1/libcrypto-lib-a_strnid.o ../openssl/crypto/asn1/a_strnid.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_time.d.tmp -MT crypto/asn1/libcrypto-lib-a_time.o -c -o crypto/asn1/libcrypto-lib-a_time.o ../openssl/crypto/asn1/a_time.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_type.d.tmp -MT crypto/asn1/libcrypto-lib-a_type.o -c -o crypto/asn1/libcrypto-lib-a_type.o ../openssl/crypto/asn1/a_type.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_utctm.d.tmp -MT crypto/asn1/libcrypto-lib-a_utctm.o -c -o crypto/asn1/libcrypto-lib-a_utctm.o ../openssl/crypto/asn1/a_utctm.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_utf8.d.tmp -MT crypto/asn1/libcrypto-lib-a_utf8.o -c -o crypto/asn1/libcrypto-lib-a_utf8.o ../openssl/crypto/asn1/a_utf8.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-a_verify.d.tmp -MT crypto/asn1/libcrypto-lib-a_verify.o -c -o crypto/asn1/libcrypto-lib-a_verify.o ../openssl/crypto/asn1/a_verify.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-ameth_lib.d.tmp -MT crypto/asn1/libcrypto-lib-ameth_lib.o -c -o crypto/asn1/libcrypto-lib-ameth_lib.o ../openssl/crypto/asn1/ameth_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_err.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_err.o -c -o crypto/asn1/libcrypto-lib-asn1_err.o ../openssl/crypto/asn1/asn1_err.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_gen.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_gen.o -c -o crypto/asn1/libcrypto-lib-asn1_gen.o ../openssl/crypto/asn1/asn1_gen.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_item_list.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_item_list.o -c -o crypto/asn1/libcrypto-lib-asn1_item_list.o ../openssl/crypto/asn1/asn1_item_list.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_lib.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_lib.o -c -o crypto/asn1/libcrypto-lib-asn1_lib.o ../openssl/crypto/asn1/asn1_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn1_par.d.tmp -MT crypto/asn1/libcrypto-lib-asn1_par.o -c -o crypto/asn1/libcrypto-lib-asn1_par.o ../openssl/crypto/asn1/asn1_par.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn_mime.d.tmp -MT crypto/asn1/libcrypto-lib-asn_mime.o -c -o crypto/asn1/libcrypto-lib-asn_mime.o ../openssl/crypto/asn1/asn_mime.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn_moid.d.tmp -MT crypto/asn1/libcrypto-lib-asn_moid.o -c -o crypto/asn1/libcrypto-lib-asn_moid.o ../openssl/crypto/asn1/asn_moid.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn_mstbl.d.tmp -MT crypto/asn1/libcrypto-lib-asn_mstbl.o -c -o crypto/asn1/libcrypto-lib-asn_mstbl.o ../openssl/crypto/asn1/asn_mstbl.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-asn_pack.d.tmp -MT crypto/asn1/libcrypto-lib-asn_pack.o -c -o crypto/asn1/libcrypto-lib-asn_pack.o ../openssl/crypto/asn1/asn_pack.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-bio_asn1.d.tmp -MT crypto/asn1/libcrypto-lib-bio_asn1.o -c -o crypto/asn1/libcrypto-lib-bio_asn1.o ../openssl/crypto/asn1/bio_asn1.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-bio_ndef.d.tmp -MT crypto/asn1/libcrypto-lib-bio_ndef.o -c -o crypto/asn1/libcrypto-lib-bio_ndef.o ../openssl/crypto/asn1/bio_ndef.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-d2i_param.d.tmp -MT crypto/asn1/libcrypto-lib-d2i_param.o -c -o crypto/asn1/libcrypto-lib-d2i_param.o ../openssl/crypto/asn1/d2i_param.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-d2i_pr.d.tmp -MT crypto/asn1/libcrypto-lib-d2i_pr.o -c -o crypto/asn1/libcrypto-lib-d2i_pr.o ../openssl/crypto/asn1/d2i_pr.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-d2i_pu.d.tmp -MT crypto/asn1/libcrypto-lib-d2i_pu.o -c -o crypto/asn1/libcrypto-lib-d2i_pu.o ../openssl/crypto/asn1/d2i_pu.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-evp_asn1.d.tmp -MT crypto/asn1/libcrypto-lib-evp_asn1.o -c -o crypto/asn1/libcrypto-lib-evp_asn1.o ../openssl/crypto/asn1/evp_asn1.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-f_int.d.tmp -MT crypto/asn1/libcrypto-lib-f_int.o -c -o crypto/asn1/libcrypto-lib-f_int.o ../openssl/crypto/asn1/f_int.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-f_string.d.tmp -MT crypto/asn1/libcrypto-lib-f_string.o -c -o crypto/asn1/libcrypto-lib-f_string.o ../openssl/crypto/asn1/f_string.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-i2d_param.d.tmp -MT crypto/asn1/libcrypto-lib-i2d_param.o -c -o crypto/asn1/libcrypto-lib-i2d_param.o ../openssl/crypto/asn1/i2d_param.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-i2d_pr.d.tmp -MT crypto/asn1/libcrypto-lib-i2d_pr.o -c -o crypto/asn1/libcrypto-lib-i2d_pr.o ../openssl/crypto/asn1/i2d_pr.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-i2d_pu.d.tmp -MT crypto/asn1/libcrypto-lib-i2d_pu.o -c -o crypto/asn1/libcrypto-lib-i2d_pu.o ../openssl/crypto/asn1/i2d_pu.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-n_pkey.d.tmp -MT crypto/asn1/libcrypto-lib-n_pkey.o -c -o crypto/asn1/libcrypto-lib-n_pkey.o ../openssl/crypto/asn1/n_pkey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-nsseq.d.tmp -MT crypto/asn1/libcrypto-lib-nsseq.o -c -o crypto/asn1/libcrypto-lib-nsseq.o ../openssl/crypto/asn1/nsseq.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-p5_pbe.d.tmp -MT crypto/asn1/libcrypto-lib-p5_pbe.o -c -o crypto/asn1/libcrypto-lib-p5_pbe.o ../openssl/crypto/asn1/p5_pbe.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-p5_pbev2.d.tmp -MT crypto/asn1/libcrypto-lib-p5_pbev2.o -c -o crypto/asn1/libcrypto-lib-p5_pbev2.o ../openssl/crypto/asn1/p5_pbev2.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-p5_scrypt.d.tmp -MT crypto/asn1/libcrypto-lib-p5_scrypt.o -c -o crypto/asn1/libcrypto-lib-p5_scrypt.o ../openssl/crypto/asn1/p5_scrypt.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-p8_pkey.d.tmp -MT crypto/asn1/libcrypto-lib-p8_pkey.o -c -o crypto/asn1/libcrypto-lib-p8_pkey.o ../openssl/crypto/asn1/p8_pkey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-t_bitst.d.tmp -MT crypto/asn1/libcrypto-lib-t_bitst.o -c -o crypto/asn1/libcrypto-lib-t_bitst.o ../openssl/crypto/asn1/t_bitst.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-t_pkey.d.tmp -MT crypto/asn1/libcrypto-lib-t_pkey.o -c -o crypto/asn1/libcrypto-lib-t_pkey.o ../openssl/crypto/asn1/t_pkey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-t_spki.d.tmp -MT crypto/asn1/libcrypto-lib-t_spki.o -c -o crypto/asn1/libcrypto-lib-t_spki.o ../openssl/crypto/asn1/t_spki.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_dec.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_dec.o -c -o crypto/asn1/libcrypto-lib-tasn_dec.o ../openssl/crypto/asn1/tasn_dec.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_enc.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_enc.o -c -o crypto/asn1/libcrypto-lib-tasn_enc.o ../openssl/crypto/asn1/tasn_enc.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_fre.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_fre.o -c -o crypto/asn1/libcrypto-lib-tasn_fre.o ../openssl/crypto/asn1/tasn_fre.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_new.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_new.o -c -o crypto/asn1/libcrypto-lib-tasn_new.o ../openssl/crypto/asn1/tasn_new.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_prn.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_prn.o -c -o crypto/asn1/libcrypto-lib-tasn_prn.o ../openssl/crypto/asn1/tasn_prn.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_scn.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_scn.o -c -o crypto/asn1/libcrypto-lib-tasn_scn.o ../openssl/crypto/asn1/tasn_scn.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_typ.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_typ.o -c -o crypto/asn1/libcrypto-lib-tasn_typ.o ../openssl/crypto/asn1/tasn_typ.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-tasn_utl.d.tmp -MT crypto/asn1/libcrypto-lib-tasn_utl.o -c -o crypto/asn1/libcrypto-lib-tasn_utl.o ../openssl/crypto/asn1/tasn_utl.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_algor.d.tmp -MT crypto/asn1/libcrypto-lib-x_algor.o -c -o crypto/asn1/libcrypto-lib-x_algor.o ../openssl/crypto/asn1/x_algor.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_bignum.d.tmp -MT crypto/asn1/libcrypto-lib-x_bignum.o -c -o crypto/asn1/libcrypto-lib-x_bignum.o ../openssl/crypto/asn1/x_bignum.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_info.d.tmp -MT crypto/asn1/libcrypto-lib-x_info.o -c -o crypto/asn1/libcrypto-lib-x_info.o ../openssl/crypto/asn1/x_info.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_int64.d.tmp -MT crypto/asn1/libcrypto-lib-x_int64.o -c -o crypto/asn1/libcrypto-lib-x_int64.o ../openssl/crypto/asn1/x_int64.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_long.d.tmp -MT crypto/asn1/libcrypto-lib-x_long.o -c -o crypto/asn1/libcrypto-lib-x_long.o ../openssl/crypto/asn1/x_long.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_pkey.d.tmp -MT crypto/asn1/libcrypto-lib-x_pkey.o -c -o crypto/asn1/libcrypto-lib-x_pkey.o ../openssl/crypto/asn1/x_pkey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_sig.d.tmp -MT crypto/asn1/libcrypto-lib-x_sig.o -c -o crypto/asn1/libcrypto-lib-x_sig.o ../openssl/crypto/asn1/x_sig.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_spki.d.tmp -MT crypto/asn1/libcrypto-lib-x_spki.o -c -o crypto/asn1/libcrypto-lib-x_spki.o ../openssl/crypto/asn1/x_spki.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/asn1/libcrypto-lib-x_val.d.tmp -MT crypto/asn1/libcrypto-lib-x_val.o -c -o crypto/asn1/libcrypto-lib-x_val.o ../openssl/crypto/asn1/x_val.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/arch/libcrypto-lib-async_null.d.tmp -MT crypto/async/arch/libcrypto-lib-async_null.o -c -o crypto/async/arch/libcrypto-lib-async_null.o ../openssl/crypto/async/arch/async_null.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/arch/libcrypto-lib-async_posix.d.tmp -MT crypto/async/arch/libcrypto-lib-async_posix.o -c -o crypto/async/arch/libcrypto-lib-async_posix.o ../openssl/crypto/async/arch/async_posix.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/arch/libcrypto-lib-async_win.d.tmp -MT crypto/async/arch/libcrypto-lib-async_win.o -c -o crypto/async/arch/libcrypto-lib-async_win.o ../openssl/crypto/async/arch/async_win.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/libcrypto-lib-async.d.tmp -MT crypto/async/libcrypto-lib-async.o -c -o crypto/async/libcrypto-lib-async.o ../openssl/crypto/async/async.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/libcrypto-lib-async_err.d.tmp -MT crypto/async/libcrypto-lib-async_err.o -c -o crypto/async/libcrypto-lib-async_err.o ../openssl/crypto/async/async_err.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/async/libcrypto-lib-async_wait.d.tmp -MT crypto/async/libcrypto-lib-async_wait.o -c -o crypto/async/libcrypto-lib-async_wait.o ../openssl/crypto/async/async_wait.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_cfb64.d.tmp -MT crypto/bf/libcrypto-lib-bf_cfb64.o -c -o crypto/bf/libcrypto-lib-bf_cfb64.o ../openssl/crypto/bf/bf_cfb64.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_ecb.d.tmp -MT crypto/bf/libcrypto-lib-bf_ecb.o -c -o crypto/bf/libcrypto-lib-bf_ecb.o ../openssl/crypto/bf/bf_ecb.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_enc.d.tmp -MT crypto/bf/libcrypto-lib-bf_enc.o -c -o crypto/bf/libcrypto-lib-bf_enc.o ../openssl/crypto/bf/bf_enc.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_ofb64.d.tmp -MT crypto/bf/libcrypto-lib-bf_ofb64.o -c -o crypto/bf/libcrypto-lib-bf_ofb64.o ../openssl/crypto/bf/bf_ofb64.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bf/libcrypto-lib-bf_skey.d.tmp -MT crypto/bf/libcrypto-lib-bf_skey.o -c -o crypto/bf/libcrypto-lib-bf_skey.o ../openssl/crypto/bf/bf_skey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_addr.d.tmp -MT crypto/bio/libcrypto-lib-b_addr.o -c -o crypto/bio/libcrypto-lib-b_addr.o ../openssl/crypto/bio/b_addr.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_dump.d.tmp -MT crypto/bio/libcrypto-lib-b_dump.o -c -o crypto/bio/libcrypto-lib-b_dump.o ../openssl/crypto/bio/b_dump.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_print.d.tmp -MT crypto/bio/libcrypto-lib-b_print.o -c -o crypto/bio/libcrypto-lib-b_print.o ../openssl/crypto/bio/b_print.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_sock.d.tmp -MT crypto/bio/libcrypto-lib-b_sock.o -c -o crypto/bio/libcrypto-lib-b_sock.o ../openssl/crypto/bio/b_sock.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-b_sock2.d.tmp -MT crypto/bio/libcrypto-lib-b_sock2.o -c -o crypto/bio/libcrypto-lib-b_sock2.o ../openssl/crypto/bio/b_sock2.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_buff.d.tmp -MT crypto/bio/libcrypto-lib-bf_buff.o -c -o crypto/bio/libcrypto-lib-bf_buff.o ../openssl/crypto/bio/bf_buff.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_lbuf.d.tmp -MT crypto/bio/libcrypto-lib-bf_lbuf.o -c -o crypto/bio/libcrypto-lib-bf_lbuf.o ../openssl/crypto/bio/bf_lbuf.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_nbio.d.tmp -MT crypto/bio/libcrypto-lib-bf_nbio.o -c -o crypto/bio/libcrypto-lib-bf_nbio.o ../openssl/crypto/bio/bf_nbio.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_null.d.tmp -MT crypto/bio/libcrypto-lib-bf_null.o -c -o crypto/bio/libcrypto-lib-bf_null.o ../openssl/crypto/bio/bf_null.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bf_prefix.d.tmp -MT crypto/bio/libcrypto-lib-bf_prefix.o -c -o crypto/bio/libcrypto-lib-bf_prefix.o ../openssl/crypto/bio/bf_prefix.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bio_cb.d.tmp -MT crypto/bio/libcrypto-lib-bio_cb.o -c -o crypto/bio/libcrypto-lib-bio_cb.o ../openssl/crypto/bio/bio_cb.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bio_err.d.tmp -MT crypto/bio/libcrypto-lib-bio_err.o -c -o crypto/bio/libcrypto-lib-bio_err.o ../openssl/crypto/bio/bio_err.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bio_lib.d.tmp -MT crypto/bio/libcrypto-lib-bio_lib.o -c -o crypto/bio/libcrypto-lib-bio_lib.o ../openssl/crypto/bio/bio_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bio_meth.d.tmp -MT crypto/bio/libcrypto-lib-bio_meth.o -c -o crypto/bio/libcrypto-lib-bio_meth.o ../openssl/crypto/bio/bio_meth.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bss_acpt.d.tmp -MT crypto/bio/libcrypto-lib-bss_acpt.o -c -o crypto/bio/libcrypto-lib-bss_acpt.o ../openssl/crypto/bio/bss_acpt.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bss_bio.d.tmp -MT crypto/bio/libcrypto-lib-bss_bio.o -c -o crypto/bio/libcrypto-lib-bss_bio.o ../openssl/crypto/bio/bss_bio.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/bio/libcrypto-lib-bss_conn.d.tmp -MT crypto/bio/libcrypto-lib-bss_conn.o -c -o crypto/bio/libcrypto-lib-bss_conn.o ../openssl/crypto/bio/bss_conn.c ../openssl/crypto/bio/bio_lib.c:791:9: error: unused variable 'fd' [-Werror,-Wunused-variable] int fd; ^ 1 error generated. Makefile:12942: recipe for target 'crypto/bio/libcrypto-lib-bio_lib.o' failed make[1]: *** [crypto/bio/libcrypto-lib-bio_lib.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3007: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Sat May 9 08:49:29 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 09 May 2020 08:49:29 +0000 Subject: Build failed: openssl master.33940 Message-ID: <20200509084929.1.45DF98BEBA433D40@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 9 10:56:08 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 09 May 2020 10:56:08 +0000 Subject: Build failed: openssl master.33941 Message-ID: <20200509105608.1.9E4E637BD7B8D754@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Sat May 9 11:08:14 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 09 May 2020 11:08:14 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1589022494.437352.27989.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 73d6b4efe6 Fix use-after-free in BIO_C_SET_SSL callback 90fc2c26df SSL_OP_DISABLE_TLSEXT_CA_NAMES option implementation 2b5e12f509 Add documentation for CMS_EnvelopedData_create() 31b069ecea Remove legacy FIPS_mode functions 45c236ad1f Add RSA SHA512 truncated digest support 3bf26eb335 Add OIDS for md4 and ripemd160 to der_rsa 5e77b79a8c Remove gen_get_params & gen_gettable_params from keygen operation 9f2058611f Remove cipher table lookup from EVP_CipherInit_ex 4975e8b4d2 Configure: avoid perl regexp bugs edbb56ee4f s_server normal shutdown a96e6c347b Extend test_ssl_get_shared_ciphers 4264ecd4ce Don't offer or accept ciphersuites that we can't support 15dd075f70 Fix a memory leak in CONF .include handling 6ed34b3eff Centralise Environment Variables for the tests 500a761517 The synthesized OPENSSL_VERSION_NUMBER must be long 35774d5594 Fix up whitespace nits introduced by PR #11416 Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1984, 653 wallclock secs ( 8.22 usr 1.45 sys + 615.72 cusr 43.44 csys = 668.83 CPU) Result: FAIL Makefile:3030: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3028: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Sat May 9 11:35:36 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 09 May 2020 11:35:36 +0000 Subject: Build failed: openssl master.33942 Message-ID: <20200509113536.1.0E79ED5A049401CA@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Sat May 9 12:41:39 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 09 May 2020 12:41:39 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1589028099.381648.12351.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 73d6b4efe6 Fix use-after-free in BIO_C_SET_SSL callback 90fc2c26df SSL_OP_DISABLE_TLSEXT_CA_NAMES option implementation 2b5e12f509 Add documentation for CMS_EnvelopedData_create() 31b069ecea Remove legacy FIPS_mode functions 45c236ad1f Add RSA SHA512 truncated digest support 3bf26eb335 Add OIDS for md4 and ripemd160 to der_rsa 5e77b79a8c Remove gen_get_params & gen_gettable_params from keygen operation 9f2058611f Remove cipher table lookup from EVP_CipherInit_ex 4975e8b4d2 Configure: avoid perl regexp bugs edbb56ee4f s_server normal shutdown a96e6c347b Extend test_ssl_get_shared_ciphers 4264ecd4ce Don't offer or accept ciphersuites that we can't support 15dd075f70 Fix a memory leak in CONF .include handling 6ed34b3eff Centralise Environment Variables for the tests 500a761517 The synthesized OPENSSL_VERSION_NUMBER must be long 35774d5594 Fix up whitespace nits introduced by PR #11416 Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslprovider.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=197, Tests=1901, 580 wallclock secs ( 6.78 usr 1.37 sys + 550.12 cusr 39.67 csys = 597.94 CPU) Result: FAIL Makefile:3048: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:3046: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Sat May 9 13:15:37 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 09 May 2020 13:15:37 +0000 Subject: Build failed: openssl master.33944 Message-ID: <20200509131537.1.7873DFF49B010CFE@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Sat May 9 13:21:35 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 09 May 2020 13:21:35 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1589030495.884156.21639.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 73d6b4efe6 Fix use-after-free in BIO_C_SET_SSL callback 90fc2c26df SSL_OP_DISABLE_TLSEXT_CA_NAMES option implementation 2b5e12f509 Add documentation for CMS_EnvelopedData_create() 31b069ecea Remove legacy FIPS_mode functions 45c236ad1f Add RSA SHA512 truncated digest support 3bf26eb335 Add OIDS for md4 and ripemd160 to der_rsa 5e77b79a8c Remove gen_get_params & gen_gettable_params from keygen operation 9f2058611f Remove cipher table lookup from EVP_CipherInit_ex 4975e8b4d2 Configure: avoid perl regexp bugs edbb56ee4f s_server normal shutdown a96e6c347b Extend test_ssl_get_shared_ciphers 4264ecd4ce Don't offer or accept ciphersuites that we can't support 15dd075f70 Fix a memory leak in CONF .include handling 6ed34b3eff Centralise Environment Variables for the tests 500a761517 The synthesized OPENSSL_VERSION_NUMBER must be long 35774d5594 Fix up whitespace nits introduced by PR #11416 Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1986, 657 wallclock secs ( 7.87 usr 1.53 sys + 619.63 cusr 43.96 csys = 672.99 CPU) Result: FAIL Makefile:3045: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3043: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat May 9 14:40:30 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 09 May 2020 14:40:30 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1589035230.356872.4301.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 73d6b4efe6 Fix use-after-free in BIO_C_SET_SSL callback 90fc2c26df SSL_OP_DISABLE_TLSEXT_CA_NAMES option implementation 2b5e12f509 Add documentation for CMS_EnvelopedData_create() 31b069ecea Remove legacy FIPS_mode functions 45c236ad1f Add RSA SHA512 truncated digest support 3bf26eb335 Add OIDS for md4 and ripemd160 to der_rsa 5e77b79a8c Remove gen_get_params & gen_gettable_params from keygen operation 9f2058611f Remove cipher table lookup from EVP_CipherInit_ex 4975e8b4d2 Configure: avoid perl regexp bugs edbb56ee4f s_server normal shutdown a96e6c347b Extend test_ssl_get_shared_ciphers 4264ecd4ce Don't offer or accept ciphersuites that we can't support 15dd075f70 Fix a memory leak in CONF .include handling 6ed34b3eff Centralise Environment Variables for the tests 500a761517 The synthesized OPENSSL_VERSION_NUMBER must be long 35774d5594 Fix up whitespace nits introduced by PR #11416 Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslprovider.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=197, Tests=1901, 583 wallclock secs ( 7.06 usr 1.73 sys + 552.76 cusr 40.04 csys = 601.59 CPU) Result: FAIL Makefile:3046: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:3044: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Sat May 9 14:43:00 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 09 May 2020 14:43:00 +0000 Subject: Build completed: openssl master.33945 Message-ID: <20200509144300.1.B8000A3B272A72BB@appveyor.com> An HTML attachment was scrubbed... URL: From dev at ddvo.net Sat May 9 14:58:23 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Sat, 09 May 2020 14:58:23 +0000 Subject: [openssl] master update Message-ID: <1589036303.920073.2803.nullmailer@dev.openssl.org> The branch master has been updated via 582311d7b469b4f57a29e9c3965c4d1eb4b477d4 (commit) via d8c78e5f4ac5c882ca878b9e9038896d5786aafa (commit) via 9253f8346acf065d8d52eb03aa87e2c7eb4f7cce (commit) via 045229cfe88aba44f8b67e7306281f6fbf516625 (commit) from 8c30dfee3ea038b71f339f193331ed6ac11e3055 (commit) - Log ----------------------------------------------------------------- commit 582311d7b469b4f57a29e9c3965c4d1eb4b477d4 Author: Dr. David von Oheimb Date: Mon May 4 20:29:25 2020 +0200 Extract HTTP server code from apps/ocsp.c to apps/lib/http_server.c Also adds apps/include/http_server.h. This is used so far by apps/ocsp.c and is going to be used for apps/cmp.c and will be helpful also for any future app acting as HTTP server. Reviewed-by: Matt Caswell Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/11736) commit d8c78e5f4ac5c882ca878b9e9038896d5786aafa Author: Dr. David von Oheimb Date: Mon May 4 20:21:34 2020 +0200 Fix bio_wait() in crypto/bio/bio_lib.c in case OPENSSL_NO_SOCK Reviewed-by: Matt Caswell Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/11736) commit 9253f8346acf065d8d52eb03aa87e2c7eb4f7cce Author: Dr. David von Oheimb Date: Mon May 4 19:54:43 2020 +0200 Constify 'req' parameter of OSSL_HTTP_post_asn1() Reviewed-by: Matt Caswell Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/11736) commit 045229cfe88aba44f8b67e7306281f6fbf516625 Author: Dr. David von Oheimb Date: Mon May 4 19:53:09 2020 +0200 Fix bug in OSSL_CMP_SRV_process_request() on transaction renewal Reviewed-by: Matt Caswell Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/11736) ----------------------------------------------------------------------- Summary of changes: apps/include/http_server.h | 102 +++++++++ apps/lib/build.info | 2 +- apps/lib/http_server.c | 394 +++++++++++++++++++++++++++++++++++ apps/ocsp.c | 447 ++++------------------------------------ crypto/bio/bio_lib.c | 2 + crypto/cmp/cmp_http.c | 4 +- crypto/cmp/cmp_server.c | 10 +- crypto/http/http_client.c | 4 +- crypto/http/http_local.h | 2 +- doc/man3/OSSL_HTTP_transfer.pod | 2 +- include/openssl/http.h | 2 +- 11 files changed, 551 insertions(+), 420 deletions(-) create mode 100644 apps/include/http_server.h create mode 100644 apps/lib/http_server.c diff --git a/apps/include/http_server.h b/apps/include/http_server.h new file mode 100644 index 0000000000..8c65521339 --- /dev/null +++ b/apps/include/http_server.h @@ -0,0 +1,102 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_HTTP_SERVER_H +# define OSSL_HTTP_SERVER_H + +# include "apps.h" + +# ifndef HAVE_FORK +# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) +# define HAVE_FORK 0 +# else +# define HAVE_FORK 1 +# endif +# endif + +# if HAVE_FORK +# undef NO_FORK +# else +# define NO_FORK +# endif + +# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \ + && !defined(OPENSSL_NO_POSIX_IO) +# define HTTP_DAEMON +# include +# include +# include +# include +# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */ +# else +# undef LOG_INFO +# undef LOG_WARNING +# undef LOG_ERR +# define LOG_INFO 0 +# define LOG_WARNING 1 +# define LOG_ERR 2 +# endif + +/*- + * Log a message to syslog if multi-threaded HTTP_DAEMON, else to bio_err + * prog: the name of the current app + * level: the severity of the message, e.g., LOG_ERR + * fmt: message with potential extra parameters like with printf() + * returns nothing + */ +void log_message(const char *prog, int level, const char *fmt, ...); + +# ifndef OPENSSL_NO_SOCK +/*- + * Initialize an HTTP server by setting up its listening BIO + * prog: the name of the current app + * port: the port to listen on + * returns a BIO for accepting requests, NULL on error + */ +BIO *http_server_init_bio(const char *prog, const char *port); +/*- + * Accept an ASN.1-formatted HTTP request + * it: the expected request ASN.1 type + * preq: pointer to variable where to place the parsed request + * pcbio: pointer to variable where to place the BIO for sending the response to + * acbio: the listening bio (typically as returned by http_server_init_bio()) + * prog: the name of the current app + * accept_get: wheter to accept GET requests (in addition to POST requests) + * timeout: connection timeout (in seconds), or 0 for none/infinite + * returns 0 in case caller should retry, then *preq == *pcbio == NULL + * returns -1 on fatal error; also in this case *preq == *pcbio == NULL + * returns 1 otherwise. In this case it is guaranteed that *pcbio != NULL + * while *preq == NULL if and only if request is invalid + */ +int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, + BIO **pcbio, BIO *acbio, + const char *prog, int accept_get, int timeout); +/*- + * Send an ASN.1-formatted HTTP response + * cbio: destination BIO (typically as returned by http_server_get_asn1_req()) + * note: cbio should not do an encoding that changes the output length + * content_type: string identifying the type of the response + * it: the response ASN.1 type + * valit: the response ASN.1 type + * resp: the response to send + * returns 1 on success, 0 on failure + */ +int http_server_send_asn1_resp(BIO *cbio, const char *content_type, + const ASN1_ITEM *it, const ASN1_VALUE *resp); +# endif + +# ifdef HTTP_DAEMON +extern int multi; +extern int acfd; + +void socket_timeout(int signum); +void spawn_loop(const char *prog); +# endif + +#endif diff --git a/apps/lib/build.info b/apps/lib/build.info index 129ffce933..22db095c51 100644 --- a/apps/lib/build.info +++ b/apps/lib/build.info @@ -9,7 +9,7 @@ ENDIF # Source for libapps $LIBAPPSSRC=apps.c apps_ui.c opt.c fmt.c s_cb.c s_socket.c app_rand.c \ - columns.c app_params.c names.c app_provider.c app_x509.c + columns.c app_params.c names.c app_provider.c app_x509.c http_server.c IF[{- !$disabled{apps} -}] LIBS{noinst}=../libapps.a diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c new file mode 100644 index 0000000000..6db11f4150 --- /dev/null +++ b/apps/lib/http_server.c @@ -0,0 +1,394 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Very basic HTTP server */ + +#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) +/* + * On VMS, you need to define this to get the declaration of fileno(). The + * value 2 is to make sure no function defined in POSIX-2 is left undefined. + */ +# define _POSIX_C_SOURCE 2 +#endif + +#include +#include "http_server.h" +#include "internal/sockets.h" +#include +#include + +int multi = 0; /* run multiple responder processes */ + +#ifdef HTTP_DAEMON +int acfd = (int) INVALID_SOCKET; +#endif + +#ifdef HTTP_DAEMON +static int print_syslog(const char *str, size_t len, void *levPtr) +{ + int level = *(int *)levPtr; + int ilen = len > MAXERRLEN ? MAXERRLEN : len; + + syslog(level, "%.*s", ilen, str); + + return ilen; +} +#endif + +void log_message(const char *prog, int level, const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); +#ifdef HTTP_DAEMON + if (multi) { + char buf[1024]; + + if (vsnprintf(buf, sizeof(buf), fmt, ap) > 0) + syslog(level, "%s", buf); + if (level >= LOG_ERR) + ERR_print_errors_cb(print_syslog, &level); + } +#endif + if (!multi) { + BIO_printf(bio_err, "%s: ", prog); + BIO_vprintf(bio_err, fmt, ap); + BIO_printf(bio_err, "\n"); + } + va_end(ap); +} + +#ifdef HTTP_DAEMON +void socket_timeout(int signum) +{ + if (acfd != (int)INVALID_SOCKET) + (void)shutdown(acfd, SHUT_RD); +} + +static void killall(int ret, pid_t *kidpids) +{ + int i; + + for (i = 0; i < multi; ++i) + if (kidpids[i] != 0) + (void)kill(kidpids[i], SIGTERM); + OPENSSL_free(kidpids); + sleep(1); + exit(ret); +} + +static int termsig = 0; + +static void noteterm(int sig) +{ + termsig = sig; +} + +/* + * Loop spawning up to `multi` child processes, only child processes return + * from this function. The parent process loops until receiving a termination + * signal, kills extant children and exits without returning. + */ +void spawn_loop(const char *prog) +{ + pid_t *kidpids = NULL; + int status; + int procs = 0; + int i; + + openlog(prog, LOG_PID, LOG_DAEMON); + + if (setpgid(0, 0)) { + syslog(LOG_ERR, "fatal: error detaching from parent process group: %s", + strerror(errno)); + exit(1); + } + kidpids = app_malloc(multi * sizeof(*kidpids), "child PID array"); + for (i = 0; i < multi; ++i) + kidpids[i] = 0; + + signal(SIGINT, noteterm); + signal(SIGTERM, noteterm); + + while (termsig == 0) { + pid_t fpid; + + /* + * Wait for a child to replace when we're at the limit. + * Slow down if a child exited abnormally or waitpid() < 0 + */ + while (termsig == 0 && procs >= multi) { + if ((fpid = waitpid(-1, &status, 0)) > 0) { + for (i = 0; i < procs; ++i) { + if (kidpids[i] == fpid) { + kidpids[i] = 0; + --procs; + break; + } + } + if (i >= multi) { + syslog(LOG_ERR, "fatal: internal error: " + "no matching child slot for pid: %ld", + (long) fpid); + killall(1, kidpids); + } + if (status != 0) { + if (WIFEXITED(status)) + syslog(LOG_WARNING, "child process: %ld, exit status: %d", + (long)fpid, WEXITSTATUS(status)); + else if (WIFSIGNALED(status)) + syslog(LOG_WARNING, "child process: %ld, term signal %d%s", + (long)fpid, WTERMSIG(status), +# ifdef WCOREDUMP + WCOREDUMP(status) ? " (core dumped)" : +# endif + ""); + sleep(1); + } + break; + } else if (errno != EINTR) { + syslog(LOG_ERR, "fatal: waitpid(): %s", strerror(errno)); + killall(1, kidpids); + } + } + if (termsig) + break; + + switch (fpid = fork()) { + case -1: /* error */ + /* System critically low on memory, pause and try again later */ + sleep(30); + break; + case 0: /* child */ + OPENSSL_free(kidpids); + signal(SIGINT, SIG_DFL); + signal(SIGTERM, SIG_DFL); + if (termsig) + _exit(0); + if (RAND_poll() <= 0) { + syslog(LOG_ERR, "fatal: RAND_poll() failed"); + _exit(1); + } + return; + default: /* parent */ + for (i = 0; i < multi; ++i) { + if (kidpids[i] == 0) { + kidpids[i] = fpid; + procs++; + break; + } + } + if (i >= multi) { + syslog(LOG_ERR, "fatal: internal error: no free child slots"); + killall(1, kidpids); + } + break; + } + } + + /* The loop above can only break on termsig */ + syslog(LOG_INFO, "terminating on signal: %d", termsig); + killall(0, kidpids); +} +#endif + +#ifndef OPENSSL_NO_SOCK +BIO *http_server_init_bio(const char *prog, const char *port) +{ + BIO *acbio = NULL, *bufbio; + + bufbio = BIO_new(BIO_f_buffer()); + if (bufbio == NULL) + goto err; + acbio = BIO_new(BIO_s_accept()); + if (acbio == NULL + || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0 + || BIO_set_accept_port(acbio, port) < 0) { + log_message(prog, LOG_ERR, "Error setting up accept BIO"); + goto err; + } + + BIO_set_accept_bios(acbio, bufbio); + bufbio = NULL; + if (BIO_do_accept(acbio) <= 0) { + log_message(prog, LOG_ERR, "Error starting accept"); + goto err; + } + + return acbio; + + err: + BIO_free_all(acbio); + BIO_free(bufbio); + return NULL; +} + +/* + * Decode %xx URL-decoding in-place. Ignores malformed sequences. + */ +static int urldecode(char *p) +{ + unsigned char *out = (unsigned char *)p; + unsigned char *save = out; + + for (; *p; p++) { + if (*p != '%') { + *out++ = *p; + } else if (isxdigit(_UC(p[1])) && isxdigit(_UC(p[2]))) { + /* Don't check, can't fail because of ixdigit() call. */ + *out++ = (OPENSSL_hexchar2int(p[1]) << 4) + | OPENSSL_hexchar2int(p[2]); + p += 2; + } else { + return -1; + } + } + *out = '\0'; + return (int)(out - save); +} + +int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, + BIO **pcbio, BIO *acbio, + const char *prog, int accept_get, int timeout) +{ + BIO *cbio = NULL, *getbio = NULL, *b64 = NULL; + int len; + char reqbuf[2048], inbuf[2048]; + char *url, *end; + ASN1_VALUE *req; + int ret = 1; + + *preq = NULL; + *pcbio = NULL; + + /* Connection loss before accept() is routine, ignore silently */ + if (BIO_do_accept(acbio) <= 0) + return 0; + + cbio = BIO_pop(acbio); + *pcbio = cbio; + if (cbio == NULL) { + ret = -1; + goto out; + } + +# ifdef HTTP_DAEMON + if (timeout > 0) { + (void)BIO_get_fd(cbio, &acfd); + alarm(timeout); + } +# endif + + /* Read the request line. */ + len = BIO_gets(cbio, reqbuf, sizeof(reqbuf)); + if (len <= 0) + goto out; + + if (accept_get && strncmp(reqbuf, "GET ", 4) == 0) { + /* Expecting GET {sp} /URL {sp} HTTP/1.x */ + for (url = reqbuf + 4; *url == ' '; ++url) + continue; + if (*url != '/') { + log_message(prog, LOG_INFO, + "Invalid GET -- URL does not begin with '/': %s", url); + goto out; + } + url++; + + /* Splice off the HTTP version identifier. */ + for (end = url; *end != '\0'; end++) + if (*end == ' ') + break; + if (strncmp(end, " HTTP/1.", 7) != 0) { + log_message(prog, LOG_INFO, + "Invalid GET -- bad HTTP/version string: %s", end + 1); + goto out; + } + *end = '\0'; + + /*- + * Skip "GET / HTTP..." requests often used by load-balancers. + * 'url' was incremented above to point to the first byte *after* + * the leading slash, so in case 'GET / ' it is now an empty string. + */ + if (url[0] == '\0') + goto out; + + len = urldecode(url); + if (len <= 0) { + log_message(prog, LOG_INFO, + "Invalid GET request -- bad URL encoding: %s", url); + goto out; + } + if ((getbio = BIO_new_mem_buf(url, len)) == NULL + || (b64 = BIO_new(BIO_f_base64())) == NULL) { + log_message(prog, LOG_ERR, + "Could not allocate base64 bio with size = %d", len); + BIO_free_all(cbio); + *pcbio = NULL; + ret = -1; + goto out; + } + BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); + getbio = BIO_push(b64, getbio); + } else if (strncmp(reqbuf, "POST ", 5) != 0) { + log_message(prog, LOG_INFO, + "HTTP request does not start with GET/POST: %s", reqbuf); + /* TODO provide better diagnosis in case client tries TLS */ + goto out; + } + + /* Read and skip past the headers. */ + for (;;) { + len = BIO_gets(cbio, inbuf, sizeof(inbuf)); + if (len <= 0) { + log_message(prog, LOG_ERR, + "Error skipping remaining HTTP headers"); + goto out; + } + if ((inbuf[0] == '\r') || (inbuf[0] == '\n')) + break; + } + +# ifdef HTTP_DAEMON + /* Clear alarm before we close the client socket */ + alarm(0); + timeout = 0; +# endif + + /* Try to read and parse request */ + req = ASN1_item_d2i_bio(it, getbio != NULL ? getbio : cbio, NULL); + if (req == NULL) + log_message(prog, LOG_ERR, "Error parsing request"); + + *preq = req; + + out: + BIO_free_all(getbio); +# ifdef HTTP_DAEMON + if (timeout > 0) + alarm(0); + acfd = (int)INVALID_SOCKET; +# endif + return ret; +} + +/* assumes that cbio does not do an encoding that changes the output length */ +int http_server_send_asn1_resp(BIO *cbio, const char *content_type, + const ASN1_ITEM *it, const ASN1_VALUE *resp) +{ + int ret = BIO_printf(cbio, "HTTP/1.0 200 OK\r\nContent-type: %s\r\n" + "Content-Length: %d\r\n\r\n", content_type, + ASN1_item_i2d(resp, NULL, it)) > 0 + && ASN1_item_i2d_bio(it, cbio, resp) > 0; + + (void)BIO_flush(cbio); + return ret; +} +#endif diff --git a/apps/ocsp.c b/apps/ocsp.c index d85892202a..5f9c5cf326 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -22,6 +22,7 @@ /* Needs to be included before the openssl headers */ #include "apps.h" +#include "http_server.h" #include "progs.h" #include "internal/sockets.h" #include @@ -31,44 +32,12 @@ #include #include #include -#include DEFINE_STACK_OF(OCSP_CERTID) DEFINE_STACK_OF(CONF_VALUE) DEFINE_STACK_OF(X509) DEFINE_STACK_OF_STRING() -#ifndef HAVE_FORK -# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) -# define HAVE_FORK 0 -# else -# define HAVE_FORK 1 -# endif -#endif - -#if HAVE_FORK -# undef NO_FORK -#else -# define NO_FORK -#endif - -#if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \ - && !defined(OPENSSL_NO_POSIX_IO) -# define OCSP_DAEMON -# include -# include -# include -# include -# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */ -#else -# undef LOG_INFO -# undef LOG_WARNING -# undef LOG_ERR -# define LOG_INFO 0 -# define LOG_WARNING 1 -# define LOG_ERR 2 -#endif - #if defined(OPENSSL_SYS_VXWORKS) /* not supported */ int setpgid(pid_t pid, pid_t pgid) @@ -105,19 +74,13 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req const EVP_MD *resp_md); static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); -static BIO *init_responder(const char *port); -static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, int timeout); -static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); -static void log_message(int level, const char *fmt, ...); +static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, + int timeout); +static int send_ocsp_response(BIO *cbio, const OCSP_RESPONSE *resp); static char *prog; -static int multi = 0; -#ifdef OCSP_DAEMON -static int acfd = (int) INVALID_SOCKET; +#ifdef HTTP_DAEMON static int index_changed(CA_DB *); -static void spawn_loop(void); -static int print_syslog(const char *str, size_t len, void *levPtr); -static void socket_timeout(int signum); #endif typedef enum OPTION_choice { @@ -162,7 +125,7 @@ const OPTIONS ocsp_options[] = { "Connection timeout (in seconds) to the OCSP responder"}, {"resp_no_certs", OPT_RESP_NO_CERTS, '-', "Don't include any certificates in response"}, -#ifdef OCSP_DAEMON +#ifdef HTTP_DAEMON {"multi", OPT_MULTI, 'p', "run multiple responder processes"}, #endif {"no_certs", OPT_NO_CERTS, '-', @@ -540,7 +503,7 @@ int ocsp_main(int argc, char **argv) trailing_md = 1; break; case OPT_MULTI: -#ifdef OCSP_DAEMON +#ifdef HTTP_DAEMON multi = atoi(opt_arg()); #endif break; @@ -584,9 +547,14 @@ int ocsp_main(int argc, char **argv) } if (req == NULL && port != NULL) { - acbio = init_responder(port); +#ifndef OPENSSL_NO_SOCK + acbio = http_server_init_bio(prog, port); if (acbio == NULL) goto end; +#else + BIO_printf(bio_err, "Cannot act as server - sockets not supported\n"); + goto end; +#endif } if (rsignfile != NULL) { @@ -630,20 +598,20 @@ int ocsp_main(int argc, char **argv) } } -#ifdef OCSP_DAEMON +#ifdef HTTP_DAEMON if (multi && acbio != NULL) - spawn_loop(); + spawn_loop(prog); if (acbio != NULL && req_timeout > 0) signal(SIGALRM, socket_timeout); #endif if (acbio != NULL) - log_message(LOG_INFO, "waiting for OCSP client connections..."); + log_message(prog, LOG_INFO, "waiting for OCSP client connections..."); redo_accept: if (acbio != NULL) { -#ifdef OCSP_DAEMON +#ifdef HTTP_DAEMON if (index_changed(rdb)) { CA_DB *newrdb = load_index(ridx_filename, NULL); @@ -652,7 +620,7 @@ redo_accept: rdb = newrdb; } else { free_index(newrdb); - log_message(LOG_ERR, "error reloading updated index: %s", + log_message(prog, LOG_ERR, "error reloading updated index: %s", ridx_filename); } } @@ -663,9 +631,8 @@ redo_accept: goto redo_accept; if (req == NULL) { - resp = - OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, - NULL); + resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, + NULL); send_ocsp_response(cbio, resp); goto done_resp; } @@ -733,7 +700,7 @@ redo_accept: goto end; #else BIO_printf(bio_err, - "Error creating connect BIO - sockets not supported.\n"); + "Error creating connect BIO - sockets not supported\n"); goto end; #endif } else if (respin != NULL) { @@ -873,41 +840,7 @@ redo_accept: return ret; } -static void -log_message(int level, const char *fmt, ...) -{ - va_list ap; - - va_start(ap, fmt); -#ifdef OCSP_DAEMON - if (multi) { - char buf[1024]; - if (vsnprintf(buf, sizeof(buf), fmt, ap) > 0) { - syslog(level, "%s", buf); - } - if (level >= LOG_ERR) - ERR_print_errors_cb(print_syslog, &level); - } -#endif - if (!multi) { - BIO_printf(bio_err, "%s: ", prog); - BIO_vprintf(bio_err, fmt, ap); - BIO_printf(bio_err, "\n"); - } - va_end(ap); -} - -#ifdef OCSP_DAEMON - -static int print_syslog(const char *str, size_t len, void *levPtr) -{ - int level = *(int *)levPtr; - int ilen = (len > MAXERRLEN) ? MAXERRLEN : len; - - syslog(level, "%.*s", ilen, str); - - return ilen; -} +#ifdef HTTP_DAEMON static int index_changed(CA_DB *rdb) { @@ -925,131 +858,6 @@ static int index_changed(CA_DB *rdb) return 0; } -static void killall(int ret, pid_t *kidpids) -{ - int i; - - for (i = 0; i < multi; ++i) - if (kidpids[i] != 0) - (void)kill(kidpids[i], SIGTERM); - OPENSSL_free(kidpids); - sleep(1); - exit(ret); -} - -static int termsig = 0; - -static void noteterm (int sig) -{ - termsig = sig; -} - -/* - * Loop spawning up to `multi` child processes, only child processes return - * from this function. The parent process loops until receiving a termination - * signal, kills extant children and exits without returning. - */ -static void spawn_loop(void) -{ - pid_t *kidpids = NULL; - int status; - int procs = 0; - int i; - - openlog(prog, LOG_PID, LOG_DAEMON); - - if (setpgid(0, 0)) { - syslog(LOG_ERR, "fatal: error detaching from parent process group: %s", - strerror(errno)); - exit(1); - } - kidpids = app_malloc(multi * sizeof(*kidpids), "child PID array"); - for (i = 0; i < multi; ++i) - kidpids[i] = 0; - - signal(SIGINT, noteterm); - signal(SIGTERM, noteterm); - - while (termsig == 0) { - pid_t fpid; - - /* - * Wait for a child to replace when we're at the limit. - * Slow down if a child exited abnormally or waitpid() < 0 - */ - while (termsig == 0 && procs >= multi) { - if ((fpid = waitpid(-1, &status, 0)) > 0) { - for (i = 0; i < procs; ++i) { - if (kidpids[i] == fpid) { - kidpids[i] = 0; - --procs; - break; - } - } - if (i >= multi) { - syslog(LOG_ERR, "fatal: internal error: " - "no matching child slot for pid: %ld", - (long) fpid); - killall(1, kidpids); - } - if (status != 0) { - if (WIFEXITED(status)) - syslog(LOG_WARNING, "child process: %ld, exit status: %d", - (long)fpid, WEXITSTATUS(status)); - else if (WIFSIGNALED(status)) - syslog(LOG_WARNING, "child process: %ld, term signal %d%s", - (long)fpid, WTERMSIG(status), -#ifdef WCOREDUMP - WCOREDUMP(status) ? " (core dumped)" : -#endif - ""); - sleep(1); - } - break; - } else if (errno != EINTR) { - syslog(LOG_ERR, "fatal: waitpid(): %s", strerror(errno)); - killall(1, kidpids); - } - } - if (termsig) - break; - - switch(fpid = fork()) { - case -1: /* error */ - /* System critically low on memory, pause and try again later */ - sleep(30); - break; - case 0: /* child */ - OPENSSL_free(kidpids); - signal(SIGINT, SIG_DFL); - signal(SIGTERM, SIG_DFL); - if (termsig) - _exit(0); - if (RAND_poll() <= 0) { - syslog(LOG_ERR, "fatal: RAND_poll() failed"); - _exit(1); - } - return; - default: /* parent */ - for (i = 0; i < multi; ++i) { - if (kidpids[i] == 0) { - kidpids[i] = fpid; - procs++; - break; - } - } - if (i >= multi) { - syslog(LOG_ERR, "fatal: internal error: no free child slots"); - killall(1, kidpids); - } - break; - } - } - - /* The loop above can only break on termsig */ - syslog(LOG_INFO, "terminating on signal: %d", termsig); - killall(0, kidpids); -} #endif static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, @@ -1336,209 +1144,32 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser) return rrow; } -/* Quick and dirty OCSP server: read in and parse input request */ - -static BIO *init_responder(const char *port) -{ -#ifdef OPENSSL_NO_SOCK - BIO_printf(bio_err, - "Error setting up accept BIO - sockets not supported.\n"); - return NULL; -#else - BIO *acbio = NULL, *bufbio = NULL; - - bufbio = BIO_new(BIO_f_buffer()); - if (bufbio == NULL) - goto err; - acbio = BIO_new(BIO_s_accept()); - if (acbio == NULL - || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0 - || BIO_set_accept_port(acbio, port) < 0) { - log_message(LOG_ERR, "Error setting up accept BIO"); - goto err; - } - - BIO_set_accept_bios(acbio, bufbio); - bufbio = NULL; - if (BIO_do_accept(acbio) <= 0) { - log_message(LOG_ERR, "Error starting accept"); - goto err; - } - - return acbio; - - err: - BIO_free_all(acbio); - BIO_free(bufbio); - return NULL; -#endif -} - -#ifndef OPENSSL_NO_SOCK -/* - * Decode %xx URL-decoding in-place. Ignores mal-formed sequences. - */ -static int urldecode(char *p) -{ - unsigned char *out = (unsigned char *)p; - unsigned char *save = out; - - for (; *p; p++) { - if (*p != '%') - *out++ = *p; - else if (isxdigit(_UC(p[1])) && isxdigit(_UC(p[2]))) { - /* Don't check, can't fail because of ixdigit() call. */ - *out++ = (OPENSSL_hexchar2int(p[1]) << 4) - | OPENSSL_hexchar2int(p[2]); - p += 2; - } - else - return -1; - } - *out = '\0'; - return (int)(out - save); -} -#endif - -#ifdef OCSP_DAEMON -static void socket_timeout(int signum) -{ - if (acfd != (int)INVALID_SOCKET) - (void)shutdown(acfd, SHUT_RD); -} -#endif - static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, int timeout) { -#ifdef OPENSSL_NO_SOCK - return 0; +#ifndef OPENSSL_NO_SOCK + return http_server_get_asn1_req(ASN1_ITEM_rptr(OCSP_RESPONSE), + (ASN1_VALUE **)preq, pcbio, acbio, + prog, 1 /* accept_get */, timeout); #else - int len; - OCSP_REQUEST *req = NULL; - char inbuf[2048], reqbuf[2048]; - char *p, *q; - BIO *cbio = NULL, *getbio = NULL, *b64 = NULL; - const char *client; - + BIO_printf(bio_err, + "Error getting OCSP request - sockets not supported\n"); *preq = NULL; - - /* Connection loss before accept() is routine, ignore silently */ - if (BIO_do_accept(acbio) <= 0) - return 0; - - cbio = BIO_pop(acbio); - *pcbio = cbio; - client = BIO_get_peer_name(cbio); - -# ifdef OCSP_DAEMON - if (timeout > 0) { - (void) BIO_get_fd(cbio, &acfd); - alarm(timeout); - } -# endif - - /* Read the request line. */ - len = BIO_gets(cbio, reqbuf, sizeof(reqbuf)); - if (len <= 0) - goto out; - - if (strncmp(reqbuf, "GET ", 4) == 0) { - /* Expecting GET {sp} /URL {sp} HTTP/1.x */ - for (p = reqbuf + 4; *p == ' '; ++p) - continue; - if (*p != '/') { - log_message(LOG_INFO, "Invalid request -- bad URL: %s", client); - goto out; - } - p++; - - /* Splice off the HTTP version identifier. */ - for (q = p; *q; q++) - if (*q == ' ') - break; - if (strncmp(q, " HTTP/1.", 8) != 0) { - log_message(LOG_INFO, - "Invalid request -- bad HTTP version: %s", client); - goto out; - } - *q = '\0'; - - /* - * Skip "GET / HTTP..." requests often used by load-balancers. Note: - * 'p' was incremented above to point to the first byte *after* the - * leading slash, so with 'GET / ' it is now an empty string. - */ - if (p[0] == '\0') - goto out; - - len = urldecode(p); - if (len <= 0) { - log_message(LOG_INFO, - "Invalid request -- bad URL encoding: %s", client); - goto out; - } - if ((getbio = BIO_new_mem_buf(p, len)) == NULL - || (b64 = BIO_new(BIO_f_base64())) == NULL) { - log_message(LOG_ERR, "Could not allocate base64 bio: %s", client); - goto out; - } - BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); - getbio = BIO_push(b64, getbio); - } else if (strncmp(reqbuf, "POST ", 5) != 0) { - log_message(LOG_INFO, "Invalid request -- bad HTTP verb: %s", client); - goto out; - } - - /* Read and skip past the headers. */ - for (;;) { - len = BIO_gets(cbio, inbuf, sizeof(inbuf)); - if (len <= 0) - goto out; - if ((inbuf[0] == '\r') || (inbuf[0] == '\n')) - break; - } - -# ifdef OCSP_DAEMON - /* Clear alarm before we close the client socket */ - alarm(0); - timeout = 0; -# endif - - /* Try to read OCSP request */ - if (getbio != NULL) { - req = d2i_OCSP_REQUEST_bio(getbio, NULL); - BIO_free_all(getbio); - } else { - req = d2i_OCSP_REQUEST_bio(cbio, NULL); - } - - if (req == NULL) - log_message(LOG_ERR, "Error parsing OCSP request"); - - *preq = req; - -out: -# ifdef OCSP_DAEMON - if (timeout > 0) - alarm(0); - acfd = (int)INVALID_SOCKET; -# endif - return 1; + return 0; #endif } -static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) +static int send_ocsp_response(BIO *cbio, const OCSP_RESPONSE *resp) { - char http_resp[] = - "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n" - "Content-Length: %d\r\n\r\n"; - if (cbio == NULL) - return 0; - BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL)); - i2d_OCSP_RESPONSE_bio(cbio, resp); - (void)BIO_flush(cbio); - return 1; +#ifndef OPENSSL_NO_SOCK + return http_server_send_asn1_resp(cbio, "application/ocsp-response", + ASN1_ITEM_rptr(OCSP_RESPONSE), + (const ASN1_VALUE *)resp); +#else + BIO_printf(bio_err, + "Error sending OCSP response - sockets not supported\n"); + return 0; +#endif } #ifndef OPENSSL_NO_SOCK diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index c625833cb0..1579f7c366 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -788,7 +788,9 @@ void bio_cleanup(void) /* Internal variant of the below BIO_wait() not calling BIOerr() */ static int bio_wait(BIO *bio, time_t max_time, unsigned int milliseconds) { +#ifndef OPENSSL_NO_SOCK int fd; +#endif if (max_time == 0) return 1; diff --git a/crypto/cmp/cmp_http.c b/crypto/cmp/cmp_http.c index 4c9f542b49..3804f2498f 100644 --- a/crypto/cmp/cmp_http.c +++ b/crypto/cmp/cmp_http.c @@ -58,8 +58,8 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, OSSL_CMP_CTX_get_http_cb_arg(ctx) != NULL, ctx->proxy, ctx->no_proxy, NULL, NULL, ctx->http_cb, OSSL_CMP_CTX_get_http_cb_arg(ctx), - headers, content_type_pkix, - (ASN1_VALUE *)req, ASN1_ITEM_rptr(OSSL_CMP_MSG), + headers, content_type_pkix, (const ASN1_VALUE *)req, + ASN1_ITEM_rptr(OSSL_CMP_MSG), 0, 0, ctx->msg_timeout, content_type_pkix, ASN1_ITEM_rptr(OSSL_CMP_MSG)); diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index 4da9a4436f..8bd3b56a26 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -489,9 +489,9 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, tid); OPENSSL_free(tid); } - /* start of a new transaction, set transactionID and senderNonce */ - if (!OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID) - || !ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce)) + /* start of a new transaction, reset transactionID and senderNonce */ + if (!OSSL_CMP_CTX_set1_transactionID(ctx, NULL) + || !OSSL_CMP_CTX_set1_senderNonce(ctx, NULL)) goto err; break; default: @@ -594,7 +594,9 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, case OSSL_CMP_PKIBODY_GENP: case OSSL_CMP_PKIBODY_ERROR: /* TODO possibly support further terminating response message types */ - (void)OSSL_CMP_CTX_set1_transactionID(ctx, NULL); /* ignore any error */ + /* prepare for next transaction, ignoring any errors here: */ + (void)OSSL_CMP_CTX_set1_transactionID(ctx, NULL); + (void)OSSL_CMP_CTX_set1_senderNonce(ctx, NULL); default: /* not closing transaction in other cases */ break; diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index 98be2c4947..64f877abed 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -222,7 +222,7 @@ static int OSSL_HTTP_REQ_CTX_content(OSSL_HTTP_REQ_CTX *rctx, && BIO_write(rctx->mem, req, req_len) == (int)req_len; } -BIO *HTTP_asn1_item2bio(const ASN1_ITEM *it, ASN1_VALUE *val) +BIO *HTTP_asn1_item2bio(const ASN1_ITEM *it, const ASN1_VALUE *val) { BIO *res; @@ -1069,7 +1069,7 @@ ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port, OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, const STACK_OF(CONF_VALUE) *headers, const char *content_type, - ASN1_VALUE *req, const ASN1_ITEM *req_it, + const ASN1_VALUE *req, const ASN1_ITEM *req_it, int maxline, unsigned long max_resp_len, int timeout, const char *expected_ct, const ASN1_ITEM *rsp_it) diff --git a/crypto/http/http_local.h b/crypto/http/http_local.h index 64b475b818..729d24e47f 100644 --- a/crypto/http/http_local.h +++ b/crypto/http/http_local.h @@ -27,7 +27,7 @@ typedef OCSP_REQ_CTX OSSL_HTTP_REQ_CTX; # define OSSL_HTTP_REQ_CTX_get0_mem_bio OCSP_REQ_CTX_get0_mem_bio /* undoc'd */ # define OSSL_HTTP_REQ_CTX_set_max_response_length OCSP_set_max_response_length -BIO *HTTP_asn1_item2bio(const ASN1_ITEM *it, ASN1_VALUE *val); +BIO *HTTP_asn1_item2bio(const ASN1_ITEM *it, const ASN1_VALUE *val); OSSL_HTTP_REQ_CTX *HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int use_http_proxy, const char *server, const char *port, const char *path, diff --git a/doc/man3/OSSL_HTTP_transfer.pod b/doc/man3/OSSL_HTTP_transfer.pod index 632f48dbe8..e0adb2a1d1 100644 --- a/doc/man3/OSSL_HTTP_transfer.pod +++ b/doc/man3/OSSL_HTTP_transfer.pod @@ -38,7 +38,7 @@ OSSL_HTTP_parse_url OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, const STACK_OF(CONF_VALUE) *headers, const char *content_type, - ASN1_VALUE *req, const ASN1_ITEM *req_it, + const ASN1_VALUE *req, const ASN1_ITEM *req_it, int maxline, unsigned long max_resp_len, int timeout, const char *expected_ct, const ASN1_ITEM *rsp_it); diff --git a/include/openssl/http.h b/include/openssl/http.h index 4dff008801..45c8f11d7b 100644 --- a/include/openssl/http.h +++ b/include/openssl/http.h @@ -56,7 +56,7 @@ ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port, OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, const STACK_OF(CONF_VALUE) *headers, const char *content_type, - ASN1_VALUE *req, const ASN1_ITEM *req_it, + const ASN1_VALUE *req, const ASN1_ITEM *req_it, int maxline, unsigned long max_resp_len, int timeout, const char *expected_ct, const ASN1_ITEM *rsp_it); From openssl at openssl.org Sat May 9 15:20:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 09 May 2020 15:20:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1589037655.403436.13562.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 73d6b4efe6 Fix use-after-free in BIO_C_SET_SSL callback 90fc2c26df SSL_OP_DISABLE_TLSEXT_CA_NAMES option implementation 2b5e12f509 Add documentation for CMS_EnvelopedData_create() 31b069ecea Remove legacy FIPS_mode functions 45c236ad1f Add RSA SHA512 truncated digest support 3bf26eb335 Add OIDS for md4 and ripemd160 to der_rsa 5e77b79a8c Remove gen_get_params & gen_gettable_params from keygen operation 9f2058611f Remove cipher table lookup from EVP_CipherInit_ex 4975e8b4d2 Configure: avoid perl regexp bugs edbb56ee4f s_server normal shutdown a96e6c347b Extend test_ssl_get_shared_ciphers 4264ecd4ce Don't offer or accept ciphersuites that we can't support 15dd075f70 Fix a memory leak in CONF .include handling 6ed34b3eff Centralise Environment Variables for the tests 500a761517 The synthesized OPENSSL_VERSION_NUMBER must be long 35774d5594 Fix up whitespace nits introduced by PR #11416 Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1986, 660 wallclock secs ( 7.94 usr 1.62 sys + 623.96 cusr 42.60 csys = 676.12 CPU) Result: FAIL Makefile:3064: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3062: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.org Sat May 9 15:44:40 2020 From: builds at travis-ci.org (Travis CI) Date: Sat, 09 May 2020 15:44:40 +0000 Subject: Errored: openssl/openssl#34502 (master - 582311d) In-Reply-To: Message-ID: <5eb6cfe81dad9_13fed7a8997c82805da@travis-tasks-7c86b9598c-cj7nt.mail> Build Update for openssl/openssl ------------------------------------- Build: #34502 Status: Errored Duration: 45 mins and 26 secs Commit: 582311d (master) Author: Dr. David von Oheimb Message: Extract HTTP server code from apps/ocsp.c to apps/lib/http_server.c Also adds apps/include/http_server.h. This is used so far by apps/ocsp.c and is going to be used for apps/cmp.c and will be helpful also for any future app acting as HTTP server. Reviewed-by: Matt Caswell Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/11736) View the changeset: https://github.com/openssl/openssl/compare/8c30dfee3ea0...582311d7b469 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/685069798?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun May 10 07:48:32 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 10 May 2020 07:48:32 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5eb7b1d049703_32482ad472876f4c4268b@appnode-2.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDi0WH2X69cApo3pLD935e8Q-3D-3DBADz_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFLV0eeCBMaxFsu6UaPFotyhU8UWkV2ELeRx5A-2F-2B1sbEM5QndA8VHsz-2FV9XwsFFxojZ6uvd96UJxHWy5m0kC7DptfpClUqoLFu1y-2BvPudlgc-2Fqk2t67Ndp7be-2F4jcalTJxmlFM9H42svRYNMFl8VdNwuEWcufUrr7GUyN-2F74fKp8dF0HeETtKVeudb8KjOZNTth8ngAyoRurgChCi-2BAG-2BL-2B Build ID: 312726 Analysis Summary: New defects found: 1 Defects eliminated: 1 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/ls/click?upn=QsMnDxMCOVVs7CDlyD2jouKTgNlKFinTRd3y-2BJC7sZryfVdWHH2BBU620aHLHGfhMXPTHYY5wQ5zOiTMnTlWDg-3D-3DZxIf_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFLV0eeCBMaxFsu6UaPFotyhU8UWkV2ELeRx5A-2F-2B1sbEL6HR7Nw3oJaVJv0OAcYs9-2Be2RQzgAVp-2FkSz9Q6AtsompX0Lp7L-2FB7dXN5sNSMN6aPoMRvNI1b6Lk7k8rhBKKpSZkXC6db5AJISSlospK-2B8xeT2hRUzQo-2B3MioRDzEIdOMtTz2xvXo3pDyhACmjDHWCXok-2BfvzySiaNqyr0lHEjy From scan-admin at coverity.com Sun May 10 07:50:08 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 10 May 2020 07:50:08 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5eb7b2302ed40_35bb2ad472876f4c426ce@appnode-2.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDoN19TFJwpfzx7faM2hcaNQ-3D-3DYGFt_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHq6PxUPAj-2FDpbxoV6EJIH9JMj1ekoaZkTdBuAotGkbGMfPFqc0YGlBjcLihEUG9OPB33xeIF-2FE1J6NtEn2cFxA-2FkgDK4i1QJRpAaQUSmo1AOFGJXmj3HmnTXSLWoCr66ijqqwEn-2BfKZ7-2FsZekz6NECWipNuM8VS-2FumQaEOFu3WqXjDXu85StewNXGS3lqzFCl88T-2Bm4EMOFUbxKwQ1DUSx9JI36YhWwwv2-2Fy0gVVWwEg-3D-3D Build ID: 312727 Analysis Summary: New defects found: 0 Defects eliminated: 0 From no-reply at appveyor.com Sun May 10 17:29:38 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 10 May 2020 17:29:38 +0000 Subject: Build failed: openssl master.33962 Message-ID: <20200510172938.1.03FB5B1CA41CF77E@appveyor.com> An HTML attachment was scrubbed... URL: From kaduk at mit.edu Sun May 10 18:08:46 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Sun, 10 May 2020 18:08:46 +0000 Subject: [openssl] master update Message-ID: <1589134126.159811.6295.nullmailer@dev.openssl.org> The branch master has been updated via 3f2a8d971a44b9aac30a5725ae44cfcb1d4156f1 (commit) from 582311d7b469b4f57a29e9c3965c4d1eb4b477d4 (commit) - Log ----------------------------------------------------------------- commit 3f2a8d971a44b9aac30a5725ae44cfcb1d4156f1 Author: Beat Bolli Date: Thu May 7 14:19:22 2020 +0200 doc: fix two invalid tags Signed-off-by: Beat Bolli Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11759) ----------------------------------------------------------------------- Summary of changes: doc/man1/openssl-cms.pod.in | 2 +- doc/man3/EVP_DigestInit.pod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in index 15dd7799cb..4fbb7c0e16 100644 --- a/doc/man1/openssl-cms.pod.in +++ b/doc/man1/openssl-cms.pod.in @@ -107,7 +107,7 @@ Print out a usage message. Encrypt mail for the given recipient certificates. Input file is the message to be encrypted. The output file is the encrypted mail in MIME format. The -actual CMS type is EnvelopedData. +actual CMS type is B. Note that no revocation check is done for the recipient cert, so if that key has been compromised, others may be able to decrypt the text. diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 6c0f136b1c..370b685bf8 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -226,7 +226,7 @@ EVP_DigestInit_ex() can be called to initialize a new digest operation. =item EVP_DigestFinalXOF() Interfaces to extendable-output functions, XOFs, such as SHAKE128 and SHAKE256. -It retrieves the digest value from I and places it in I-sized md. +It retrieves the digest value from I and places it in I-sized I. After calling this function no additional calls to EVP_DigestUpdate() can be made, but EVP_DigestInit_ex() can be called to initialize a new operation. From no-reply at appveyor.com Sun May 10 18:24:30 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 10 May 2020 18:24:30 +0000 Subject: Build completed: openssl master.33963 Message-ID: <20200510182430.1.6A75434AF0239FAC@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun May 10 19:21:19 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 10 May 2020 19:21:19 +0000 Subject: Build failed: openssl master.33964 Message-ID: <20200510192119.1.7ADE48E76DB1FBA3@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun May 10 21:28:45 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 10 May 2020 21:28:45 +0000 Subject: Build completed: openssl master.33965 Message-ID: <20200510212845.1.ED6FD2C3AC127465@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon May 11 02:31:30 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 11 May 2020 02:31:30 +0000 Subject: Build failed: openssl master.33969 Message-ID: <20200511023130.1.F7614260ADDF7445@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon May 11 03:49:29 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 11 May 2020 03:49:29 +0000 Subject: Build failed: openssl master.33970 Message-ID: <20200511034929.1.751960E8175D0143@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon May 11 06:11:27 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 11 May 2020 06:11:27 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1589177487.102235.11277.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 3f2a8d971a doc: fix two invalid tags 582311d7b4 Extract HTTP server code from apps/ocsp.c to apps/lib/http_server.c d8c78e5f4a Fix bio_wait() in crypto/bio/bio_lib.c in case OPENSSL_NO_SOCK 9253f8346a Constify 'req' parameter of OSSL_HTTP_post_asn1() 045229cfe8 Fix bug in OSSL_CMP_SRV_process_request() on transaction renewal 8c30dfee3e doc: remove deprecation notes for apps that are staying. 0324ffc5d5 Fix PEM certificate loading that sometimes fails 257e9d03b0 Fix issues reported by markdownlint 4ef0ddc9d8 travis: enable markdownlint checks c7fa92979c EVP: when setting the operation to EVP_PKEY_OP_UNDEFINED, clean up! Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1987, 663 wallclock secs ( 8.73 usr 1.53 sys + 620.65 cusr 45.19 csys = 676.10 CPU) Result: FAIL Makefile:3041: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3039: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Mon May 11 11:06:18 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 11 May 2020 11:06:18 +0000 Subject: Build failed: openssl master.33979 Message-ID: <20200511110618.1.A4E0FB07AECB1B07@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon May 11 11:18:07 2020 From: levitte at openssl.org (Richard Levitte) Date: Mon, 11 May 2020 11:18:07 +0000 Subject: [openssl] master update Message-ID: <1589195887.918628.13226.nullmailer@dev.openssl.org> The branch master has been updated via 885a2a399dcf25860f471e59af43db2917c39335 (commit) from 3f2a8d971a44b9aac30a5725ae44cfcb1d4156f1 (commit) - Log ----------------------------------------------------------------- commit 885a2a399dcf25860f471e59af43db2917c39335 Author: Richard Levitte Date: Mon May 11 09:55:53 2020 +0200 Fix CHANGES.md issues reported by markdownlint Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11788) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index 2835322bdf..51ed264cb0 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,7 +23,7 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] -* Removed FIPS_mode() and FIPS_mode_set(). These functions are legacy API's + * Removed FIPS_mode() and FIPS_mode_set(). These functions are legacy API's that are not applicable to the new provider model. Applications should instead use EVP_default_properties_is_fips_enabled() and EVP_default_properties_enable_fips(). From no-reply at appveyor.com Mon May 11 12:07:33 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 11 May 2020 12:07:33 +0000 Subject: Build completed: openssl master.33980 Message-ID: <20200511120733.1.344E156E8F0479DB@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon May 11 14:31:58 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 11 May 2020 14:31:58 +0000 Subject: Build failed: openssl master.33984 Message-ID: <20200511143158.1.1E43D8A693E615DB@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon May 11 17:55:22 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 11 May 2020 17:55:22 +0000 Subject: Build completed: openssl master.33985 Message-ID: <20200511175522.1.06C7CA9E013C0BD5@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon May 11 23:14:28 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 11 May 2020 23:14:28 +0000 Subject: Build failed: openssl master.33993 Message-ID: <20200511231428.1.601D979A29B92C8C@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue May 12 00:27:32 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 12 May 2020 00:27:32 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1589243252.946684.14513.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 3f2a8d971a doc: fix two invalid tags 582311d7b4 Extract HTTP server code from apps/ocsp.c to apps/lib/http_server.c d8c78e5f4a Fix bio_wait() in crypto/bio/bio_lib.c in case OPENSSL_NO_SOCK 9253f8346a Constify 'req' parameter of OSSL_HTTP_post_asn1() 045229cfe8 Fix bug in OSSL_CMP_SRV_process_request() on transaction renewal 8c30dfee3e doc: remove deprecation notes for apps that are staying. 0324ffc5d5 Fix PEM certificate loading that sometimes fails 257e9d03b0 Fix issues reported by markdownlint 4ef0ddc9d8 travis: enable markdownlint checks c7fa92979c EVP: when setting the operation to EVP_PKEY_OP_UNDEFINED, clean up! Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_cmp.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/ISSUER_SIGN_TOOL_new.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/Ed25519.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_cmp.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/ISSUER_SIGN_TOOL_new.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/Ed25519.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/sslprovidertest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_dsa.c providers/common/der/der_ec.c providers/common/der/der_rsa.c providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha2-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_socket.d.tmp -MT apps/lib/libapps-lib-s_socket.o -c -o apps/lib/libapps-lib-s_socket.o ../openssl/apps/lib/s_socket.c ../openssl/apps/lib/http_server.c:26:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4017: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3003: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Tue May 12 04:41:10 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 12 May 2020 04:41:10 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1589258470.790181.28289.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 3f2a8d971a doc: fix two invalid tags 582311d7b4 Extract HTTP server code from apps/ocsp.c to apps/lib/http_server.c d8c78e5f4a Fix bio_wait() in crypto/bio/bio_lib.c in case OPENSSL_NO_SOCK 9253f8346a Constify 'req' parameter of OSSL_HTTP_post_asn1() 045229cfe8 Fix bug in OSSL_CMP_SRV_process_request() on transaction renewal 8c30dfee3e doc: remove deprecation notes for apps that are staying. 0324ffc5d5 Fix PEM certificate loading that sometimes fails 257e9d03b0 Fix issues reported by markdownlint 4ef0ddc9d8 travis: enable markdownlint checks c7fa92979c EVP: when setting the operation to EVP_PKEY_OP_UNDEFINED, clean up! Build log ended with (last 100 lines): rm -f apps/libapps.a libcrypto.a libssl.a providers/libcommon.a providers/libfips.a providers/libimplementations.a providers/liblegacy.a providers/libnonfips.a test/libtestutil.a rm -f *.ld rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_cmp.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/ISSUER_SIGN_TOOL_new.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/Ed25519.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_cmp.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/ISSUER_SIGN_TOOL_new.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/Ed25519.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/sslprovidertest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_dsa.c providers/common/der/der_ec.c providers/common/der/der_rsa.c providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha2-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:26:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4022: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3008: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Tue May 12 07:14:52 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 12 May 2020 07:14:52 +0000 Subject: Build failed: openssl master.34004 Message-ID: <20200512071452.1.CF774C91FC875399@appveyor.com> An HTML attachment was scrubbed... URL: From mark at openssl.org Tue May 12 08:47:48 2020 From: mark at openssl.org (Mark J. Cox) Date: Tue, 12 May 2020 08:47:48 +0000 Subject: [web] master update Message-ID: <1589273268.821376.11958.nullmailer@dev.openssl.org> The branch master has been updated via d874d260ef2e325c946ae152ea0d09c640c73d8b (commit) from 2c56e98a493d3739cdf292ff3d3c70de77e5efa9 (commit) - Log ----------------------------------------------------------------- commit d874d260ef2e325c946ae152ea0d09c640c73d8b Author: Mark J. Cox Date: Tue May 12 09:40:58 2020 +0100 Update policy to add to prenotifications as per OMC vote ----------------------------------------------------------------------- Summary of changes: policies/secpolicy.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/policies/secpolicy.html b/policies/secpolicy.html index 67d91d1..54fb592 100644 --- a/policies/secpolicy.html +++ b/policies/secpolicy.html @@ -12,7 +12,7 @@

Security Policy

- Last modified 12th May 2019 + Last modified 12th May 2020
@@ -128,6 +128,8 @@ href="http://oss-security.openwall.org/wiki/mailing-lists/distros">this list of Operating System distribution security contacts.
  • We may also include other organisations that are not listed but would otherwise qualify for list membership.
    • +
  • We may also include organisations with which we have a + commercial relationship.
  • We may withdraw notifying certain organisations from future prenotifications if they leak issues before they are public From levitte at openssl.org Tue May 12 09:24:45 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 12 May 2020 09:24:45 +0000 Subject: [openssl] master update Message-ID: <1589275485.291276.27973.nullmailer@dev.openssl.org> The branch master has been updated via b2952366dd0248bf35c83e1736cd203033a22378 (commit) from 885a2a399dcf25860f471e59af43db2917c39335 (commit) - Log ----------------------------------------------------------------- commit b2952366dd0248bf35c83e1736cd203033a22378 Author: Richard Levitte Date: Mon May 11 09:14:11 2020 +0200 Fix d2i_PrivateKey_ex() to work as documented d2i_PrivateKey(), and thereby d2i_PrivateKey_ex(), is documented to return keys of the type given as first argument |type|, unconditionally. Most specifically, the manual says this: > An error occurs if the decoded key does not match type. However, when faced of a PKCS#8 wrapped key, |type| was ignored, which may lead to unexpected results. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11787) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/d2i_pr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index c7346f5424..3ddc56d408 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -58,6 +58,8 @@ EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp, goto err; EVP_PKEY_free(ret); ret = tmp; + if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret)) + goto err; } else { ASN1err(0, ERR_R_ASN1_LIB); goto err; From levitte at openssl.org Tue May 12 09:35:48 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 12 May 2020 09:35:48 +0000 Subject: [openssl] master update Message-ID: <1589276148.346702.28870.nullmailer@dev.openssl.org> The branch master has been updated via 914db66d2337d560b042ac710817c69b89045d52 (commit) via fdaad3f1b31df6827554c378dd8385695a1deed4 (commit) via b0f3c594083b22f082057719f7bb1aa575e7d5a1 (commit) from b2952366dd0248bf35c83e1736cd203033a22378 (commit) - Log ----------------------------------------------------------------- commit 914db66d2337d560b042ac710817c69b89045d52 Author: Richard Levitte Date: Mon May 11 11:10:41 2020 +0200 CORE: Attach the provider context to the provider late There are concerns that if |prov->provctx| is populated early, sensitive information may leak from the provider. Therefore, we use a temporary variable, and only assign it to |prov->provctx| when the provider init function has returned successfully. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11777) commit fdaad3f1b31df6827554c378dd8385695a1deed4 Author: Richard Levitte Date: Sat May 9 10:11:14 2020 +0200 Fix some misunderstandings in our providers' main modules This started with adding forward declarations of all provider side interface functions, and fixing all compiler errors. Furthermore, diminish the faulty assumption that the provider context is and always will be just a library context. That means adding a teardown function in all providers that aren't necessarily built into libcrypto. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11777) commit b0f3c594083b22f082057719f7bb1aa575e7d5a1 Author: Richard Levitte Date: Sat May 9 09:59:05 2020 +0200 CORE: Fix the signature of OSSL_provider_query_operation_fn For some reason, the 'no_cache' parameter was declare 'const', when it's in fact supposed to be modifiable. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11777) ----------------------------------------------------------------------- Summary of changes: crypto/provider_core.c | 4 ++- include/openssl/core_numbers.h | 2 +- providers/build.info | 2 +- providers/defltprov.c | 16 ++++++--- providers/fips/fipsprov.c | 77 +++++++++++++++++++++++++----------------- providers/legacyprov.c | 26 +++++++++----- 6 files changed, 80 insertions(+), 47 deletions(-) diff --git a/crypto/provider_core.c b/crypto/provider_core.c index b100e5a15d..1cbe369754 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -418,6 +418,7 @@ int OSSL_PROVIDER_set_default_search_path(OPENSSL_CTX *libctx, const char *path) static int provider_activate(OSSL_PROVIDER *prov) { const OSSL_DISPATCH *provider_dispatch = NULL; + void *tmp_provctx = NULL; /* safety measure */ #ifndef OPENSSL_NO_ERR # ifndef FIPS_MODULE OSSL_provider_get_reason_strings_fn *p_get_reason_strings = NULL; @@ -488,7 +489,7 @@ static int provider_activate(OSSL_PROVIDER *prov) /* Call the initialise function for the provider. */ if (prov->init_function == NULL || !prov->init_function(prov, core_dispatch, &provider_dispatch, - &prov->provctx)) { + &tmp_provctx)) { ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL, NULL, "name=%s", prov->name); #ifndef FIPS_MODULE @@ -497,6 +498,7 @@ static int provider_activate(OSSL_PROVIDER *prov) #endif return 0; } + prov->provctx = tmp_provctx; for (; provider_dispatch->function_id != 0; provider_dispatch++) { switch (provider_dispatch->function_id) { diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 2cf2f27715..6af086fc2b 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -161,7 +161,7 @@ OSSL_CORE_MAKE_FUNC(int,provider_get_params,(void *provctx, OSSL_PARAM params[])) # define OSSL_FUNC_PROVIDER_QUERY_OPERATION 1027 OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation, - (void *provctx, int operation_id, const int *no_store)) + (void *provctx, int operation_id, int *no_store)) # define OSSL_FUNC_PROVIDER_GET_REASON_STRINGS 1028 OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,provider_get_reason_strings, (void *provctx)) diff --git a/providers/build.info b/providers/build.info index aae9115dd8..b7eef40521 100644 --- a/providers/build.info +++ b/providers/build.info @@ -149,7 +149,7 @@ IF[{- !$disabled{legacy} -}] # Common things that are valid no matter what form the Legacy provider # takes. SOURCE[$LEGACYGOAL]=legacyprov.c - INCLUDE[$LEGACYGOAL]=../include implementations/include + INCLUDE[$LEGACYGOAL]=../include implementations/include common/include ENDIF # diff --git a/providers/defltprov.c b/providers/defltprov.c index f26654abf7..baea34ac04 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -15,11 +15,20 @@ #include #include #include "prov/bio.h" +#include "prov/provider_ctx.h" #include "prov/providercommon.h" #include "prov/implementations.h" #include "prov/provider_util.h" #include "internal/nelem.h" +/* + * Forward declarations to ensure that interface functions are correctly + * defined. + */ +static OSSL_provider_gettable_params_fn deflt_gettable_params; +static OSSL_provider_get_params_fn deflt_get_params; +static OSSL_provider_query_operation_fn deflt_query; + #define ALGC(NAMES, FUNC, CHECK) { { NAMES, "provider=default", FUNC }, CHECK } #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) @@ -35,12 +44,12 @@ static const OSSL_PARAM deflt_param_types[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *deflt_gettable_params(const OSSL_PROVIDER *prov) +static const OSSL_PARAM *deflt_gettable_params(void *provctx) { return deflt_param_types; } -static int deflt_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) +static int deflt_get_params(void *provctx, OSSL_PARAM params[]) { OSSL_PARAM *p; @@ -500,8 +509,7 @@ static const OSSL_ALGORITHM deflt_serializer[] = { { NULL, NULL, NULL } }; -static const OSSL_ALGORITHM *deflt_query(OSSL_PROVIDER *prov, - int operation_id, +static const OSSL_ALGORITHM *deflt_query(void *provctx, int operation_id, int *no_cache) { *no_cache = 0; diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index faf74831eb..1ed475e1f5 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -34,6 +34,15 @@ #include "prov/provider_util.h" #include "self_test.h" +/* + * Forward declarations to ensure that interface functions are correctly + * defined. + */ +static OSSL_provider_teardown_fn fips_teardown; +static OSSL_provider_gettable_params_fn fips_gettable_params; +static OSSL_provider_get_params_fn fips_get_params; +static OSSL_provider_query_operation_fn fips_query; + #define ALGC(NAMES, FUNC, CHECK) { { NAMES, "provider=fips,fips=yes", FUNC }, CHECK } #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) @@ -127,9 +136,8 @@ static OSSL_PARAM core_params[] = }; /* TODO(3.0): To be removed */ -static int dummy_evp_call(void *provctx) +static int dummy_evp_call(OPENSSL_CTX *libctx) { - OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); EVP_MD_CTX *ctx = EVP_MD_CTX_new(); EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL); EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL); @@ -208,12 +216,12 @@ static int dummy_evp_call(void *provctx) return ret; } -static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov) +static const OSSL_PARAM *fips_gettable_params(void *provctx) { return fips_param_types; } -static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) +static int fips_get_params(void *provctx, OSSL_PARAM params[]) { OSSL_PARAM *p; @@ -479,9 +487,8 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { { NULL, NULL, NULL } }; -static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, - int operation_id, - int *no_cache) +static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id, + int *no_cache) { *no_cache = 0; switch (operation_id) { @@ -506,13 +513,14 @@ static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, return NULL; } +static void fips_teardown(void *provctx) +{ + OPENSSL_CTX_free(PROV_LIBRARY_CONTEXT_OF(provctx)); +} + /* Functions we provide to the core */ static const OSSL_DISPATCH fips_dispatch_table[] = { - /* - * To release our resources we just need to free the OPENSSL_CTX so we just - * use OPENSSL_CTX_free directly as our teardown function - */ - { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free }, + { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_teardown }, { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params }, { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, @@ -532,7 +540,7 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, void **provctx) { FIPS_GLOBAL *fgbl; - OPENSSL_CTX *ctx; + OPENSSL_CTX *libctx; OSSL_self_test_cb_fn *stcbfn = NULL; OSSL_core_get_library_context_fn *c_get_libctx = NULL; @@ -639,35 +647,34 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, return 0; /* Create a context. */ - if ((ctx = OPENSSL_CTX_new()) == NULL) - return 0; - if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX, - &fips_prov_ossl_ctx_method)) == NULL) { - OPENSSL_CTX_free(ctx); + if ((libctx = OPENSSL_CTX_new()) == NULL) return 0; - } + *provctx = libctx; + + if ((fgbl = openssl_ctx_get_data(libctx, OPENSSL_CTX_FIPS_PROV_INDEX, + &fips_prov_ossl_ctx_method)) == NULL) + goto err; fgbl->prov = provider; - selftest_params.libctx = PROV_LIBRARY_CONTEXT_OF(ctx); - if (!SELF_TEST_post(&selftest_params, 0)) { - OPENSSL_CTX_free(ctx); - return 0; - } + selftest_params.libctx = libctx; + if (!SELF_TEST_post(&selftest_params, 0)) + goto err; /* * TODO(3.0): Remove me. This is just a dummy call to demonstrate making * EVP calls from within the FIPS module. */ - if (!dummy_evp_call(ctx)) { - OPENSSL_CTX_free(ctx); - return 0; - } + if (!dummy_evp_call(libctx)) + goto err; *out = fips_dispatch_table; - *provctx = ctx; return 1; + err: + fips_teardown(*provctx); + *provctx = NULL; + return 0; } /* @@ -750,9 +757,17 @@ int ERR_pop_to_mark(void) return c_pop_error_to_mark(NULL); } -const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx) +/* + * This must take a library context, since it's called from the depths + * of crypto/initthread.c code, where it's (correctly) assumed that the + * passed caller argument is an OPENSSL_CTX pointer (since the same routine + * is also called from other parts of libcrypto, which all pass around a + * OPENSSL_CTX pointer) + */ +const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *libctx) { - FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX, + FIPS_GLOBAL *fgbl = openssl_ctx_get_data(libctx, + OPENSSL_CTX_FIPS_PROV_INDEX, &fips_prov_ossl_ctx_method); if (fgbl == NULL) diff --git a/providers/legacyprov.c b/providers/legacyprov.c index ca91093893..07b505a8ac 100644 --- a/providers/legacyprov.c +++ b/providers/legacyprov.c @@ -13,8 +13,17 @@ #include #include #include +#include "prov/provider_ctx.h" #include "prov/implementations.h" +/* + * Forward declarations to ensure that interface functions are correctly + * defined. + */ +static OSSL_provider_gettable_params_fn legacy_gettable_params; +static OSSL_provider_get_params_fn legacy_get_params; +static OSSL_provider_query_operation_fn legacy_query; + #define ALG(NAMES, FUNC) { NAMES, "provider=legacy", FUNC } #ifdef STATIC_LEGACY @@ -27,19 +36,19 @@ static OSSL_core_gettable_params_fn *c_gettable_params = NULL; static OSSL_core_get_params_fn *c_get_params = NULL; /* Parameters we provide to the core */ -static const OSSL_ITEM legacy_param_types[] = { - { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_NAME }, - { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_VERSION }, - { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_BUILDINFO }, - { 0, NULL } +static const OSSL_PARAM legacy_param_types[] = { + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_END }; -static const OSSL_ITEM *legacy_gettable_params(const OSSL_PROVIDER *prov) +static const OSSL_PARAM *legacy_gettable_params(void *provctx) { return legacy_param_types; } -static int legacy_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) +static int legacy_get_params(void *provctx, OSSL_PARAM params[]) { OSSL_PARAM *p; @@ -133,8 +142,7 @@ static const OSSL_ALGORITHM legacy_ciphers[] = { { NULL, NULL, NULL } }; -static const OSSL_ALGORITHM *legacy_query(OSSL_PROVIDER *prov, - int operation_id, +static const OSSL_ALGORITHM *legacy_query(void *provctx, int operation_id, int *no_cache) { *no_cache = 0; From openssl at openssl.org Tue May 12 10:39:29 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 12 May 2020 10:39:29 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1589279969.314523.12787.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 3f2a8d971a doc: fix two invalid tags 582311d7b4 Extract HTTP server code from apps/ocsp.c to apps/lib/http_server.c d8c78e5f4a Fix bio_wait() in crypto/bio/bio_lib.c in case OPENSSL_NO_SOCK 9253f8346a Constify 'req' parameter of OSSL_HTTP_post_asn1() 045229cfe8 Fix bug in OSSL_CMP_SRV_process_request() on transaction renewal 8c30dfee3e doc: remove deprecation notes for apps that are staying. 0324ffc5d5 Fix PEM certificate loading that sometimes fails 257e9d03b0 Fix issues reported by markdownlint 4ef0ddc9d8 travis: enable markdownlint checks c7fa92979c EVP: when setting the operation to EVP_PKEY_OP_UNDEFINED, clean up! Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1987, 528 wallclock secs ( 6.47 usr 1.26 sys + 501.37 cusr 32.52 csys = 541.62 CPU) Result: FAIL Makefile:3046: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3044: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue May 12 12:14:19 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 12 May 2020 12:14:19 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1589285659.602047.30938.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 3f2a8d971a doc: fix two invalid tags 582311d7b4 Extract HTTP server code from apps/ocsp.c to apps/lib/http_server.c d8c78e5f4a Fix bio_wait() in crypto/bio/bio_lib.c in case OPENSSL_NO_SOCK 9253f8346a Constify 'req' parameter of OSSL_HTTP_post_asn1() 045229cfe8 Fix bug in OSSL_CMP_SRV_process_request() on transaction renewal 8c30dfee3e doc: remove deprecation notes for apps that are staying. 0324ffc5d5 Fix PEM certificate loading that sometimes fails 257e9d03b0 Fix issues reported by markdownlint 4ef0ddc9d8 travis: enable markdownlint checks c7fa92979c EVP: when setting the operation to EVP_PKEY_OP_UNDEFINED, clean up! Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslprovider.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=197, Tests=1904, 581 wallclock secs ( 6.61 usr 1.52 sys + 550.81 cusr 39.26 csys = 598.20 CPU) Result: FAIL Makefile:3032: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:3030: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue May 12 12:54:21 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 12 May 2020 12:54:21 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1589288061.611748.6666.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 3f2a8d971a doc: fix two invalid tags 582311d7b4 Extract HTTP server code from apps/ocsp.c to apps/lib/http_server.c d8c78e5f4a Fix bio_wait() in crypto/bio/bio_lib.c in case OPENSSL_NO_SOCK 9253f8346a Constify 'req' parameter of OSSL_HTTP_post_asn1() 045229cfe8 Fix bug in OSSL_CMP_SRV_process_request() on transaction renewal 8c30dfee3e doc: remove deprecation notes for apps that are staying. 0324ffc5d5 Fix PEM certificate loading that sometimes fails 257e9d03b0 Fix issues reported by markdownlint 4ef0ddc9d8 travis: enable markdownlint checks c7fa92979c EVP: when setting the operation to EVP_PKEY_OP_UNDEFINED, clean up! Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1989, 660 wallclock secs ( 7.97 usr 1.35 sys + 622.36 cusr 44.26 csys = 675.94 CPU) Result: FAIL Makefile:3050: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3048: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue May 12 14:12:27 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 12 May 2020 14:12:27 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1589292747.446156.23129.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 3f2a8d971a doc: fix two invalid tags 582311d7b4 Extract HTTP server code from apps/ocsp.c to apps/lib/http_server.c d8c78e5f4a Fix bio_wait() in crypto/bio/bio_lib.c in case OPENSSL_NO_SOCK 9253f8346a Constify 'req' parameter of OSSL_HTTP_post_asn1() 045229cfe8 Fix bug in OSSL_CMP_SRV_process_request() on transaction renewal 8c30dfee3e doc: remove deprecation notes for apps that are staying. 0324ffc5d5 Fix PEM certificate loading that sometimes fails 257e9d03b0 Fix issues reported by markdownlint 4ef0ddc9d8 travis: enable markdownlint checks c7fa92979c EVP: when setting the operation to EVP_PKEY_OP_UNDEFINED, clean up! Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslprovider.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=197, Tests=1904, 572 wallclock secs ( 6.58 usr 1.53 sys + 541.42 cusr 39.72 csys = 589.25 CPU) Result: FAIL Makefile:3040: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:3038: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue May 12 14:53:12 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 12 May 2020 14:53:12 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1589295192.011281.31317.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 3f2a8d971a doc: fix two invalid tags 582311d7b4 Extract HTTP server code from apps/ocsp.c to apps/lib/http_server.c d8c78e5f4a Fix bio_wait() in crypto/bio/bio_lib.c in case OPENSSL_NO_SOCK 9253f8346a Constify 'req' parameter of OSSL_HTTP_post_asn1() 045229cfe8 Fix bug in OSSL_CMP_SRV_process_request() on transaction renewal 8c30dfee3e doc: remove deprecation notes for apps that are staying. 0324ffc5d5 Fix PEM certificate loading that sometimes fails 257e9d03b0 Fix issues reported by markdownlint 4ef0ddc9d8 travis: enable markdownlint checks c7fa92979c EVP: when setting the operation to EVP_PKEY_OP_UNDEFINED, clean up! Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1989, 664 wallclock secs ( 7.97 usr 1.40 sys + 627.54 cusr 43.55 csys = 680.46 CPU) Result: FAIL Makefile:3042: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3040: recipe for target 'tests' failed make: *** [tests] Error 2 From tmraz at fedoraproject.org Tue May 12 17:24:15 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Tue, 12 May 2020 17:24:15 +0000 Subject: [openssl] master update Message-ID: <1589304255.681865.1697.nullmailer@dev.openssl.org> The branch master has been updated via f523ca66612e6712f287aa4b4ed722a5f2d4d960 (commit) from 914db66d2337d560b042ac710817c69b89045d52 (commit) - Log ----------------------------------------------------------------- commit f523ca66612e6712f287aa4b4ed722a5f2d4d960 Author: Tomas Mraz Date: Mon May 11 17:15:40 2020 +0200 Replace misleading error message when loading PEM The error message "short header" when the end line of PEM data cannot be identified is misleading. Replace it with already existing "bad end line" error. Fixes #8815 Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11793) ----------------------------------------------------------------------- Summary of changes: crypto/pem/pem_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index f5ed70d6b4..40a31dec97 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -824,7 +824,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, flags_mask = ~0u; len = BIO_gets(bp, linebuf, LINESIZE); if (len <= 0) { - PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_SHORT_HEADER); + PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); goto err; } From tmraz at fedoraproject.org Tue May 12 17:25:48 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Tue, 12 May 2020 17:25:48 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1589304348.637844.3708.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 3ee36aa18253108a4aac304adfa19707edf56d50 (commit) from 69296e264e58334620f541d09a4e381ee45542d4 (commit) - Log ----------------------------------------------------------------- commit 3ee36aa18253108a4aac304adfa19707edf56d50 Author: Tomas Mraz Date: Mon May 11 17:15:40 2020 +0200 Replace misleading error message when loading PEM The error message "short header" when the end line of PEM data cannot be identified is misleading. Replace it with already existing "bad end line" error. Fixes #8815 Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11793) (cherry picked from commit f523ca66612e6712f287aa4b4ed722a5f2d4d960) ----------------------------------------------------------------------- Summary of changes: crypto/pem/pem_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 0d79f4aea0..093ba09aeb 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -809,7 +809,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, flags_mask = ~0u; len = BIO_gets(bp, linebuf, LINESIZE); if (len <= 0) { - PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_SHORT_HEADER); + PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); goto err; } From bernd.edlinger at hotmail.de Wed May 13 04:29:31 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Wed, 13 May 2020 04:29:31 +0000 Subject: [openssl] master update Message-ID: <1589344171.261701.25945.nullmailer@dev.openssl.org> The branch master has been updated via 7ef43790617cb08b4bb4141df716dfb37385fe5c (commit) from f523ca66612e6712f287aa4b4ed722a5f2d4d960 (commit) - Log ----------------------------------------------------------------- commit 7ef43790617cb08b4bb4141df716dfb37385fe5c Author: Bernd Edlinger Date: Sun May 10 06:37:12 2020 +0200 Fix rsa8192.pem Q: How did I do that? A: That's a long story. Precondition: I used sage 8.1 for the math, it could probably done with simple python as well but I did not try. First I extract numbers from rsa8192.pem: openssl rsa -in rsa8192.pem -noout -text | sed "s/://g; s/ //g;" cut&paste the numbers into sage: modulus 00890d9fd57e81b5ed43283d0ea020 4a1229333d6fb9c37a179375b09c4f 7b5b1cf2eb025979b6d90b709928a0 6725e04caf2b0f7fe94afbdf9f3fa5 66f1ba75c2f6dc488039f410eb5fa8 ab152b8cfdb76791bb853059438edf ae56bc70a32a9f3e2d883e8b751d08 3797999dc81a9c4d6bdb3a75362fd1 d9c497cf5028dfcdd4cc3eb318e79f c0db45cbeed955da8a447f0872dee5 65bde4013340e767731441fae4fa54 51356bfbc84e1271b39f111f5f8ef3 a6c8973765b39addef80306194f4ea 89fdfc8e9744866323f6936de89b2f e2741578b8eb3c41676702fabc50ec c376e6b7b6e7f94e7d7b5c1bab3c9f 23bb0c8f04d8aca64c309fc063c406 553e1c1421cc45060df7f48c49f5c5 b459d572e273402d6a3ff008657fe9 1936714d1823c5cad53d80630b3216 9bf70feb2ebc1af6a35ee0bf059aed 49c4e367d567e130e2846859b271fd a8949b182e050819866b8e762ed29f fb3f7ca14cebfc2488662be4b3980f c8d31890a05f38ae9690cc7d9d3efc 4808e03da104a8c28bb480bb814995 a6e8b8978ab8350d90b3894e3abf7d c4ad0956335752c8d6944b38a1715e 7d9950f49e6cdba171fbe651a2ca26 65a7c70b6e8cf3a02c2f93dad8aa95 06481cdb032d04082a5a6c6a733b65 20fa80e2ef57b9cf858ca5ea11e084 bc31a386fc6b099f069786207f80d6 1f2bef294400d59394ad1006431366 a54ae09b0ecd3377dcd8af8fde9b94 fd559b0b7adc5113ba66fc4b3dc842 ee562cfcfd39b4ffc31576635873fc 59535b7aa98605772436c251834e23 4fb2347cc970a49818cac2a9ee95eb b55fa2da66edd53e11245c6732140a ae41491288cbf462eef8a807b46d0d affa38d9ccfe8033d2d4a3cf5c5b82 9df12183f7a05d3650153cd317a017 083ac641c2c3ad11305de0a032be45 c439bd7bbbe3cb97850f9d2c66f72a 4a66e9d434544fc6d294ca3c92627b e518bfa44e3017ac8ad9c0a26a227d 2e8677da0a4de8edb53ac9530adb63 83c72dbf562dc4d0fea4e492f09eb1 74548381a8686db3aeaaa3a9960cff 25e8c64701115da54fa7a1fb2c566a fcb4b2a63268d818c3391a62885d13 41b3492c4f0167291b3d026a44e68c 02f2d4d255d4c0906b92a2ced0c0bb f2bcdceaec1189895af4232dc386c9 75bf3477e5a70d3ab0ac0e5dc37024 0e34a276b155d5e290f77416a1986d ec47f8c78236ac7df249df9ba21a80 2e6bd75b4fb1c6ffe0f4cf548761a5 6a1fcccee156523a718987f3fdaedc 7171c9050db89a83f24c5a283695b9 c28de6d3b69fc1714b0add335a0ce6 fbbdbd0bbdb01e44969d775105bba3 d2947dca2f291250f9b851e76f514d dc5a3aa4498e6521314991568860eb ff1258d8b4aee9ee4159153684c0c0 16c60b17537a50b53cd59aad60678b d73f0714ab4ccae7416bab417b4907 36d59b2e9f I used echo `echo "" ` | sed "s/ //g" to get everything in one line, put that again into the clipboard and then start sage, type N=0x sage: N=0x00890d9fd57e81b5ed43283d0ea0204a1229333d6fb9c37a179375b09c4f7b5b1cf2eb025979b6d90b709928a06725e04caf2b0f7fe94afbdf9f3fa566f1ba75c2f6dc488039f410eb5fa8ab152b8cfdb76791bb853059438edfae56bc70a32a9f3e2d883e8b751d083797999dc81a9c4d6bdb3a75362fd1d9c497cf5028dfcdd4cc3eb318e79fc0db45cbeed955da8a447f0872dee565bde4013340e767731441fae4fa5451356bfbc84e1271b39f111f5f8ef3a6c8973765b39addef80306194f4ea89fdfc8e9744866323f6936de89b2fe2741578b8eb3c41676702fabc50ecc376e6b7b6e7f94e7d7b5c1bab3c9f23bb0c8f04d8aca64c309fc063c406553e1c1421cc45060df7f48c49f5c5b459d572e273402d6a3ff008657fe91936714d1823c5cad53d80630b32169bf70feb2ebc1af6a35ee0bf059aed49c4e367d567e130e2846859b271fda8949b182e050819866b8e762ed29ffb3f7ca14cebfc2488662be4b3980fc8d31890a05f38ae9690cc7d9d3efc4808e03da104a8c28bb480bb814995a6e8b8978ab8350d90b3894e3abf7dc4ad0956335752c8d6944b38a1715e7d9950f49e6cdba171fbe651a2ca2665a7c70b6e8cf3a02c2f93dad8aa9506481cdb032d04082a5a6c6a733b6520fa80e2ef57b9cf858ca5ea11e084bc31a386fc6b099f069786207f80d61f2bef294400d59394ad1006431366a54ae09b0ecd3377dcd8af8fde9b94fd559b0b7adc5113ba66fc4b3dc842ee562cfcfd39b4ffc31576635873fc59535b7aa98605772436c251834e234fb2347cc970a49818cac2a9ee95ebb55fa2da66edd53e11245c6732140aae41491288cbf462eef8a807b46d0daffa38d9ccfe8033d2d4a3cf5c5b829df12183f7a05d3650153cd317a017083ac641c2c3ad11305de0a032be45c439bd7bbbe3cb97850f9d2c66f72a4a66e9d434544fc6d294ca3c92627be518bfa44e3017ac8ad9c0a26a227d2e8677da0a4de8edb53ac9530adb6383c72dbf562dc4d0fea4e492f09eb174548381a8686db3aeaaa3a9960cff25e8c64701115da54fa7a1fb2c566afcb4b2a63268d818c3391a62885d1341b3492c4f0167291b3d026a44e68c02f2d4d255d4c0906b92a2ced0c0bbf2bcdceaec1189895af4232dc386c975bf3477e5a70d3ab0ac0e5dc370240e34a276b155d5e290f77416a1986dec47f8c78236ac7df249df9ba21a802e6bd75b4fb1c6ffe0f4cf548761a56a1fcccee156523a718987f3fdaedc7171c9050db89a83f24c5a283695b9c28de6d3b69fc1714b0add335a0ce6fbbdbd0bbdb01e44969d775105bba3d2947dca2f291250f9b851e76f514ddc5a3aa4498e6521314991568860ebff1258d8b4aee9ee4159153684c0c016c60b17537a50b53cd59aad60678bd73f0714ab4ccae7416bab417b490736d59b2e9f likewise for prime1 (P), prime2 (Q) and privateExponent (D) and publicExponent (E) sage: P=0x00c6d6eb9c0f93f8b8de74b2799798c1c1ed47549426a0d76af61f04f0b455184acfeec354c1703709e8727ea0213001738e395b5ca5ed4deec30f8b1ae0e54a516777c5ae897a5562e77dfe378dbba32ee30bcdb275ab7f87f8b9af02712d371a6aa671b44e0f667a6f2d406e5099d942f592ff5c517d452d58cf3f51120062a878fb77066650275b897caf078a5353f1d714963ff90818b6b87c6db438681b4b315c4fd256c1bd383fcf8e67b49a3ee077373a66d77e4c02eebe9350478a51cdfa395d60d905c1189ed7041373f1609075faf9d9f39d3d7b0e7fc8b1d36cb8c5c48731ef5cd87e11f480cdfa4b3ee6cf7eebd3e13f4244647396d52030b82c39d69a3a4075ee90531d1ddb5f1284dc7ab09a3892de5c0ddeed115c7c9ee5fc008658830b0e6f7f366a72f215192498474ade046fc10e92591dfa133e4beff98758e0e92c05f999504a486e3f71c15b73adf7fe0d311f0d0dc1a8e2aff92572475a92e60f970174c80c4948a0cb86635cb438519b18c260ff9f212925e684ef151cc91fa1c4c8dbbc337c9b46f9a93c88cce49e49a670762186e8858051f93ebff7b0b50caadd9b32f93e396b5a6d1cd7f77b2e50e83fae5f3928433268f6cc28810071ce334025a24c7ebf92e631df0d26e99923018946de4ea5e30e868c33ea3d408d8c58815ecf9892fa3afa5f6fbef9a1dfda2da51b6f01f3dae588bdf17b sage: Q=0x00b073b35a3bba0954b242961630e8e0af8d3ea8aad80d55669e9e79c388983363d96fe471205743001b4798b81de1be3fb06353fd0c9c4fd43f91f9cb2162b00583cc94ff791a615348d01977ca05f4796d5bff41d94dda1cb3ef2433ff4f6500d15ab290a14e651efa91b7df5d5e50f8356188d9842dcdd67c89eb7d40baa78f045969b804f7a985d35a8a8ac32715cb212a34fb89e85e538275e53663fe675944d2b5dba77b7b7abfacd8fbddee4427db6460b728952af882992750c2542d2122247d7f431ec2fe64c0311b0de5290eb619c6ab476308d59f3efff7255d07ebb51fe64ac5967c0b79bae07d36283cf768c8eee2054349cefe90876da66a52e9e0ff20cc00a40fb0c69524e7a01e5c2f07239831a0fa2f56ad405b3a25537907d990e8f5a3e4f3df99dda6afc30d4565aa5881f64adcc6f6be4077893c7e7710623e6158359c3facfef5036779903065fd0d0a2ed8bf2e53a46758dbff06284670bf10bd2e13cba4323ce50fa43df373bd0940011c424f41c5035a10b8095f420ddb67189f6dad62f1257b0f46e353a90eacc145c7db74998a5d0d8772ba1286eb582504465290171e4db87f2e89564214a2317953a7307b1b4c8dad5920866087d7ae80845478813bdf5f6740d0f3b975a344272804b036e4fef09e91d60d1a730fda2f5c222f7636bbe252f9a6caa86d5e8be7e7db2cf912817a0898a4742d sage: D=0x3b900240c4a416aeb09b123e02f5457bb31023c9249081c5313edaac741686388492020964ce4471a653c9c63c4dc7b74c0188d0ec50bc3a29797da6c9b3616e83dea45ba5d41e6e4cba7eefca6791f45d3c86a491a899a5c42c7e61930a3681d281f34e4b49707e9bba74f68f7a91274c92904b546b5fe6267c5b8ad8d8bb199a523d7fbb5a40748b56dfccf074f3d664e705153dd903b7cd95bac556be3ab59a165d7cbb765e21a4a1d97e34b412baf1caacb57543d2bd8e5ae5cd2a86dc41e256f3f5c0073052859d1c8a12f4973caa88de2e5eb2eef8d6ebdb66fe154d8e383cba74693753affaf4dbc8e2988c08f947b1f8473a7163775656448572c325250ad2cd75c9f5d42721b91ae8fb427773605afa2f4297daf7ab34f5d71144185f3f5cbc94041081fae19fd5d47fc49421080edc5d658b5f223fb1e9b172f4da1a92263fa922225d4c0231e35d94d276fcb0e0999f5f26068528c83f49b0dd79fb157c49fe8b3d80e7cd2b3da76478ebd2ae2c8164583bee2f96591e2f41ad799ae0e2855a5699996fb2c7efb69f86874bca58628e512d579b247e43ee8db04b424e84e44cf753f86e12dd8d2e0ea0b800e6c313317c14658993b8e04c7fb5de1cba0829123dc518957be2a46f76f8ff305fee17b2310bfdd66a93c8b050451f8ceb26c518b7abb72faf08fca0bf6df8a80de511ffc00dc350cd87e52c9cf5771892300e420929da698b6b973da849c89410f089e9b39de79fc1a01a27d2f879ce5cd80ca0a3899d9f480c68d7a5f8c8b3c74936b19f0c7174987df437658046adaffdaddc3540be7fc06a1d2290f58ad9a2992d32e9ecbadf2eed961b4e68c8a89a5709a334082ad297348c4c31c54a3dadccb93afaa9f1786c4167021d4a16dd78afb41131bdd651357bd44f42cfee5d03fdfae087255d18a6a41c03aa6408b6097d8a6848cbbf05a7f20207d5673ea5e6dc849d5d3009c6e8a6c41285cd64f71b536d8345d61f404079278facde0d6e2264cbe655e877468bd3e76380d91f282f26ae17e41a1bac76c148c4c75dd22656816ab259e2c79920e27e6bcfa83732ac6e0a245dcd9cc82f69e45019cf53ac39bebca3ddea0f55ef97b6d8f7b7eadaae792fb1b55c73cf2ed644e651a22c60ed9c0bb063c50fadda6beccbf6c88c41ef1546bab5f21dbe4fbeeb11f3c5c40fa1cc3df2c11bfe7910d1d36a5ec6e66462c7e216481008931039299d23f2be4d838fb010b661a8541a8b7f7bf7d6c8032895e82133e24c835e5a3491249ec69f28e22cf9b0fab9be9ea17026fbadd470eee4676d7ac79976a1c6807e89b5dabab815ffa076caeaeb53f505a31129dac1e9f0b5d919f17aced63574c8524000022b6bc6cb9c8d6a06e44c72e055a1e2706e736af241ab3084fa56cf942aa139440f74e230be31cd8dd4bf0cbdd657f1 sage: E=0x10001 check: sage: is_pseudoprime(P) True sage: gcd(N,P) 811194519730394220204949383061971492284209477134487451053533919242408334468793875483685418435472924384137737409878754330061341487239404629370463160720071782806016579636145456953095810661706004899017496722730291178259805745059054744795252171022091469940626116746608128441399036310378334222880519662696558703165249434265697658704322903051581598088400258377253583825209022558177374913570364047051007093402547387492492645729748176160840842076964161794363721255756097675823463557162877865622894488049720201680509519072521257128596878592149455958732762099800396648453225220977153025222265023206761554302369499402146842619059859650958489842850140873473393484632985863967898676228674751576699965523367097641503814266418957281198265955430221973482931544501209059788536033857660452959160612655542331433647351037413298986228798018950712662579341162832440884265576141868775326408627532047094505284395403786932363148262901839514736964209136867574532808481484592060405175685831168554790879720280778881035860464184791941816702480873202940903024652495084770128062224279875598826600084633389722629461385386069921483006677287847102371176994910369378323222717613076771700378608286670543729473076010314569999636269167049088093674649352610884381826740603 sage: N%P 0 >> P seems to be a prime, and is indeed a factor of N. sage: is_pseudoprime(Q) False sage: gcd(N,Q) 1 sage: ecm(Q) Found composite factor of 3 digits: 675 Composite cofactor ... has 1231 digits. Q has a small factor. The large cofactor is way too large to be factorized (today). >> Q must be wrong. sage: pow(pow(2,E,N),D,N) 2 sage: pow(pow(3,E,N),D,N) 3 sage: pow(pow(5,E,N),D,N) 5 sage: pow(pow(7,E,N),D,N) 7 sage: pow(pow(11,E,N),D,N) 11 sage: pow(pow(1000,E,N),D,N) 1000 >> x^D mod N is indeed the inverse of x^E mod N >> D seems to be correct. >> now compute sage: Qcorrect = N/P sage: is_prime(Qcorrect) False sage: is_pseudoprime(Qcorrect) True >> surprise, this is a sage artefact. >> is_prime is supposed to tell if Qcorrect >> is a provable prime, but these numbers are >> too large for a proof. sage: help(Qcorrect) class Rational ... >> oops, it is of course not a rational number. sage: Qcorrect = Integer(N/P) class Integer ... >> okay now it is an integer. sage: is_prime(Qcorrect) >> takes way too long: press CTRL-C sage: is_pseudoprime(Qcorrect) True >> so the correct Q seems to be a prime. sage: Q-Qcorrect 4468358315186607582623830645994123175323958284313904132666602205502546750542721902065776801908141680869902222733839989940221831332787838985874881107673910358472026239723185949529735314601712865712198736991916521419325287976337589177915143787138292689484229106140251936135768934015263941567159094923493376 sage: hex(Q-Qcorrect) '1a10400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000' >> interesting, now figure out the bits that are flipped in Q: Q ...20ddb67189f6dad... Qcorrect ...20dd9c6149f6dad... $ openssl rsa -in rsa8192.pem -outform der -out rsa8192.der writing RSA key $ xxd -ps < rsa8192.der > rsa8192.hex $ sed "s/20ddb67189f6dad/20dd9c6149f6dad/" < rsa8192.hex > rsa8192.out $ diff rsa8192.hex rsa8192.out 100c100 < 10b8095f420ddb67189f6dad62f1257b0f46e353a90eacc145c7db74998a --- > 10b8095f420dd9c6149f6dad62f1257b0f46e353a90eacc145c7db74998a >> et voila $ xxd -ps -r < rsa8192.out > rsa8192.der $ openssl rsa -inform der -in rsa8192.der -out rsa8192.pem writing RSA key $ openssl rsa -check -noout -in rsa8192.pem RSA key ok $ git diff diff --git a/apps/rsa8192.pem b/apps/rsa8192.pem index 946a6e5..83d962f 100644 --- a/apps/rsa8192.pem +++ b/apps/rsa8192.pem @@ -1,5 +1,4 @@ -----BEGIN RSA PRIVATE KEY----- - MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY @@ -62,7 +61,7 @@ JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9 DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN -22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU +2cYUn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8 @@ -98,4 +97,3 @@ TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8= -----END RSA PRIVATE KEY----- - >> DONE. Fixes #11776 Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/11783) ----------------------------------------------------------------------- Summary of changes: apps/rsa8192.pem | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/apps/rsa8192.pem b/apps/rsa8192.pem index 946a6e5433..83d962f40f 100644 --- a/apps/rsa8192.pem +++ b/apps/rsa8192.pem @@ -1,5 +1,4 @@ -----BEGIN RSA PRIVATE KEY----- - MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY @@ -62,7 +61,7 @@ JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9 DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN -22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU +2cYUn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8 @@ -98,4 +97,3 @@ TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8= -----END RSA PRIVATE KEY----- - From bernd.edlinger at hotmail.de Wed May 13 04:30:36 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Wed, 13 May 2020 04:30:36 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1589344236.350127.27561.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 024035b6e018405d7c29bce2e10e884066203601 (commit) from 3ee36aa18253108a4aac304adfa19707edf56d50 (commit) - Log ----------------------------------------------------------------- commit 024035b6e018405d7c29bce2e10e884066203601 Author: Bernd Edlinger Date: Sun May 10 06:37:12 2020 +0200 Fix rsa8192.pem Q: How did I do that? A: That's a long story. Precondition: I used sage 8.1 for the math, it could probably done with simple python as well but I did not try. First I extract numbers from rsa8192.pem: openssl rsa -in rsa8192.pem -noout -text | sed "s/://g; s/ //g;" cut&paste the numbers into sage: modulus 00890d9fd57e81b5ed43283d0ea020 4a1229333d6fb9c37a179375b09c4f 7b5b1cf2eb025979b6d90b709928a0 6725e04caf2b0f7fe94afbdf9f3fa5 66f1ba75c2f6dc488039f410eb5fa8 ab152b8cfdb76791bb853059438edf ae56bc70a32a9f3e2d883e8b751d08 3797999dc81a9c4d6bdb3a75362fd1 d9c497cf5028dfcdd4cc3eb318e79f c0db45cbeed955da8a447f0872dee5 65bde4013340e767731441fae4fa54 51356bfbc84e1271b39f111f5f8ef3 a6c8973765b39addef80306194f4ea 89fdfc8e9744866323f6936de89b2f e2741578b8eb3c41676702fabc50ec c376e6b7b6e7f94e7d7b5c1bab3c9f 23bb0c8f04d8aca64c309fc063c406 553e1c1421cc45060df7f48c49f5c5 b459d572e273402d6a3ff008657fe9 1936714d1823c5cad53d80630b3216 9bf70feb2ebc1af6a35ee0bf059aed 49c4e367d567e130e2846859b271fd a8949b182e050819866b8e762ed29f fb3f7ca14cebfc2488662be4b3980f c8d31890a05f38ae9690cc7d9d3efc 4808e03da104a8c28bb480bb814995 a6e8b8978ab8350d90b3894e3abf7d c4ad0956335752c8d6944b38a1715e 7d9950f49e6cdba171fbe651a2ca26 65a7c70b6e8cf3a02c2f93dad8aa95 06481cdb032d04082a5a6c6a733b65 20fa80e2ef57b9cf858ca5ea11e084 bc31a386fc6b099f069786207f80d6 1f2bef294400d59394ad1006431366 a54ae09b0ecd3377dcd8af8fde9b94 fd559b0b7adc5113ba66fc4b3dc842 ee562cfcfd39b4ffc31576635873fc 59535b7aa98605772436c251834e23 4fb2347cc970a49818cac2a9ee95eb b55fa2da66edd53e11245c6732140a ae41491288cbf462eef8a807b46d0d affa38d9ccfe8033d2d4a3cf5c5b82 9df12183f7a05d3650153cd317a017 083ac641c2c3ad11305de0a032be45 c439bd7bbbe3cb97850f9d2c66f72a 4a66e9d434544fc6d294ca3c92627b e518bfa44e3017ac8ad9c0a26a227d 2e8677da0a4de8edb53ac9530adb63 83c72dbf562dc4d0fea4e492f09eb1 74548381a8686db3aeaaa3a9960cff 25e8c64701115da54fa7a1fb2c566a fcb4b2a63268d818c3391a62885d13 41b3492c4f0167291b3d026a44e68c 02f2d4d255d4c0906b92a2ced0c0bb f2bcdceaec1189895af4232dc386c9 75bf3477e5a70d3ab0ac0e5dc37024 0e34a276b155d5e290f77416a1986d ec47f8c78236ac7df249df9ba21a80 2e6bd75b4fb1c6ffe0f4cf548761a5 6a1fcccee156523a718987f3fdaedc 7171c9050db89a83f24c5a283695b9 c28de6d3b69fc1714b0add335a0ce6 fbbdbd0bbdb01e44969d775105bba3 d2947dca2f291250f9b851e76f514d dc5a3aa4498e6521314991568860eb ff1258d8b4aee9ee4159153684c0c0 16c60b17537a50b53cd59aad60678b d73f0714ab4ccae7416bab417b4907 36d59b2e9f I used echo `echo "" ` | sed "s/ //g" to get everything in one line, put that again into the clipboard and then start sage, type N=0x sage: N=0x00890d9fd57e81b5ed43283d0ea0204a1229333d6fb9c37a179375b09c4f7b5b1cf2eb025979b6d90b709928a06725e04caf2b0f7fe94afbdf9f3fa566f1ba75c2f6dc488039f410eb5fa8ab152b8cfdb76791bb853059438edfae56bc70a32a9f3e2d883e8b751d083797999dc81a9c4d6bdb3a75362fd1d9c497cf5028dfcdd4cc3eb318e79fc0db45cbeed955da8a447f0872dee565bde4013340e767731441fae4fa5451356bfbc84e1271b39f111f5f8ef3a6c8973765b39addef80306194f4ea89fdfc8e9744866323f6936de89b2fe2741578b8eb3c41676702fabc50ecc376e6b7b6e7f94e7d7b5c1bab3c9f23bb0c8f04d8aca64c309fc063c406553e1c1421cc45060df7f48c49f5c5b459d572e273402d6a3ff008657fe91936714d1823c5cad53d80630b32169bf70feb2ebc1af6a35ee0bf059aed49c4e367d567e130e2846859b271fda8949b182e050819866b8e762ed29ffb3f7ca14cebfc2488662be4b3980fc8d31890a05f38ae9690cc7d9d3efc4808e03da104a8c28bb480bb814995a6e8b8978ab8350d90b3894e3abf7dc4ad0956335752c8d6944b38a1715e7d9950f49e6cdba171fbe651a2ca2665a7c70b6e8cf3a02c2f93dad8aa9506481cdb032d04082a5a6c6a733b6520fa80e2ef57b9cf858ca5ea11e084bc31a386fc6b099f069786207f80d61f2bef294400d59394ad1006431366a54ae09b0ecd3377dcd8af8fde9b94fd559b0b7adc5113ba66fc4b3dc842ee562cfcfd39b4ffc31576635873fc59535b7aa98605772436c251834e234fb2347cc970a49818cac2a9ee95ebb55fa2da66edd53e11245c6732140aae41491288cbf462eef8a807b46d0daffa38d9ccfe8033d2d4a3cf5c5b829df12183f7a05d3650153cd317a017083ac641c2c3ad11305de0a032be45c439bd7bbbe3cb97850f9d2c66f72a4a66e9d434544fc6d294ca3c92627be518bfa44e3017ac8ad9c0a26a227d2e8677da0a4de8edb53ac9530adb6383c72dbf562dc4d0fea4e492f09eb174548381a8686db3aeaaa3a9960cff25e8c64701115da54fa7a1fb2c566afcb4b2a63268d818c3391a62885d1341b3492c4f0167291b3d026a44e68c02f2d4d255d4c0906b92a2ced0c0bbf2bcdceaec1189895af4232dc386c975bf3477e5a70d3ab0ac0e5dc370240e34a276b155d5e290f77416a1986dec47f8c78236ac7df249df9ba21a802e6bd75b4fb1c6ffe0f4cf548761a56a1fcccee156523a718987f3fdaedc7171c9050db89a83f24c5a283695b9c28de6d3b69fc1714b0add335a0ce6fbbdbd0bbdb01e44969d775105bba3d2947dca2f291250f9b851e76f514ddc5a3aa4498e6521314991568860ebff1258d8b4aee9ee4159153684c0c016c60b17537a50b53cd59aad60678bd73f0714ab4ccae7416bab417b490736d59b2e9f likewise for prime1 (P), prime2 (Q) and privateExponent (D) and publicExponent (E) sage: P=0x00c6d6eb9c0f93f8b8de74b2799798c1c1ed47549426a0d76af61f04f0b455184acfeec354c1703709e8727ea0213001738e395b5ca5ed4deec30f8b1ae0e54a516777c5ae897a5562e77dfe378dbba32ee30bcdb275ab7f87f8b9af02712d371a6aa671b44e0f667a6f2d406e5099d942f592ff5c517d452d58cf3f51120062a878fb77066650275b897caf078a5353f1d714963ff90818b6b87c6db438681b4b315c4fd256c1bd383fcf8e67b49a3ee077373a66d77e4c02eebe9350478a51cdfa395d60d905c1189ed7041373f1609075faf9d9f39d3d7b0e7fc8b1d36cb8c5c48731ef5cd87e11f480cdfa4b3ee6cf7eebd3e13f4244647396d52030b82c39d69a3a4075ee90531d1ddb5f1284dc7ab09a3892de5c0ddeed115c7c9ee5fc008658830b0e6f7f366a72f215192498474ade046fc10e92591dfa133e4beff98758e0e92c05f999504a486e3f71c15b73adf7fe0d311f0d0dc1a8e2aff92572475a92e60f970174c80c4948a0cb86635cb438519b18c260ff9f212925e684ef151cc91fa1c4c8dbbc337c9b46f9a93c88cce49e49a670762186e8858051f93ebff7b0b50caadd9b32f93e396b5a6d1cd7f77b2e50e83fae5f3928433268f6cc28810071ce334025a24c7ebf92e631df0d26e99923018946de4ea5e30e868c33ea3d408d8c58815ecf9892fa3afa5f6fbef9a1dfda2da51b6f01f3dae588bdf17b sage: Q=0x00b073b35a3bba0954b242961630e8e0af8d3ea8aad80d55669e9e79c388983363d96fe471205743001b4798b81de1be3fb06353fd0c9c4fd43f91f9cb2162b00583cc94ff791a615348d01977ca05f4796d5bff41d94dda1cb3ef2433ff4f6500d15ab290a14e651efa91b7df5d5e50f8356188d9842dcdd67c89eb7d40baa78f045969b804f7a985d35a8a8ac32715cb212a34fb89e85e538275e53663fe675944d2b5dba77b7b7abfacd8fbddee4427db6460b728952af882992750c2542d2122247d7f431ec2fe64c0311b0de5290eb619c6ab476308d59f3efff7255d07ebb51fe64ac5967c0b79bae07d36283cf768c8eee2054349cefe90876da66a52e9e0ff20cc00a40fb0c69524e7a01e5c2f07239831a0fa2f56ad405b3a25537907d990e8f5a3e4f3df99dda6afc30d4565aa5881f64adcc6f6be4077893c7e7710623e6158359c3facfef5036779903065fd0d0a2ed8bf2e53a46758dbff06284670bf10bd2e13cba4323ce50fa43df373bd0940011c424f41c5035a10b8095f420ddb67189f6dad62f1257b0f46e353a90eacc145c7db74998a5d0d8772ba1286eb582504465290171e4db87f2e89564214a2317953a7307b1b4c8dad5920866087d7ae80845478813bdf5f6740d0f3b975a344272804b036e4fef09e91d60d1a730fda2f5c222f7636bbe252f9a6caa86d5e8be7e7db2cf912817a0898a4742d sage: D=0x3b900240c4a416aeb09b123e02f5457bb31023c9249081c5313edaac741686388492020964ce4471a653c9c63c4dc7b74c0188d0ec50bc3a29797da6c9b3616e83dea45ba5d41e6e4cba7eefca6791f45d3c86a491a899a5c42c7e61930a3681d281f34e4b49707e9bba74f68f7a91274c92904b546b5fe6267c5b8ad8d8bb199a523d7fbb5a40748b56dfccf074f3d664e705153dd903b7cd95bac556be3ab59a165d7cbb765e21a4a1d97e34b412baf1caacb57543d2bd8e5ae5cd2a86dc41e256f3f5c0073052859d1c8a12f4973caa88de2e5eb2eef8d6ebdb66fe154d8e383cba74693753affaf4dbc8e2988c08f947b1f8473a7163775656448572c325250ad2cd75c9f5d42721b91ae8fb427773605afa2f4297daf7ab34f5d71144185f3f5cbc94041081fae19fd5d47fc49421080edc5d658b5f223fb1e9b172f4da1a92263fa922225d4c0231e35d94d276fcb0e0999f5f26068528c83f49b0dd79fb157c49fe8b3d80e7cd2b3da76478ebd2ae2c8164583bee2f96591e2f41ad799ae0e2855a5699996fb2c7efb69f86874bca58628e512d579b247e43ee8db04b424e84e44cf753f86e12dd8d2e0ea0b800e6c313317c14658993b8e04c7fb5de1cba0829123dc518957be2a46f76f8ff305fee17b2310bfdd66a93c8b050451f8ceb26c518b7abb72faf08fca0bf6df8a80de511ffc00dc350cd87e52c9cf5771892300e420929da698b6b973da849c89410f089e9b39de79fc1a01a27d2f879ce5cd80ca0a3899d9f480c68d7a5f8c8b3c74936b19f0c7174987df437658046adaffdaddc3540be7fc06a1d2290f58ad9a2992d32e9ecbadf2eed961b4e68c8a89a5709a334082ad297348c4c31c54a3dadccb93afaa9f1786c4167021d4a16dd78afb41131bdd651357bd44f42cfee5d03fdfae087255d18a6a41c03aa6408b6097d8a6848cbbf05a7f20207d5673ea5e6dc849d5d3009c6e8a6c41285cd64f71b536d8345d61f404079278facde0d6e2264cbe655e877468bd3e76380d91f282f26ae17e41a1bac76c148c4c75dd22656816ab259e2c79920e27e6bcfa83732ac6e0a245dcd9cc82f69e45019cf53ac39bebca3ddea0f55ef97b6d8f7b7eadaae792fb1b55c73cf2ed644e651a22c60ed9c0bb063c50fadda6beccbf6c88c41ef1546bab5f21dbe4fbeeb11f3c5c40fa1cc3df2c11bfe7910d1d36a5ec6e66462c7e216481008931039299d23f2be4d838fb010b661a8541a8b7f7bf7d6c8032895e82133e24c835e5a3491249ec69f28e22cf9b0fab9be9ea17026fbadd470eee4676d7ac79976a1c6807e89b5dabab815ffa076caeaeb53f505a31129dac1e9f0b5d919f17aced63574c8524000022b6bc6cb9c8d6a06e44c72e055a1e2706e736af241ab3084fa56cf942aa139440f74e230be31cd8dd4bf0cbdd657f1 sage: E=0x10001 check: sage: is_pseudoprime(P) True sage: gcd(N,P) 811194519730394220204949383061971492284209477134487451053533919242408334468793875483685418435472924384137737409878754330061341487239404629370463160720071782806016579636145456953095810661706004899017496722730291178259805745059054744795252171022091469940626116746608128441399036310378334222880519662696558703165249434265697658704322903051581598088400258377253583825209022558177374913570364047051007093402547387492492645729748176160840842076964161794363721255756097675823463557162877865622894488049720201680509519072521257128596878592149455958732762099800396648453225220977153025222265023206761554302369499402146842619059859650958489842850140873473393484632985863967898676228674751576699965523367097641503814266418957281198265955430221973482931544501209059788536033857660452959160612655542331433647351037413298986228798018950712662579341162832440884265576141868775326408627532047094505284395403786932363148262901839514736964209136867574532808481484592060405175685831168554790879720280778881035860464184791941816702480873202940903024652495084770128062224279875598826600084633389722629461385386069921483006677287847102371176994910369378323222717613076771700378608286670543729473076010314569999636269167049088093674649352610884381826740603 sage: N%P 0 >> P seems to be a prime, and is indeed a factor of N. sage: is_pseudoprime(Q) False sage: gcd(N,Q) 1 sage: ecm(Q) Found composite factor of 3 digits: 675 Composite cofactor ... has 1231 digits. Q has a small factor. The large cofactor is way too large to be factorized (today). >> Q must be wrong. sage: pow(pow(2,E,N),D,N) 2 sage: pow(pow(3,E,N),D,N) 3 sage: pow(pow(5,E,N),D,N) 5 sage: pow(pow(7,E,N),D,N) 7 sage: pow(pow(11,E,N),D,N) 11 sage: pow(pow(1000,E,N),D,N) 1000 >> x^D mod N is indeed the inverse of x^E mod N >> D seems to be correct. >> now compute sage: Qcorrect = N/P sage: is_prime(Qcorrect) False sage: is_pseudoprime(Qcorrect) True >> surprise, this is a sage artefact. >> is_prime is supposed to tell if Qcorrect >> is a provable prime, but these numbers are >> too large for a proof. sage: help(Qcorrect) class Rational ... >> oops, it is of course not a rational number. sage: Qcorrect = Integer(N/P) class Integer ... >> okay now it is an integer. sage: is_prime(Qcorrect) >> takes way too long: press CTRL-C sage: is_pseudoprime(Qcorrect) True >> so the correct Q seems to be a prime. sage: Q-Qcorrect 4468358315186607582623830645994123175323958284313904132666602205502546750542721902065776801908141680869902222733839989940221831332787838985874881107673910358472026239723185949529735314601712865712198736991916521419325287976337589177915143787138292689484229106140251936135768934015263941567159094923493376 sage: hex(Q-Qcorrect) '1a10400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000' >> interesting, now figure out the bits that are flipped in Q: Q ...20ddb67189f6dad... Qcorrect ...20dd9c6149f6dad... $ openssl rsa -in rsa8192.pem -outform der -out rsa8192.der writing RSA key $ xxd -ps < rsa8192.der > rsa8192.hex $ sed "s/20ddb67189f6dad/20dd9c6149f6dad/" < rsa8192.hex > rsa8192.out $ diff rsa8192.hex rsa8192.out 100c100 < 10b8095f420ddb67189f6dad62f1257b0f46e353a90eacc145c7db74998a --- > 10b8095f420dd9c6149f6dad62f1257b0f46e353a90eacc145c7db74998a >> et voila $ xxd -ps -r < rsa8192.out > rsa8192.der $ openssl rsa -inform der -in rsa8192.der -out rsa8192.pem writing RSA key $ openssl rsa -check -noout -in rsa8192.pem RSA key ok $ git diff diff --git a/apps/rsa8192.pem b/apps/rsa8192.pem index 946a6e5..83d962f 100644 --- a/apps/rsa8192.pem +++ b/apps/rsa8192.pem @@ -1,5 +1,4 @@ -----BEGIN RSA PRIVATE KEY----- - MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY @@ -62,7 +61,7 @@ JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9 DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN -22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU +2cYUn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8 @@ -98,4 +97,3 @@ TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8= -----END RSA PRIVATE KEY----- - >> DONE. Fixes #11776 Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/11783) (cherry picked from commit 7ef43790617cb08b4bb4141df716dfb37385fe5c) ----------------------------------------------------------------------- Summary of changes: apps/rsa8192.pem | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/apps/rsa8192.pem b/apps/rsa8192.pem index 946a6e5433..83d962f40f 100644 --- a/apps/rsa8192.pem +++ b/apps/rsa8192.pem @@ -1,5 +1,4 @@ -----BEGIN RSA PRIVATE KEY----- - MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY @@ -62,7 +61,7 @@ JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9 DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN -22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU +2cYUn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8 @@ -98,4 +97,3 @@ TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8= -----END RSA PRIVATE KEY----- - From openssl at openssl.org Wed May 13 06:16:41 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 13 May 2020 06:16:41 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1589350601.359618.4352.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: f523ca6661 Replace misleading error message when loading PEM 914db66d23 CORE: Attach the provider context to the provider late fdaad3f1b3 Fix some misunderstandings in our providers' main modules b0f3c59408 CORE: Fix the signature of OSSL_provider_query_operation_fn b2952366dd Fix d2i_PrivateKey_ex() to work as documented 885a2a399d Fix CHANGES.md issues reported by markdownlint Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1987, 661 wallclock secs ( 8.66 usr 1.53 sys + 615.87 cusr 42.62 csys = 668.68 CPU) Result: FAIL Makefile:3050: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3048: recipe for target 'tests' failed make: *** [tests] Error 2 From kaduk at mit.edu Wed May 13 07:03:05 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Wed, 13 May 2020 07:03:05 +0000 Subject: [openssl] master update Message-ID: <1589353385.171921.15675.nullmailer@dev.openssl.org> The branch master has been updated via dd63f9bbfc95931e4f41558fbc7a2ffb68b0eef0 (commit) from 7ef43790617cb08b4bb4141df716dfb37385fe5c (commit) - Log ----------------------------------------------------------------- commit dd63f9bbfc95931e4f41558fbc7a2ffb68b0eef0 Author: Benjamin Kaduk Date: Mon May 11 09:29:24 2020 -0700 Fix FreeBSD build with --strict-warnings apps/lib/http_server.c needs to include string.h in order to get a prototype for strerror(). Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11797) ----------------------------------------------------------------------- Summary of changes: apps/lib/http_server.c | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c index 6db11f4150..2b5c9f5dcd 100644 --- a/apps/lib/http_server.c +++ b/apps/lib/http_server.c @@ -17,6 +17,7 @@ # define _POSIX_C_SOURCE 2 #endif +#include #include #include "http_server.h" #include "internal/sockets.h" From levitte at openssl.org Wed May 13 08:16:15 2020 From: levitte at openssl.org (Richard Levitte) Date: Wed, 13 May 2020 08:16:15 +0000 Subject: [openssl] master update Message-ID: <1589357775.694531.24433.nullmailer@dev.openssl.org> The branch master has been updated via 484c24c8d7318cc36f9b3c2b7b55cf5ac91619ca (commit) from dd63f9bbfc95931e4f41558fbc7a2ffb68b0eef0 (commit) - Log ----------------------------------------------------------------- commit 484c24c8d7318cc36f9b3c2b7b55cf5ac91619ca Author: Richard Levitte Date: Mon May 11 11:40:33 2020 +0200 Remove explicit dependency on configdata.pm when processing .in files For those files, the dependence on configdata.pm is automatic, adding it explicitly only results in having that dependency twice. Fixes #11786 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11790) ----------------------------------------------------------------------- Summary of changes: crypto/build.info | 1 - doc/build.info | 1 - 2 files changed, 2 deletions(-) diff --git a/crypto/build.info b/crypto/build.info index 3537bbcc26..83625029c0 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -94,7 +94,6 @@ DEFINE[../providers/libcommon.a]=$UTIL_DEFINE DEPEND[info.o]=buildinf.h DEPEND[cversion.o]=buildinf.h GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" -DEPEND[buildinf.h]=../configdata.pm GENERATE[uplink-x86.s]=../ms/uplink-x86.pl GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl diff --git a/doc/build.info b/doc/build.info index 47728fed56..83da34ee29 100644 --- a/doc/build.info +++ b/doc/build.info @@ -56,7 +56,6 @@ DEPEND[$manfile]=$podfile GENERATE[$manfile]=$podfile _____ $OUT .= << "_____" if $podinfile; -DEPEND[$podfile]=$podinfile ../configdata.pm GENERATE[$podfile]=$podinfile _____ } From matt at openssl.org Wed May 13 16:29:36 2020 From: matt at openssl.org (Matt Caswell) Date: Wed, 13 May 2020 16:29:36 +0000 Subject: [openssl] master update Message-ID: <1589387376.938484.18006.nullmailer@dev.openssl.org> The branch master has been updated via 78906fff4a6cfd5857045df770b47ae9ebcf0766 (commit) via 05aa8790ac1ef2bb39c15ae241a591704664039c (commit) from 484c24c8d7318cc36f9b3c2b7b55cf5ac91619ca (commit) - Log ----------------------------------------------------------------- commit 78906fff4a6cfd5857045df770b47ae9ebcf0766 Author: Richard Levitte Date: Tue May 12 09:02:25 2020 +0200 PROV: Adapt all our providers to use the new PROV_CTX structure Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11803) commit 05aa8790ac1ef2bb39c15ae241a591704664039c Author: Richard Levitte Date: Tue May 12 08:46:23 2020 +0200 PROV: Add a proper provider context structure for OpenSSL providers The provider context structure is made to include the following information: - The core provider handle (first argument to the provider init function). This handle is meant to be used in all upcalls that need it. - A library context, used for any libcrypto calls that need it, done in the provider itself. Regarding the library context, that's generally only needed if the provider makes any libcrypto calls, i.e. is linked with libcrypto. That happens to be the case for all OpenSSL providers, but is applicable for other providers that use libcrypto internally as well. The normal thing to do for a provider init function is to create its own library context. For a provider that's meant to become a dynamically loadable module, this is what MUST be done. However, we do not do that in the default provider; it uses the library context associated with the core provider handle instead. This is permissible, although generally discouraged, as long as the provider in question is guaranteed to be built-in, into libcrypto or into the application that uses it. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11803) ----------------------------------------------------------------------- Summary of changes: crypto/property/build.info | 1 + providers/common/build.info | 2 +- providers/common/include/prov/provider_ctx.h | 18 ++++++++++- providers/common/provider_ctx.c | 48 ++++++++++++++++++++++++++++ providers/defltprov.c | 19 +++++++++-- providers/fips/fipsprov.c | 38 +++++++++++++++------- providers/legacyprov.c | 24 ++++++++++---- 7 files changed, 128 insertions(+), 22 deletions(-) create mode 100644 providers/common/provider_ctx.c diff --git a/crypto/property/build.info b/crypto/property/build.info index bfa1f0602f..56f26760c6 100644 --- a/crypto/property/build.info +++ b/crypto/property/build.info @@ -2,3 +2,4 @@ LIBS=../../libcrypto $COMMON=property_string.c property_parse.c property.c defn_cache.c SOURCE[../../libcrypto]=$COMMON property_err.c SOURCE[../../providers/libfips.a]=$COMMON +SOURCE[../../providers/liblegacy.a]=$COMMON diff --git a/providers/common/build.info b/providers/common/build.info index b6495d343a..c49b090227 100644 --- a/providers/common/build.info +++ b/providers/common/build.info @@ -1,6 +1,6 @@ SUBDIRS=der -SOURCE[../libcommon.a]=provider_err.c bio_prov.c +SOURCE[../libcommon.a]=provider_err.c bio_prov.c provider_ctx.c $FIPSCOMMON=provider_util.c SOURCE[../libnonfips.a]=$FIPSCOMMON nid_to_name.c SOURCE[../libfips.a]=$FIPSCOMMON diff --git a/providers/common/include/prov/provider_ctx.h b/providers/common/include/prov/provider_ctx.h index 365667d19e..0984f13635 100644 --- a/providers/common/include/prov/provider_ctx.h +++ b/providers/common/include/prov/provider_ctx.h @@ -7,8 +7,24 @@ * https://www.openssl.org/source/license.html */ +#include +#include + +typedef struct prov_ctx_st { + const OSSL_PROVIDER *provider; + OPENSSL_CTX *libctx; /* For all provider modules */ +} PROV_CTX; + /* * To be used anywhere the library context needs to be passed, such as to * fetching functions. */ -#define PROV_LIBRARY_CONTEXT_OF(provctx) (provctx) +#define PROV_LIBRARY_CONTEXT_OF(provctx) \ + PROV_CTX_get0_library_context((provctx)) + +PROV_CTX *PROV_CTX_new(void); +void PROV_CTX_free(PROV_CTX *ctx); +void PROV_CTX_set0_library_context(PROV_CTX *ctx, OPENSSL_CTX *libctx); +void PROV_CTX_set0_provider(PROV_CTX *ctx, const OSSL_PROVIDER *libctx); +OPENSSL_CTX *PROV_CTX_get0_library_context(PROV_CTX *ctx); +const OSSL_PROVIDER *PROV_CTX_get0_provider(PROV_CTX *ctx); diff --git a/providers/common/provider_ctx.c b/providers/common/provider_ctx.c new file mode 100644 index 0000000000..66c7c74890 --- /dev/null +++ b/providers/common/provider_ctx.c @@ -0,0 +1,48 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "prov/provider_ctx.h" + +PROV_CTX *PROV_CTX_new(void) +{ + return OPENSSL_zalloc(sizeof(PROV_CTX)); +} + +void PROV_CTX_free(PROV_CTX *ctx) +{ + OPENSSL_free(ctx); +} + +void PROV_CTX_set0_library_context(PROV_CTX *ctx, OPENSSL_CTX *libctx) +{ + if (ctx != NULL) + ctx->libctx = libctx; +} + +void PROV_CTX_set0_provider(PROV_CTX *ctx, const OSSL_PROVIDER *provider) +{ + if (ctx != NULL) + ctx->provider = provider; +} + + +OPENSSL_CTX *PROV_CTX_get0_library_context(PROV_CTX *ctx) +{ + if (ctx == NULL) + return NULL; + return ctx->libctx; +} + +const OSSL_PROVIDER *PROV_CTX_get0_provider(PROV_CTX *ctx) +{ + if (ctx == NULL) + return NULL; + return ctx->provider; +} diff --git a/providers/defltprov.c b/providers/defltprov.c index baea34ac04..5667825072 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -537,8 +537,14 @@ static const OSSL_ALGORITHM *deflt_query(void *provctx, int operation_id, return NULL; } +static void deflt_teardown(void *provctx) +{ + PROV_CTX_free(provctx); +} + /* Functions we provide to the core */ static const OSSL_DISPATCH deflt_dispatch_table[] = { + { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))deflt_teardown }, { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))deflt_gettable_params }, { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))deflt_get_params }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))deflt_query }, @@ -576,13 +582,20 @@ int ossl_default_provider_init(const OSSL_PROVIDER *provider, if (c_get_libctx == NULL) return 0; - *out = deflt_dispatch_table; - /* * We want to make sure that all calls from this provider that requires * a library context use the same context as the one used to call our * functions. We do that by passing it along as the provider context. + * + * This is special for built-in providers. External providers should + * create their own library context. */ - *provctx = c_get_libctx(provider); + if ((*provctx = PROV_CTX_new()) == NULL) + return 0; + PROV_CTX_set0_library_context(*provctx, c_get_libctx(provider)); + PROV_CTX_set0_provider(*provctx, provider); + + *out = deflt_dispatch_table; + return 1; } diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 1ed475e1f5..ac92b7885f 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -516,6 +516,16 @@ static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id, static void fips_teardown(void *provctx) { OPENSSL_CTX_free(PROV_LIBRARY_CONTEXT_OF(provctx)); + PROV_CTX_free(provctx); +} + +static void fips_intern_teardown(void *provctx) +{ + /* + * We know that the library context is the same as for the outer provider, + * so no need to destroy it here. + */ + PROV_CTX_free(provctx); } /* Functions we provide to the core */ @@ -529,6 +539,7 @@ static const OSSL_DISPATCH fips_dispatch_table[] = { /* Functions we provide to ourself */ static const OSSL_DISPATCH intern_dispatch_table[] = { + { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_intern_teardown }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, { 0, NULL } }; @@ -540,7 +551,7 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, void **provctx) { FIPS_GLOBAL *fgbl; - OPENSSL_CTX *libctx; + OPENSSL_CTX *libctx = NULL; OSSL_self_test_cb_fn *stcbfn = NULL; OSSL_core_get_library_context_fn *c_get_libctx = NULL; @@ -647,9 +658,18 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, return 0; /* Create a context. */ - if ((libctx = OPENSSL_CTX_new()) == NULL) - return 0; - *provctx = libctx; + if ((*provctx = PROV_CTX_new()) == NULL + || (libctx = OPENSSL_CTX_new()) == NULL) { + /* + * We free libctx separately here and only here because it hasn't + * been attached to *provctx. All other error paths below rely + * solely on fips_teardown. + */ + OPENSSL_CTX_free(libctx); + goto err; + } + PROV_CTX_set0_library_context(*provctx, libctx); + PROV_CTX_set0_provider(*provctx, provider); if ((fgbl = openssl_ctx_get_data(libctx, OPENSSL_CTX_FIPS_PROV_INDEX, &fips_prov_ossl_ctx_method)) == NULL) @@ -705,14 +725,10 @@ int fips_intern_provider_init(const OSSL_PROVIDER *provider, if (c_get_libctx == NULL) return 0; - *provctx = c_get_libctx(provider); - - /* - * Safety measure... we should get the library context that was - * created up in OSSL_provider_init(). - */ - if (*provctx == NULL) + if ((*provctx = PROV_CTX_new()) == NULL) return 0; + PROV_CTX_set0_library_context(*provctx, c_get_libctx(provider)); + PROV_CTX_set0_provider(*provctx, provider); *out = intern_dispatch_table; return 1; diff --git a/providers/legacyprov.c b/providers/legacyprov.c index 07b505a8ac..9a6ed6d836 100644 --- a/providers/legacyprov.c +++ b/providers/legacyprov.c @@ -155,8 +155,15 @@ static const OSSL_ALGORITHM *legacy_query(void *provctx, int operation_id, return NULL; } +static void legacy_teardown(void *provctx) +{ + OPENSSL_CTX_free(PROV_LIBRARY_CONTEXT_OF(provctx)); + PROV_CTX_free(provctx); +} + /* Functions we provide to the core */ static const OSSL_DISPATCH legacy_dispatch_table[] = { + { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))legacy_teardown }, { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))legacy_gettable_params }, { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))legacy_get_params }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))legacy_query }, @@ -169,6 +176,7 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, void **provctx) { OSSL_core_get_library_context_fn *c_get_libctx = NULL; + OPENSSL_CTX *libctx = NULL; for (; in->function_id != 0; in++) { switch (in->function_id) { @@ -190,13 +198,17 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, if (c_get_libctx == NULL) return 0; + if ((*provctx = PROV_CTX_new()) == NULL + || (libctx = OPENSSL_CTX_new()) == NULL) { + OPENSSL_CTX_free(libctx); + legacy_teardown(*provctx); + *provctx = NULL; + return 0; + } + PROV_CTX_set0_library_context(*provctx, libctx); + PROV_CTX_set0_provider(*provctx, provider); + *out = legacy_dispatch_table; - /* - * We want to make sure that all calls from this provider that requires - * a library context use the same context as the one used to call our - * functions. We do that by passing it along as the provider context. - */ - *provctx = c_get_libctx(provider); return 1; } From levitte at openssl.org Wed May 13 16:52:50 2020 From: levitte at openssl.org (Richard Levitte) Date: Wed, 13 May 2020 16:52:50 +0000 Subject: [openssl] master update Message-ID: <1589388770.873558.1707.nullmailer@dev.openssl.org> The branch master has been updated via f55838f34dd5c65420662f7eacf6c6ffd7f261a2 (commit) via bac4bffbfbfaf2d16d248e8bc32023d1d2d48d10 (commit) via 6ab6ecfd6d2d659326f427dceb1b65ae1b4b012b (commit) from 78906fff4a6cfd5857045df770b47ae9ebcf0766 (commit) - Log ----------------------------------------------------------------- commit f55838f34dd5c65420662f7eacf6c6ffd7f261a2 Author: Richard Levitte Date: Fri Oct 12 16:56:44 2018 +0200 OSSL_STORE: Make the 'file' scheme loader handle MSBLOB and PVK files This involves exposing two pvkfmt.c functions, but only internally. Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11756) commit bac4bffbfbfaf2d16d248e8bc32023d1d2d48d10 Author: Richard Levitte Date: Fri Oct 12 16:52:15 2018 +0200 OSSL_STORE: Better information when prompting for pass phrases The prompt includes the URI, to make it clear which object needs a pass phrase. Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11756) commit 6ab6ecfd6d2d659326f427dceb1b65ae1b4b012b Author: Richard Levitte Date: Fri Oct 12 16:46:41 2018 +0200 OSSL_STORE: Make it possible to attach an OSSL_STORE to an opened BIO This capability existed internally, and is now made public. Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11756) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 9 +- crypto/include/internal/pem_int.h | 23 +++ crypto/pem/pem_pkey.c | 19 ++- crypto/pem/pvkfmt.c | 39 ++--- crypto/store/loader_file.c | 296 ++++++++++++++++++++++++++------------ crypto/store/store_err.c | 2 +- crypto/store/store_lib.c | 44 ++---- crypto/store/store_local.h | 11 +- crypto/store/store_register.c | 7 + doc/man3/OSSL_STORE_LOADER.pod | 29 +++- doc/man3/OSSL_STORE_attach.pod | 45 ++++++ include/openssl/store.h | 28 ++++ include/openssl/storeerr.h | 8 +- util/libcrypto.num | 2 + util/other.syms | 1 + 15 files changed, 389 insertions(+), 174 deletions(-) create mode 100644 crypto/include/internal/pem_int.h create mode 100644 doc/man3/OSSL_STORE_attach.pod diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 133a935b0f..9fa051f5c3 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -948,6 +948,7 @@ OCSP_F_OCSP_MATCH_ISSUERID:109:ocsp_match_issuerid OCSP_F_OCSP_REQUEST_SIGN:110:OCSP_request_sign OCSP_F_OCSP_REQUEST_VERIFY:116:OCSP_request_verify OCSP_F_OCSP_RESPONSE_GET1_BASIC:111:OCSP_response_get1_basic +OSSL_STORE_F_FILE_ATTACH:128: OSSL_STORE_F_FILE_CTRL:129:file_ctrl OSSL_STORE_F_FILE_FIND:138:file_find OSSL_STORE_F_FILE_GET_PASS:118:file_get_pass @@ -955,10 +956,8 @@ OSSL_STORE_F_FILE_LOAD:119:file_load OSSL_STORE_F_FILE_LOAD_TRY_DECODE:124:file_load_try_decode OSSL_STORE_F_FILE_NAME_TO_URI:126:file_name_to_uri OSSL_STORE_F_FILE_OPEN:120:file_open -OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO:127:ossl_store_attach_pem_bio +OSSL_STORE_F_OSSL_STORE_ATTACH:127: OSSL_STORE_F_OSSL_STORE_EXPECT:130:OSSL_STORE_expect -OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT:128:\ - ossl_store_file_attach_pem_bio_int OSSL_STORE_F_OSSL_STORE_FIND:131:OSSL_STORE_find OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT:100:ossl_store_get0_loader_int OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT:101:OSSL_STORE_INFO_get1_CERT @@ -1001,12 +1000,12 @@ PEM_F_D2I_PKCS8PRIVATEKEY_BIO:120:d2i_PKCS8PrivateKey_bio PEM_F_D2I_PKCS8PRIVATEKEY_FP:121:d2i_PKCS8PrivateKey_fp PEM_F_DO_B2I:132:do_b2i PEM_F_DO_B2I_BIO:133:do_b2i_bio -PEM_F_DO_BLOB_HEADER:134:do_blob_header +PEM_F_OSSL_DO_BLOB_HEADER:134:ossl_do_blob_header PEM_F_DO_I2B:146:do_i2b PEM_F_DO_PK8PKEY:126:do_pk8pkey PEM_F_DO_PK8PKEY_FP:125:do_pk8pkey_fp PEM_F_DO_PVK_BODY:135:do_PVK_body -PEM_F_DO_PVK_HEADER:136:do_PVK_header +PEM_F_OSSL_DO_PVK_HEADER:136:ossl_do_PVK_header PEM_F_GET_HEADER_AND_DATA:143:get_header_and_data PEM_F_GET_NAME:144:get_name PEM_F_I2B_PVK:137:i2b_PVK diff --git a/crypto/include/internal/pem_int.h b/crypto/include/internal/pem_int.h new file mode 100644 index 0000000000..e065ac75a5 --- /dev/null +++ b/crypto/include/internal/pem_int.h @@ -0,0 +1,23 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PEM_INT_H +# define HEADER_PEM_INT_H + +# include + +/* Found in crypto/pem/pvkfmt.c */ +int ossl_do_blob_header(const unsigned char **in, unsigned int length, + unsigned int *pmagic, unsigned int *pbitlen, + int *pisdss, int *pispub); +int ossl_do_PVK_header(const unsigned char **in, unsigned int length, + int skip_magic, + unsigned int *psaltlen, unsigned int *pkeylen); + +#endif diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index a1e8403e2b..ee9b6764a6 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -39,8 +39,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, if ((ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0)) == NULL) return NULL; - if ((ctx = ossl_store_attach_pem_bio(bp, ui_method, u, libctx, - propq)) == NULL) + if ((ctx = OSSL_STORE_attach(bp, libctx, "file", propq, ui_method, u, + NULL, NULL)) == NULL) goto err; #ifndef OPENSSL_NO_SECURE_HEAP { @@ -56,13 +56,14 @@ EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, break; } OSSL_STORE_INFO_free(info); + info = NULL; } if (ret != NULL && x != NULL) *x = ret; err: - ossl_store_detach_pem_bio(ctx); + OSSL_STORE_close(ctx); UI_destroy_method(ui_method); OSSL_STORE_INFO_free(info); return ret; @@ -105,7 +106,8 @@ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) OSSL_STORE_CTX *ctx = NULL; OSSL_STORE_INFO *info = NULL; - if ((ctx = ossl_store_attach_pem_bio(bp, UI_null(), NULL, NULL, NULL)) == NULL) + if ((ctx = OSSL_STORE_attach(bp, NULL, "file", NULL, UI_null(), NULL, + NULL, NULL)) == NULL) goto err; while (!OSSL_STORE_eof(ctx) && (info = OSSL_STORE_load(ctx)) != NULL) { @@ -114,13 +116,14 @@ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) break; } OSSL_STORE_INFO_free(info); + info = NULL; } if (ret != NULL && x != NULL) *x = ret; err: - ossl_store_detach_pem_bio(ctx); + OSSL_STORE_close(ctx); OSSL_STORE_INFO_free(info); return ret; } @@ -198,7 +201,8 @@ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) if ((ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0)) == NULL) return NULL; - if ((ctx = ossl_store_attach_pem_bio(bp, ui_method, u, NULL, NULL)) == NULL) + if ((ctx = OSSL_STORE_attach(bp, NULL, "file", NULL, ui_method, u, + NULL, NULL)) == NULL) goto err; while (!OSSL_STORE_eof(ctx) && (info = OSSL_STORE_load(ctx)) != NULL) { @@ -211,13 +215,14 @@ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) } } OSSL_STORE_INFO_free(info); + info = NULL; } if (ret != NULL && x != NULL) *x = ret; err: - ossl_store_detach_pem_bio(ctx); + OSSL_STORE_close(ctx); UI_destroy_method(ui_method); OSSL_STORE_INFO_free(info); return ret; diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 1a24ce755a..e2f5702880 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -20,6 +20,7 @@ #include "internal/cryptlib.h" #include +#include "internal/pem_int.h" #include #include #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) @@ -89,9 +90,9 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in, static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int bitlen, int ispub); -static int do_blob_header(const unsigned char **in, unsigned int length, - unsigned int *pmagic, unsigned int *pbitlen, - int *pisdss, int *pispub) +int ossl_do_blob_header(const unsigned char **in, unsigned int length, + unsigned int *pmagic, unsigned int *pbitlen, + int *pisdss, int *pispub) { const unsigned char *p = *in; if (length < 16) @@ -99,13 +100,13 @@ static int do_blob_header(const unsigned char **in, unsigned int length, /* bType */ if (*p == MS_PUBLICKEYBLOB) { if (*pispub == 0) { - PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB); + PEMerr(PEM_F_OSSL_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB); return 0; } *pispub = 1; } else if (*p == MS_PRIVATEKEYBLOB) { if (*pispub == 1) { - PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB); + PEMerr(PEM_F_OSSL_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB); return 0; } *pispub = 0; @@ -114,7 +115,7 @@ static int do_blob_header(const unsigned char **in, unsigned int length, p++; /* Version */ if (*p++ != 0x2) { - PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER); + PEMerr(PEM_F_OSSL_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER); return 0; } /* Ignore reserved, aiKeyAlg */ @@ -129,7 +130,7 @@ static int do_blob_header(const unsigned char **in, unsigned int length, /* fall thru */ case MS_RSA1MAGIC: if (*pispub == 0) { - PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB); + PEMerr(PEM_F_OSSL_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB); return 0; } break; @@ -139,13 +140,13 @@ static int do_blob_header(const unsigned char **in, unsigned int length, /* fall thru */ case MS_RSA2MAGIC: if (*pispub == 1) { - PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB); + PEMerr(PEM_F_OSSL_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB); return 0; } break; default: - PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER); + PEMerr(PEM_F_OSSL_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER); return -1; } *in = p; @@ -191,7 +192,7 @@ static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length, const unsigned char *p = *in; unsigned int bitlen, magic; int isdss; - if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) { + if (ossl_do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) { PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR); return NULL; } @@ -218,7 +219,7 @@ static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) return NULL; } p = hdr_buf; - if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0) + if (ossl_do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0) return NULL; length = blob_length(bitlen, isdss, ispub); @@ -617,26 +618,26 @@ int i2b_PublicKey_bio(BIO *out, const EVP_PKEY *pk) # ifndef OPENSSL_NO_RC4 -static int do_PVK_header(const unsigned char **in, unsigned int length, - int skip_magic, - unsigned int *psaltlen, unsigned int *pkeylen) +int ossl_do_PVK_header(const unsigned char **in, unsigned int length, + int skip_magic, + unsigned int *psaltlen, unsigned int *pkeylen) { const unsigned char *p = *in; unsigned int pvk_magic, is_encrypted; if (skip_magic) { if (length < 20) { - PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); + PEMerr(PEM_F_OSSL_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); return 0; } } else { if (length < 24) { - PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); + PEMerr(PEM_F_OSSL_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); return 0; } pvk_magic = read_ledword(&p); if (pvk_magic != MS_PVKMAGIC) { - PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER); + PEMerr(PEM_F_OSSL_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER); return 0; } } @@ -653,7 +654,7 @@ static int do_PVK_header(const unsigned char **in, unsigned int length, return 0; if (is_encrypted && *psaltlen == 0) { - PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER); + PEMerr(PEM_F_OSSL_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER); return 0; } @@ -766,7 +767,7 @@ EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) } p = pvk_hdr; - if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen)) + if (!ossl_do_PVK_header(&p, 24, 0, &saltlen, &keylen)) return 0; buflen = (int)keylen + saltlen; buf = OPENSSL_malloc(buflen); diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index 02178b29a8..9f6158ff79 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -18,6 +18,7 @@ #include #include #include +#include "internal/pem_int.h" #include /* For the PKCS8 stuff o.O */ #include /* For d2i_RSAPrivateKey */ #include @@ -48,7 +49,8 @@ DEFINE_STACK_OF(X509) */ static char *file_get_pass(const UI_METHOD *ui_method, char *pass, - size_t maxsize, const char *prompt_info, void *data) + size_t maxsize, const char *desc, const char *info, + void *data) { UI *ui = UI_new(); char *prompt = NULL; @@ -62,8 +64,7 @@ static char *file_get_pass(const UI_METHOD *ui_method, char *pass, UI_set_method(ui, ui_method); UI_add_user_data(ui, data); - if ((prompt = UI_construct_prompt(ui, "pass phrase", - prompt_info)) == NULL) { + if ((prompt = UI_construct_prompt(ui, desc, info)) == NULL) { OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE); pass = NULL; } else if (!UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD, @@ -94,18 +95,20 @@ static char *file_get_pass(const UI_METHOD *ui_method, char *pass, struct pem_pass_data { const UI_METHOD *ui_method; void *data; + const char *prompt_desc; const char *prompt_info; }; static int file_fill_pem_pass_data(struct pem_pass_data *pass_data, - const char *prompt_info, + const char *desc, const char *info, const UI_METHOD *ui_method, void *ui_data) { if (pass_data == NULL) return 0; pass_data->ui_method = ui_method; pass_data->data = ui_data; - pass_data->prompt_info = prompt_info; + pass_data->prompt_desc = desc; + pass_data->prompt_info = info; return 1; } @@ -114,7 +117,8 @@ static int file_get_pem_pass(char *buf, int num, int w, void *data) { struct pem_pass_data *pass_data = data; char *pass = file_get_pass(pass_data->ui_method, buf, num, - pass_data->prompt_info, pass_data->data); + pass_data->prompt_desc, pass_data->prompt_info, + pass_data->data); return pass == NULL ? 0 : strlen(pass); } @@ -168,7 +172,7 @@ typedef OSSL_STORE_INFO *(*file_try_decode_fn)(const char *pem_name, size_t len, void **handler_ctx, int *matchcount, const UI_METHOD *ui_method, - void *ui_data, + void *ui_data, const char *uri, OPENSSL_CTX *libctx, const char *propq); /* @@ -205,7 +209,8 @@ static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name, size_t len, void **pctx, int *matchcount, const UI_METHOD *ui_method, - void *ui_data, OPENSSL_CTX *libctx, + void *ui_data, const char *uri, + OPENSSL_CTX *libctx, const char *propq) { OSSL_STORE_INFO *store_info = NULL; @@ -234,7 +239,7 @@ static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name, pass = ""; } else { if ((pass = file_get_pass(ui_method, tpass, PEM_BUFSIZE, - "PKCS12 import password", + "PKCS12 import pass phrase", uri, ui_data)) == NULL) { OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12, OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR); @@ -335,6 +340,7 @@ static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name, int *matchcount, const UI_METHOD *ui_method, void *ui_data, + const char *uri, OPENSSL_CTX *libctx, const char *propq) { @@ -366,7 +372,8 @@ static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name, } if ((pass = file_get_pass(ui_method, kbuf, PEM_BUFSIZE, - "PKCS8 decrypt password", ui_data)) == NULL) { + "PKCS8 decrypt pass phrase", uri, + ui_data)) == NULL) { OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, OSSL_STORE_R_BAD_PASSWORD_READ); goto nop8; @@ -412,7 +419,8 @@ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name, size_t len, void **pctx, int *matchcount, const UI_METHOD *ui_method, - void *ui_data, OPENSSL_CTX *libctx, + void *ui_data, const char *uri, + OPENSSL_CTX *libctx, const char *propq) { OSSL_STORE_INFO *store_info = NULL; @@ -491,7 +499,8 @@ static OSSL_STORE_INFO *try_decode_PUBKEY(const char *pem_name, size_t len, void **pctx, int *matchcount, const UI_METHOD *ui_method, - void *ui_data, OPENSSL_CTX *libctx, + void *ui_data, const char *uri, + OPENSSL_CTX *libctx, const char *propq) { OSSL_STORE_INFO *store_info = NULL; @@ -526,7 +535,8 @@ static OSSL_STORE_INFO *try_decode_params(const char *pem_name, size_t len, void **pctx, int *matchcount, const UI_METHOD *ui_method, - void *ui_data, OPENSSL_CTX *libctx, + void *ui_data, const char *uri, + OPENSSL_CTX *libctx, const char *propq) { OSSL_STORE_INFO *store_info = NULL; @@ -611,6 +621,7 @@ static OSSL_STORE_INFO *try_decode_X509Certificate(const char *pem_name, int *matchcount, const UI_METHOD *ui_method, void *ui_data, + const char *uri, OPENSSL_CTX *libctx, const char *propq) { @@ -662,7 +673,8 @@ static OSSL_STORE_INFO *try_decode_X509CRL(const char *pem_name, size_t len, void **pctx, int *matchcount, const UI_METHOD *ui_method, - void *ui_data, OPENSSL_CTX *libctx, + void *ui_data, const char *uri, + OPENSSL_CTX *libctx, const char *propq) { OSSL_STORE_INFO *store_info = NULL; @@ -711,6 +723,7 @@ static const FILE_HANDLER *file_handlers[] = { */ struct ossl_store_loader_ctx_st { + char *uri; /* The URI we currently try to load */ enum { is_raw = 0, is_pem, @@ -718,6 +731,7 @@ struct ossl_store_loader_ctx_st { } type; int errcnt; #define FILE_FLAG_SECMEM (1<<0) +#define FILE_FLAG_ATTACHED (1<<1) unsigned int flags; union { struct { /* Used with is_raw and is_pem */ @@ -733,7 +747,6 @@ struct ossl_store_loader_ctx_st { struct { /* Used with is_dir */ OPENSSL_DIR_CTX *ctx; int end_reached; - char *uri; /* * When a search expression is given, these are filled in. @@ -761,9 +774,11 @@ struct ossl_store_loader_ctx_st { static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx) { - if (ctx->type == is_dir) { - OPENSSL_free(ctx->_.dir.uri); - } else { + if (ctx == NULL) + return; + + OPENSSL_free(ctx->uri); + if (ctx->type != is_dir) { if (ctx->_.file.last_handler != NULL) { ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx); ctx->_.file.last_handler_ctx = NULL; @@ -774,6 +789,23 @@ static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx) OPENSSL_free(ctx); } +static int file_find_type(OSSL_STORE_LOADER_CTX *ctx) +{ + BIO *buff = NULL; + char peekbuf[4096] = { 0, }; + + if ((buff = BIO_new(BIO_f_buffer())) == NULL) + return 0; + + ctx->_.file.file = BIO_push(buff, ctx->_.file.file); + if (BIO_buffer_peek(ctx->_.file.file, peekbuf, sizeof(peekbuf) - 1) > 0) { + peekbuf[sizeof(peekbuf) - 1] = '\0'; + if (strstr(peekbuf, "-----BEGIN ") != NULL) + ctx->type = is_pem; + } + return 1; +} + static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, const char *uri, const UI_METHOD *ui_method, @@ -865,19 +897,14 @@ static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_MALLOC_FAILURE); return NULL; } + ctx->uri = OPENSSL_strdup(uri); + if (ctx->uri == NULL) { + OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_MALLOC_FAILURE); + goto err; + } if (S_ISDIR(st.st_mode)) { - /* - * Try to copy everything, even if we know that some of them must be - * NULL for the moment. This prevents errors in the future, when more - * components may be used. - */ - ctx->_.dir.uri = OPENSSL_strdup(uri); ctx->type = is_dir; - - if (ctx->_.dir.uri == NULL) - goto err; - ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path); ctx->_.dir.last_errno = errno; if (ctx->_.dir.last_entry == NULL) { @@ -891,22 +918,10 @@ static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, } ctx->_.dir.end_reached = 1; } - } else { - BIO *buff = NULL; - char peekbuf[4096] = { 0, }; - - if ((buff = BIO_new(BIO_f_buffer())) == NULL - || (ctx->_.file.file = BIO_new_file(path, "rb")) == NULL) { - BIO_free_all(buff); - goto err; - } - - ctx->_.file.file = BIO_push(buff, ctx->_.file.file); - if (BIO_buffer_peek(ctx->_.file.file, peekbuf, sizeof(peekbuf) - 1) > 0) { - peekbuf[sizeof(peekbuf) - 1] = '\0'; - if (strstr(peekbuf, "-----BEGIN ") != NULL) - ctx->type = is_pem; - } + } else if ((ctx->_.file.file = BIO_new_file(path, "rb")) == NULL + || !file_find_type(ctx)) { + BIO_free_all(ctx->_.file.file); + goto err; } return ctx; @@ -915,6 +930,34 @@ static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, return NULL; } +static OSSL_STORE_LOADER_CTX *file_attach(const OSSL_STORE_LOADER *loader, + BIO *bp, OPENSSL_CTX *libctx, + const char *propq, + const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_LOADER_CTX *ctx; + + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL + || (propq != NULL && (ctx->propq = OPENSSL_strdup(propq)) == NULL)) { + OSSL_STOREerr(OSSL_STORE_F_FILE_ATTACH, ERR_R_MALLOC_FAILURE); + OSSL_STORE_LOADER_CTX_free(ctx); + return NULL; + } + + ctx->libctx = libctx; + ctx->flags |= FILE_FLAG_ATTACHED; + ctx->_.file.file = bp; + if (!file_find_type(ctx)) { + /* Safety measure */ + ctx->_.file.file = NULL; + OSSL_STORE_LOADER_CTX_free(ctx); + ctx = NULL; + } + + return ctx; +} + static int file_ctrl(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args) { int ret = 1; @@ -984,36 +1027,6 @@ static int file_find(OSSL_STORE_LOADER_CTX *ctx, return 0; } -/* Internal function to decode an already opened PEM file */ -OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp, - OPENSSL_CTX *libctx, - const char *propq) -{ - OSSL_STORE_LOADER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx == NULL) { - OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT, - ERR_R_MALLOC_FAILURE); - return NULL; - } - - ctx->_.file.file = bp; - ctx->type = is_pem; - - ctx->libctx = libctx; - if (propq != NULL) { - ctx->propq = OPENSSL_strdup(propq); - if (ctx->propq == NULL) { - OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT, - ERR_R_MALLOC_FAILURE); - OPENSSL_free(ctx); - return NULL; - } - } - - return ctx; -} - static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx, const char *pem_name, const char *pem_header, @@ -1048,7 +1061,8 @@ static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx, OSSL_STORE_INFO *tmp_result = handler->try_decode(pem_name, pem_header, data, len, &tmp_handler_ctx, &try_matchcount, - ui_method, ui_data, ctx->libctx, ctx->propq); + ui_method, ui_data, ctx->uri, + ctx->libctx, ctx->propq); if (try_matchcount > 0) { @@ -1115,7 +1129,7 @@ static OSSL_STORE_INFO *file_load_try_repeat(OSSL_STORE_LOADER_CTX *ctx, ctx->_.file.last_handler->try_decode(NULL, NULL, NULL, 0, &ctx->_.file.last_handler_ctx, &try_matchcount, - ui_method, ui_data, + ui_method, ui_data, ctx->uri, ctx->libctx, ctx->propq); if (result == NULL) { @@ -1136,8 +1150,8 @@ static void pem_free_flag(void *pem_data, int secure, size_t num) } static int file_read_pem(BIO *bp, char **pem_name, char **pem_header, unsigned char **data, long *len, - const UI_METHOD *ui_method, - void *ui_data, int secure) + const UI_METHOD *ui_method, void *ui_data, + const char *uri, int secure) { int i = secure ? PEM_read_bio_ex(bp, pem_name, pem_header, data, len, @@ -1158,7 +1172,8 @@ static int file_read_pem(BIO *bp, char **pem_name, char **pem_header, struct pem_pass_data pass_data; if (!PEM_get_EVP_CIPHER_INFO(*pem_header, &cipher) - || !file_fill_pem_pass_data(&pass_data, "PEM", ui_method, ui_data) + || !file_fill_pem_pass_data(&pass_data, "PEM pass phrase", uri, + ui_method, ui_data) || !PEM_do_header(&cipher, *data, len, file_get_pem_pass, &pass_data)) { return 0; @@ -1167,6 +1182,84 @@ static int file_read_pem(BIO *bp, char **pem_name, char **pem_header, return 1; } +static OSSL_STORE_INFO *file_try_read_msblob(BIO *bp, int *matchcount) +{ +#ifdef OPENSSL_NO_DSA + return NULL; +#else + OSSL_STORE_INFO *result = NULL; + int ispub = -1; + + { + unsigned int magic = 0, bitlen = 0; + int isdss = 0; + unsigned char peekbuf[16] = { 0, }; + const unsigned char *p = peekbuf; + + if (BIO_buffer_peek(bp, peekbuf, sizeof(peekbuf)) <= 0) + return 0; + if (!ossl_do_blob_header(&p, sizeof(peekbuf), &magic, &bitlen, + &isdss, &ispub)) + return 0; + } + + (*matchcount)++; + + { + EVP_PKEY *tmp = ispub + ? b2i_PublicKey_bio(bp) + : b2i_PrivateKey_bio(bp); + + if (tmp == NULL + || (result = OSSL_STORE_INFO_new_PKEY(tmp)) == NULL) { + EVP_PKEY_free(tmp); + return 0; + } + } + + return result; +#endif +} + +static OSSL_STORE_INFO *file_try_read_PVK(BIO *bp, const UI_METHOD *ui_method, + void *ui_data, const char *uri, + int *matchcount) +{ +#if defined(OPENSSL_NO_DSA) || defined(OPENSSL_NO_RC4) + return NULL; +#else + OSSL_STORE_INFO *result = NULL; + + { + unsigned int saltlen = 0, keylen = 0; + unsigned char peekbuf[24] = { 0, }; + const unsigned char *p = peekbuf; + + if (BIO_buffer_peek(bp, peekbuf, sizeof(peekbuf)) <= 0) + return 0; + if (!ossl_do_PVK_header(&p, sizeof(peekbuf), 0, &saltlen, &keylen)) + return 0; + } + + (*matchcount)++; + + { + EVP_PKEY *tmp = NULL; + struct pem_pass_data pass_data; + + if (!file_fill_pem_pass_data(&pass_data, "PVK pass phrase", uri, + ui_method, ui_data) + || (tmp = b2i_PVK_bio(bp, file_get_pem_pass, &pass_data)) == NULL + || (result = OSSL_STORE_INFO_new_PKEY(tmp)) == NULL) { + EVP_PKEY_free(tmp); + return 0; + } + } + + return result; +#endif +} + static int file_read_asn1(BIO *bp, unsigned char **data, long *len) { BUF_MEM *mem = NULL; @@ -1201,8 +1294,8 @@ static int file_name_to_uri(OSSL_STORE_LOADER_CTX *ctx, const char *name, assert(name != NULL); assert(data != NULL); { - const char *pathsep = ends_with_dirsep(ctx->_.dir.uri) ? "" : "/"; - long calculated_length = strlen(ctx->_.dir.uri) + strlen(pathsep) + const char *pathsep = ends_with_dirsep(ctx->uri) ? "" : "/"; + long calculated_length = strlen(ctx->uri) + strlen(pathsep) + strlen(name) + 1 /* \0 */; *data = OPENSSL_zalloc(calculated_length); @@ -1211,7 +1304,7 @@ static int file_name_to_uri(OSSL_STORE_LOADER_CTX *ctx, const char *name, return 0; } - OPENSSL_strlcat(*data, ctx->_.dir.uri, calculated_length); + OPENSSL_strlcat(*data, ctx->uri, calculated_length); OPENSSL_strlcat(*data, pathsep, calculated_length); OPENSSL_strlcat(*data, name, calculated_length); } @@ -1318,8 +1411,7 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, * only cares that it isn't NULL. Therefore, we can safely give * it our URI here. */ - ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, - ctx->_.dir.uri); + ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, ctx->uri); ctx->_.dir.last_errno = errno; if (ctx->_.dir.last_entry == NULL && ctx->_.dir.last_errno == 0) ctx->_.dir.end_reached = 1; @@ -1351,12 +1443,19 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, matchcount = -1; if (ctx->type == is_pem) { if (!file_read_pem(ctx->_.file.file, &pem_name, &pem_header, - &data, &len, ui_method, ui_data, + &data, &len, ui_method, ui_data, ctx->uri, (ctx->flags & FILE_FLAG_SECMEM) != 0)) { ctx->errcnt++; goto endloop; } } else { + if ((result = file_try_read_msblob(ctx->_.file.file, + &matchcount)) != NULL + || (result = file_try_read_PVK(ctx->_.file.file, + ui_method, ui_data, ctx->uri, + &matchcount)) != NULL) + goto endloop; + if (!file_read_asn1(ctx->_.file.file, &data, &len)) { ctx->errcnt++; goto endloop; @@ -1435,17 +1534,25 @@ static int file_eof(OSSL_STORE_LOADER_CTX *ctx) static int file_close(OSSL_STORE_LOADER_CTX *ctx) { - if (ctx->type == is_dir) { - OPENSSL_DIR_end(&ctx->_.dir.ctx); + if ((ctx->flags & FILE_FLAG_ATTACHED) == 0) { + if (ctx->type == is_dir) + OPENSSL_DIR_end(&ctx->_.dir.ctx); + else + BIO_free_all(ctx->_.file.file); } else { - BIO_free_all(ctx->_.file.file); - } - OSSL_STORE_LOADER_CTX_free(ctx); - return 1; -} + /* + * Because file_attach() called file_find_type(), we know that a + * BIO_f_buffer() has been pushed on top of the regular BIO. + */ + BIO *buff = ctx->_.file.file; -int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx) -{ + /* Detach buff */ + (void)BIO_pop(ctx->_.file.file); + /* Safety measure */ + ctx->_.file.file = NULL; + + BIO_free(buff); + } OSSL_STORE_LOADER_CTX_free(ctx); return 1; } @@ -1455,6 +1562,7 @@ static OSSL_STORE_LOADER file_loader = "file", NULL, file_open, + file_attach, file_ctrl, file_expect, file_find, diff --git a/crypto/store/store_err.c b/crypto/store/store_err.c index aa8ab4f9b0..3abb50bb21 100644 --- a/crypto/store/store_err.c +++ b/crypto/store/store_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index 5bcd17b13b..15c0862019 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -651,47 +651,33 @@ char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info) return NULL; } -OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method, - void *ui_data, OPENSSL_CTX *libctx, - const char *propq) +OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, OPENSSL_CTX *libctx, + const char *scheme, const char *propq, + const UI_METHOD *ui_method, void *ui_data, + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data) { OSSL_STORE_CTX *ctx = NULL; const OSSL_STORE_LOADER *loader = NULL; OSSL_STORE_LOADER_CTX *loader_ctx = NULL; - if ((loader = ossl_store_get0_loader_int("file")) == NULL - || ((loader_ctx = ossl_store_file_attach_pem_bio_int(bp, libctx, - propq)) == NULL)) - goto done; + if ((loader = + ossl_store_get0_loader_int(scheme != NULL ? scheme : "file")) == NULL + || (loader_ctx = loader->attach(loader, bp, libctx, propq, + ui_method, ui_data)) == NULL) + return NULL; + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { - OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO, - ERR_R_MALLOC_FAILURE); - goto done; + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH, ERR_R_MALLOC_FAILURE); + return NULL; } ctx->loader = loader; ctx->loader_ctx = loader_ctx; - loader_ctx = NULL; ctx->ui_method = ui_method; ctx->ui_data = ui_data; - ctx->post_process = NULL; - ctx->post_process_data = NULL; + ctx->post_process = post_process; + ctx->post_process_data = post_process_data; - done: - if (loader_ctx != NULL) - /* - * We ignore a returned error because we will return NULL anyway in - * this case, so if something goes wrong when closing, that'll simply - * just add another entry on the error stack. - */ - (void)loader->close(loader_ctx); return ctx; } - -int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx) -{ - int loader_ret = ossl_store_file_detach_pem_bio_int(ctx->loader_ctx); - - OPENSSL_free(ctx); - return loader_ret; -} diff --git a/crypto/store/store_local.h b/crypto/store/store_local.h index 7c86419031..31e04d13ad 100644 --- a/crypto/store/store_local.h +++ b/crypto/store/store_local.h @@ -102,6 +102,7 @@ struct ossl_store_loader_st { const char *scheme; ENGINE *engine; OSSL_STORE_open_fn open; + OSSL_STORE_attach_fn attach; OSSL_STORE_ctrl_fn ctrl; OSSL_STORE_expect_fn expect; OSSL_STORE_find_fn find; @@ -122,13 +123,3 @@ void ossl_store_destroy_loaders_int(void); int ossl_store_init_once(void); int ossl_store_file_loader_init(void); - -/*- - * 'file' scheme stuff - * ------------------- - */ - -OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp, - OPENSSL_CTX *libctx, - const char *propq); -int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx); diff --git a/crypto/store/store_register.c b/crypto/store/store_register.c index 399ec8c625..45fbd2fa1c 100644 --- a/crypto/store/store_register.c +++ b/crypto/store/store_register.c @@ -71,6 +71,13 @@ int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, return 1; } +int OSSL_STORE_LOADER_set_attach(OSSL_STORE_LOADER *loader, + OSSL_STORE_attach_fn attach_function) +{ + loader->attach = attach_function; + return 1; +} + int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, OSSL_STORE_ctrl_fn ctrl_function) { diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index 101857d543..97fde1268f 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -4,12 +4,14 @@ OSSL_STORE_LOADER, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, OSSL_STORE_LOADER_get0_engine, OSSL_STORE_LOADER_get0_scheme, -OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_ctrl, -OSSL_STORE_LOADER_set_expect, OSSL_STORE_LOADER_set_find, -OSSL_STORE_LOADER_set_load, OSSL_STORE_LOADER_set_eof, -OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_close, +OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_attach, +OSSL_STORE_LOADER_set_ctrl, OSSL_STORE_LOADER_set_expect, +OSSL_STORE_LOADER_set_find, OSSL_STORE_LOADER_set_load, +OSSL_STORE_LOADER_set_eof, OSSL_STORE_LOADER_set_error, +OSSL_STORE_LOADER_set_close, OSSL_STORE_LOADER_free, OSSL_STORE_register_loader, -OSSL_STORE_unregister_loader, OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, +OSSL_STORE_unregister_loader, +OSSL_STORE_open_fn, OSSL_STORE_attach_fn, OSSL_STORE_ctrl_fn, OSSL_STORE_expect_fn, OSSL_STORE_find_fn, OSSL_STORE_load_fn, OSSL_STORE_eof_fn, OSSL_STORE_error_fn, OSSL_STORE_close_fn - Types and functions to manipulate, register and @@ -35,6 +37,16 @@ unregister STORE loaders for different URI schemes void *ui_data); int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *store_loader, OSSL_STORE_open_fn store_open_function); + typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_attach_fn)(const OSSL_STORE_LOADER + *loader, + BIO *bio, + OPENSSL_CTX *libctx, + const char *propq, + const UI_METHOD + *ui_method, + void *ui_data); + int OSSL_STORE_LOADER_set_attach(OSSL_STORE_LOADER *loader, + OSSL_STORE_attach_fn attach_function); typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args); int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *store_loader, @@ -99,6 +111,10 @@ initialized, to create a private data store (B, see above), and to return it. If something goes wrong, this function is expected to return NULL. +=item B + +This function takes a B, otherwise works like B. + =item B This function takes a B pointer, a command number @@ -189,6 +205,9 @@ OSSL_STORE_LOADER_get0_scheme() returns the scheme of the B. OSSL_STORE_LOADER_set_open() sets the opener function for the B. +OSSL_STORE_LOADER_set_attach() sets the attacher function for the +B. + OSSL_STORE_LOADER_set_ctrl() sets the control function for the B. diff --git a/doc/man3/OSSL_STORE_attach.pod b/doc/man3/OSSL_STORE_attach.pod new file mode 100644 index 0000000000..7df2804964 --- /dev/null +++ b/doc/man3/OSSL_STORE_attach.pod @@ -0,0 +1,45 @@ +=pod + +=head1 NAME + +OSSL_STORE_attach - Functions to read objects from a BIO + +=head1 SYNOPSIS + + #include + + OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, OPENSSL_CTX *libctx, + const char *scheme, const char *propq, + const UI_METHOD *ui_method, void *ui_data, + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data); + +=head1 DESCRIPTION + +OSSL_STORE_attach() works like L, except it takes a B +I instead of a I, along with a I to determine what loader +should be used to process the data. + +=head1 RETURN VALUES + +OSSL_STORE_attach() returns a pointer to a B on success, or +NULL on failure. + +=head1 SEE ALSO + +L, L + +=head1 HISTORY + +OSSL_STORE_attach() was added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/include/openssl/store.h b/include/openssl/store.h index 7b2561c2d5..619829dc97 100644 --- a/include/openssl/store.h +++ b/include/openssl/store.h @@ -102,6 +102,24 @@ int OSSL_STORE_error(OSSL_STORE_CTX *ctx); */ int OSSL_STORE_close(OSSL_STORE_CTX *ctx); +/* + * Attach to a BIO. This works like OSSL_STORE_open() except it takes a + * BIO instead of a uri, along with a scheme to use when reading. + * The given UI method will be used any time the loader needs extra input, + * for example when a password or pin is needed, and will be passed the + * same user data every time it's needed in this context. + * + * Returns a context reference which represents the channel to communicate + * through. + * + * Note that this function is considered unsafe, all depending on what the + * BIO actually reads. + */ +OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, OPENSSL_CTX *libctx, + const char *scheme, const char *propq, + const UI_METHOD *ui_method, void *ui_data, + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data); /*- * Extracting OpenSSL types from and creating new OSSL_STORE_INFOs @@ -228,6 +246,16 @@ typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const OSSL_STORE_LOADER void *ui_data); int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, OSSL_STORE_open_fn open_function); +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_attach_fn)(const OSSL_STORE_LOADER + *loader, + BIO *bio, + OPENSSL_CTX *libctx, + const char *propq, + const UI_METHOD + *ui_method, + void *ui_data); +int OSSL_STORE_LOADER_set_attach(OSSL_STORE_LOADER *loader, + OSSL_STORE_attach_fn attach_function); typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args); int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, diff --git a/include/openssl/storeerr.h b/include/openssl/storeerr.h index db27938247..ed8f7988fe 100644 --- a/include/openssl/storeerr.h +++ b/include/openssl/storeerr.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef OPENSSL_STOREERR_H -# define OPENSSL_STOREERR_H +#ifndef OPENSSL_OSSL_STOREERR_H +# define OPENSSL_OSSL_STOREERR_H # pragma once # include @@ -25,6 +25,7 @@ int ERR_load_OSSL_STORE_strings(void); * OSSL_STORE function codes. */ # ifndef OPENSSL_NO_DEPRECATED_3_0 +# define OSSL_STORE_F_FILE_ATTACH 0 # define OSSL_STORE_F_FILE_CTRL 0 # define OSSL_STORE_F_FILE_FIND 0 # define OSSL_STORE_F_FILE_GET_PASS 0 @@ -32,9 +33,8 @@ int ERR_load_OSSL_STORE_strings(void); # define OSSL_STORE_F_FILE_LOAD_TRY_DECODE 0 # define OSSL_STORE_F_FILE_NAME_TO_URI 0 # define OSSL_STORE_F_FILE_OPEN 0 -# define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO 0 +# define OSSL_STORE_F_OSSL_STORE_ATTACH 0 # define OSSL_STORE_F_OSSL_STORE_EXPECT 0 -# define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT 0 # define OSSL_STORE_F_OSSL_STORE_FIND 0 # define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT 0 # define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT 0 diff --git a/util/libcrypto.num b/util/libcrypto.num index e91c265e20..590157fe8b 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5086,3 +5086,5 @@ EVP_default_properties_is_fips_enabled ? 3_0_0 EXIST::FUNCTION: EVP_default_properties_enable_fips ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_new_raw_private_key_with_libctx ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_new_raw_public_key_with_libctx ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_attach ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_set_attach ? 3_0_0 EXIST::FUNCTION: diff --git a/util/other.syms b/util/other.syms index 9f44034fd5..d993485931 100644 --- a/util/other.syms +++ b/util/other.syms @@ -49,6 +49,7 @@ OSSL_STORE_INFO datatype OSSL_STORE_LOADER datatype OSSL_STORE_LOADER_CTX datatype OSSL_STORE_SEARCH datatype +OSSL_STORE_attach_fn datatype OSSL_STORE_close_fn datatype OSSL_STORE_ctrl_fn datatype OSSL_STORE_expect_fn datatype From dev at ddvo.net Wed May 13 17:45:00 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Wed, 13 May 2020 17:45:00 +0000 Subject: [openssl] master update Message-ID: <1589391900.114424.30114.nullmailer@dev.openssl.org> The branch master has been updated via 63f1883dca7a42949e8b9db5b035c17fc160f998 (commit) via 143be4748e49ff0181964affcbf422a895c48e85 (commit) via 6b326fc396d203d84f5461a0025495dfef88e1e8 (commit) via 8d9a4d833f12b0669f053a504268d13a46c079ad (commit) via 3c38fa4b797848a76b83f91e423de470adbb3b61 (commit) via d3d0784e4147d2253ed4a13b7eafea4eeeaf38fb (commit) via 05f920db3982b867c3d640e7d424a1cb5608bb85 (commit) from f55838f34dd5c65420662f7eacf6c6ffd7f261a2 (commit) - Log ----------------------------------------------------------------- commit 63f1883dca7a42949e8b9db5b035c17fc160f998 Author: Dr. David von Oheimb Date: Fri May 8 13:30:44 2020 +0200 Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert() Also update documentation and example code in openssl-cmp.pod.in Reviewed-by: Matt Caswell Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11470) commit 143be4748e49ff0181964affcbf422a895c48e85 Author: Dr. David von Oheimb Date: Wed Apr 29 18:06:43 2020 +0200 Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID() Reviewed-by: Matt Caswell Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11470) commit 6b326fc396d203d84f5461a0025495dfef88e1e8 Author: Dr. David von Oheimb Date: Thu Apr 30 19:38:58 2020 +0200 Improve CMP documentation regarding use of untrusted certs Reviewed-by: Matt Caswell Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11470) commit 8d9a4d833f12b0669f053a504268d13a46c079ad Author: Dr. David von Oheimb Date: Fri Apr 3 10:43:58 2020 +0200 Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: Matt Caswell Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11470) commit 3c38fa4b797848a76b83f91e423de470adbb3b61 Author: Dr. David von Oheimb Date: Tue May 12 10:14:00 2020 +0200 Preliminary fix of memory leak in try_decode_PKCS12() - full fix is in #11733 Reviewed-by: Matt Caswell Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11470) commit d3d0784e4147d2253ed4a13b7eafea4eeeaf38fb Author: Dr. David von Oheimb Date: Tue Apr 28 11:00:07 2020 +0200 Improve description of algorithm NIDs in doc/man3/OSSL_CMP_CTX_new.pod Reviewed-by: Matt Caswell Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11470) commit 05f920db3982b867c3d640e7d424a1cb5608bb85 Author: Dr. David von Oheimb Date: Fri Apr 3 19:54:45 2020 +0200 Reflect constifications of 62dcd2aa in doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod Reviewed-by: Matt Caswell Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11470) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 6 +- NEWS.md | 2 +- apps/build.info | 2 +- apps/cmp.c | 3332 ++++++++++++++++++++ apps/openssl-vms.cnf | 56 + apps/openssl.cnf | 56 + crypto/cmp/cmp_asn.c | 9 +- crypto/cmp/cmp_client.c | 5 +- crypto/cmp/cmp_ctx.c | 6 +- crypto/cmp/cmp_hdr.c | 46 +- crypto/cmp/cmp_local.h | 13 +- crypto/cmp/cmp_msg.c | 20 +- crypto/cmp/cmp_protect.c | 132 +- crypto/cmp/cmp_server.c | 3 +- crypto/store/loader_file.c | 1 + doc/internal/man3/ossl_cmp_msg_protect.pod | 4 +- doc/man1/build.info | 3 + doc/man1/openssl-cmp.pod.in | 1165 +++++++ doc/man3/OSSL_CMP_CTX_new.pod | 122 +- doc/man3/OSSL_CMP_MSG_get0_header.pod | 15 +- doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod | 12 +- include/openssl/cmp.h | 19 +- test/cmp_client_test.c | 2 +- test/cmp_ctx_test.c | 4 +- test/cmp_msg_test.c | 2 +- test/cmp_protect_test.c | 2 +- .../65-test_cmp_vfy_data => }/insta.priv.pem | 0 .../65-test_cmp_vfy_data => }/insta_ca.cert.pem | 0 util/libcrypto.num | 3 +- 29 files changed, 4844 insertions(+), 198 deletions(-) create mode 100644 apps/cmp.c create mode 100644 doc/man1/openssl-cmp.pod.in copy test/{recipes/65-test_cmp_vfy_data => }/insta.priv.pem (100%) copy test/{recipes/65-test_cmp_vfy_data => }/insta_ca.cert.pem (100%) diff --git a/CHANGES.md b/CHANGES.md index 51ed264cb0..6ee0b1efde 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -93,10 +93,10 @@ OpenSSL 3.0 *Richard Levitte* * Added an implementation of CMP and CRMF (RFC 4210, RFC 4211 RFC 6712). - This adds crypto/cmp/, crpyto/crmf/, and test/cmp_*. - See L as starting point. + This adds crypto/cmp/, crpyto/crmf/, apps/cmp.c, and test/cmp_*. + See L and L as starting points. - *David von Oheimb* + *David von Oheimb, Martin Peylo* * Generalized the HTTP client code from crypto/ocsp/ into crpyto/http/. The legacy OCSP-focused and only partly documented API is retained. diff --git a/NEWS.md b/NEWS.md index ec5e754e0b..c09e9599a4 100644 --- a/NEWS.md +++ b/NEWS.md @@ -34,7 +34,7 @@ OpenSSL 3.0 disabled; the project uses address sanitize/leak-detect instead. * Added a Certificate Management Protocol (CMP, RFC 4210) implementation also covering CRMF (RFC 4211) and HTTP transfer (RFC 6712). - It is part of the crypto lib, while a 'cmp' app using it is in preparation. + It is part of the crypto lib and adds a 'cmp' app with a demo configuration. All widely used CMP features are supported for both clients and servers. * Added a proper HTTP(S) client to libcrypto supporting GET and POST, redirection, plain and ASN.1-encoded contents, proxies, and timeouts. diff --git a/apps/build.info b/apps/build.info index f2c62c94dc..d51e825bc5 100644 --- a/apps/build.info +++ b/apps/build.info @@ -52,7 +52,7 @@ IF[{- !$disabled{'deprecated-3.0'} -}] ENDIF ENDIF IF[{- !$disabled{'cmp'} -}] - $OPENSSLSRC=$OPENSSLSRC cmp_mock_srv.c + $OPENSSLSRC=$OPENSSLSRC cmp.c cmp_mock_srv.c ENDIF IF[{- !$disabled{apps} -}] diff --git a/apps/cmp.c b/apps/cmp.c new file mode 100644 index 0000000000..9e40534995 --- /dev/null +++ b/apps/cmp.c @@ -0,0 +1,3332 @@ +/* + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include "apps.h" +#include "http_server.h" +#include "s_apps.h" +#include "progs.h" + +#include "cmp_mock_srv.h" + +/* tweaks needed due to missing unistd.h on Windows */ +#ifdef _WIN32 +# define access _access +#endif +#ifndef F_OK +# define F_OK 0 +#endif + +#include +#include +#include + +/* explicit #includes not strictly needed since implied by the above: */ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +DEFINE_STACK_OF(X509) +DEFINE_STACK_OF(X509_EXTENSION) +DEFINE_STACK_OF(OSSL_CMP_ITAV) + +/* start TODO remove when PR #11755 is merged */ +static char *get_passwd(const char *pass, const char *desc) +{ + char *result = NULL; + + app_passwd(pass, NULL, &result, NULL); + return result; +} + +static void cleanse(char *str) +{ + if (str != NULL) + OPENSSL_cleanse(str, strlen(str)); +} + +static void clear_free(char *str) +{ + if (str != NULL) + OPENSSL_clear_free(str, strlen(str)); +} + +static int load_key_cert_crl(const char *uri, int maybe_stdin, + const char *pass, const char *desc, + EVP_PKEY **ppkey, X509 **pcert, X509_CRL **pcrl) +{ + PW_CB_DATA uidata; + OSSL_STORE_CTX *ctx = NULL; + int ret = 0; + + if (ppkey != NULL) + *ppkey = NULL; + if (pcert != NULL) + *pcert = NULL; + if (pcrl != NULL) + *pcrl = NULL; + + uidata.password = pass; + uidata.prompt_info = uri; + + ctx = OSSL_STORE_open(uri, get_ui_method(), &uidata, NULL, NULL); + if (ctx == NULL) { + BIO_printf(bio_err, "Could not open file or uri %s for loading %s\n", + uri, desc); + goto end; + } + + for (;;) { + OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); + int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info); + const char *infostr = + info == NULL ? NULL : OSSL_STORE_INFO_type_string(type); + int err = 0; + + if (info == NULL) { + if (OSSL_STORE_eof(ctx)) + ret = 1; + break; + } + + switch (type) { + case OSSL_STORE_INFO_PKEY: + if (ppkey != NULL && *ppkey == NULL) + err = ((*ppkey = OSSL_STORE_INFO_get1_PKEY(info)) == NULL); + break; + case OSSL_STORE_INFO_CERT: + if (pcert != NULL && *pcert == NULL) + err = ((*pcert = OSSL_STORE_INFO_get1_CERT(info)) == NULL); + break; + case OSSL_STORE_INFO_CRL: + if (pcrl != NULL && *pcrl == NULL) + err = ((*pcrl = OSSL_STORE_INFO_get1_CRL(info)) == NULL); + break; + default: + /* skip any other type */ + break; + } + OSSL_STORE_INFO_free(info); + if (err) { + BIO_printf(bio_err, "Could not read %s of %s from %s\n", + infostr, desc, uri); + break; + } + } + + end: + if (ctx != NULL) + OSSL_STORE_close(ctx); + if (!ret) + ERR_print_errors(bio_err); + return ret; +} + +static +EVP_PKEY *load_key_preliminary(const char *uri, int format, int may_stdin, + const char *pass, ENGINE *e, const char *desc) +{ + EVP_PKEY *pkey = NULL; + + if (desc == NULL) + desc = "private key"; + + if (format == FORMAT_ENGINE) { + if (e == NULL) { + BIO_printf(bio_err, "No engine specified for loading %s\n", desc); + } else { +#ifndef OPENSSL_NO_ENGINE + PW_CB_DATA cb_data; + + cb_data.password = pass; + cb_data.prompt_info = uri; + if (ENGINE_init(e)) { + pkey = ENGINE_load_private_key(e, uri, + (UI_METHOD *)get_ui_method(), + &cb_data); + ENGINE_finish(e); + } + if (pkey == NULL) { + BIO_printf(bio_err, "Cannot load %s from engine\n", desc); + ERR_print_errors(bio_err); + } +#else + BIO_printf(bio_err, "Engines not supported for loading %s\n", desc); +#endif + } + } else { + (void)load_key_cert_crl(uri, may_stdin, pass, desc, &pkey, NULL, NULL); + } + + if (pkey == NULL) { + BIO_printf(bio_err, "Unable to load %s\n", desc); + ERR_print_errors(bio_err); + } + return pkey; +} + +static X509 *load_cert_pass(const char *uri, int maybe_stdin, + const char *pass, const char *desc) +{ + X509 *cert = NULL; + + if (desc == NULL) + desc = "certificate"; + (void)load_key_cert_crl(uri, maybe_stdin, pass, desc, NULL, &cert, NULL); + if (cert == NULL) { + BIO_printf(bio_err, "Unable to load %s\n", desc); + ERR_print_errors(bio_err); + } + return cert; +} +/* end TODO remove when PR #11755 is merged */ + +static char *opt_config = NULL; +#define CMP_SECTION "cmp" +#define SECTION_NAME_MAX 40 /* max length of section name */ +#define DEFAULT_SECTION "default" +static char *opt_section = CMP_SECTION; + +#undef PROG +#define PROG cmp_main +static char *prog = "cmp"; + +static int read_config(void); + +static CONF *conf = NULL; /* OpenSSL config file context structure */ +static OSSL_CMP_CTX *cmp_ctx = NULL; /* the client-side CMP context */ + +/* TODO remove when new setup_engine_flags() is in apps/lib/apps.c (PR #4277) */ +static +ENGINE *setup_engine_flags(const char *engine, unsigned int flags, int debug) +{ + return setup_engine(engine, debug); +} + +/* the type of cmp command we want to send */ +typedef enum { + CMP_IR, + CMP_KUR, + CMP_CR, + CMP_P10CR, + CMP_RR, + CMP_GENM +} cmp_cmd_t; + +/* message transfer */ +static char *opt_server = NULL; +static char server_port_s[32] = { '\0' }; +static int server_port = 0; +static char *opt_proxy = NULL; +static char *opt_no_proxy = NULL; +static char *opt_path = "/"; +static int opt_msg_timeout = -1; +static int opt_total_timeout = -1; + +/* server authentication */ +static char *opt_trusted = NULL; +static char *opt_untrusted = NULL; +static char *opt_srvcert = NULL; +static char *opt_recipient = NULL; +static char *opt_expect_sender = NULL; +static int opt_ignore_keyusage = 0; +static int opt_unprotected_errors = 0; +static char *opt_extracertsout = NULL; +static char *opt_cacertsout = NULL; + +/* client authentication */ +static char *opt_ref = NULL; +static char *opt_secret = NULL; +static char *opt_cert = NULL; +static char *opt_key = NULL; +static char *opt_keypass = NULL; +static char *opt_digest = NULL; +static char *opt_mac = NULL; +static char *opt_extracerts = NULL; +static int opt_unprotected_requests = 0; + +/* generic message */ +static char *opt_cmd_s = NULL; +static int opt_cmd = -1; +static char *opt_geninfo = NULL; +static char *opt_infotype_s = NULL; +static int opt_infotype = NID_undef; + +/* certificate enrollment */ +static char *opt_newkey = NULL; +static char *opt_newkeypass = NULL; +static char *opt_subject = NULL; +static char *opt_issuer = NULL; +static int opt_days = 0; +static char *opt_reqexts = NULL; +static char *opt_sans = NULL; +static int opt_san_nodefault = 0; +static char *opt_policies = NULL; +static char *opt_policy_oids = NULL; +static int opt_policy_oids_critical = 0; +static int opt_popo = OSSL_CRMF_POPO_NONE - 1; +static char *opt_csr = NULL; +static char *opt_out_trusted = NULL; +static int opt_implicit_confirm = 0; +static int opt_disable_confirm = 0; +static char *opt_certout = NULL; + +/* certificate enrollment and revocation */ +static char *opt_oldcert = NULL; +static int opt_revreason = CRL_REASON_NONE; + +/* credentials format */ +static char *opt_certform_s = "PEM"; +static int opt_certform = FORMAT_PEM; +static char *opt_keyform_s = "PEM"; +static int opt_keyform = FORMAT_PEM; +static char *opt_certsform_s = "PEM"; +static int opt_certsform = FORMAT_PEM; +static char *opt_otherpass = NULL; +static char *opt_engine = NULL; + +/* TLS connection */ +static int opt_tls_used = 0; +static char *opt_tls_cert = NULL; +static char *opt_tls_key = NULL; +static char *opt_tls_keypass = NULL; +static char *opt_tls_extra = NULL; +static char *opt_tls_trusted = NULL; +static char *opt_tls_host = NULL; + +/* client-side debugging */ +static int opt_batch = 0; +static int opt_repeat = 1; +static char *opt_reqin = NULL; +static int opt_reqin_new_tid = 0; +static char *opt_reqout = NULL; +static char *opt_rspin = NULL; +static char *opt_rspout = NULL; +static int opt_use_mock_srv = 0; + +/* server-side debugging */ +static char *opt_port = NULL; +static int opt_max_msgs = 0; + +static char *opt_srv_ref = NULL; +static char *opt_srv_secret = NULL; +static char *opt_srv_cert = NULL; +static char *opt_srv_key = NULL; +static char *opt_srv_keypass = NULL; + +static char *opt_srv_trusted = NULL; +static char *opt_srv_untrusted = NULL; +static char *opt_rsp_cert = NULL; +static char *opt_rsp_extracerts = NULL; +static char *opt_rsp_capubs = NULL; +static int opt_poll_count = 0; +static int opt_check_after = 1; +static int opt_grant_implicitconf = 0; + +static int opt_pkistatus = OSSL_CMP_PKISTATUS_accepted; +static int opt_failure = INT_MIN; +static int opt_failurebits = 0; +static char *opt_statusstring = NULL; +static int opt_send_error = 0; +static int opt_send_unprotected = 0; +static int opt_send_unprot_err = 0; +static int opt_accept_unprotected = 0; +static int opt_accept_unprot_err = 0; +static int opt_accept_raverified = 0; + +static X509_VERIFY_PARAM *vpm = NULL; + +typedef enum OPTION_choice { + OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, + OPT_CONFIG, OPT_SECTION, + + OPT_CMD, OPT_INFOTYPE, OPT_GENINFO, + + OPT_NEWKEY, OPT_NEWKEYPASS, OPT_SUBJECT, OPT_ISSUER, + OPT_DAYS, OPT_REQEXTS, + OPT_SANS, OPT_SAN_NODEFAULT, + OPT_POLICIES, OPT_POLICY_OIDS, OPT_POLICY_OIDS_CRITICAL, + OPT_POPO, OPT_CSR, + OPT_OUT_TRUSTED, OPT_IMPLICIT_CONFIRM, OPT_DISABLE_CONFIRM, + OPT_CERTOUT, + + OPT_OLDCERT, OPT_REVREASON, + + OPT_SERVER, OPT_PROXY, OPT_NO_PROXY, OPT_PATH, + OPT_MSG_TIMEOUT, OPT_TOTAL_TIMEOUT, + + OPT_TRUSTED, OPT_UNTRUSTED, OPT_SRVCERT, + OPT_RECIPIENT, OPT_EXPECT_SENDER, + OPT_IGNORE_KEYUSAGE, OPT_UNPROTECTED_ERRORS, + OPT_EXTRACERTSOUT, OPT_CACERTSOUT, + + OPT_REF, OPT_SECRET, OPT_CERT, OPT_KEY, OPT_KEYPASS, + OPT_DIGEST, OPT_MAC, OPT_EXTRACERTS, + OPT_UNPROTECTED_REQUESTS, + + OPT_CERTFORM, OPT_KEYFORM, OPT_CERTSFORM, + OPT_OTHERPASS, +#ifndef OPENSSL_NO_ENGINE + OPT_ENGINE, +#endif + OPT_PROV_ENUM, + + OPT_TLS_USED, OPT_TLS_CERT, OPT_TLS_KEY, + OPT_TLS_KEYPASS, + OPT_TLS_EXTRA, OPT_TLS_TRUSTED, OPT_TLS_HOST, + + OPT_BATCH, OPT_REPEAT, + OPT_REQIN, OPT_REQIN_NEW_TID, OPT_REQOUT, OPT_RSPIN, OPT_RSPOUT, + + OPT_USE_MOCK_SRV, OPT_PORT, OPT_MAX_MSGS, + OPT_SRV_REF, OPT_SRV_SECRET, + OPT_SRV_CERT, OPT_SRV_KEY, OPT_SRV_KEYPASS, + OPT_SRV_TRUSTED, OPT_SRV_UNTRUSTED, + OPT_RSP_CERT, OPT_RSP_EXTRACERTS, OPT_RSP_CAPUBS, + OPT_POLL_COUNT, OPT_CHECK_AFTER, + OPT_GRANT_IMPLICITCONF, + OPT_PKISTATUS, OPT_FAILURE, + OPT_FAILUREBITS, OPT_STATUSSTRING, + OPT_SEND_ERROR, OPT_SEND_UNPROTECTED, + OPT_SEND_UNPROT_ERR, OPT_ACCEPT_UNPROTECTED, + OPT_ACCEPT_UNPROT_ERR, OPT_ACCEPT_RAVERIFIED, + + OPT_V_ENUM +} OPTION_CHOICE; + +const OPTIONS cmp_options[] = { + /* entries must be in the same order as enumerated above!! */ + {"help", OPT_HELP, '-', "Display this summary"}, + {"config", OPT_CONFIG, 's', + "Configuration file to use. \"\" = none. Default from env variable OPENSSL_CONF"}, + {"section", OPT_SECTION, 's', + "Section(s) in config file to get options from. \"\" = 'default'. Default 'cmp'"}, + + OPT_SECTION("Generic message"), + {"cmd", OPT_CMD, 's', "CMP request to send: ir/cr/kur/p10cr/rr/genm"}, + {"infotype", OPT_INFOTYPE, 's', + "InfoType name for requesting specific info in genm, e.g. 'signKeyPairTypes'"}, + {"geninfo", OPT_GENINFO, 's', + "generalInfo integer values to place in request PKIHeader with given OID"}, + {OPT_MORE_STR, 0, 0, + "specified in the form :int:, e.g. \"1.2.3:int:987\""}, + + OPT_SECTION("Certificate enrollment"), + {"newkey", OPT_NEWKEY, 's', + "Private or public key for the requested cert. Default: CSR key or client key"}, + {"newkeypass", OPT_NEWKEYPASS, 's', "New private key pass phrase source"}, + {"subject", OPT_SUBJECT, 's', + "Distinguished Name (DN) of subject to use in the requested cert template"}, + {OPT_MORE_STR, 0, 0, + "For kur, default is the subject DN of the reference cert (see -oldcert);"}, + {OPT_MORE_STR, 0, 0, + "this default is used for ir and cr only if no Subject Alt Names are set"}, + {"issuer", OPT_ISSUER, 's', + "DN of the issuer to place in the requested certificate template"}, + {OPT_MORE_STR, 0, 0, + "also used as recipient if neither -recipient nor -srvcert are given"}, + {"days", OPT_DAYS, 'n', + "Requested validity time of the new certificate in number of days"}, + {"reqexts", OPT_REQEXTS, 's', + "Name of config file section defining certificate request extensions"}, + {"sans", OPT_SANS, 's', + "Subject Alt Names (IPADDR/DNS/URI) to add as (critical) cert req extension"}, + {"san_nodefault", OPT_SAN_NODEFAULT, '-', + "Do not take default SANs from reference certificate (see -oldcert)"}, + {"policies", OPT_POLICIES, 's', + "Name of config file section defining policies certificate request extension"}, + {"policy_oids", OPT_POLICY_OIDS, 's', + "Policy OID(s) to add as policies certificate request extension"}, + {"policy_oids_critical", OPT_POLICY_OIDS_CRITICAL, '-', + "Flag the policy OID(s) given with -policy_oids as critical"}, + {"popo", OPT_POPO, 'n', + "Proof-of-Possession (POPO) method to use for ir/cr/kur where"}, + {OPT_MORE_STR, 0, 0, + "-1 = NONE, 0 = RAVERIFIED, 1 = SIGNATURE (default), 2 = KEYENC"}, + {"csr", OPT_CSR, 's', + "CSR file in PKCS#10 format to use in p10cr for legacy support"}, + {"out_trusted", OPT_OUT_TRUSTED, 's', + "Certificates to trust when verifying newly enrolled certificates"}, + {"implicit_confirm", OPT_IMPLICIT_CONFIRM, '-', + "Request implicit confirmation of newly enrolled certificates"}, + {"disable_confirm", OPT_DISABLE_CONFIRM, '-', + "Do not confirm newly enrolled certificate w/o requesting implicit"}, + {OPT_MORE_STR, 0, 0, + "confirmation. WARNING: This leads to behavior violating RFC 4210"}, + {"certout", OPT_CERTOUT, 's', + "File to save newly enrolled certificate"}, + + OPT_SECTION("Certificate enrollment and revocation"), + + {"oldcert", OPT_OLDCERT, 's', + "Certificate to be updated (defaulting to -cert) or to be revoked in rr;"}, + {OPT_MORE_STR, 0, 0, + "also used as reference (defaulting to -cert) for subject DN and SANs."}, + {OPT_MORE_STR, 0, 0, + "Its issuer is used as recipient unless -srvcert, -recipient or -issuer given"}, + {"revreason", OPT_REVREASON, 'n', + "Reason code to include in revocation request (rr); possible values:"}, + {OPT_MORE_STR, 0, 0, + "0..6, 8..10 (see RFC5280, 5.3.1) or -1. Default -1 = none included"}, + + OPT_SECTION("Message transfer"), + {"server", OPT_SERVER, 's', + "[http[s]://]address[:port] of CMP server. Default port 80 or 443."}, + {OPT_MORE_STR, 0, 0, + "The address may be a DNS name or an IP address"}, + {"proxy", OPT_PROXY, 's', + "[http[s]://]address[:port][/path] of HTTP(S) proxy to use; path is ignored"}, + {"no_proxy", OPT_NO_PROXY, 's', + "List of addresses of servers not to use HTTP(S) proxy for"}, + {OPT_MORE_STR, 0, 0, + "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"}, + {"path", OPT_PATH, 's', + "HTTP path (aka CMP alias) at the CMP server. Default \"/\""}, + {"msg_timeout", OPT_MSG_TIMEOUT, 'n', + "Timeout per CMP message round trip (or 0 for none). Default 120 seconds"}, + {"total_timeout", OPT_TOTAL_TIMEOUT, 'n', + "Overall time an enrollment incl. polling may take. Default 0 = infinite"}, + + OPT_SECTION("Server authentication"), + {"trusted", OPT_TRUSTED, 's', + "Trusted certs used for CMP server authentication when verifying responses"}, + {OPT_MORE_STR, 0, 0, "unless -srvcert is given"}, + {"untrusted", OPT_UNTRUSTED, 's', + "Intermediate certs for chain construction verifying CMP/TLS/enrolled certs"}, + {"srvcert", OPT_SRVCERT, 's', + "Specific CMP server cert to use and trust directly when verifying responses"}, + {"recipient", OPT_RECIPIENT, 's', + "Distinguished Name (DN) of the recipient to use unless -srvcert is given"}, + {"expect_sender", OPT_EXPECT_SENDER, 's', + "DN of expected response sender. Defaults to DN of -srvcert, if provided"}, + {"ignore_keyusage", OPT_IGNORE_KEYUSAGE, '-', + "Ignore CMP signer cert key usage, else 'digitalSignature' must be allowed"}, + {"unprotected_errors", OPT_UNPROTECTED_ERRORS, '-', + "Accept missing or invalid protection of regular error messages and negative"}, + {OPT_MORE_STR, 0, 0, + "certificate responses (ip/cp/kup), revocation responses (rp), and PKIConf"}, + {OPT_MORE_STR, 0, 0, + "WARNING: This setting leads to behavior allowing violation of RFC 4210"}, + {"extracertsout", OPT_EXTRACERTSOUT, 's', + "File to save extra certificates received in the extraCerts field"}, + {"cacertsout", OPT_CACERTSOUT, 's', + "File to save CA certificates received in the caPubs field of 'ip' messages"}, + + OPT_SECTION("Client authentication"), + {"ref", OPT_REF, 's', + "Reference value to use as senderKID in case no -cert is given"}, + {"secret", OPT_SECRET, 's', + "Password source for client authentication with a pre-shared key (secret)"}, + {"cert", OPT_CERT, 's', + "Client's current certificate (needed unless using -secret for PBM);"}, + {OPT_MORE_STR, 0, 0, + "any further certs included are appended in extraCerts field"}, + {"key", OPT_KEY, 's', "Private key for the client's current certificate"}, + {"keypass", OPT_KEYPASS, 's', + "Client private key (and cert and old cert file) pass phrase source"}, + {"digest", OPT_DIGEST, 's', + "Digest to use in message protection and POPO signatures. Default \"sha256\""}, + {"mac", OPT_MAC, 's', + "MAC algorithm to use in PBM-based message protection. Default \"hmac-sha1\""}, + {"extracerts", OPT_EXTRACERTS, 's', + "Certificates to append in extraCerts field of outgoing messages"}, + {"unprotected_requests", OPT_UNPROTECTED_REQUESTS, '-', + "Send messages without CMP-level protection"}, + + OPT_SECTION("Credentials format"), + {"certform", OPT_CERTFORM, 's', + "Format (PEM or DER) to use when saving a certificate to a file. Default PEM"}, + {OPT_MORE_STR, 0, 0, + "This also determines format to use for writing (not supported for P12)"}, + {"keyform", OPT_KEYFORM, 's', + "Format to assume when reading key files. Default PEM"}, + {"certsform", OPT_CERTSFORM, 's', + "Format (PEM/DER/P12) to try first reading multiple certs. Default PEM"}, + {"otherpass", OPT_OTHERPASS, 's', + "Pass phrase source potentially needed for loading certificates of others"}, +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', + "Use crypto engine with given identifier, possibly a hardware device."}, + {OPT_MORE_STR, 0, 0, + "Engines may be defined in OpenSSL config file engine section."}, + {OPT_MORE_STR, 0, 0, + "Options like -key specifying keys held in the engine can give key IDs"}, + {OPT_MORE_STR, 0, 0, + "prefixed by 'engine:', e.g. '-key engine:pkcs11:object=mykey;pin-value=1234'"}, +#endif + OPT_PROV_OPTIONS, + + OPT_SECTION("TLS connection"), + {"tls_used", OPT_TLS_USED, '-', + "Enable using TLS (also when other TLS options are not set)"}, + {"tls_cert", OPT_TLS_CERT, 's', + "Client's TLS certificate. May include chain to be provided to TLS server"}, + {"tls_key", OPT_TLS_KEY, 's', + "Private key for the client's TLS certificate"}, + {"tls_keypass", OPT_TLS_KEYPASS, 's', + "Pass phrase source for the client's private TLS key (and TLS cert file)"}, + {"tls_extra", OPT_TLS_EXTRA, 's', + "Extra certificates to provide to TLS server during TLS handshake"}, + {"tls_trusted", OPT_TLS_TRUSTED, 's', + "Trusted certificates to use for verifying the TLS server certificate;"}, + {OPT_MORE_STR, 0, 0, "this implies host name validation"}, + {"tls_host", OPT_TLS_HOST, 's', + "Address to be checked (rather than -server) during TLS host name validation"}, + + OPT_SECTION("Client-side debugging"), + {"batch", OPT_BATCH, '-', + "Do not interactively prompt for input when a password is required etc."}, + {"repeat", OPT_REPEAT, 'n', + "Invoke the transaction the given number of times. Default 1"}, + {"reqin", OPT_REQIN, 's', "Take sequence of CMP requests from file(s)"}, + {"reqin_new_tid", OPT_REQIN_NEW_TID, '-', + "Use fresh transactionID for CMP requests read from -reqin"}, + {"reqout", OPT_REQOUT, 's', "Save sequence of CMP requests to file(s)"}, + {"rspin", OPT_RSPIN, 's', + "Process sequence of CMP responses provided in file(s), skipping server"}, + {"rspout", OPT_RSPOUT, 's', "Save sequence of CMP responses to file(s)"}, + + {"use_mock_srv", OPT_USE_MOCK_SRV, '-', "Use mock server at API level, bypassing HTTP"}, + + OPT_SECTION("Mock server"), + {"port", OPT_PORT, 's', "Act as HTTP mock server listening on given port"}, + {"max_msgs", OPT_MAX_MSGS, 'n', + "max number of messages handled by HTTP mock server. Default: 0 = unlimited"}, + + {"srv_ref", OPT_SRV_REF, 's', + "Reference value to use as senderKID of server in case no -srv_cert is given"}, + {"srv_secret", OPT_SRV_SECRET, 's', + "Password source for server authentication with a pre-shared key (secret)"}, + {"srv_cert", OPT_SRV_CERT, 's', "Certificate of the server"}, + {"srv_key", OPT_SRV_KEY, 's', + "Private key used by the server for signing messages"}, + {"srv_keypass", OPT_SRV_KEYPASS, 's', + "Server private key (and cert) file pass phrase source"}, + + {"srv_trusted", OPT_SRV_TRUSTED, 's', + "Trusted certificates for client authentication"}, + {"srv_untrusted", OPT_SRV_UNTRUSTED, 's', + "Intermediate certs that may be useful for verifying CMP protection"}, + {"rsp_cert", OPT_RSP_CERT, 's', + "Certificate to be returned as mock enrollment result"}, + {"rsp_extracerts", OPT_RSP_EXTRACERTS, 's', + "Extra certificates to be included in mock certification responses"}, + {"rsp_capubs", OPT_RSP_CAPUBS, 's', + "CA certificates to be included in mock ip response"}, + {"poll_count", OPT_POLL_COUNT, 'n', + "Number of times the client must poll before receiving a certificate"}, + {"check_after", OPT_CHECK_AFTER, 'n', + "The check_after value (time to wait) to include in poll response"}, + {"grant_implicitconf", OPT_GRANT_IMPLICITCONF, '-', + "Grant implicit confirmation of newly enrolled certificate"}, + + {"pkistatus", OPT_PKISTATUS, 'n', + "PKIStatus to be included in server response. Possible values: 0..6"}, + {"failure", OPT_FAILURE, 'n', + "A single failure info bit number to include in server response, 0..26"}, + {"failurebits", OPT_FAILUREBITS, 'n', + "Number representing failure bits to include in server response, 0..2^27 - 1"}, + {"statusstring", OPT_STATUSSTRING, 's', + "Status string to be included in server response"}, + {"send_error", OPT_SEND_ERROR, '-', + "Force server to reply with error message"}, + {"send_unprotected", OPT_SEND_UNPROTECTED, '-', + "Send response messages without CMP-level protection"}, + {"send_unprot_err", OPT_SEND_UNPROT_ERR, '-', + "In case of negative responses, server shall send unprotected error messages,"}, + {OPT_MORE_STR, 0, 0, + "certificate responses (ip/cp/kup), and revocation responses (rp)."}, + {OPT_MORE_STR, 0, 0, + "WARNING: This setting leads to behavior violating RFC 4210"}, + {"accept_unprotected", OPT_ACCEPT_UNPROTECTED, '-', + "Accept missing or invalid protection of requests"}, + {"accept_unprot_err", OPT_ACCEPT_UNPROT_ERR, '-', + "Accept unprotected error messages from client"}, + {"accept_raverified", OPT_ACCEPT_RAVERIFIED, '-', + "Accept RAVERIFIED as proof-of-possession (POPO)"}, + + OPT_V_OPTIONS, + {NULL} +}; + +typedef union { + char **txt; + int *num; + long *num_long; +} varref; +static varref cmp_vars[] = { /* must be in same order as enumerated above! */ + {&opt_config}, {&opt_section}, + + {&opt_cmd_s}, {&opt_infotype_s}, {&opt_geninfo}, + + {&opt_newkey}, {&opt_newkeypass}, {&opt_subject}, {&opt_issuer}, + {(char **)&opt_days}, {&opt_reqexts}, + {&opt_sans}, {(char **)&opt_san_nodefault}, + {&opt_policies}, {&opt_policy_oids}, {(char **)&opt_policy_oids_critical}, + {(char **)&opt_popo}, {&opt_csr}, + {&opt_out_trusted}, + {(char **)&opt_implicit_confirm}, {(char **)&opt_disable_confirm}, + {&opt_certout}, + + {&opt_oldcert}, {(char **)&opt_revreason}, + + {&opt_server}, {&opt_proxy}, {&opt_no_proxy}, {&opt_path}, + {(char **)&opt_msg_timeout}, {(char **)&opt_total_timeout}, + + {&opt_trusted}, {&opt_untrusted}, {&opt_srvcert}, + {&opt_recipient}, {&opt_expect_sender}, + {(char **)&opt_ignore_keyusage}, {(char **)&opt_unprotected_errors}, + {&opt_extracertsout}, {&opt_cacertsout}, + + {&opt_ref}, {&opt_secret}, {&opt_cert}, {&opt_key}, {&opt_keypass}, + {&opt_digest}, {&opt_mac}, {&opt_extracerts}, + {(char **)&opt_unprotected_requests}, + + {&opt_certform_s}, {&opt_keyform_s}, {&opt_certsform_s}, + {&opt_otherpass}, +#ifndef OPENSSL_NO_ENGINE + {&opt_engine}, +#endif + + {(char **)&opt_tls_used}, {&opt_tls_cert}, {&opt_tls_key}, + {&opt_tls_keypass}, + {&opt_tls_extra}, {&opt_tls_trusted}, {&opt_tls_host}, + + {(char **)&opt_batch}, {(char **)&opt_repeat}, + {&opt_reqin}, {(char **)&opt_reqin_new_tid}, + {&opt_reqout}, {&opt_rspin}, {&opt_rspout}, + + {(char **)&opt_use_mock_srv}, {&opt_port}, {(char **)&opt_max_msgs}, + {&opt_srv_ref}, {&opt_srv_secret}, + {&opt_srv_cert}, {&opt_srv_key}, {&opt_srv_keypass}, + {&opt_srv_trusted}, {&opt_srv_untrusted}, + {&opt_rsp_cert}, {&opt_rsp_extracerts}, {&opt_rsp_capubs}, + {(char **)&opt_poll_count}, {(char **)&opt_check_after}, + {(char **)&opt_grant_implicitconf}, + {(char **)&opt_pkistatus}, {(char **)&opt_failure}, + {(char **)&opt_failurebits}, {&opt_statusstring}, + {(char **)&opt_send_error}, {(char **)&opt_send_unprotected}, + {(char **)&opt_send_unprot_err}, {(char **)&opt_accept_unprotected}, + {(char **)&opt_accept_unprot_err}, {(char **)&opt_accept_raverified}, + + {NULL} +}; + +#ifndef NDEBUG +# define FUNC (strcmp(OPENSSL_FUNC, "(unknown function)") == 0 \ + ? "CMP" : "OPENSSL_FUNC") +# define PRINT_LOCATION(bio) BIO_printf(bio, "%s:%s:%d:", \ + FUNC, OPENSSL_FILE, OPENSSL_LINE) +#else +# define PRINT_LOCATION(bio) ((void)0) +#endif +#define CMP_print(bio, prefix, msg, a1, a2, a3) \ + (PRINT_LOCATION(bio), \ + BIO_printf(bio, "CMP %s: " msg "\n", prefix, a1, a2, a3)) +#define CMP_INFO(msg, a1, a2, a3) CMP_print(bio_out, "info", msg, a1, a2, a3) +#define CMP_info(msg) CMP_INFO(msg"%s%s%s", "", "", "") +#define CMP_info1(msg, a1) CMP_INFO(msg"%s%s", a1, "", "") +#define CMP_info2(msg, a1, a2) CMP_INFO(msg"%s", a1, a2, "") +#define CMP_info3(msg, a1, a2, a3) CMP_INFO(msg, a1, a2, a3) +#define CMP_WARN(m, a1, a2, a3) CMP_print(bio_out, "warning", m, a1, a2, a3) +#define CMP_warn(msg) CMP_WARN(msg"%s%s%s", "", "", "") +#define CMP_warn1(msg, a1) CMP_WARN(msg"%s%s", a1, "", "") +#define CMP_warn2(msg, a1, a2) CMP_WARN(msg"%s", a1, a2, "") +#define CMP_warn3(msg, a1, a2, a3) CMP_WARN(msg, a1, a2, a3) +#define CMP_ERR(msg, a1, a2, a3) CMP_print(bio_err, "error", msg, a1, a2, a3) +#define CMP_err(msg) CMP_ERR(msg"%s%s%s", "", "", "") +#define CMP_err1(msg, a1) CMP_ERR(msg"%s%s", a1, "", "") +#define CMP_err2(msg, a1, a2) CMP_ERR(msg"%s", a1, a2, "") +#define CMP_err3(msg, a1, a2, a3) CMP_ERR(msg, a1, a2, a3) + +static int print_to_bio_out(const char *func, const char *file, int line, + OSSL_CMP_severity level, const char *msg) +{ + return OSSL_CMP_print_to_bio(bio_out, func, file, line, level, msg); +} + +/* code duplicated from crypto/cmp/cmp_util.c */ +static int sk_X509_add1_cert(STACK_OF(X509) *sk, X509 *cert, + int no_dup, int prepend) +{ + if (no_dup) { + /* + * not using sk_X509_set_cmp_func() and sk_X509_find() + * because this re-orders the certs on the stack + */ + int i; + + for (i = 0; i < sk_X509_num(sk); i++) { + if (X509_cmp(sk_X509_value(sk, i), cert) == 0) + return 1; + } + } + if (!X509_up_ref(cert)) + return 0; + if (!sk_X509_insert(sk, cert, prepend ? 0 : -1)) { + X509_free(cert); + return 0; + } + return 1; +} + +/* code duplicated from crypto/cmp/cmp_util.c */ +static int sk_X509_add1_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, + int no_self_signed, int no_dups, int prepend) +/* compiler would allow 'const' for the list of certs, yet they are up-ref'ed */ +{ + int i; + + if (sk == NULL) + return 0; + if (certs == NULL) + return 1; + for (i = 0; i < sk_X509_num(certs); i++) { + X509 *cert = sk_X509_value(certs, i); + + if (!no_self_signed || X509_check_issued(cert, cert) != X509_V_OK) { + if (!sk_X509_add1_cert(sk, cert, no_dups, prepend)) + return 0; + } + } + return 1; +} + +/* TODO potentially move to apps/lib/apps.c */ +static char *next_item(char *opt) /* in list separated by comma and/or space */ +{ + /* advance to separator (comma or whitespace), if any */ + while (*opt != ',' && !isspace(*opt) && *opt != '\0') { + if (*opt == '\\' && opt[1] != '\0') + /* skip and unescape '\' escaped char */ + memmove(opt, opt + 1, strlen(opt)); + opt++; + } + if (*opt != '\0') { + /* terminate current item */ + *opt++ = '\0'; + /* skip over any whitespace after separator */ + while (isspace(*opt)) + opt++; + } + return *opt == '\0' ? NULL : opt; /* NULL indicates end of input */ +} + +static EVP_PKEY *load_key_pwd(const char *uri, int format, + const char *pass, ENGINE *e, const char *desc) +{ + char *pass_string = get_passwd(pass, desc); + EVP_PKEY *pkey = load_key_preliminary(uri, format, 0, pass_string, e, desc); + + clear_free(pass_string); + return pkey; +} + +static X509 *load_cert_pwd(const char *uri, const char *pass, const char *desc) +{ + X509 *cert; + char *pass_string = get_passwd(pass, desc); + + cert = load_cert_pass(uri, 0, pass_string, desc); + clear_free(pass_string); + return cert; +} + +/* TODO remove when PR #4930 is merged */ +static int load_pkcs12(BIO *in, const char *desc, + pem_password_cb *pem_cb, void *cb_data, + EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) +{ + const char *pass; + char tpass[PEM_BUFSIZE]; + int len; + int ret = 0; + PKCS12 *p12 = d2i_PKCS12_bio(in, NULL); + + if (desc == NULL) + desc = "PKCS12 input"; + if (p12 == NULL) { + BIO_printf(bio_err, "error loading PKCS12 file for %s\n", desc); + goto die; + } + + /* See if an empty password will do */ + if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0)) { + pass = ""; + } else { + if (pem_cb == NULL) + pem_cb = wrap_password_callback; + len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data); + if (len < 0) { + BIO_printf(bio_err, "passphrase callback error for %s\n", desc); + goto die; + } + if (len < PEM_BUFSIZE) + tpass[len] = 0; + if (!PKCS12_verify_mac(p12, tpass, len)) { + BIO_printf(bio_err, + "mac verify error (wrong password?) in PKCS12 file for %s\n", + desc); + goto die; + } + pass = tpass; + } + ret = PKCS12_parse(p12, pass, pkey, cert, ca); + die: + PKCS12_free(p12); + return ret; +} + +/* TODO potentially move this and related functions to apps/lib/apps.c */ +static int adjust_format(const char **infile, int format, int engine_ok) +{ + if (!strncasecmp(*infile, "http://", 7) + || !strncasecmp(*infile, "https://", 8)) { + format = FORMAT_HTTP; + } else if (engine_ok && strncasecmp(*infile, "engine:", 7) == 0) { + *infile += 7; + format = FORMAT_ENGINE; + } else { + if (strncasecmp(*infile, "file:", 5) == 0) + *infile += 5; + /* + * the following is a heuristic whether first to try PEM or DER + * or PKCS12 as the input format for files + */ + if (strlen(*infile) >= 4) { + const char *extension = *infile + strlen(*infile) - 4; + + if (strncasecmp(extension, ".crt", 4) == 0 + || strncasecmp(extension, ".pem", 4) == 0) + /* weak recognition of PEM format */ + format = FORMAT_PEM; + else if (strncasecmp(extension, ".cer", 4) == 0 + || strncasecmp(extension, ".der", 4) == 0) + /* weak recognition of DER format */ + format = FORMAT_ASN1; + else if (strncasecmp(extension, ".p12", 4) == 0) + /* weak recognition of PKCS#12 format */ + format = FORMAT_PKCS12; + /* else retain given format */ + } + } + return format; +} + +/* + * TODO potentially move this and related functions to apps/lib/ + * or even better extend OSSL_STORE with type OSSL_STORE_INFO_CRL + */ +static X509_REQ *load_csr_autofmt(const char *infile, const char *desc) +{ + X509_REQ *csr; + BIO *bio_bak = bio_err; + int can_retry; + int format = adjust_format(&infile, FORMAT_PEM, 0); + + can_retry = format == FORMAT_PEM || format == FORMAT_ASN1; + if (can_retry) + bio_err = NULL; /* do not show errors on more than one try */ + csr = load_csr(infile, format, desc); + bio_err = bio_bak; + if (csr == NULL && can_retry) { + ERR_clear_error(); + format = (format == FORMAT_PEM ? FORMAT_ASN1 : FORMAT_PEM); + csr = load_csr(infile, format, desc); + } + if (csr == NULL) { + ERR_print_errors(bio_err); + BIO_printf(bio_err, "error: unable to load %s from file '%s'\n", desc, + infile); + } + return csr; +} + +/* TODO replace by calling generalized load_certs() when PR #4930 is merged */ +static int load_certs_preliminary(const char *file, STACK_OF(X509) **certs, + int format, const char *pass, + const char *desc) +{ + X509 *cert = NULL; + int ret = 0; + + if (format == FORMAT_PKCS12) { + BIO *bio = bio_open_default(file, 'r', format); + + if (bio != NULL) { + EVP_PKEY *pkey = NULL; /* pkey is needed until PR #4930 is merged */ + PW_CB_DATA cb_data; + + cb_data.password = pass; + cb_data.prompt_info = file; + ret = load_pkcs12(bio, desc, wrap_password_callback, + &cb_data, &pkey, &cert, certs); + EVP_PKEY_free(pkey); + BIO_free(bio); + } + } else if (format == FORMAT_ASN1) { /* load only one cert in this case */ + CMP_warn1("can load only one certificate in DER format from %s", file); + cert = load_cert_pass(file, 0, pass, desc); + } + if (format == FORMAT_PKCS12 || format == FORMAT_ASN1) { + if (cert) { + if (*certs == NULL) + *certs = sk_X509_new_null(); + if (*certs != NULL) + ret = sk_X509_insert(*certs, cert, 0); + else + X509_free(cert); + } + } else { + ret = load_certs(file, certs, format, pass, desc); + } + return ret; +} + +static void warn_certs_expired(const char *file, STACK_OF(X509) **certs) +{ + int i, res; + X509 *cert; + char *subj; + + for (i = 0; i < sk_X509_num(*certs); i++) { + cert = sk_X509_value(*certs, i); + res = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert), + X509_get0_notAfter(cert)); + if (res != 0) { + subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); + CMP_warn3("certificate from '%s' with subject '%s' %s", file, subj, + res > 0 ? "has expired" : "not yet valid"); + OPENSSL_free(subj); + } + } +} + +/* + * TODO potentially move this and related functions to apps/lib/ + * or even better extend OSSL_STORE with type OSSL_STORE_INFO_CERTS + */ +static int load_certs_autofmt(const char *infile, STACK_OF(X509) **certs, + int exclude_http, const char *pass, + const char *desc) +{ + int ret = 0; + char *pass_string; + BIO *bio_bak = bio_err; + int format = adjust_format(&infile, opt_certsform, 0); + + if (exclude_http && format == FORMAT_HTTP) { + BIO_printf(bio_err, "error: HTTP retrieval not allowed for %s\n", desc); + return ret; + } + pass_string = get_passwd(pass, desc); + if (format != FORMAT_HTTP) + bio_err = NULL; /* do not show errors on more than one try */ + ret = load_certs_preliminary(infile, certs, format, pass_string, desc); + bio_err = bio_bak; + if (!ret && format != FORMAT_HTTP) { + int format2 = format == FORMAT_PEM ? FORMAT_ASN1 : FORMAT_PEM; + + ERR_clear_error(); + ret = load_certs_preliminary(infile, certs, format2, pass_string, desc); + } + clear_free(pass_string); + + if (ret) + warn_certs_expired(infile, certs); + return ret; +} + +/* set expected host name/IP addr and clears the email addr in the given ts */ +static int truststore_set_host_etc(X509_STORE *ts, char *host) +{ + X509_VERIFY_PARAM *ts_vpm = X509_STORE_get0_param(ts); + + /* first clear any host names, IP, and email addresses */ + if (!X509_VERIFY_PARAM_set1_host(ts_vpm, NULL, 0) + || !X509_VERIFY_PARAM_set1_ip(ts_vpm, NULL, 0) + || !X509_VERIFY_PARAM_set1_email(ts_vpm, NULL, 0)) + return 0; + X509_VERIFY_PARAM_set_hostflags(ts_vpm, + X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT | + X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + return (host != NULL && X509_VERIFY_PARAM_set1_ip_asc(ts_vpm, host)) + || X509_VERIFY_PARAM_set1_host(ts_vpm, host, 0); +} + +static X509_STORE *sk_X509_to_store(X509_STORE *store /* may be NULL */, + const STACK_OF(X509) *certs /* may NULL */) +{ + int i; + + if (store == NULL) + store = X509_STORE_new(); + if (store == NULL) + return NULL; + for (i = 0; i < sk_X509_num(certs); i++) { + if (!X509_STORE_add_cert(store, sk_X509_value(certs, i))) { + X509_STORE_free(store); + return NULL; + } + } + return store; +} + +/* write OSSL_CMP_MSG DER-encoded to the specified file name item */ +static int write_PKIMESSAGE(const OSSL_CMP_MSG *msg, char **filenames) +{ + char *file; + BIO *bio; + + if (msg == NULL || filenames == NULL) { + CMP_err("NULL arg to write_PKIMESSAGE"); + return 0; + } + if (*filenames == NULL) { + CMP_err("Not enough file names provided for writing PKIMessage"); + return 0; + } + + file = *filenames; + *filenames = next_item(file); + bio = BIO_new_file(file, "wb"); + if (bio == NULL) { + CMP_err1("Cannot open file '%s' for writing", file); + return 0; + } + if (i2d_OSSL_CMP_MSG_bio(bio, msg) < 0) { + CMP_err1("Cannot write PKIMessage to file '%s'", file); + BIO_free(bio); + return 0; + } + BIO_free(bio); + return 1; +} + +/* read DER-encoded OSSL_CMP_MSG from the specified file name item */ +static OSSL_CMP_MSG *read_PKIMESSAGE(char **filenames) +{ + char *file; + BIO *bio; + OSSL_CMP_MSG *ret; + + if (filenames == NULL) { + CMP_err("NULL arg to read_PKIMESSAGE"); + return NULL; + } + if (*filenames == NULL) { + CMP_err("Not enough file names provided for reading PKIMessage"); + return NULL; + } + + file = *filenames; + *filenames = next_item(file); + bio = BIO_new_file(file, "rb"); + if (bio == NULL) { + CMP_err1("Cannot open file '%s' for reading", file); + return NULL; + } + ret = d2i_OSSL_CMP_MSG_bio(bio, NULL); + if (ret == NULL) + CMP_err1("Cannot read PKIMessage from file '%s'", file); + BIO_free(bio); + return ret; +} + +/*- + * Sends the PKIMessage req and on success place the response in *res + * basically like OSSL_CMP_MSG_http_perform(), but in addition allows + * to dump the sequence of requests and responses to files and/or + * to take the sequence of requests and responses from files. + */ +static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx, + const OSSL_CMP_MSG *req) +{ + OSSL_CMP_MSG *req_new = NULL; + OSSL_CMP_MSG *res = NULL; + OSSL_CMP_PKIHEADER *hdr; + + if (req != NULL && opt_reqout != NULL + && !write_PKIMESSAGE(req, &opt_reqout)) + goto err; + if (opt_reqin != NULL && opt_rspin == NULL) { + if ((req_new = read_PKIMESSAGE(&opt_reqin)) == NULL) + goto err; + /*- + * The transaction ID in req_new read from opt_reqin may not be fresh. + * In this case the server may complain "Transaction id already in use." + * The following workaround unfortunately requires re-protection. + */ + if (opt_reqin_new_tid + && !OSSL_CMP_MSG_update_transactionID(ctx, req_new)) + goto err; + } + + if (opt_rspin != NULL) { + res = read_PKIMESSAGE(&opt_rspin); + } else { + const OSSL_CMP_MSG *actual_req = opt_reqin != NULL ? req_new : req; + + res = opt_use_mock_srv + ? OSSL_CMP_CTX_server_perform(ctx, actual_req) + : OSSL_CMP_MSG_http_perform(ctx, actual_req); + } + if (res == NULL) + goto err; + + if (opt_reqin != NULL || opt_rspin != NULL) { + /* need to satisfy nonce and transactionID checks */ + ASN1_OCTET_STRING *nonce; + ASN1_OCTET_STRING *tid; + + hdr = OSSL_CMP_MSG_get0_header(res); + nonce = OSSL_CMP_HDR_get0_recipNonce(hdr); + tid = OSSL_CMP_HDR_get0_transactionID(hdr); + if (!OSSL_CMP_CTX_set1_senderNonce(ctx, nonce) + || !OSSL_CMP_CTX_set1_transactionID(ctx, tid)) { + OSSL_CMP_MSG_free(res); + res = NULL; + goto err; + } + } + + if (opt_rspout != NULL && !write_PKIMESSAGE(res, &opt_rspout)) { + OSSL_CMP_MSG_free(res); + res = NULL; + } + + err: + OSSL_CMP_MSG_free(req_new); + return res; +} + +/* + * parse string as integer value, not allowing trailing garbage, see also + * https://www.gnu.org/software/libc/manual/html_node/Parsing-of-Integers.html + * + * returns integer value, or INT_MIN on error + */ +static int atoint(const char *str) +{ + char *tailptr; + long res = strtol(str, &tailptr, 10); + + if ((*tailptr != '\0') || (res < INT_MIN) || (res > INT_MAX)) + return INT_MIN; + else + return (int)res; +} + +static int parse_addr(char **opt_string, int port, const char *name) +{ + char *port_string; + + if (strncasecmp(*opt_string, OSSL_HTTP_PREFIX, + strlen(OSSL_HTTP_PREFIX)) == 0) { + *opt_string += strlen(OSSL_HTTP_PREFIX); + } else if (strncasecmp(*opt_string, OSSL_HTTPS_PREFIX, + strlen(OSSL_HTTPS_PREFIX)) == 0) { + *opt_string += strlen(OSSL_HTTPS_PREFIX); + if (port == 0) + port = 443; /* == integer value of OSSL_HTTPS_PORT */ + } + + if ((port_string = strrchr(*opt_string, ':')) == NULL) + return port; /* using default */ + *(port_string++) = '\0'; + port = atoint(port_string); + if ((port <= 0) || (port > 65535)) { + CMP_err2("invalid %s port '%s' given, sane range 1-65535", + name, port_string); + return -1; + } + return port; +} + +static int set1_store_parameters(X509_STORE *ts) +{ + if (ts == NULL) + return 0; + + /* copy vpm to store */ + if (!X509_STORE_set1_param(ts, vpm /* may be NULL */)) { + BIO_printf(bio_err, "error setting verification parameters\n"); + OSSL_CMP_CTX_print_errors(cmp_ctx); + return 0; + } + + X509_STORE_set_verify_cb(ts, X509_STORE_CTX_print_verify_cb); + + return 1; +} + +static int set_name(const char *str, + int (*set_fn) (OSSL_CMP_CTX *ctx, const X509_NAME *name), + OSSL_CMP_CTX *ctx, const char *desc) +{ + if (str != NULL) { + X509_NAME *n = parse_name(str, MBSTRING_ASC, 0); + + if (n == NULL) { + CMP_err2("cannot parse %s DN '%s'", desc, str); + return 0; + } + if (!(*set_fn) (ctx, n)) { + X509_NAME_free(n); + CMP_err("out of memory"); + return 0; + } + X509_NAME_free(n); + } + return 1; +} + +static int set_gennames(OSSL_CMP_CTX *ctx, char *names, const char *desc) +{ + char *next; + + for (; names != NULL; names = next) { + GENERAL_NAME *n; + + next = next_item(names); + if (strcmp(names, "critical") == 0) { + (void)OSSL_CMP_CTX_set_option(ctx, + OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL, + 1); + continue; + } + + /* try IP address first, then URI or domain name */ + (void)ERR_set_mark(); + n = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_IPADD, names, 0); + if (n == NULL) + n = a2i_GENERAL_NAME(NULL, NULL, NULL, + strchr(names, ':') != NULL ? GEN_URI : GEN_DNS, + names, 0); + (void)ERR_pop_to_mark(); + + if (n == NULL) { + CMP_err2("bad syntax of %s '%s'", desc, names); + return 0; + } + if (!OSSL_CMP_CTX_push1_subjectAltName(ctx, n)) { + GENERAL_NAME_free(n); + CMP_err("out of memory"); + return 0; + } + GENERAL_NAME_free(n); + } + return 1; +} + +/* TODO potentially move to apps/lib/apps.c */ +/* + * create cert store structure with certificates read from given file(s) + * returns pointer to created X509_STORE on success, NULL on error + */ +static X509_STORE *load_certstore(char *input, const char *desc) +{ + X509_STORE *store = NULL; + STACK_OF(X509) *certs = NULL; + + if (input == NULL) + goto err; + + while (input != NULL) { + char *next = next_item(input); \ + + if (!load_certs_autofmt(input, &certs, 1, opt_otherpass, desc) + || !(store = sk_X509_to_store(store, certs))) { + /* CMP_err("out of memory"); */ + X509_STORE_free(store); + store = NULL; + goto err; + } + sk_X509_pop_free(certs, X509_free); + certs = NULL; + input = next; + } + err: + sk_X509_pop_free(certs, X509_free); + return store; +} + +/* TODO potentially move to apps/lib/apps.c */ +static STACK_OF(X509) *load_certs_multifile(char *files, + const char *pass, const char *desc) +{ + STACK_OF(X509) *certs = NULL; + STACK_OF(X509) *result = sk_X509_new_null(); + + if (files == NULL) + goto err; + if (result == NULL) + goto oom; + + while (files != NULL) { + char *next = next_item(files); + + if (!load_certs_autofmt(files, &certs, 0, pass, desc)) + goto err; + if (!sk_X509_add1_certs(result, certs, 0, 1 /* no dups */, 0)) + goto oom; + sk_X509_pop_free(certs, X509_free); + certs = NULL; + files = next; + } + return result; + + oom: + BIO_printf(bio_err, "out of memory\n"); + err: + sk_X509_pop_free(certs, X509_free); + sk_X509_pop_free(result, X509_free); + return NULL; +} + +typedef int (*add_X509_stack_fn_t)(void *ctx, const STACK_OF(X509) *certs); +typedef int (*add_X509_fn_t)(void *ctx, const X509 *cert); + +static int setup_certs(char *files, const char *desc, void *ctx, + add_X509_stack_fn_t addn_fn, add_X509_fn_t add1_fn) +{ + int ret = 1; + + if (files != NULL) { + STACK_OF(X509) *certs = load_certs_multifile(files, opt_otherpass, + desc); + if (certs == NULL) { + ret = 0; + } else { + if (addn_fn != NULL) { + ret = (*addn_fn)(ctx, certs); + } else { + int i; + + for (i = 0; i < sk_X509_num(certs /* may be NULL */); i++) + ret &= (*add1_fn)(ctx, sk_X509_value(certs, i)); + } + sk_X509_pop_free(certs, X509_free); + } + } + return ret; +} + + +/* + * parse and transform some options, checking their syntax. + * Returns 1 on success, 0 on error + */ +static int transform_opts(void) +{ + if (opt_cmd_s != NULL) { + if (!strcmp(opt_cmd_s, "ir")) { + opt_cmd = CMP_IR; + } else if (!strcmp(opt_cmd_s, "kur")) { + opt_cmd = CMP_KUR; + } else if (!strcmp(opt_cmd_s, "cr")) { + opt_cmd = CMP_CR; + } else if (!strcmp(opt_cmd_s, "p10cr")) { + opt_cmd = CMP_P10CR; + } else if (!strcmp(opt_cmd_s, "rr")) { + opt_cmd = CMP_RR; + } else if (!strcmp(opt_cmd_s, "genm")) { + opt_cmd = CMP_GENM; + } else { + CMP_err1("unknown cmp command '%s'", opt_cmd_s); + return 0; + } + } else { + CMP_err("no cmp command to execute"); + return 0; + } + +#ifdef OPENSSL_NO_ENGINE +# define FORMAT_OPTIONS (OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_ENGINE) +#else +# define FORMAT_OPTIONS (OPT_FMT_PEMDER | OPT_FMT_PKCS12) +#endif + + if (opt_keyform_s != NULL + && !opt_format(opt_keyform_s, FORMAT_OPTIONS, &opt_keyform)) { + CMP_err("unknown option given for key loading format"); + return 0; + } + +#undef FORMAT_OPTIONS + + if (opt_certform_s != NULL + && !opt_format(opt_certform_s, OPT_FMT_PEMDER, &opt_certform)) { + CMP_err("unknown option given for certificate storing format"); + return 0; + } + + if (opt_certsform_s != NULL + && !opt_format(opt_certsform_s, OPT_FMT_PEMDER | OPT_FMT_PKCS12, + &opt_certsform)) { + CMP_err("unknown option given for certificate list loading format"); + return 0; + } + + return 1; +} + +static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *e) +{ + OSSL_CMP_CTX *ctx; /* extra CMP (client) ctx partly used by server */ + OSSL_CMP_SRV_CTX *srv_ctx = ossl_cmp_mock_srv_new(); + + if (srv_ctx == NULL) + return NULL; + ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx); + + if (opt_srv_ref == NULL) { + if (opt_srv_cert == NULL) { + /* opt_srv_cert should determine the sender */ + CMP_err("must give -srv_ref for server if no -srv_cert given"); + goto err; + } + } else { + if (!OSSL_CMP_CTX_set1_referenceValue(ctx, (unsigned char *)opt_srv_ref, + strlen(opt_srv_ref))) + goto err; + } + + if (opt_srv_secret != NULL) { + int res; + char *pass_str = get_passwd(opt_srv_secret, "PBMAC secret of server"); + + if (pass_str != NULL) { + cleanse(opt_srv_secret); + res = OSSL_CMP_CTX_set1_secretValue(ctx, (unsigned char *)pass_str, + strlen(pass_str)); + clear_free(pass_str); + if (res == 0) + goto err; + } + } else if (opt_srv_cert == NULL) { + CMP_err("server credentials must be given if -use_mock_srv or -port is used"); + goto err; + } else { + CMP_warn("server will not be able to handle PBM-protected requests since -srv_secret is not given"); + } + + if (opt_srv_secret == NULL + && ((opt_srv_cert == NULL) != (opt_srv_key == NULL))) { + CMP_err("must give both -srv_cert and -srv_key options or neither"); + goto err; + } + if (opt_srv_cert != NULL) { + X509 *srv_cert = load_cert_pwd(opt_srv_cert, opt_srv_keypass, + "certificate of the server"); + + if (srv_cert == NULL || !OSSL_CMP_CTX_set1_cert(ctx, srv_cert)) { + X509_free(srv_cert); + goto err; + } + X509_free(srv_cert); + } + if (opt_srv_key != NULL) { + EVP_PKEY *pkey = load_key_pwd(opt_srv_key, opt_keyform, + opt_srv_keypass, + e, "private key for server cert"); + + if (pkey == NULL || !OSSL_CMP_CTX_set1_pkey(ctx, pkey)) { + EVP_PKEY_free(pkey); + goto err; + } + EVP_PKEY_free(pkey); + } + cleanse(opt_srv_keypass); + + if (opt_srv_trusted != NULL) { + X509_STORE *ts = + load_certstore(opt_srv_trusted, "certificates trusted by server"); + + if (ts == NULL) + goto err; + if (!set1_store_parameters(ts) + || !truststore_set_host_etc(ts, NULL) + || !OSSL_CMP_CTX_set0_trustedStore(ctx, ts)) { + X509_STORE_free(ts); + goto err; + } + } else { + CMP_warn("server will not be able to handle signature-protected requests since -srv_trusted is not given"); + } + if (!setup_certs(opt_srv_untrusted, "untrusted certificates", ctx, + (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted_certs, + NULL)) + goto err; + + if (opt_rsp_cert == NULL) { + CMP_err("must give -rsp_cert for mock server"); + goto err; + } else { + X509 *cert = load_cert_pwd(opt_rsp_cert, opt_keypass, + "cert to be returned by the mock server"); + + if (cert == NULL) + goto err; + /* from server perspective the server is the client */ + if (!ossl_cmp_mock_srv_set1_certOut(srv_ctx, cert)) { + X509_free(cert); + goto err; + } + X509_free(cert); + } + /* TODO find a cleaner solution not requiring type casts */ + if (!setup_certs(opt_rsp_extracerts, + "CMP extra certificates for mock server", srv_ctx, + (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_chainOut, + NULL)) + goto err; + if (!setup_certs(opt_rsp_capubs, "caPubs for mock server", srv_ctx, + (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_caPubsOut, + NULL)) + goto err; + (void)ossl_cmp_mock_srv_set_pollCount(srv_ctx, opt_poll_count); + (void)ossl_cmp_mock_srv_set_checkAfterTime(srv_ctx, opt_check_after); + if (opt_grant_implicitconf) + (void)OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(srv_ctx, 1); + + if (opt_failure != INT_MIN) { /* option has been set explicity */ + if (opt_failure < 0 || OSSL_CMP_PKIFAILUREINFO_MAX < opt_failure) { + CMP_err1("-failure out of range, should be >= 0 and <= %d", + OSSL_CMP_PKIFAILUREINFO_MAX); + goto err; + } + if (opt_failurebits != 0) + CMP_warn("-failurebits overrides -failure"); + else + opt_failurebits = 1 << opt_failure; + } + if ((unsigned)opt_failurebits > OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN) { + CMP_err("-failurebits out of range"); + goto err; + } + if (!ossl_cmp_mock_srv_set_statusInfo(srv_ctx, opt_pkistatus, + opt_failurebits, opt_statusstring)) + goto err; + + if (opt_send_error) + (void)ossl_cmp_mock_srv_set_send_error(srv_ctx, 1); + + if (opt_send_unprotected) + (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_SEND, 1); + if (opt_send_unprot_err) + (void)OSSL_CMP_SRV_CTX_set_send_unprotected_errors(srv_ctx, 1); + if (opt_accept_unprotected) + (void)OSSL_CMP_SRV_CTX_set_accept_unprotected(srv_ctx, 1); + if (opt_accept_unprot_err) + (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS, 1); + if (opt_accept_raverified) + (void)OSSL_CMP_SRV_CTX_set_accept_raverified(srv_ctx, 1); + + return srv_ctx; + + err: + ossl_cmp_mock_srv_free(srv_ctx); + return NULL; +} + +/* + * set up verification aspects of OSSL_CMP_CTX w.r.t. opts from config file/CLI. + * Returns pointer on success, NULL on error + */ +static int setup_verification_ctx(OSSL_CMP_CTX *ctx) +{ + if (!setup_certs(opt_untrusted, "untrusted certificates", ctx, + (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted_certs, + NULL)) + goto err; + + if (opt_srvcert != NULL || opt_trusted != NULL) { + X509_STORE *ts = NULL; + + if (opt_srvcert != NULL) { + X509 *srvcert; + + if (opt_trusted != NULL) { + CMP_warn("-trusted option is ignored since -srvcert option is present"); + opt_trusted = NULL; + } + if (opt_recipient != NULL) { + CMP_warn("-recipient option is ignored since -srvcert option is present"); + opt_recipient = NULL; + } + srvcert = load_cert_pwd(opt_srvcert, opt_otherpass, + "directly trusted CMP server certificate"); + if (srvcert == NULL) + /* + * opt_otherpass is needed in case + * opt_srvcert is an encrypted PKCS#12 file + */ + goto err; + if (!OSSL_CMP_CTX_set1_srvCert(ctx, srvcert)) { + X509_free(srvcert); + goto oom; + } + X509_free(srvcert); + if ((ts = X509_STORE_new()) == NULL) + goto oom; + } + if (opt_trusted != NULL + && (ts = load_certstore(opt_trusted, "trusted certificates")) + == NULL) + goto err; + if (!set1_store_parameters(ts) /* also copies vpm */ + /* + * clear any expected host/ip/email address; + * opt_expect_sender is used instead + */ + || !truststore_set_host_etc(ts, NULL) + || !OSSL_CMP_CTX_set0_trustedStore(ctx, ts)) { + X509_STORE_free(ts); + goto oom; + } + } + + if (opt_ignore_keyusage) + (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_IGNORE_KEYUSAGE, 1); + + if (opt_unprotected_errors) + (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS, 1); + + if (opt_out_trusted != NULL) { /* for use in OSSL_CMP_certConf_cb() */ + X509_VERIFY_PARAM *out_vpm = NULL; + X509_STORE *out_trusted = + load_certstore(opt_out_trusted, + "trusted certs for verifying newly enrolled cert"); + + if (out_trusted == NULL) + goto err; + /* any -verify_hostname, -verify_ip, and -verify_email apply here */ + if (!set1_store_parameters(out_trusted)) + goto oom; + /* ignore any -attime here, new certs are current anyway */ + out_vpm = X509_STORE_get0_param(out_trusted); + X509_VERIFY_PARAM_clear_flags(out_vpm, X509_V_FLAG_USE_CHECK_TIME); + + (void)OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted); + } + + if (opt_disable_confirm) + (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_DISABLE_CONFIRM, 1); + + if (opt_implicit_confirm) + (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM, 1); + + (void)OSSL_CMP_CTX_set_certConf_cb(ctx, OSSL_CMP_certConf_cb); + + return 1; + + oom: + CMP_err("out of memory"); + err: + return 0; +} + +#ifndef OPENSSL_NO_SOCK +/* + * set up ssl_ctx for the OSSL_CMP_CTX based on options from config file/CLI. + * Returns pointer on success, NULL on error + */ +static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, ENGINE *e) +{ + STACK_OF(X509) *untrusted_certs = OSSL_CMP_CTX_get0_untrusted_certs(ctx); + EVP_PKEY *pkey = NULL; + X509_STORE *trust_store = NULL; + SSL_CTX *ssl_ctx; + int i; + + ssl_ctx = SSL_CTX_new(TLS_client_method()); + if (ssl_ctx == NULL) + return NULL; + + SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY); + + if (opt_tls_trusted != NULL) { + if ((trust_store = load_certstore(opt_tls_trusted, + "trusted TLS certificates")) == NULL) + goto err; + SSL_CTX_set_cert_store(ssl_ctx, trust_store); + /* for improved diagnostics on SSL_CTX_build_cert_chain() errors: */ + X509_STORE_set_verify_cb(trust_store, X509_STORE_CTX_print_verify_cb); + } + + if (opt_tls_cert != NULL && opt_tls_key != NULL) { + X509 *cert; + STACK_OF(X509) *certs = NULL; + + if (!load_certs_autofmt(opt_tls_cert, &certs, 0, opt_tls_keypass, + "TLS client certificate (optionally with chain)")) + /* + * opt_tls_keypass is needed in case opt_tls_cert is an encrypted + * PKCS#12 file + */ + goto err; + + cert = sk_X509_delete(certs, 0); + if (cert == NULL || SSL_CTX_use_certificate(ssl_ctx, cert) <= 0) { + CMP_err1("unable to use client TLS certificate file '%s'", + opt_tls_cert); + X509_free(cert); + sk_X509_pop_free(certs, X509_free); + goto err; + } + X509_free(cert); /* we do not need the handle any more */ + + /* + * Any further certs and any untrusted certs are used for constructing + * the client cert chain to be provided along with the TLS client cert + * to the TLS server. + */ + if (!SSL_CTX_set0_chain(ssl_ctx, certs)) { + CMP_err("could not set TLS client cert chain"); + sk_X509_pop_free(certs, X509_free); + goto err; + } + for (i = 0; i < sk_X509_num(untrusted_certs); i++) { + cert = sk_X509_value(untrusted_certs, i); + if (!SSL_CTX_add1_chain_cert(ssl_ctx, cert)) { + CMP_err("could not add untrusted cert to TLS client cert chain"); + goto err; + } + } + if (!SSL_CTX_build_cert_chain(ssl_ctx, + SSL_BUILD_CHAIN_FLAG_UNTRUSTED | + SSL_BUILD_CHAIN_FLAG_NO_ROOT)) { + CMP_warn("could not build cert chain for own TLS cert"); + OSSL_CMP_CTX_print_errors(ctx); + } + + /* If present we append to the list also the certs from opt_tls_extra */ + if (opt_tls_extra != NULL) { + STACK_OF(X509) *tls_extra = load_certs_multifile(opt_tls_extra, + opt_otherpass, + "extra certificates for TLS"); + int res = 1; + + if (tls_extra == NULL) + goto err; + for (i = 0; i < sk_X509_num(tls_extra); i++) { + cert = sk_X509_value(tls_extra, i); + if (res != 0) + res = SSL_CTX_add_extra_chain_cert(ssl_ctx, cert); + if (res == 0) + X509_free(cert); + } + sk_X509_free(tls_extra); + if (res == 0) { + BIO_printf(bio_err, "error: unable to add TLS extra certs\n"); + goto err; + } + } + + pkey = load_key_pwd(opt_tls_key, opt_keyform, opt_tls_keypass, + e, "TLS client private key"); + cleanse(opt_tls_keypass); + if (pkey == NULL) + goto err; + /* + * verify the key matches the cert, + * not using SSL_CTX_check_private_key(ssl_ctx) + * because it gives poor and sometimes misleading diagnostics + */ + if (!X509_check_private_key(SSL_CTX_get0_certificate(ssl_ctx), + pkey)) { + CMP_err2("TLS private key '%s' does not match the TLS certificate '%s'\n", + opt_tls_key, opt_tls_cert); + EVP_PKEY_free(pkey); + pkey = NULL; /* otherwise, for some reason double free! */ + goto err; + } + if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) <= 0) { + CMP_err1("unable to use TLS client private key '%s'", opt_tls_key); + EVP_PKEY_free(pkey); + pkey = NULL; /* otherwise, for some reason double free! */ + goto err; + } + EVP_PKEY_free(pkey); /* we do not need the handle any more */ + } + if (opt_tls_trusted != NULL) { + /* enable and parameterize server hostname/IP address check */ + if (!truststore_set_host_etc(trust_store, + opt_tls_host != NULL ? + opt_tls_host : opt_server)) + /* TODO: is the server host name correct for TLS via proxy? */ + goto err; + SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); + } + return ssl_ctx; + err: + SSL_CTX_free(ssl_ctx); + return NULL; +} +#endif + +/* + * set up protection aspects of OSSL_CMP_CTX based on options from config + * file/CLI while parsing options and checking their consistency. + * Returns 1 on success, 0 on error + */ +static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *e) +{ + if (!opt_unprotected_requests && opt_secret == NULL && opt_cert == NULL) { + CMP_err("must give client credentials unless -unprotected_requests is set"); + goto err; + } + + if (opt_ref == NULL && opt_cert == NULL && opt_subject == NULL) { + /* cert or subject should determine the sender */ + CMP_err("must give -ref if no -cert and no -subject given"); + goto err; + } + if (!opt_secret && ((opt_cert == NULL) != (opt_key == NULL))) { + CMP_err("must give both -cert and -key options or neither"); + goto err; + } + if (opt_secret != NULL) { + char *pass_string = get_passwd(opt_secret, "PBMAC"); + int res; + + if (pass_string != NULL) { + cleanse(opt_secret); + res = OSSL_CMP_CTX_set1_secretValue(ctx, + (unsigned char *)pass_string, + strlen(pass_string)); + clear_free(pass_string); + if (res == 0) + goto err; + } + if (opt_cert != NULL || opt_key != NULL) + CMP_warn("no signature-based protection used since -secret is given"); + } + if (opt_ref != NULL + && !OSSL_CMP_CTX_set1_referenceValue(ctx, (unsigned char *)opt_ref, + strlen(opt_ref))) + goto err; + + if (opt_key != NULL) { + EVP_PKEY *pkey = load_key_pwd(opt_key, opt_keyform, opt_keypass, e, + "private key for CMP client certificate"); + + if (pkey == NULL || !OSSL_CMP_CTX_set1_pkey(ctx, pkey)) { + EVP_PKEY_free(pkey); + goto err; + } + EVP_PKEY_free(pkey); + } + if (opt_secret == NULL && opt_srvcert == NULL && opt_trusted == NULL) { + CMP_err("missing -secret or -srvcert or -trusted"); + goto err; + } + + if (opt_cert != NULL) { + X509 *cert; + STACK_OF(X509) *certs = NULL; + int ok; + + if (!load_certs_autofmt(opt_cert, &certs, 0, opt_keypass, + "CMP client certificate (and optionally extra certs)")) + /* opt_keypass is needed if opt_cert is an encrypted PKCS#12 file */ + goto err; + + cert = sk_X509_delete(certs, 0); + if (cert == NULL) { + CMP_err("no client certificate found"); + sk_X509_pop_free(certs, X509_free); + goto err; + } + ok = OSSL_CMP_CTX_set1_cert(ctx, cert); + X509_free(cert); + + if (ok) { + /* add any remaining certs to the list of untrusted certs */ + STACK_OF(X509) *untrusted = OSSL_CMP_CTX_get0_untrusted_certs(ctx); + ok = untrusted != NULL ? + sk_X509_add1_certs(untrusted, certs, 0, 1 /* no dups */, 0) : + OSSL_CMP_CTX_set1_untrusted_certs(ctx, certs); + } + sk_X509_pop_free(certs, X509_free); + if (!ok) + goto oom; + } + + if (!setup_certs(opt_extracerts, "extra certificates for CMP", ctx, + (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_extraCertsOut, + NULL)) + goto err; + cleanse(opt_otherpass); + + if (opt_unprotected_requests) + (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_SEND, 1); + + if (opt_digest != NULL) { + int digest = OBJ_ln2nid(opt_digest); + + if (digest == NID_undef) { + CMP_err1("digest algorithm name not recognized: '%s'", opt_digest); + goto err; + } + (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_DIGEST_ALGNID, digest); + (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_OWF_ALGNID, digest); + } + + if (opt_mac != NULL) { + int mac = OBJ_ln2nid(opt_mac); + if (mac == NID_undef) { + CMP_err1("MAC algorithm name not recognized: '%s'", opt_mac); + goto err; + } + (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_MAC_ALGNID, mac); + } + return 1; + + oom: + CMP_err("out of memory"); + err: + return 0; +} + +/* + * set up IR/CR/KUR/CertConf/RR specific parts of the OSSL_CMP_CTX + * based on options from config file/CLI. + * Returns pointer on success, NULL on error + */ +static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *e) +{ + if (opt_subject == NULL && opt_oldcert == NULL && opt_cert == NULL) + CMP_warn("no -subject given, neither -oldcert nor -cert available as default"); + if (!set_name(opt_subject, OSSL_CMP_CTX_set1_subjectName, ctx, "subject") + || !set_name(opt_issuer, OSSL_CMP_CTX_set1_issuer, ctx, "issuer")) + goto err; + + if (opt_newkey != NULL) { + const char *file = opt_newkey; + const int format = opt_keyform; + const char *pass = opt_newkeypass; + const char *desc = "new private or public key for cert to be enrolled"; + EVP_PKEY *pkey = load_key_pwd(file, format, pass, e, NULL); + int priv = 1; + + if (pkey == NULL) { + ERR_clear_error(); + pkey = load_pubkey(file, format, 0, pass, e, desc); + priv = 0; + } + cleanse(opt_newkeypass); + if (pkey == NULL || !OSSL_CMP_CTX_set0_newPkey(ctx, priv, pkey)) { + EVP_PKEY_free(pkey); + goto err; + } + } + + if (opt_days > 0) + (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_VALIDITY_DAYS, + opt_days); + + if (opt_policies != NULL && opt_policy_oids != NULL) { + CMP_err("cannot have policies both via -policies and via -policy_oids"); + goto err; + } + + if (opt_reqexts != NULL || opt_policies != NULL) { + X509V3_CTX ext_ctx; + X509_EXTENSIONS *exts = sk_X509_EXTENSION_new_null(); + + if (exts == NULL) + goto err; + X509V3_set_ctx(&ext_ctx, NULL, NULL, NULL, NULL, 0); + X509V3_set_nconf(&ext_ctx, conf); + if (opt_reqexts != NULL + && !X509V3_EXT_add_nconf_sk(conf, &ext_ctx, opt_reqexts, &exts)) { + CMP_err1("cannot load certificate request extension section '%s'", + opt_reqexts); + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); + goto err; + } + if (opt_policies != NULL + && !X509V3_EXT_add_nconf_sk(conf, &ext_ctx, opt_policies, &exts)) { + CMP_err1("cannot load policy cert request extension section '%s'", + opt_policies); + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); + goto err; + } + OSSL_CMP_CTX_set0_reqExtensions(ctx, exts); + } + if (OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) && opt_sans != NULL) { + CMP_err("cannot have Subject Alternative Names both via -reqexts and via -sans"); + goto err; + } + + if (!set_gennames(ctx, opt_sans, "Subject Alternative Name")) + goto err; + + if (opt_san_nodefault) { + if (opt_sans != NULL) + CMP_warn("-opt_san_nodefault has no effect when -sans is used"); + (void)OSSL_CMP_CTX_set_option(ctx, + OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT, 1); + } + + if (opt_policy_oids_critical) { + if (opt_policy_oids == NULL) + CMP_warn("-opt_policy_oids_critical has no effect unless -policy_oids is given"); + (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_POLICIES_CRITICAL, 1); + } + + while (opt_policy_oids != NULL) { + ASN1_OBJECT *policy; + POLICYINFO *pinfo; + char *next = next_item(opt_policy_oids); + + if ((policy = OBJ_txt2obj(opt_policy_oids, 1)) == 0) { + CMP_err1("unknown policy OID '%s'", opt_policy_oids); + goto err; + } + + if ((pinfo = POLICYINFO_new()) == NULL) { + ASN1_OBJECT_free(policy); + goto err; + } + pinfo->policyid = policy; + + if (!OSSL_CMP_CTX_push0_policy(ctx, pinfo)) { + CMP_err1("cannot add policy with OID '%s'", opt_policy_oids); + POLICYINFO_free(pinfo); + goto err; + } + opt_policy_oids = next; + } + + if (opt_popo >= OSSL_CRMF_POPO_NONE) + (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_POPO_METHOD, opt_popo); + + if (opt_csr != NULL) { + if (opt_cmd != CMP_P10CR) { + CMP_warn("-csr option is ignored for command other than p10cr"); + } else { + X509_REQ *csr = + load_csr_autofmt(opt_csr, "PKCS#10 CSR for p10cr"); + + if (csr == NULL) + goto err; + if (!OSSL_CMP_CTX_set1_p10CSR(ctx, csr)) { + X509_REQ_free(csr); + goto oom; + } + X509_REQ_free(csr); + } + } + + if (opt_oldcert != NULL) { + X509 *oldcert = load_cert_pwd(opt_oldcert, opt_keypass, + "certificate to be updated/revoked"); + /* opt_keypass is needed if opt_oldcert is an encrypted PKCS#12 file */ + + if (oldcert == NULL) + goto err; + if (!OSSL_CMP_CTX_set1_oldCert(ctx, oldcert)) { + X509_free(oldcert); + goto oom; + } + X509_free(oldcert); + } + cleanse(opt_keypass); + if (opt_revreason > CRL_REASON_NONE) + (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_REVOCATION_REASON, + opt_revreason); + + return 1; + + oom: + CMP_err("out of memory"); + err: + return 0; +} + +static int handle_opt_geninfo(OSSL_CMP_CTX *ctx) +{ + long value; + ASN1_OBJECT *type; + ASN1_INTEGER *aint; + ASN1_TYPE *val; + OSSL_CMP_ITAV *itav; + char *endstr; + char *valptr = strchr(opt_geninfo, ':'); + + if (valptr == NULL) { + CMP_err("missing ':' in -geninfo option"); + return 0; + } + valptr[0] = '\0'; + valptr++; + + if (strncasecmp(valptr, "int:", 4) != 0) { + CMP_err("missing 'int:' in -geninfo option"); + return 0; + } + valptr += 4; + + value = strtol(valptr, &endstr, 10); + if (endstr == valptr || *endstr != '\0') { + CMP_err("cannot parse int in -geninfo option"); + return 0; + } + + type = OBJ_txt2obj(opt_geninfo, 1); + if (type == NULL) { + CMP_err("cannot parse OID in -geninfo option"); + return 0; + } + + aint = ASN1_INTEGER_new(); + if (aint == NULL || !ASN1_INTEGER_set(aint, value)) + goto oom; + + val = ASN1_TYPE_new(); + if (val == NULL) { + ASN1_INTEGER_free(aint); + goto oom; + } + ASN1_TYPE_set(val, V_ASN1_INTEGER, aint); + itav = OSSL_CMP_ITAV_create(type, val); + if (itav == NULL) { + ASN1_TYPE_free(val); + goto oom; + } + + if (!OSSL_CMP_CTX_push0_geninfo_ITAV(ctx, itav)) { + OSSL_CMP_ITAV_free(itav); + return 0; + } + return 1; + + oom: + CMP_err("out of memory"); + return 0; +} + + +/* + * set up the client-side OSSL_CMP_CTX based on options from config file/CLI + * while parsing options and checking their consistency. + * Prints reason for error to bio_err. + * Returns 1 on success, 0 on error + */ +static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *e) +{ + int ret = 0; + char server_buf[200] = { '\0' }; + char proxy_buf[200] = { '\0' }; + char *proxy_host = NULL; + char *proxy_port_str = NULL; + + if (opt_server == NULL) { + CMP_err("missing server address[:port]"); + goto err; + } else if ((server_port = + parse_addr(&opt_server, server_port, "server")) < 0) { + goto err; + } + if (server_port != 0) + BIO_snprintf(server_port_s, sizeof(server_port_s), "%d", server_port); + if (!OSSL_CMP_CTX_set1_server(ctx, opt_server) + || !OSSL_CMP_CTX_set_serverPort(ctx, server_port) + || !OSSL_CMP_CTX_set1_serverPath(ctx, opt_path)) + goto oom; + if (opt_proxy != NULL && !OSSL_CMP_CTX_set1_proxy(ctx, opt_proxy)) + goto oom; + (void)BIO_snprintf(server_buf, sizeof(server_buf), "http%s://%s%s%s/%s", + opt_tls_used ? "s" : "", opt_server, + server_port == 0 ? "" : ":", server_port_s, + opt_path[0] == '/' ? opt_path + 1 : opt_path); + + if (opt_proxy != NULL) + (void)BIO_snprintf(proxy_buf, sizeof(proxy_buf), " via %s", opt_proxy); + CMP_info2("will contact %s%s", server_buf, proxy_buf); + + if (!transform_opts()) + goto err; + + if (opt_cmd == CMP_IR || opt_cmd == CMP_CR || opt_cmd == CMP_KUR) { + if (opt_newkey == NULL && opt_key == NULL && opt_csr == NULL) { + CMP_err("missing -newkey (or -key) to be certified"); + goto err; + } + if (opt_certout == NULL) { + CMP_err("-certout not given, nowhere to save certificate"); + goto err; + } + } + if (opt_cmd == CMP_KUR) { + char *ref_cert = opt_oldcert != NULL ? opt_oldcert : opt_cert; + + if (ref_cert == NULL) { + CMP_err("missing -oldcert option for certificate to be updated"); + goto err; + } + if (opt_subject != NULL) + CMP_warn2("-subject '%s' given, which overrides the subject of '%s' in KUR", + opt_subject, ref_cert); + } + if (opt_cmd == CMP_RR && opt_oldcert == NULL) { + CMP_err("missing certificate to be revoked"); + goto err; + } + if (opt_cmd == CMP_P10CR && opt_csr == NULL) { + CMP_err("missing PKCS#10 CSR for p10cr"); + goto err; + } + + if (opt_recipient == NULL && opt_srvcert == NULL && opt_issuer == NULL + && opt_oldcert == NULL && opt_cert == NULL) + CMP_warn("missing -recipient, -srvcert, -issuer, -oldcert or -cert; recipient will be set to \"NULL-DN\""); + + if (opt_infotype_s != NULL) { + char id_buf[100] = "id-it-"; + + strncat(id_buf, opt_infotype_s, sizeof(id_buf) - strlen(id_buf) - 1); + if ((opt_infotype = OBJ_sn2nid(id_buf)) == NID_undef) { + CMP_err("unknown OID name in -infotype option"); + goto err; + } + } + + if (!setup_verification_ctx(ctx)) + goto err; + + if (opt_msg_timeout >= 0) /* must do this before setup_ssl_ctx() */ + (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_MSG_TIMEOUT, + opt_msg_timeout); + if (opt_total_timeout >= 0) + (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_TOTAL_TIMEOUT, + opt_total_timeout); + + if (opt_reqin != NULL && opt_rspin != NULL) + CMP_warn("-reqin is ignored since -rspin is present"); + if (opt_reqin_new_tid && opt_reqin == NULL) + CMP_warn("-reqin_new_tid is ignored since -reqin is not present"); + if (opt_reqin != NULL || opt_reqout != NULL + || opt_rspin != NULL || opt_rspout != NULL || opt_use_mock_srv) + (void)OSSL_CMP_CTX_set_transfer_cb(ctx, read_write_req_resp); + + if ((opt_tls_cert != NULL || opt_tls_key != NULL + || opt_tls_keypass != NULL || opt_tls_extra != NULL + || opt_tls_trusted != NULL || opt_tls_host != NULL) + && !opt_tls_used) + CMP_warn("TLS options(s) given but not -tls_used"); + if (opt_tls_used) { +#ifdef OPENSSL_NO_SOCK + BIO_printf(bio_err, "Cannot use TLS - sockets not supported\n"); + goto err; +#else + APP_HTTP_TLS_INFO *info; + + if (opt_tls_cert != NULL + || opt_tls_key != NULL || opt_tls_keypass != NULL) { + if (opt_tls_key == NULL) { + CMP_err("missing -tls_key option"); + goto err; + } else if (opt_tls_cert == NULL) { + CMP_err("missing -tls_cert option"); + goto err; + } + } + if (opt_use_mock_srv) { + CMP_err("cannot use TLS options together with -use_mock_srv"); + goto err; + } + if ((info = OPENSSL_zalloc(sizeof(*info))) == NULL) + goto err; + (void)OSSL_CMP_CTX_set_http_cb_arg(ctx, info); + /* info will be freed along with CMP ctx */ + info->server = opt_server; + info->port = server_port_s; + info->use_proxy = opt_proxy != NULL; + info->timeout = OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_MSG_TIMEOUT); + info->ssl_ctx = setup_ssl_ctx(ctx, e); + if (info->ssl_ctx == NULL) + goto err; + (void)OSSL_CMP_CTX_set_http_cb(ctx, app_http_tls_cb); +#endif + } + + if (!setup_protection_ctx(ctx, e)) + goto err; + + if (!setup_request_ctx(ctx, e)) + goto err; + + if (!set_name(opt_recipient, OSSL_CMP_CTX_set1_recipient, ctx, "recipient") + || !set_name(opt_expect_sender, OSSL_CMP_CTX_set1_expected_sender, + ctx, "expected sender")) + goto oom; + + if (opt_geninfo != NULL && !handle_opt_geninfo(ctx)) + goto err; + + ret = 1; + + err: + OPENSSL_free(proxy_host); + OPENSSL_free(proxy_port_str); + return ret; + oom: + CMP_err("out of memory"); + goto err; +} + +/* + * write out the given certificate to the output specified by bio. + * Depending on options use either PEM or DER format. + * Returns 1 on success, 0 on error + */ +static int write_cert(BIO *bio, X509 *cert) +{ + if ((opt_certform == FORMAT_PEM && PEM_write_bio_X509(bio, cert)) + || (opt_certform == FORMAT_ASN1 && i2d_X509_bio(bio, cert))) + return 1; + if (opt_certform != FORMAT_PEM && opt_certform != FORMAT_ASN1) + BIO_printf(bio_err, + "error: unsupported type '%s' for writing certificates\n", + opt_certform_s); + return 0; +} + +/* + * writes out a stack of certs to the given file. + * Depending on options use either PEM or DER format, + * where DER does not make much sense for writing more than one cert! + * Returns number of written certificates on success, 0 on error. + */ +static int save_certs(OSSL_CMP_CTX *ctx, + STACK_OF(X509) *certs, char *destFile, char *desc) +{ + BIO *bio = NULL; + int i; + int n = sk_X509_num(certs); + + CMP_info3("received %d %s certificate(s), saving to file '%s'", + n, desc, destFile); + if (n > 1 && opt_certform != FORMAT_PEM) + CMP_warn("saving more than one certificate in non-PEM format"); + + if (destFile == NULL || (bio = BIO_new(BIO_s_file())) == NULL + || !BIO_write_filename(bio, (char *)destFile)) { + CMP_err1("could not open file '%s' for writing", destFile); + n = -1; + goto err; + } + + for (i = 0; i < n; i++) { + if (!write_cert(bio, sk_X509_value(certs, i))) { + CMP_err1("cannot write certificate to file '%s'", destFile); + n = -1; + goto err; + } + } + + err: + BIO_free(bio); + return n; +} + +static void print_itavs(STACK_OF(OSSL_CMP_ITAV) *itavs) +{ + OSSL_CMP_ITAV *itav = NULL; + char buf[128]; + int i; + int n = sk_OSSL_CMP_ITAV_num(itavs); /* itavs == NULL leads to 0 */ + + if (n == 0) { + CMP_info("genp contains no ITAV"); + return; + } + + for (i = 0; i < n; i++) { + itav = sk_OSSL_CMP_ITAV_value(itavs, i); + OBJ_obj2txt(buf, 128, OSSL_CMP_ITAV_get0_type(itav), 0); + CMP_info1("genp contains ITAV of type: %s", buf); + } +} + +static char opt_item[SECTION_NAME_MAX + 1]; +/* get previous name from a comma-separated list of names */ +static const char *prev_item(const char *opt, const char *end) +{ + const char *beg; + size_t len; + + if (end == opt) + return NULL; + beg = end; + while (beg != opt && beg[-1] != ',' && !isspace(beg[-1])) + beg--; + len = end - beg; + if (len > SECTION_NAME_MAX) + len = SECTION_NAME_MAX; + strncpy(opt_item, beg, len); + opt_item[SECTION_NAME_MAX] = '\0'; /* avoid gcc v8 O3 stringop-truncation */ + opt_item[len] = '\0'; + if (len > SECTION_NAME_MAX) + CMP_warn2("using only first %d characters of section name starting with \"%s\"", + SECTION_NAME_MAX, opt_item); + while (beg != opt && (beg[-1] == ',' || isspace(beg[-1]))) + beg--; + return beg; +} + +/* get str value for name from a comma-separated hierarchy of config sections */ +static char *conf_get_string(const CONF *src_conf, const char *groups, + const char *name) +{ + char *res = NULL; + const char *end = groups + strlen(groups); + + while ((end = prev_item(groups, end)) != NULL) { + if ((res = NCONF_get_string(src_conf, opt_item, name)) != NULL) + return res; + } + return res; +} + +/* get long val for name from a comma-separated hierarchy of config sections */ +static int conf_get_number_e(const CONF *conf_, const char *groups, + const char *name, long *result) +{ + char *str = conf_get_string(conf_, groups, name); + char *tailptr; + long res; + + if (str == NULL || *str == '\0') + return 0; + + res = strtol(str, &tailptr, 10); + if (res == LONG_MIN || res == LONG_MAX || *tailptr != '\0') + return 0; + + *result = res; + return 1; +} + +/* + * use the command line option table to read values from the CMP section + * of openssl.cnf. Defaults are taken from the config file, they can be + * overwritten on the command line. + */ +static int read_config(void) +{ + unsigned int i; + long num = 0; + char *txt = NULL; + const OPTIONS *opt; + int provider_option; + int verification_option; + + /* + * starting with offset OPT_SECTION because OPT_CONFIG and OPT_SECTION would + * not make sense within the config file. They have already been handled. + */ + for (i = OPT_SECTION - OPT_HELP, opt = &cmp_options[OPT_SECTION]; + opt->name; i++, opt++) { + if (!strcmp(opt->name, OPT_SECTION_STR) + || !strcmp(opt->name, OPT_MORE_STR)) { + i--; + continue; + } + provider_option = (OPT_PROV__FIRST <= opt->retval + && opt->retval < OPT_PROV__LAST); + verification_option = (OPT_V__FIRST <= opt->retval + && opt->retval < OPT_V__LAST); + if (provider_option || verification_option) + i--; + if (cmp_vars[i].txt == NULL) { + CMP_err1("internal: cmp_vars array too short, i=%d", i); + return 0; + } + switch (opt->valtype) { + case '-': + case 'n': + case 'l': + if (!conf_get_number_e(conf, opt_section, opt->name, &num)) { + ERR_clear_error(); + continue; /* option not provided */ + } + break; + /* + * do not use '<' in cmp_options. Incorrect treatment + * somewhere in args_verify() can wrongly set badarg = 1 + */ + case '<': + case 's': + case 'M': + txt = conf_get_string(conf, opt_section, opt->name); + if (txt == NULL) { + ERR_clear_error(); + continue; /* option not provided */ + } + break; + default: + CMP_err2("internal: unsupported type '%c' for option '%s'", + opt->valtype, opt->name); + return 0; + break; + } + if (provider_option || verification_option) { + int conf_argc = 1; + char *conf_argv[3]; + char arg1[82]; + + BIO_snprintf(arg1, 81, "-%s", (char *)opt->name); + conf_argv[0] = prog; + conf_argv[1] = arg1; + if (opt->valtype == '-') { + if (num != 0) + conf_argc = 2; + } else { + conf_argc = 3; + conf_argv[2] = conf_get_string(conf, opt_section, opt->name); + /* not NULL */ + } + if (conf_argc > 1) { + (void)opt_init(conf_argc, conf_argv, cmp_options); + + if (provider_option + ? !opt_provider(opt_next()) + : !opt_verify(opt_next(), vpm)) { + CMP_err2("for option '%s' in config file section '%s'", + opt->name, opt_section); + return 0; + } + } + } else { + switch (opt->valtype) { + case '-': + case 'n': + if (num < INT_MIN || INT_MAX < num) { + BIO_printf(bio_err, + "integer value out of range for option '%s'\n", + opt->name); + return 0; + } + *cmp_vars[i].num = (int)num; + break; + case 'l': + *cmp_vars[i].num_long = num; + break; + default: + if (txt != NULL && txt[0] == '\0') + txt = NULL; /* reset option on empty string input */ + *cmp_vars[i].txt = txt; + break; + } + } + } + + return 1; +} + +static char *opt_str(char *opt) +{ + char *arg = opt_arg(); + + if (arg[0] == '\0') { + CMP_warn1("argument of -%s option is empty string, resetting option", + opt); + arg = NULL; + } else if (arg[0] == '-') { + CMP_warn1("argument of -%s option starts with hyphen", opt); + } + return arg; +} + +static int opt_nat(void) +{ + int result = -1; + + if (opt_int(opt_arg(), &result) && result < 0) + BIO_printf(bio_err, "error: argument '%s' must not be negative\n", + opt_arg()); + return result; +} + +/* returns 1 on success, 0 on error, -1 on -help (i.e., stop with success) */ +static int get_opts(int argc, char **argv) +{ + OPTION_CHOICE o; + + prog = opt_init(argc, argv, cmp_options); + + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_EOF: + case OPT_ERR: + goto opt_err; + case OPT_HELP: + opt_help(cmp_options); + return -1; + case OPT_CONFIG: /* has already been handled */ + break; + case OPT_SECTION: /* has already been handled */ + break; + case OPT_SERVER: + opt_server = opt_str("server"); + break; + case OPT_PROXY: + opt_proxy = opt_str("proxy"); + break; + case OPT_NO_PROXY: + opt_no_proxy = opt_str("no_proxy"); + break; + case OPT_PATH: + opt_path = opt_str("path"); + break; + case OPT_MSG_TIMEOUT: + if ((opt_msg_timeout = opt_nat()) < 0) + goto opt_err; + break; + case OPT_TOTAL_TIMEOUT: + if ((opt_total_timeout = opt_nat()) < 0) + goto opt_err; + break; + case OPT_TLS_USED: + opt_tls_used = 1; + break; + case OPT_TLS_CERT: + opt_tls_cert = opt_str("tls_cert"); + break; + case OPT_TLS_KEY: + opt_tls_key = opt_str("tls_key"); + break; + case OPT_TLS_KEYPASS: + opt_tls_keypass = opt_str("tls_keypass"); + break; + case OPT_TLS_EXTRA: + opt_tls_extra = opt_str("tls_extra"); + break; + case OPT_TLS_TRUSTED: + opt_tls_trusted = opt_str("tls_trusted"); + break; + case OPT_TLS_HOST: + opt_tls_host = opt_str("tls_host"); + break; + case OPT_REF: + opt_ref = opt_str("ref"); + break; + case OPT_SECRET: + opt_secret = opt_str("secret"); + break; + case OPT_CERT: + opt_cert = opt_str("cert"); + break; + case OPT_KEY: + opt_key = opt_str("key"); + break; + case OPT_KEYPASS: + opt_keypass = opt_str("keypass"); + break; + case OPT_DIGEST: + opt_digest = opt_str("digest"); + break; + case OPT_MAC: + opt_mac = opt_str("mac"); + break; + case OPT_EXTRACERTS: + opt_extracerts = opt_str("extracerts"); + break; + case OPT_UNPROTECTED_REQUESTS: + opt_unprotected_requests = 1; + break; + + case OPT_TRUSTED: + opt_trusted = opt_str("trusted"); + break; + case OPT_UNTRUSTED: + opt_untrusted = opt_str("untrusted"); + break; + case OPT_SRVCERT: + opt_srvcert = opt_str("srvcert"); + break; + case OPT_RECIPIENT: + opt_recipient = opt_str("recipient"); + break; + case OPT_EXPECT_SENDER: + opt_expect_sender = opt_str("expect_sender"); + break; + case OPT_IGNORE_KEYUSAGE: + opt_ignore_keyusage = 1; + break; + case OPT_UNPROTECTED_ERRORS: + opt_unprotected_errors = 1; + break; + case OPT_EXTRACERTSOUT: + opt_extracertsout = opt_str("extracertsout"); + break; + case OPT_CACERTSOUT: + opt_cacertsout = opt_str("cacertsout"); + break; + + case OPT_V_CASES: + if (!opt_verify(o, vpm)) + goto opt_err; + break; + case OPT_CMD: + opt_cmd_s = opt_str("cmd"); + break; + case OPT_INFOTYPE: + opt_infotype_s = opt_str("infotype"); + break; + case OPT_GENINFO: + opt_geninfo = opt_str("geninfo"); + break; + + case OPT_NEWKEY: + opt_newkey = opt_str("newkey"); + break; + case OPT_NEWKEYPASS: + opt_newkeypass = opt_str("newkeypass"); + break; + case OPT_SUBJECT: + opt_subject = opt_str("subject"); + break; + case OPT_ISSUER: + opt_issuer = opt_str("issuer"); + break; + case OPT_DAYS: + if ((opt_days = opt_nat()) < 0) + goto opt_err; + break; + case OPT_REQEXTS: + opt_reqexts = opt_str("reqexts"); + break; + case OPT_SANS: + opt_sans = opt_str("sans"); + break; + case OPT_SAN_NODEFAULT: + opt_san_nodefault = 1; + break; + case OPT_POLICIES: + opt_policies = opt_str("policies"); + break; + case OPT_POLICY_OIDS: + opt_policy_oids = opt_str("policy_oids"); + break; + case OPT_POLICY_OIDS_CRITICAL: + opt_policy_oids_critical = 1; + break; + case OPT_POPO: + if (!opt_int(opt_arg(), &opt_popo) + || opt_popo < OSSL_CRMF_POPO_NONE + || opt_popo > OSSL_CRMF_POPO_KEYENC) { + CMP_err("invalid popo spec. Valid values are -1 .. 2"); + goto opt_err; + } + break; + case OPT_CSR: + opt_csr = opt_arg(); + break; + case OPT_OUT_TRUSTED: + opt_out_trusted = opt_str("out_trusted"); + break; + case OPT_IMPLICIT_CONFIRM: + opt_implicit_confirm = 1; + break; + case OPT_DISABLE_CONFIRM: + opt_disable_confirm = 1; + break; + case OPT_CERTOUT: + opt_certout = opt_str("certout"); + break; + case OPT_OLDCERT: + opt_oldcert = opt_str("oldcert"); + break; + case OPT_REVREASON: + if (!opt_int(opt_arg(), &opt_revreason) + || opt_revreason < CRL_REASON_NONE + || opt_revreason > CRL_REASON_AA_COMPROMISE + || opt_revreason == 7) { + CMP_err("invalid revreason. Valid values are -1 .. 6, 8 .. 10"); + goto opt_err; + } + break; + case OPT_CERTFORM: + opt_certform_s = opt_str("certform"); + break; + case OPT_KEYFORM: + opt_keyform_s = opt_str("keyform"); + break; + case OPT_CERTSFORM: + opt_certsform_s = opt_str("certsform"); + break; + case OPT_OTHERPASS: + opt_otherpass = opt_str("otherpass"); + break; +#ifndef OPENSSL_NO_ENGINE + case OPT_ENGINE: + opt_engine = opt_str("engine"); + break; +#endif + case OPT_PROV_CASES: + if (!opt_provider(o)) + goto opt_err; + break; + + case OPT_BATCH: + opt_batch = 1; + break; + case OPT_REPEAT: + opt_repeat = opt_nat(); + break; + case OPT_REQIN: + opt_reqin = opt_str("reqin"); + break; + case OPT_REQIN_NEW_TID: + opt_reqin_new_tid = 1; + break; + case OPT_REQOUT: + opt_reqout = opt_str("reqout"); + break; + case OPT_RSPIN: + opt_rspin = opt_str("rspin"); + break; + case OPT_RSPOUT: + opt_rspout = opt_str("rspout"); + break; + case OPT_USE_MOCK_SRV: + opt_use_mock_srv = 1; + break; + case OPT_PORT: + opt_port = opt_str("port"); + break; + case OPT_MAX_MSGS: + if ((opt_max_msgs = opt_nat()) < 0) + goto opt_err; + break; + case OPT_SRV_REF: + opt_srv_ref = opt_str("srv_ref"); + break; + case OPT_SRV_SECRET: + opt_srv_secret = opt_str("srv_secret"); + break; + case OPT_SRV_CERT: + opt_srv_cert = opt_str("srv_cert"); + break; + case OPT_SRV_KEY: + opt_srv_key = opt_str("srv_key"); + break; + case OPT_SRV_KEYPASS: + opt_srv_keypass = opt_str("srv_keypass"); + break; + case OPT_SRV_TRUSTED: + opt_srv_trusted = opt_str("srv_trusted"); + break; + case OPT_SRV_UNTRUSTED: + opt_srv_untrusted = opt_str("srv_untrusted"); + break; + case OPT_RSP_CERT: + opt_rsp_cert = opt_str("rsp_cert"); + break; + case OPT_RSP_EXTRACERTS: + opt_rsp_extracerts = opt_str("rsp_extracerts"); + break; + case OPT_RSP_CAPUBS: + opt_rsp_capubs = opt_str("rsp_capubs"); + break; + case OPT_POLL_COUNT: + opt_poll_count = opt_nat(); + break; + case OPT_CHECK_AFTER: + opt_check_after = opt_nat(); + break; + case OPT_GRANT_IMPLICITCONF: + opt_grant_implicitconf = 1; + break; + case OPT_PKISTATUS: + opt_pkistatus = opt_nat(); + break; + case OPT_FAILURE: + opt_failure = opt_nat(); + break; + case OPT_FAILUREBITS: + opt_failurebits = opt_nat(); + break; + case OPT_STATUSSTRING: + opt_statusstring = opt_str("statusstring"); + break; + case OPT_SEND_ERROR: + opt_send_error = 1; + break; + case OPT_SEND_UNPROTECTED: + opt_send_unprotected = 1; + break; + case OPT_SEND_UNPROT_ERR: + opt_send_unprot_err = 1; + break; + case OPT_ACCEPT_UNPROTECTED: + opt_accept_unprotected = 1; + break; + case OPT_ACCEPT_UNPROT_ERR: + opt_accept_unprot_err = 1; + break; + case OPT_ACCEPT_RAVERIFIED: + opt_accept_raverified = 1; + break; + } + } + argc = opt_num_rest(); + argv = opt_rest(); + if (argc != 0) { + CMP_err1("unknown parameter %s", argv[0]); + goto opt_err; + } + return 1; + + opt_err: + CMP_err1("use -help for summary of '%s' options", prog); + return 0; +} + +int cmp_main(int argc, char **argv) +{ + char *configfile = NULL; + int i; + X509 *newcert = NULL; + ENGINE *e = NULL; + char mock_server[] = "mock server:1"; + int ret = 0; /* default: failure */ + + if (argc <= 1) { + opt_help(cmp_options); + goto err; + } + + /* + * handle OPT_CONFIG and OPT_SECTION upfront to take effect for other opts + */ + for (i = 1; i < argc - 1; i++) { + if (*argv[i] == '-') { + if (!strcmp(argv[i] + 1, cmp_options[OPT_CONFIG - OPT_HELP].name)) + opt_config = argv[i + 1]; + else if (!strcmp(argv[i] + 1, + cmp_options[OPT_SECTION - OPT_HELP].name)) + opt_section = argv[i + 1]; + } + } + if (opt_section[0] == '\0') /* empty string */ + opt_section = DEFAULT_SECTION; + + vpm = X509_VERIFY_PARAM_new(); + if (vpm == NULL) { + CMP_err("out of memory"); + goto err; + } + + /* read default values for options from config file */ + configfile = opt_config != NULL ? opt_config : default_config_file; + if (configfile && configfile[0] != '\0' /* non-empty string */ + && (configfile != default_config_file + || access(configfile, F_OK) != -1)) { + CMP_info1("using OpenSSL configuration file '%s'", configfile); + conf = app_load_config(configfile); + if (conf == NULL) { + goto err; + } else { + if (strcmp(opt_section, CMP_SECTION) == 0) { /* default */ + if (!NCONF_get_section(conf, opt_section)) + CMP_info2("no [%s] section found in config file '%s';" + " will thus use just [default] and unnamed section if present", + opt_section, configfile); + } else { + const char *end = opt_section + strlen(opt_section); + while ((end = prev_item(opt_section, end)) != NULL) { + if (!NCONF_get_section(conf, opt_item)) { + CMP_err2("no [%s] section found in config file '%s'", + opt_item, configfile); + goto err; + } + } + } + if (!read_config()) + goto err; + } + } + (void)BIO_flush(bio_err); /* prevent interference with opt_help() */ + + ret = get_opts(argc, argv); + if (ret <= 0) + goto err; + ret = 0; + + if (opt_batch) { +#ifndef OPENSSL_NO_ENGINE + UI_METHOD *ui_fallback_method; +# ifndef OPENSSL_NO_UI_CONSOLE + ui_fallback_method = UI_OpenSSL(); +# else + ui_fallback_method = (UI_METHOD *)UI_null(); +# endif + UI_method_set_reader(ui_fallback_method, NULL); +#endif + } + + if (opt_engine != NULL) + e = setup_engine_flags(opt_engine, 0 /* not: ENGINE_METHOD_ALL */, 0); + + if (opt_port != NULL) { + if (opt_use_mock_srv) { + CMP_err("cannot use both -port and -use_mock_srv options"); + goto err; + } + if (opt_server != NULL) { + CMP_err("cannot use both -port and -server options"); + goto err; + } + } + + if ((cmp_ctx = OSSL_CMP_CTX_new()) == NULL) { + CMP_err("out of memory"); + goto err; + } + if (!OSSL_CMP_CTX_set_log_cb(cmp_ctx, print_to_bio_out)) { + CMP_err1("cannot set up error reporting and logging for %s", prog); + goto err; + } + if ((opt_use_mock_srv || opt_port != NULL)) { + OSSL_CMP_SRV_CTX *srv_ctx; + + if ((srv_ctx = setup_srv_ctx(e)) == NULL) + goto err; + OSSL_CMP_CTX_set_transfer_cb_arg(cmp_ctx, srv_ctx); + if (!OSSL_CMP_CTX_set_log_cb(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx), + print_to_bio_out)) { + CMP_err1("cannot set up error reporting and logging for %s", prog); + goto err; + } + } + + + if (opt_port != NULL) { /* act as very basic CMP HTTP server */ +#ifdef OPENSSL_NO_SOCK + BIO_printf(bio_err, "Cannot act as server - sockets not supported\n"); +#else + BIO *acbio; + BIO *cbio = NULL; + int msgs = 0; + + if ((acbio = http_server_init_bio(prog, opt_port)) == NULL) + goto err; + while (opt_max_msgs <= 0 || msgs < opt_max_msgs) { + OSSL_CMP_MSG *req = NULL; + OSSL_CMP_MSG *resp = NULL; + + ret = http_server_get_asn1_req(ASN1_ITEM_rptr(OSSL_CMP_MSG), + (ASN1_VALUE **)&req, &cbio, acbio, + prog, 0, 0); + if (ret == 0) + continue; + if (ret++ == -1) + break; /* fatal error */ + + ret = 0; + msgs++; + if (req != NULL) { + resp = OSSL_CMP_CTX_server_perform(cmp_ctx, req); + OSSL_CMP_MSG_free(req); + if (resp == NULL) + break; /* treated as fatal error */ + ret = http_server_send_asn1_resp(cbio, "application/pkixcmp", + ASN1_ITEM_rptr(OSSL_CMP_MSG), + (const ASN1_VALUE *)resp); + OSSL_CMP_MSG_free(resp); + if (!ret) + break; /* treated as fatal error */ + } + BIO_free_all(cbio); + cbio = NULL; + } + BIO_free_all(cbio); + BIO_free_all(acbio); +#endif + goto err; + } + /* else act as CMP client */ + + if (opt_use_mock_srv) { + if (opt_server != NULL) { + CMP_err("cannot use both -use_mock_srv and -server options"); + goto err; + } + if (opt_proxy != NULL) { + CMP_err("cannot use both -use_mock_srv and -proxy options"); + goto err; + } + opt_server = mock_server; + opt_proxy = "API"; + } else { + if (opt_server == NULL) { + CMP_err("missing -server option"); + goto err; + } + } + + if (!setup_client_ctx(cmp_ctx, e)) { + CMP_err("cannot set up CMP context"); + goto err; + } + for (i = 0; i < opt_repeat; i++) { + /* everything is ready, now connect and perform the command! */ + switch (opt_cmd) { + case CMP_IR: + newcert = OSSL_CMP_exec_IR_ses(cmp_ctx); + if (newcert == NULL) + goto err; + break; + case CMP_KUR: + newcert = OSSL_CMP_exec_KUR_ses(cmp_ctx); + if (newcert == NULL) + goto err; + break; + case CMP_CR: + newcert = OSSL_CMP_exec_CR_ses(cmp_ctx); + if (newcert == NULL) + goto err; + break; + case CMP_P10CR: + newcert = OSSL_CMP_exec_P10CR_ses(cmp_ctx); + if (newcert == NULL) + goto err; + break; + case CMP_RR: + if (OSSL_CMP_exec_RR_ses(cmp_ctx) == NULL) + goto err; + break; + case CMP_GENM: + { + STACK_OF(OSSL_CMP_ITAV) *itavs; + + if (opt_infotype != NID_undef) { + OSSL_CMP_ITAV *itav = + OSSL_CMP_ITAV_create(OBJ_nid2obj(opt_infotype), NULL); + if (itav == NULL) + goto err; + OSSL_CMP_CTX_push0_genm_ITAV(cmp_ctx, itav); + } + + if ((itavs = OSSL_CMP_exec_GENM_ses(cmp_ctx)) == NULL) + goto err; + print_itavs(itavs); + sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); + break; + } + default: + break; + } + + { + /* print PKIStatusInfo (this is in case there has been no error) */ + int status = OSSL_CMP_CTX_get_status(cmp_ctx); + char *buf = app_malloc(OSSL_CMP_PKISI_BUFLEN, "PKIStatusInfo buf"); + const char *string = + OSSL_CMP_CTX_snprint_PKIStatus(cmp_ctx, buf, + OSSL_CMP_PKISI_BUFLEN); + + CMP_print(bio_err, + status == OSSL_CMP_PKISTATUS_accepted ? "info" : + status == OSSL_CMP_PKISTATUS_rejection ? "server error" : + status == OSSL_CMP_PKISTATUS_waiting ? "internal error" + : "warning", + "received from %s %s %s", opt_server, + string != NULL ? string : "", ""); + OPENSSL_free(buf); + } + + if (opt_cacertsout != NULL) { + STACK_OF(X509) *certs = OSSL_CMP_CTX_get1_caPubs(cmp_ctx); + + if (sk_X509_num(certs) > 0 + && save_certs(cmp_ctx, certs, opt_cacertsout, "CA") < 0) { + sk_X509_pop_free(certs, X509_free); + goto err; + } + sk_X509_pop_free(certs, X509_free); + } + + if (opt_extracertsout != NULL) { + STACK_OF(X509) *certs = OSSL_CMP_CTX_get1_extraCertsIn(cmp_ctx); + if (sk_X509_num(certs) > 0 + && save_certs(cmp_ctx, certs, opt_extracertsout, + "extra") < 0) { + sk_X509_pop_free(certs, X509_free); + goto err; + } + sk_X509_pop_free(certs, X509_free); + } + + if (opt_certout != NULL && newcert != NULL) { + STACK_OF(X509) *certs = sk_X509_new_null(); + + if (certs == NULL || !sk_X509_push(certs, newcert) + || save_certs(cmp_ctx, certs, opt_certout, + "enrolled") < 0) { + sk_X509_free(certs); + goto err; + } + sk_X509_free(certs); + } + if (!OSSL_CMP_CTX_reinit(cmp_ctx)) + goto err; + } + ret = 1; + + err: + /* in case we ended up here on error without proper cleaning */ + cleanse(opt_keypass); + cleanse(opt_newkeypass); + cleanse(opt_otherpass); + cleanse(opt_tls_keypass); + cleanse(opt_secret); + cleanse(opt_srv_keypass); + cleanse(opt_srv_secret); + + if (ret != 1) + OSSL_CMP_CTX_print_errors(cmp_ctx); + + ossl_cmp_mock_srv_free(OSSL_CMP_CTX_get_transfer_cb_arg(cmp_ctx)); + { + APP_HTTP_TLS_INFO *http_tls_info = + OSSL_CMP_CTX_get_http_cb_arg(cmp_ctx); + + if (http_tls_info != NULL) { + SSL_CTX_free(http_tls_info->ssl_ctx); + OPENSSL_free(http_tls_info); + } + } + X509_STORE_free(OSSL_CMP_CTX_get_certConf_cb_arg(cmp_ctx)); + OSSL_CMP_CTX_free(cmp_ctx); + X509_VERIFY_PARAM_free(vpm); + release_engine(e); + + NCONF_free(conf); /* must not do as long as opt_... variables are used */ + OSSL_CMP_log_close(); + + return ret == 0 ? EXIT_FAILURE : EXIT_SUCCESS; +} diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf index e64cc9f3a6..c7e7abe994 100644 --- a/apps/openssl-vms.cnf +++ b/apps/openssl-vms.cnf @@ -348,3 +348,59 @@ ess_cert_id_chain = no # Must the ESS cert id chain be included? # (optional, default: no) ess_cert_id_alg = sha1 # algorithm to compute certificate # identifier (optional, default: sha1) + +[insta] # CMP using Insta Demo CA +# Message transfer +server = pki.certificate.fi:8700 +# proxy = # set this as far as needed, e.g., http://192.168.1.1:8080 +# tls_use = 0 +path = pkix/ + +# Server authentication +recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer +ignore_keyusage = 1 # potentially needed quirk +unprotected_errors = 1 # potentially needed quirk +extracertsout = insta.extracerts.pem + +# Client authentication +ref = 3078 # user identification +secret = pass:insta # can be used for both client and server side + +# Generic message options +cmd = ir # default operation, can be overridden on cmd line with, e.g., kur + +# Certificate enrollment +subject = "/CN=openssl-cmp-test" +newkey = insta.priv.pem +out_trusted = insta.ca.crt +certout = insta.cert.pem + +[pbm] # Password-based protection for Insta CA +# Server and client authentication +ref = $insta::ref # 3078 +secret = $insta::secret # pass:insta + +[signature] # Signature-based protection for Insta CA +# Server authentication +trusted = insta.ca.crt # does not include keyUsage digitalSignature + +# Client authentication +secret = # disable PBM +key = $insta::newkey # insta.priv.pem +cert = $insta::certout # insta.cert.pem + +[ir] +cmd = ir + +[cr] +cmd = cr + +[kur] +# Certificate update +cmd = kur +oldcert = $insta::certout # insta.cert.pem + +[rr] +# Certificate revocation +cmd = rr +oldcert = $insta::certout # insta.cert.pem diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 4acca4b044..52706ae166 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -348,3 +348,59 @@ ess_cert_id_chain = no # Must the ESS cert id chain be included? # (optional, default: no) ess_cert_id_alg = sha1 # algorithm to compute certificate # identifier (optional, default: sha1) + +[insta] # CMP using Insta Demo CA +# Message transfer +server = pki.certificate.fi:8700 +# proxy = # set this as far as needed, e.g., http://192.168.1.1:8080 +# tls_use = 0 +path = pkix/ + +# Server authentication +recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer +ignore_keyusage = 1 # potentially needed quirk +unprotected_errors = 1 # potentially needed quirk +extracertsout = insta.extracerts.pem + +# Client authentication +ref = 3078 # user identification +secret = pass:insta # can be used for both client and server side + +# Generic message options +cmd = ir # default operation, can be overridden on cmd line with, e.g., kur + +# Certificate enrollment +subject = "/CN=openssl-cmp-test" +newkey = insta.priv.pem +out_trusted = insta.ca.crt +certout = insta.cert.pem + +[pbm] # Password-based protection for Insta CA +# Server and client authentication +ref = $insta::ref # 3078 +secret = $insta::secret # pass:insta + +[signature] # Signature-based protection for Insta CA +# Server authentication +trusted = insta.ca.crt # does not include keyUsage digitalSignature + +# Client authentication +secret = # disable PBM +key = $insta::newkey # insta.priv.pem +cert = $insta::certout # insta.cert.pem + +[ir] +cmd = ir + +[cr] +cmd = cr + +[kur] +# Certificate update +cmd = kur +oldcert = $insta::certout # insta.cert.pem + +[rr] +# Certificate revocation +cmd = rr +oldcert = $insta::certout # insta.cert.pem diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c index 703bd8cded..f109af0502 100644 --- a/crypto/cmp/cmp_asn.c +++ b/crypto/cmp/cmp_asn.c @@ -70,7 +70,8 @@ ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = { * so it is used directly * */ - ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ERRORMSGCONTENT, errorDetails, ASN1_UTF8STRING) + ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ERRORMSGCONTENT, errorDetails, + ASN1_UTF8STRING) } ASN1_SEQUENCE_END(OSSL_CMP_ERRORMSGCONTENT) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT) @@ -352,8 +353,10 @@ ASN1_CHOICE(OSSL_CMP_PKIBODY) = { ASN1_EXP(OSSL_CMP_PKIBODY, value.cr, OSSL_CRMF_MSGS, 2), ASN1_EXP(OSSL_CMP_PKIBODY, value.cp, OSSL_CMP_CERTREPMESSAGE, 3), ASN1_EXP(OSSL_CMP_PKIBODY, value.p10cr, X509_REQ, 4), - ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecc, OSSL_CMP_POPODECKEYCHALLCONTENT, 5), - ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecr, OSSL_CMP_POPODECKEYRESPCONTENT, 6), + ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecc, + OSSL_CMP_POPODECKEYCHALLCONTENT, 5), + ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecr, + OSSL_CMP_POPODECKEYRESPCONTENT, 6), ASN1_EXP(OSSL_CMP_PKIBODY, value.kur, OSSL_CRMF_MSGS, 7), ASN1_EXP(OSSL_CMP_PKIBODY, value.kup, OSSL_CMP_CERTREPMESSAGE, 8), ASN1_EXP(OSSL_CMP_PKIBODY, value.krr, OSSL_CRMF_MSGS, 9), diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index f561f72eb1..d309f84a78 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -176,7 +176,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, if (*rep == NULL) { CMPerr(0, CMP_R_TRANSFER_ERROR); /* or receiving response */ - ERR_add_error_data(1, req_type_str); + ERR_add_error_data(2, "request sent: ", req_type_str); ERR_add_error_data(2, ", expected response: ", expected_type_str); return 0; } @@ -211,7 +211,8 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, char buf[OSSL_CMP_PKISI_BUFLEN]; if (save_statusInfo(ctx, si) - && OSSL_CMP_CTX_snprint_PKIStatus(ctx, buf, sizeof(buf)) != NULL) + && OSSL_CMP_CTX_snprint_PKIStatus(ctx, buf, + sizeof(buf)) != NULL) ERR_add_error_data(1, buf); if (emc->errorCode != NULL && BIO_snprintf(buf, sizeof(buf), "; errorCode: %ld", diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index aa18338db5..9aeee7f5dd 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -164,7 +164,7 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx) X509_STORE_free(ctx->trusted); sk_X509_pop_free(ctx->untrusted_certs, X509_free); - X509_free(ctx->clCert); + X509_free(ctx->cert); EVP_PKEY_free(ctx->pkey); ASN1_OCTET_STRING_free(ctx->referenceValue); if (ctx->secretValue != NULL) @@ -676,12 +676,12 @@ int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, * Set our own client certificate, used for example in KUR and when * doing the IR with existing certificate. */ -DEFINE_OSSL_CMP_CTX_set1_up_ref(clCert, X509) +DEFINE_OSSL_CMP_CTX_set1_up_ref(cert, X509) /* * Set the old certificate that we are updating in KUR * or the certificate to be revoked in RR, respectively. - * Also used as reference cert (defaulting to clCert) for deriving subject DN + * Also used as reference cert (defaulting to cert) for deriving subject DN * and SANs. Its issuer is used as default recipient in the CMP message header. */ DEFINE_OSSL_CMP_CTX_set1_up_ref(oldCert, X509) diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c index c2493420f8..b07bf031bf 100644 --- a/crypto/cmp/cmp_hdr.c +++ b/crypto/cmp/cmp_hdr.c @@ -41,7 +41,8 @@ int ossl_cmp_hdr_get_pvno(const OSSL_CMP_PKIHEADER *hdr) return (int)pvno; } -ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const OSSL_CMP_PKIHEADER *hdr) +ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const + OSSL_CMP_PKIHEADER *hdr) { if (hdr == NULL) { CMPerr(0, CMP_R_NULL_ARGUMENT); @@ -266,6 +267,25 @@ int ossl_cmp_hdr_has_implicitConfirm(const OSSL_CMP_PKIHEADER *hdr) return 0; } +/* + * set ctx->transactionID in CMP header + * if ctx->transactionID is NULL, a random one is created with 128 bit + * according to section 5.1.1: + * + * It is RECOMMENDED that the clients fill the transactionID field with + * 128 bits of (pseudo-) random data for the start of a transaction to + * reduce the probability of having the transactionID in use at the server. + */ +int ossl_cmp_hdr_set_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr) +{ + if (ctx->transactionID == NULL + && !set1_aostr_else_random(&ctx->transactionID, NULL, + OSSL_CMP_TRANSACTIONID_LENGTH)) + return 0; + return ossl_cmp_asn1_octet_string_set1(&hdr->transactionID, + ctx->transactionID); +} + /* fill in all fields of the hdr according to the info given in ctx */ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr) { @@ -283,8 +303,8 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr) * The sender name is copied from the subject of the client cert, if any, * or else from the subject name provided for certification requests. */ - sender = ctx->clCert != NULL ? - X509_get_subject_name(ctx->clCert) : ctx->subjectName; + sender = ctx->cert != NULL ? + X509_get_subject_name(ctx->cert) : ctx->subjectName; if (!ossl_cmp_hdr_set1_sender(hdr, sender)) return 0; @@ -301,8 +321,8 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr) rcp = ctx->issuer; } else if (ctx->oldCert != NULL) { rcp = X509_get_issuer_name(ctx->oldCert); - } else if (ctx->clCert != NULL) { - rcp = X509_get_issuer_name(ctx->clCert); + } else if (ctx->cert != NULL) { + rcp = X509_get_issuer_name(ctx->cert); } if (!ossl_cmp_hdr_set1_recipient(hdr, rcp)) return 0; @@ -316,21 +336,7 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr) ctx->recipNonce)) return 0; - /* - * set ctx->transactionID in CMP header - * if ctx->transactionID is NULL, a random one is created with 128 bit - * according to section 5.1.1: - * - * It is RECOMMENDED that the clients fill the transactionID field with - * 128 bits of (pseudo-) random data for the start of a transaction to - * reduce the probability of having the transactionID in use at the server. - */ - if (ctx->transactionID == NULL - && !set1_aostr_else_random(&ctx->transactionID, NULL, - OSSL_CMP_TRANSACTIONID_LENGTH)) - return 0; - if (!ossl_cmp_asn1_octet_string_set1(&hdr->transactionID, - ctx->transactionID)) + if (!ossl_cmp_hdr_set_transactionID(ctx, hdr)) return 0; /*- diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 9acafbae89..04abcf5084 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -68,8 +68,8 @@ struct ossl_cmp_ctx_st { /* client authentication */ int unprotectedSend; /* send unprotected PKI messages */ - X509 *clCert; /* client cert used to identify and sign for MSG_SIG_ALG */ - EVP_PKEY *pkey; /* the key pair corresponding to clCert */ + X509 *cert; /* protection cert used to identify and sign for MSG_SIG_ALG */ + EVP_PKEY *pkey; /* the key pair corresponding to cert */ ASN1_OCTET_STRING *referenceValue; /* optional user name for MSG_MAC_ALG */ ASN1_OCTET_STRING *secretValue; /* password/shared secret for MSG_MAC_ALG */ /* PBMParameters for MSG_MAC_ALG */ @@ -790,7 +790,7 @@ int ossl_cmp_ctx_set1_recipNonce(OSSL_CMP_CTX *ctx, /* from cmp_status.c */ int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si); const char *ossl_cmp_PKIStatus_to_string(int status); -OSSL_CMP_PKIFREETEXT *ossl_cmp_pkisi_get0_statusString(const OSSL_CMP_PKISI *si); +OSSL_CMP_PKIFREETEXT *ossl_cmp_pkisi_get0_statusString(const OSSL_CMP_PKISI *s); int ossl_cmp_pkisi_get_pkifailureinfo(const OSSL_CMP_PKISI *si); int ossl_cmp_pkisi_check_pkifailureinfo(const OSSL_CMP_PKISI *si, int index); @@ -814,6 +814,7 @@ int ossl_cmp_hdr_set_implicitConfirm(OSSL_CMP_PKIHEADER *hdr); int ossl_cmp_hdr_has_implicitConfirm(const OSSL_CMP_PKIHEADER *hdr); # define OSSL_CMP_TRANSACTIONID_LENGTH 16 # define OSSL_CMP_SENDERNONCE_LENGTH 16 +int ossl_cmp_hdr_set_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr); int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr); /* from cmp_msg.c */ @@ -885,13 +886,13 @@ OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, int64_t poll_after); OSSL_CMP_PKISI * ossl_cmp_revrepcontent_get_pkisi(OSSL_CMP_REVREPCONTENT *rrep, int rsid); -OSSL_CRMF_CERTID *ossl_cmp_revrepcontent_get_CertId(OSSL_CMP_REVREPCONTENT *rrep, +OSSL_CRMF_CERTID *ossl_cmp_revrepcontent_get_CertId(OSSL_CMP_REVREPCONTENT *rc, int rsid); OSSL_CMP_POLLREP * ossl_cmp_pollrepcontent_get0_pollrep(const OSSL_CMP_POLLREPCONTENT *prc, int rid); OSSL_CMP_CERTRESPONSE * -ossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crepmsg, +ossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crm, int rid); X509 *ossl_cmp_certresponse_get1_certificate(EVP_PKEY *privkey, const OSSL_CMP_CERTRESPONSE *crep); @@ -916,6 +917,6 @@ int ossl_cmp_verify_popo(const OSSL_CMP_MSG *msg, int accept_RAVerified); int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int fail_info, const char *txt); int ossl_cmp_exchange_error(OSSL_CMP_CTX *ctx, int status, int fail_info, - const char *txt, int errorCode, const char *details); + const char *txt, int errorCode, const char *detail); #endif /* !defined(OSSL_CRYPTO_CMP_LOCAL_H) */ diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index dc11b54d2b..7b338b2b01 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -218,7 +218,7 @@ static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert, static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid) { OSSL_CRMF_MSG *crm = NULL; - X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->clCert; + X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->cert; /* refcert defaults to current client cert */ EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0); STACK_OF(GENERAL_NAME) *default_sans = NULL; @@ -584,9 +584,9 @@ int ossl_cmp_msg_gen_push1_ITAVs(OSSL_CMP_MSG *msg, return 0; for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) { - if ((itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs, i))) == NULL) - return 0; - if (!ossl_cmp_msg_gen_push0_ITAV(msg, itav)) { + itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs, i)); + if (itav == NULL + || !ossl_cmp_msg_gen_push0_ITAV(msg, itav)) { OSSL_CMP_ITAV_free(itav); return 0; } @@ -982,6 +982,18 @@ X509 *ossl_cmp_certresponse_get1_certificate(EVP_PKEY *privkey, return crt; } +int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) +{ + if (ctx == NULL || msg == NULL) { + CMPerr(0, CMP_R_NULL_ARGUMENT); + return 0; + } + if (!ossl_cmp_hdr_set_transactionID(ctx, msg->header)) + return 0; + return msg->header->protectionAlg == NULL + || ossl_cmp_msg_protect(ctx, msg); +} + OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file) { OSSL_CMP_MSG *msg = NULL; diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index 3e0c22bb80..97600a7266 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -145,21 +145,18 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) && (msg->extraCerts = sk_X509_new_null()) == NULL) return 0; - if (ctx->clCert != NULL) { - /* Make sure that our own cert gets sent, in the first position */ - if (!X509_up_ref(ctx->clCert)) + if (ctx->cert != NULL && ctx->pkey != NULL) { + /* make sure that our own cert is included in the first position */ + if (!ossl_cmp_sk_X509_add1_cert(msg->extraCerts, ctx->cert, 1, 1)) return 0; - if (!sk_X509_push(msg->extraCerts, ctx->clCert)) { - X509_free(ctx->clCert); - return 0; - } - /* if we have untrusted store, try to add intermediate certs */ + /* if we have untrusted certs, try to add intermediate certs */ if (ctx->untrusted_certs != NULL) { STACK_OF(X509) *chain = - ossl_cmp_build_cert_chain(ctx->untrusted_certs, ctx->clCert); + ossl_cmp_build_cert_chain(ctx->untrusted_certs, ctx->cert); int res = ossl_cmp_sk_X509_add1_certs(msg->extraCerts, chain, 1 /* no self-issued */, 1 /* no duplicates */, 0); + sk_X509_pop_free(chain, X509_free); if (res == 0) return 0; @@ -227,6 +224,15 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) if (!ossl_assert(ctx != NULL && msg != NULL)) return 0; + /* + * For the case of re-protection remove pre-existing protection. + * TODO: Consider also removing any pre-existing extraCerts. + */ + X509_ALGOR_free(msg->header->protectionAlg); + msg->header->protectionAlg = NULL; + ASN1_BIT_STRING_free(msg->protection); + msg->protection = NULL; + if (ctx->unprotectedSend) return 1; @@ -238,84 +244,70 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) && !ossl_cmp_hdr_set1_senderKID(msg->header, ctx->referenceValue)) goto err; - - /* - * add any additional certificates from ctx->extraCertsOut - * while not needed to validate the signing cert, the option to do - * this might be handy for certain use cases - */ - if (!ossl_cmp_msg_add_extraCerts(ctx, msg)) - goto err; - - if ((msg->protection = - ossl_cmp_calc_protection(msg, ctx->secretValue, NULL)) == NULL) - goto err; - } else { + } else if (ctx->cert != NULL && ctx->pkey != NULL) { /* * use MSG_SIG_ALG according to 5.1.3.3 if client Certificate and * private key is given */ - if (ctx->clCert != NULL && ctx->pkey != NULL) { - const ASN1_OCTET_STRING *subjKeyIDStr = NULL; - int algNID = 0; - ASN1_OBJECT *alg = NULL; - - /* make sure that key and certificate match */ - if (!X509_check_private_key(ctx->clCert, ctx->pkey)) { - CMPerr(0, CMP_R_CERT_AND_KEY_DO_NOT_MATCH); - goto err; - } - - if (msg->header->protectionAlg == NULL) - if ((msg->header->protectionAlg = X509_ALGOR_new()) == NULL) - goto err; + const ASN1_OCTET_STRING *subjKeyIDStr = NULL; + int algNID = 0; + ASN1_OBJECT *alg = NULL; - if (!OBJ_find_sigid_by_algs(&algNID, ctx->digest, - EVP_PKEY_id(ctx->pkey))) { - CMPerr(0, CMP_R_UNSUPPORTED_KEY_TYPE); - goto err; - } - if ((alg = OBJ_nid2obj(algNID)) == NULL) - goto err; - if (!X509_ALGOR_set0(msg->header->protectionAlg, - alg, V_ASN1_UNDEF, NULL)) { - ASN1_OBJECT_free(alg); - goto err; - } - - /* - * set senderKID to keyIdentifier of the used certificate according - * to section 5.1.1 - */ - subjKeyIDStr = X509_get0_subject_key_id(ctx->clCert); - if (subjKeyIDStr == NULL) - subjKeyIDStr = ctx->referenceValue; /* fallback */ - if (subjKeyIDStr != NULL - && !ossl_cmp_hdr_set1_senderKID(msg->header, subjKeyIDStr)) - goto err; + /* make sure that key and certificate match */ + if (!X509_check_private_key(ctx->cert, ctx->pkey)) { + CMPerr(0, CMP_R_CERT_AND_KEY_DO_NOT_MATCH); + goto err; + } - /* - * Add ctx->clCert followed, if possible, by its chain built - * from ctx->untrusted_certs, and then ctx->extraCertsOut - */ - if (!ossl_cmp_msg_add_extraCerts(ctx, msg)) + if (msg->header->protectionAlg == NULL) + if ((msg->header->protectionAlg = X509_ALGOR_new()) == NULL) goto err; - if ((msg->protection = - ossl_cmp_calc_protection(msg, NULL, ctx->pkey)) == NULL) - goto err; - } else { - CMPerr(0, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION); + if (!OBJ_find_sigid_by_algs(&algNID, ctx->digest, + EVP_PKEY_id(ctx->pkey))) { + CMPerr(0, CMP_R_UNSUPPORTED_KEY_TYPE); goto err; } + if ((alg = OBJ_nid2obj(algNID)) == NULL) + goto err; + if (!X509_ALGOR_set0(msg->header->protectionAlg, alg, + V_ASN1_UNDEF, NULL)) { + ASN1_OBJECT_free(alg); + goto err; + } + + /* + * set senderKID to keyIdentifier of the used certificate according + * to section 5.1.1 + */ + subjKeyIDStr = X509_get0_subject_key_id(ctx->cert); + if (subjKeyIDStr == NULL) + subjKeyIDStr = ctx->referenceValue; /* fallback */ + if (subjKeyIDStr != NULL + && !ossl_cmp_hdr_set1_senderKID(msg->header, subjKeyIDStr)) + goto err; + } else { + CMPerr(0, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION); + goto err; } + if ((msg->protection = + ossl_cmp_calc_protection(msg, ctx->secretValue, ctx->pkey)) == NULL) + goto err; + + /* + * If present, add ctx->cert followed by its chain as far as possible. + * Finally add any additional certificates from ctx->extraCertsOut; + * even if not needed to validate the protection + * the option to do this might be handy for certain use cases. + */ + if (!ossl_cmp_msg_add_extraCerts(ctx, msg)) + goto err; /* * As required by RFC 4210 section 5.1.1., if the sender name is not known * to the client it set to NULL-DN. In this case for identification at least * the senderKID must be set, where we took the referenceValue as fallback. */ - if (ossl_cmp_general_name_is_NULL_DN(msg->header->sender) && msg->header->senderKID == NULL) CMPerr(0, CMP_R_MISSING_SENDER_IDENTIFICATION); diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index 8bd3b56a26..b805dc8bcb 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -221,7 +221,8 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, if (si == NULL) goto err; /* set OSSL_CMP_OPT_IMPLICIT_CONFIRM if and only if transaction ends */ - if (!OSSL_CMP_CTX_set_option(srv_ctx->ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM, + if (!OSSL_CMP_CTX_set_option(srv_ctx->ctx, + OSSL_CMP_OPT_IMPLICIT_CONFIRM, ossl_cmp_hdr_has_implicitConfirm(hdr) && srv_ctx->grantImplicitConfirm /* do not set if polling starts: */ diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index 9f6158ff79..320c527a65 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -278,6 +278,7 @@ static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name, (void)sk_X509_shift(chain); } } + sk_X509_free(chain); if (!ok) { OSSL_STORE_INFO_free(osi_ca); OSSL_STORE_INFO_free(osi_cert); diff --git a/doc/internal/man3/ossl_cmp_msg_protect.pod b/doc/internal/man3/ossl_cmp_msg_protect.pod index a931d3caf2..bf859cdbda 100644 --- a/doc/internal/man3/ossl_cmp_msg_protect.pod +++ b/doc/internal/man3/ossl_cmp_msg_protect.pod @@ -15,9 +15,9 @@ ossl_cmp_msg_add_extraCerts =head1 DESCRIPTION -ossl_cmp_msg_protect() protects the given message B using an algorithm +ossl_cmp_msg_protect() (re-)protects the given message B using an algorithm depending on the available context information given in the B. -If there is a secretValue it selects PBMAC. Else if there is a clCert +If there is a secretValue it selects PBMAC, else if there is a protection cert it selects Signature and uses B. It also sets the protectionAlg field in the message header accordingly. diff --git a/doc/man1/build.info b/doc/man1/build.info index c48ff0acbe..5b0b4eb6fd 100644 --- a/doc/man1/build.info +++ b/doc/man1/build.info @@ -4,6 +4,7 @@ DEPEND[]= \ openssl-ca.pod \ openssl-ciphers.pod \ openssl-cmds.pod \ + openssl-cmp.pod \ openssl-cms.pod \ openssl-crl2pkcs7.pod \ openssl-crl.pod \ @@ -58,6 +59,7 @@ DEPEND[openssl-asn1parse.pod]=../perlvars.pm DEPEND[openssl-ca.pod]=../perlvars.pm DEPEND[openssl-ciphers.pod]=../perlvars.pm DEPEND[openssl-cmds.pod]=../perlvars.pm +DEPEND[openssl-cmp.pod]=../perlvars.pm DEPEND[openssl-cms.pod]=../perlvars.pm DEPEND[openssl-crl2pkcs7.pod]=../perlvars.pm DEPEND[openssl-crl.pod]=../perlvars.pm @@ -112,6 +114,7 @@ GENERATE[openssl-asn1parse.pod]=openssl-asn1parse.pod.in GENERATE[openssl-ca.pod]=openssl-ca.pod.in GENERATE[openssl-ciphers.pod]=openssl-ciphers.pod.in GENERATE[openssl-cmds.pod]=openssl-cmds.pod.in +GENERATE[openssl-cmp.pod]=openssl-cmp.pod.in GENERATE[openssl-cms.pod]=openssl-cms.pod.in GENERATE[openssl-crl2pkcs7.pod]=openssl-crl2pkcs7.pod.in GENERATE[openssl-crl.pod]=openssl-crl.pod.in diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in new file mode 100644 index 0000000000..cf7f6aa418 --- /dev/null +++ b/doc/man1/openssl-cmp.pod.in @@ -0,0 +1,1165 @@ +=pod +{- OpenSSL::safe::output_do_not_edit_headers(); -} + +=head1 NAME + +openssl-cmp - client for the Certificate Management Protocol (CMP, RFC 4210) + +=head1 SYNOPSIS + +B B +[B<-help>] +[B<-config> I] +[B<-section> I] + +[B<-server> I] +[B<-proxy> I<[http[s]://]address[:port][/path]>] +[B<-no_proxy> I] +[B<-path> I] +[B<-msg_timeout> I] +[B<-total_timeout> I] + +[B<-trusted> I] +[B<-untrusted> I] +[B<-srvcert> I] +[B<-recipient> I] +[B<-expect_sender> I] +[B<-ignore_keyusage>] +[B<-unprotected_errors>] +[B<-extracertsout> I] +[B<-cacertsout> I] + +[B<-ref> I] +[B<-secret> I] +[B<-cert> I] +[B<-key> I] +[B<-keypass> I] +[B<-digest> I] +[B<-mac> I] +[B<-extracerts> I] +[B<-unprotected_requests>] + +[B<-cmd> I] +[B<-infotype> I] +[B<-geninfo> I] + +[B<-newkey> I] +[B<-newkeypass> I] +[B<-subject> I] +[B<-issuer> I] +[B<-days> I] +[B<-reqexts> I] +[B<-sans> I] +[B<-san_nodefault>] +[B<-policies> I] +[B<-policy_oids> I] +[B<-policy_oids_critical>] +[B<-popo> I] +[B<-csr> I] +[B<-out_trusted> I] +[B<-verify_hostname> I] +[B<-verify_ip> I] +[B<-verify_email> I] +[B<-implicit_confirm>] +[B<-disable_confirm>] +[B<-certout> I] + +[B<-oldcert> I] +[B<-revreason> I] + +[B<-certform> I] +[B<-keyform> I] +[B<-certsform> I] +[B<-otherpass> I] +[B<-engine> I] +{- $OpenSSL::safe::opt_provider_synopsis -} + +[B<-tls_used>] +[B<-tls_cert> I] +[B<-tls_key> I] +[B<-tls_keypass> I] +[B<-tls_extra> I] +[B<-tls_trusted> I] +[B<-tls_host> I] + +[B<-batch>] +[B<-repeat> I] +[B<-reqin>] I +[B<-reqin_new_tid>] +[B<-reqout>] I +[B<-rspin>] I +[B<-rspout>] I +[B<-use_mock_srv>] + +[B<-policy> I] +[B<-purpose> I] +[B<-verify_name> I] +[B<-verify_depth> I] +[B<-auth_level> I] +[B<-attime> I] +[B<-ignore_critical>] +[B<-issuer_checks>] +[B<-policy_check>] +[B<-explicit_policy>] +[B<-inhibit_any>] +[B<-inhibit_map>] +[B<-x509_strict>] +[B<-extended_crl>] +[B<-use_deltas>] +[B<-policy_print>] +[B<-check_ss_sig>] +[B<-crl_check>] +[B<-crl_check_all>] +[B<-trusted_first>] +[B<-suiteB_128_only>] +[B<-suiteB_128>] +[B<-suiteB_192>] +[B<-partial_chain>] +[B<-no_alt_chains>] +[B<-no_check_time>] +[B<-allow_proxy_certs>] + +[B<-port> I] +[B<-max_msgs> I] +[B<-srv_ref> I] +[B<-srv_secret> I] +[B<-srv_cert> I] +[B<-srv_key> I] +[B<-srv_keypass> I] +[B<-srv_trusted> I] +[B<-srv_untrusted> I] +[B<-rsp_cert> I] +[B<-rsp_extracerts> I] +[B<-rsp_capubs> I] +[B<-poll_count> I] +[B<-check_after> I] +[B<-grant_implicitconf>] +[B<-pkistatus> I] +[B<-failure> I] +[B<-failurebits> I] +[B<-statusstring> I] +[B<-send_error>] +[B<-send_unprotected>] +[B<-send_unprot_err>] +[B<-accept_unprotected>] +[B<-accept_unprot_err>] +[B<-accept_raverified>] + +=head1 DESCRIPTION + +The B command is a client implementation for the Certificate +Management Protocol (CMP) as defined in RFC4210. +It can be used to request certificates from a CA server, +update their certificates, +request certificates to be revoked, and perform other CMP requests. + +=head1 OPTIONS + +=over 4 + +=item B<-help> + +Display a summary of all options + +=item B<-config> I + +Configuration file to use. +An empty string C<""> means none. +Default filename is from the environment variable C. + +=item B<-section> I + +Section(s) to use within config file defining CMP options. +An empty string C<""> means no specific section. +Default is C. +Multiple section names may be given, separated by commas and/or whitespace +(where in the latter case the whole argument must be enclosed in "..."). +Contents of sections named later may override contents of sections named before. +In any case, as usual, the C<[default]> section and finally the unnamed +section (as far as present) can provide per-option fallback values. + +=back + + +=head2 Generic message options + +=over 4 + +=item B<-cmd> I + +CMP command to execute. +Currently implemented commands are: + +=over 8 + +=item ir E - Initialization Request + +=item cr E - Certificate Request + +=item p10cr - PKCS#10 Certification Request (for legacy support) + +=item kur EE- Key Update Request + +=item rr E - Revocation Request + +=item genm - General Message + +=back + +B requests initialization of an End Entity into a PKI hierarchy by means of +issuance of a first certificate. + +B requests issuance of an additional certificate for an End Entity already +initialized to the PKI hierarchy. + +B requests issuance of an additional certificate similarly to B +but uses PKCS#10 CSR format. + +B requests (key) update for an existing, given certificate. + +B requests revocation of an existing, given certificate. + +B requests information using a General Message, where optionally +included Bs may be used to state which info is of interest. +Upon receipt of the General Response, information about all received +ITAV Bs is printed to stdout. + +=item B<-infotype> I + +Set InfoType name to use for requesting specific info in B, +e.g., C. + +=item B<-geninfo> I + +generalInfo integer values to place in request PKIHeader with given OID, +e.g., C<1.2.3:int:987>. + +=back + + +=head2 Certificate request options + +=over 4 + +=item B<-newkey> I + +The file containing the private or public key for the certificate requested +in Initialization Request (IR), Certification Request(CR), or +Key Update Request (KUR). +Default is the public key in the PKCS#10 CSR given with the B<-csr> option, +if any, or else the current client key, if given. + +=item B<-newkeypass> I + +Pass phrase source for the key given with the B<-newkey> option. +If not given here, the password will be prompted for if needed. + +For more information about the format of B see the +B section in L. + +=item B<-subject> I + +X509 Distinguished Name (DN) of subject to use in the requested certificate +template. +For KUR, it defaults to the subject DN of the reference certificate +(see B<-oldcert>). +This default is used for IR and CR only if no SANs are set. + +The argument must be formatted as I, +characters may be escaped by C<\>E(backslash), no spaces are skipped. + +In case B<-cert> is not set, for instance when using MSG_MAC_ALG, +the subject DN is also used as sender of the PKI message. + +=item B<-issuer> I + +X509 issuer Distinguished Name (DN) of the CA server +to place in the requested certificate template in IR/CR/KUR. + +The argument must be formatted as I, +characters may be escaped by C<\>E(backslash), no spaces are skipped. + +If neither B<-srvcert> nor B<-recipient> is available, +the name given in this option is also set as the recipient of the CMP message. + +=item B<-days> I + +Number of days the new certificate is requested to be valid for, counting from +the current time of the host. +Also triggers the explicit request that the +validity period starts from the current time (as seen by the host). + +=item B<-reqexts> I + +Name of section in OpenSSL config file defining certificate request extensions. + +=item B<-sans> I + +One or more IP addresses, DNS names, or URIs separated by commas or whitespace +(where in the latter case the whole argument must be enclosed in "...") +to add as Subject Alternative Name(s) (SAN) certificate request extension. +If the special element "critical" is given the SANs are flagged as critical. +Cannot be used if any Subject Alternative Name extension is set via B<-reqexts>. + +=item B<-san_nodefault> + +When Subject Alternative Names are not given via B<-sans> +nor defined via B<-reqexts>, +they are copied by default from the reference certificate (see B<-oldcert>). +This can be disabled by giving the B<-san_nodefault> option. + +=item B<-policies> I + +Name of section in OpenSSL config file defining policies to be set +as certificate request extension. +This option cannot be used together with B<-policy_oids>. + +=item B<-policy_oids> I + +One or more OID(s), separated by commas and/or whitespace +(where in the latter case the whole argument must be enclosed in "...") +to add as certificate policies request extension. +This option cannot be used together with B<-policies>. + +=item B<-policy_oids_critical> + +Flag the policies given with B<-policy_oids> as critical. + +=item B<-popo> I + +Proof-of-Possession (POPO) method to use for IR/CR/KUR; values: C<-1>..<2> where +C<-1> = NONE, C<0> = RAVERIFIED, C<1> = SIGNATURE (default), C<2> = KEYENC. + +Note that a signature-based POPO can only be produced if a private key +is provided via the B<-newkey> or B<-key> options. + +=item B<-csr> I + +CSR in PKCS#10 format to use in legacy P10CR messages. + +=item B<-out_trusted> I + +Trusted certificate(s) to use for verifying the newly enrolled certificate. + +Multiple filenames may be given, separated by commas and/or whitespace +(where in the latter case the whole argument must be enclosed in "..."). +Each source may contain multiple certificates. + +=item B<-verify_hostname> I + +When verification of the newly enrolled certificate is enabled (with the +B<-out_trusted> option), check if any DNS Subject Alternative Name (or if no +DNS SAN is included, the Common Name in the subject) equals the given B. + +=item B<-verify_ip> I + +When verification of the newly enrolled certificate is enabled (with the +B<-out_trusted> option), check if there is +an IP address Subject Alternative Name matching the given IP address. + +=item B<-verify_email> I + +When verification of the newly enrolled certificate is enabled (with the +B<-out_trusted> option), check if there is +an email address Subject Alternative Name matching the given email address. + +=item B<-implicit_confirm> + +Request implicit confirmation of newly enrolled certificates. + +=item B<-disable_confirm> + +Do not send certificate confirmation message for newly enrolled certificate +without requesting implicit confirmation +to cope with broken servers not supporting implicit confirmation correctly. +B This leads to behavior violating RFC 4210. + +=item B<-certout> I + +The file where the newly enrolled certificate should be saved. + +=back + + +=head2 Certificate revocation options + +=over 4 + +=item B<-oldcert> I + +The certificate to be updated (i.e., renewed or re-keyed) in Key Update Request +(KUR) messages or to be revoked in Revocation Request (RR) messages. +It must be given for RR, while for KUR it defaults to B<-cert>. + +The reference certificate determined in this way, if any, is also used for +deriving default subject DN and Subject Alternative Names for IR, CR, and KUR. +Its issuer, if any, is used as default recipient in the CMP message header +if neither B<-srvcert>, B<-recipient>, nor B<-issuer> is available. + +=item B<-revreason> I + +Set CRLReason to be included in revocation request (RR); values: C<0>..C<10> +or C<-1> for none (which is the default). + +Reason numbers defined in RFC 5280 are: + + CRLReason ::= ENUMERATED { + unspecified (0), + keyCompromise (1), + cACompromise (2), + affiliationChanged (3), + superseded (4), + cessationOfOperation (5), + certificateHold (6), + -- value 7 is not used + removeFromCRL (8), + privilegeWithdrawn (9), + aACompromise (10) + } + +=back + + +=head2 Message transfer options + +=over 4 + +=item B<-server> I<[http[s]://]address[:port]> + +The IP address or DNS hostname and optionally port (defaulting to 80 or 443) +of the CMP server to connect to using HTTP(S) transport. +The optional "http://" or "https://" prefix is ignored. + +=item B<-proxy> I<[http[s]://]address[:port][/path]> + +The HTTP(S) proxy server to use for reaching the CMP server unless B +applies, see below. +The optional "http://" or "https://" prefix and any trailing path are ignored. +Defaults to the environment variable C if set, else C +in case no TLS is used, otherwise C if set, else C. + +=item B<-no_proxy> I +List of IP addresses and/or DNS names of servers +not to use an HTTP(S) proxy for, separated by commas and/or whitespace +(where in the latter case the whole argument must be enclosed in "..."). +Default is from the environment variable C if set, else C. + +=item B<-path> I + +HTTP path at the CMP server (aka CMP alias) to use for POST requests. +Defaults to "/". + +=item B<-msg_timeout> I + +Number of seconds (or 0 for infinite) a CMP request-response message round trip +is allowed to take before a timeout error is returned. +Default is 120. + +=item B<-total_timeout> I + +Maximum number seconds an overall enrollment transaction may take, +including attempts polling for certificates on C PKIStatus. +Default is 0 (infinite). + +=back + + +=head2 Server authentication options + +=over 4 + +=item B<-trusted> I + +When verifying signature-based protection of CMP response messages, +these are the CA certificate(s) to trust while checking certificate chains +during CMP server authentication. +This option gives more flexibility than the B<-srvcert> option because +it does not pin down the expected CMP server by allowing only one certificate. + +Multiple filenames may be given, separated by commas and/or whitespace +(where in the latter case the whole argument must be enclosed in "..."). +Each source may contain multiple certificates. + +=item B<-untrusted> I + +Non-trusted intermediate certificate(s) that may be useful +for constructing the TLS client certificate chain (if TLS is enabled) and +for building certificate chains while verifying the CMP server certificate +(when checking signature-based CMP message protection) +and while verifying the newly enrolled certificate. +These may get added to the extraCerts field sent in requests as far as needed. + +Multiple filenames may be given, separated by commas and/or whitespace. +Each file may contain multiple certificates. + +=item B<-srvcert> I + +The specific CMP server certificate to use and directly trust (even if it is +expired) when verifying signature-based protection of CMP response messages. +May be set alternatively to the B<-trusted> option +if the certificate is available and only this one shall be accepted. + +If set, the issuer of the certificate is also used as the recipient of the CMP +request and as the expected sender of the CMP response, +overriding any potential B<-recipient> option. + +=item B<-recipient> I + +This option may be used to explicitly set the Distinguished Name (DN) +of the CMP message recipient, i.e., the CMP server (usually a CA or RA entity). + +The argument must be formatted as I, +characters may be escaped by C<\>E(backslash), no spaces are skipped. + +If a CMP server certificate is given with the B<-srvcert> option, its subject +name is taken as the recipient name and the B<-recipient> option is ignored. +If neither of the two are given, the recipient of the PKI message is +determined in the following order: from the B<-issuer> option if present, +the issuer of old cert given with the B<-oldcert> option if present, +the issuer of the client certificate (B<-cert> option) if present. + +The recipient field in the header of CMP messagese is mandatory. +If none of the options that enable the derivation of the recipient name are +given, no suitable value for the recipient in the PKIHeader is available. +As a last resort it is set to NULL-DN. + +When a response is received, its sender must match the recipient of the request. + +=item B<-expect_sender> I + +Distinguished Name (DN) of the expected sender of CMP response messages when +MSG_SIG_ALG is used for protection. +This can be used to ensure that only a particular entity is accepted +as the CMP server, and attackers are not able to use arbitrary certificates +of a trusted PKI hierarchy to fraudulently pose as a CMP server. +Note that this option gives slightly more freedom than B<-srvcert>, +which pins down the server to a particular certificate, +while B<-expect_sender> I will continue to match after updates of the +server cert. + +The argument must be formatted as I, +characters may be escaped by C<\>E(backslash), no spaces are skipped. + +If not given, the subject DN of B<-srvcert>, if provided, will be used. + +=item B<-ignore_keyusage> + +Ignore key usage restrictions in CMP signer certificates when verifying +signature-based protection of incoming CMP messages, +else C must be allowed for signer certificate. + +=item B<-unprotected_errors> + +Accept missing or invalid protection of negative responses from the server. +This applies to the following message types and contents: + +=over 4 + +=item * error messages + +=item * negative certificate responses (IP/CP/KUP) + +=item * negative revocation responses (RP) + +=item * negative PKIConf messages + +=back + +B This setting leads to unspecified behavior and it is meant +exclusively to allow interoperability with server implementations violating +RFC 4210, e.g.: + +=over 4 + +=item * section 5.1.3.1 allows exceptions from protecting only for special +cases: +"There MAY be cases in which the PKIProtection BIT STRING is deliberately not +used to protect a message [...] because other protection, external to PKIX, will +be applied instead." + +=item * section 5.3.21 is clear on ErrMsgContent: "The CA MUST always sign it +with a signature key." + +=item * appendix D.4 shows PKIConf message having protection + +=back + +=item B<-extracertsout> I + +The file where to save any extra certificates received in the extraCerts field +of response messages. + +=item B<-cacertsout> I + +The file where to save any CA certificates received in the caPubs field of +Initializiation Response (IP) messages. + +=back + + +=head2 Client authentication options + +=over 4 + +=item B<-ref> I + +Reference number/string/value to use as fallback senderKID; this is required +if no sender name can be determined from the B<-cert> or <-subject> options and +is typically used when authenticating with pre-shared key (password-based MAC). + +=item B<-secret> I + +Source of secret value to use for creating PBM-based protection of outgoing +messages and for verifying any PBM-based protection of incoming messages. +PBM stands for Password-Based Message Authentication Code. +This takes precedence over the B<-cert> option. + +For more information about the format of B see the +B section in L. + +=item B<-cert> I + +The client's current certificate. +Requires the corresponding key to be given with B<-key>. +The subject of this certificate will be used as the "sender" field +of outgoing CMP messages, while B<-subjectName> may provide a fallback value. +When using signature-based message protection, this "protection certificate" +will be included first in the extraCerts field of outgoing messages. +In Initialization Request (IR) messages this can be used for authenticating +using an external entity certificate as defined in appendix E.7 of RFC 4210. +For Key Update Request (KUR) messages this is also used as +the certificate to be updated if the B<-oldcert> option is not given. +If the file includes further certs, they are appended to the untrusted certs. +These may get added to the extraCerts field sent in requests as far as needed. + +=item B<-key> I + +The corresponding private key file for the client's current certificate given in +the B<-cert> option. +This will be used for signature-based message protection unless +the B<-secret> option indicating PBM or B<-unprotected_requests> is given. + +=item B<-keypass> I + +Pass phrase source for the private key given with the B<-key> option. +Also used for B<-cert> and B<-oldcert> in case it is an encrypted PKCS#12 file. +If not given here, the password will be prompted for if needed. + +For more information about the format of B see the +B section in L. + +=item B<-digest> I + +Specifies name of supported digest to use in RFC 4210's MSG_SIG_ALG +and as the one-way function (OWF) in MSG_MAC_ALG. +If applicable, this is used for message protection and +Proof-of-Possession (POPO) signatures. +To see the list of supported digests, use B. +Defaults to C. + +=item B<-mac> I + +Specifies the name of the MAC algorithm in MSG_MAC_ALG. +To get the names of supported MAC algorithms use B +and possibly combine such a name with the name of a supported digest algorithm, +e.g., hmacWithSHA256. +Defaults to C as per RFC 4210. + +=item B<-extracerts> I + +Certificates to append in the extraCerts field when sending messages. + +Multiple filenames or URLs may be given, separated by commas and/or whitespace +(where in the latter case the whole argument must be enclosed in "..."). +Each source may contain multiple certificates. + +=item B<-unprotected_requests> + +Send messages without CMP-level protection. + +=back + + +=head2 Credentials format options + +=over 4 + +=item B<-certform> I + +File format to use when saving a certificate to a file. +Default value is PEM. + +=item B<-keyform> I + +Format to assume when reading key files. +Default value is PEM. + +=item B<-certsform> I + +Format to try first when reading multiple certificates from file(s). +Default value is PEM. + +=item B<-otherpass> I + +Pass phrase source for certificate given with the B<-trusted>, B<-untrusted>, +B<-out_trusted>, B<-extracerts>, B<-tls_extra>, or B<-tls_trusted> options. +If not given here, the password will be prompted for if needed. + +For more information about the format of B see the +B section in L. + +=item B<-engine> I + +Specifying a crypto engine B will lead to obtaining a functional +reference to the specified engine, initializing it if needed. +The engine will be used for all algorithms supported for keys +prefixed by C. +Engines may be defined in the OpenSSL config file as usual in an engine section. + +Options specifying keys, like B<-key>, B<-newkey>, B<-tls_key> can prefix +C to engine-specific identifiers for security tokens objects held by +the engine. + The following example utilizes the RFC 7512 PKCS #11 URI scheme +as supported, e.g., by libp11: +C<-key engine:pkcs11:object=my-private-key;type=private;pin-value=1234> + +{- $OpenSSL::safe::opt_provider_item -} + +=back + + +=head2 TLS options + +=over 4 + +=item B<-tls_used> + +Enable using TLS (even when other TLS_related options are not set) +when connecting to CMP server. + +=item B<-tls_cert> I + +Client's TLS certificate. +If the file includes further certificates, +they are used for constructing the client cert chain provided to the TLS server. + +=item B<-tls_key> I + +Private key for the client's TLS certificate. + +=item B<-tls_keypass> I + +Pass phrase source for client's private TLS key B. +Also used for B<-tls_cert> in case it is an encrypted PKCS#12 file. +If not given here, the password will be prompted for if needed. + +For more information about the format of B see the +B section in L. + +=item B<-tls_extra> I + +Extra certificates to provide to TLS server during TLS handshake + +=item B<-tls_trusted> I + +Trusted certificate(s) to use for verifying the TLS server certificate. +This implies hostname validation. + +Multiple filenames may be given, separated by commas and/or whitespace +(where in the latter case the whole argument must be enclosed in "..."). +Each source may contain multiple certificates. + +=item B<-tls_host> I + +Address to be checked during hostname validation. +This may be a DNS name or an IP address. +If not given it defaults to the B<-server> address. + +=back + + +=head2 Client-side debugging options + +=over 4 + +=item B<-batch> + +Do not interactively prompt for input, for instance when a password is needed. +This can be useful for batch processing and testing. + +=item B<-repeat> I + +Invoke the command the given number of times with the same parameters. +Default is one invocation. + +=item B<-reqin> I + +Take sequence of CMP requests from file(s). +Multiple filenames may be given, separated by commas and/or whitespace +(where in the latter case the whole argument must be enclosed in "..."). +As many files are read as needed for a complete transaction. + +=item B<-reqin_new_tid> + +Use a fresh transactionID for CMP request messages read using B<-reqin>, +which requires re-protecting them as far as they were protected before. +This may be needed in case the sequence of requests is reused +and the CMP server complains that the transaction ID has already been used. + +=item B<-reqout> I + +Save sequence of CMP requests to file(s). +Multiple filenames may be given, separated by commas and/or whitespace. +As many files are written as needed to store the complete transaction. + +=item B<-rspin> I + +Process sequence of CMP responses provided in file(s), skipping server. +Multiple filenames may be given, separated by commas and/or whitespace. +As many files are read as needed for the complete transaction. + +=item B<-rspout> I + +Save sequence of CMP responses to file(s). +Multiple filenames may be given, separated by commas and/or whitespace. +As many files are written as needed to store the complete transaction. + +=item B<-use_mock_srv> + +Use the internal mock server for testing the client. +This works at API level, bypassing HTTP transport. + +=back + + +=head2 Certificate verification options, for both CMP and TLS + +=over 4 + +=item B<-policy>, B<-purpose>, B<-verify_name>, B<-verify_depth>, +B<-attime>, +B<-ignore_critical>, B<-issuer_checks>, +B<-policy_check>, +B<-explicit_policy>, B<-inhibit_any>, B<-inhibit_map>, +B<-x509_strict>, B<-extended_crl>, B<-use_deltas>, +B<-policy_print>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>, +B<-trusted_first>, +B<-suiteB_128_only>, B<-suiteB_128>, B<-suiteB_192>, +B<-partial_chain>, B<-no_alt_chains>, B<-no_check_time>, +B<-auth_level>, +B<-allow_proxy_certs> + +Set various options of certificate chain verification. +See L for details. + +=back + + +=head2 Mock server options, for testing purposes only + +=over 4 + +=item B<-port> I + +Act as CMP HTTP server mock-up listening on the given port. + +=item B<-max_msgs> I + +Maximum number of CMP (request) messages the CMP HTTP server mock-up +should handle, which must be non-negative. +The default value is 0, which means that no limit is imposed. +In any case the server terminates on internal errors, but not when it +detects a CMP-level error that it can successfully answer with an error message. + +=item B<-srv_ref> I + +Reference value to use as senderKID of server in case no B<-srv_cert> is given. + +=item B<-srv_secret> I + +Password source for server authentication with a pre-shared key (secret). + +=item B<-srv_cert> I + +Certificate of the server. + +=item B<-srv_key> I + +Private key used by the server for signing messages. + +=item B<-srv_keypass> I + +Server private key (and cert) file pass phrase source. + +=item B<-srv_trusted> I + +Trusted certificates for client authentication. + +=item B<-srv_untrusted> I + +Intermediate CA certs that may be useful when verifying client certificates. + +=item B<-rsp_cert> I + +Certificate to be returned as mock enrollment result. + +=item B<-rsp_extracerts> I + +Extra certificates to be included in mock certification responses. + +=item B<-rsp_capubs> I + +CA certificates to be included in mock Initialization Response (IP) message. + +=item B<-poll_count> I + +Number of times the client must poll before receiving a certificate. + +=item B<-check_after> I + +The checkAfter value (number of seconds to wait) to include in poll response. + + +=item B<-grant_implicitconf> + +Grant implicit confirmation of newly enrolled certificate. + +=item B<-pkistatus> I + +PKIStatus to be included in server response. +Valid range is 0 (accepted) .. 6 (keyUpdateWarning). + +=item B<-failure> I + +A single failure info bit number to be included in server response. +Valid range is 0 (badAlg) .. 26 (duplicateCertReq). + +=item B<-failurebits> I +Number representing failure bits to be included in server response. +Valid range is 0 .. 2^27 - 1. + +=item B<-statusstring> I + +Text to be included as status string in server response. + +=item B<-send_error> + +Force server to reply with error message. + +=item B<-send_unprotected> + +Send response messages without CMP-level protection. + +=item B<-send_unprot_err> + +In case of negative responses, server shall send unprotected error messages, +certificate responses (IP/CP/KUP), and revocation responses (RP). +WARNING: This setting leads to behavior violating RFC 4210. + +=item B<-accept_unprotected> + +Accept missing or invalid protection of requests. + +=item B<-accept_unprot_err> + +Accept unprotected error messages from client. + +=item B<-accept_raverified> + +Accept RAVERIFED as proof-of-possession (POPO). + +=back + + +=head1 NOTES + +When setting up CMP configurations and experimenting with enrollment options +typically various errors occur until the configuration is correct and complete. +When the CMP server reports an error the client will by default +check the protection of the CMP response message. +Yet some CMP services tend not to protect negative responses. +In this case the client will reject them, and thus their contents are not shown +although they usually contain hints that would be helpful for diagnostics. +For assisting in such cases the CMP client offers a workaround via the +B<-unprotected_errors> option, which allows accepting such negative messages. + + +=head1 EXAMPLES + +=head2 Simple examples using the default OpenSSL configuration file + +This CMP client implementation comes with demonstrative CMP sections +in the example configuration file F, +which can be used to interact conveniently with the Insta Demo CA. + +In order to enroll an initial certificate from that CA it is sufficient +to issue the following shell commands. + + cd /path/to/openssl + export OPENSSL_CONF=openssl.cnf + wget 'http://pki.certificate.fi:8080/install-ca-cert.html/ca-certificate.crt\ + ?ca-id=632&download-certificate=1' -O insta.ca.crt + openssl genrsa -out insta.priv.pem + openssl cmp -section insta + +This should produce the file F containing a new certificate +for the private key held in F. +It can be viewed using, e.g., + + openssl x509 -noout -text -in insta.cert.pem + +In case the network setup requires using an HTTP proxy it may be given as usual +via the environment variable B or via the B option or +the CMP command-line argument B<-proxy>, for example + + -proxy http://192.168.1.1:8080 + +In the Insta Demo CA scenario both clients and the server may use the pre-shared +secret "insta" and the reference value "3078" to authenticate to each other. + +Alternatively, CMP messages may be protected in signature-based manner, +where the trust anchor in this case is F +and the client may use any certificate already obtained from that CA, +as specified in the B<[signature]> section of the example configuration. +This can be used in combination with the B<[insta]> section simply by + + openssl cmp -section insta,signature + +By default the CMP IR message type is used, yet CR works equally here. +This may be specified directly at the command line: + + openssl cmp -section insta -cmd cr + +or by referencing in addition the B<[cr]> section of the example configuration: + + openssl cmp -section insta,cr + +In order to update the enrolled certificate one may call + + openssl cmp -section insta,kur + +using with PBM-based protection or + + openssl cmp -section insta,kur,signature + +using signature-based protection. + +In a similar way any previously enrolled certificate may be revoked by + + openssl cmp -section insta,rr -trusted insta.ca.crt + +or + + openssl cmp -section insta,rr,signature + +Many more options can be used in the configuration file +and/or on the command line. + + +=head2 Certificate enrollment + +The following examples at first do not make use of a configuration file. +They assume that a CMP server can be contacted on the local TCP port 80 +and accepts requests under the alias "/pkix/". + +For enrolling its very first certificate the client generates a first client key +and sends an initial request message to the local CMP server +using a pre-shared secret key for mutual authentication. +In this example the client does not have the CA certificate yet, +so we specify the name of the CA with the B<-recipient> option +and save any CA certificates that we may receive in the C file. + +In below command line usage examples the C<\> at line ends is just used +for formatting; each of the command invocations should be on a single line. + + openssl genrsa -out cl_key.pem + openssl cmp -cmd ir -server 127.0.0.1:80 -path pkix/ \ + -ref 1234 -secret pass:1234-5678-1234-5678 \ + -recipient "/CN=CMPserver" \ + -newkey cl_key.pem -subject "/CN=MyName" \ + -cacertsout capubs.pem -certout cl_cert.pem + + +=head2 Certificate update + +Then, when the client certificate and its related key pair needs to be updated, +the client can send a key update request taking the certs in C +as trusted for authenticating the server and using the previous cert and key +for its own authentication. +Then it can start using the new cert and key. + + openssl genrsa -out cl_key_new.pem + openssl cmp -cmd kur -server 127.0.0.1:80 -path pkix/ \ + -trusted capubs.pem \ + -cert cl_cert.pem -key cl_key.pem \ + -newkey cl_key_new.pem -certout cl_cert.pem + cp cl_key_new.pem cl_key.pem + +This command sequence can be repated as often as needed. + + +=head2 Requesting information from CMP server + +Requesting "all relevant information" with an empty General Message. +This prints information about all received ITAV Bs to stdout. + + openssl cmp -cmd genm -server 127.0.0.1 -path pkix/ \ + -ref 1234 -secret pass:1234-5678-1234-5678 \ + -recipient "/CN=CMPserver" + + +=head2 Using a custom configuration file + +For CMP client invocations, in particular for certificate enrollment, +usually many parameters need to be set, which is tedious and error-prone to do +on the command line. +Therefore the client offers the possibility to read +options from sections of the OpenSSL config file, usually called B. +The values found there can still be extended and even overridden by any +subsequently loaded sections and on the command line. + +After including in the configuration file the following sections: + + [cmp] + server = 127.0.0.1 + path = pkix/ + trusted = capubs.pem + cert = cl_cert.pem + key = cl_key.pem + newkey = cl_key.pem + certout = cl_cert.pem + + [cmp-init] + recipient = "/CN=CMPserver" + trusted = + cert = + key = + ref = 1234 + secret = pass:1234-5678-1234-567 + subject = "/CN=MyName" + cacertsout = capubs.pem + +the above enrollment invocations reduce to + + openssl cmp -section cmp,cmp-init + openssl cmp -cmd kur -newkey cl_key_new.pem + +and the above genm call reduces to + + openssl cmp -section cmp,cmp-init -cmd genm + +=head1 SEE ALSO + +L, L, L, +L, L, L + +=head1 COPYRIGHT + +Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index 354965b7d4..c8eacfc3d9 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -28,7 +28,7 @@ OSSL_CMP_CTX_set0_trustedStore, OSSL_CMP_CTX_get0_trustedStore, OSSL_CMP_CTX_set1_untrusted_certs, OSSL_CMP_CTX_get0_untrusted_certs, -OSSL_CMP_CTX_set1_clCert, +OSSL_CMP_CTX_set1_cert, OSSL_CMP_CTX_set1_pkey, OSSL_CMP_CTX_set1_referenceValue, OSSL_CMP_CTX_set1_secretValue, @@ -102,7 +102,7 @@ OSSL_CMP_CTX_set1_senderNonce STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx); /* client authentication: */ - int OSSL_CMP_CTX_set1_clCert(OSSL_CMP_CTX *ctx, X509 *cert); + int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert); int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, const unsigned char *ref, int len); @@ -226,18 +226,18 @@ The following options can be set: =item B - The digest algorithm NID to be used in RFC 4210's MSG_SIG_ALG, - if applicable used for message protection and Proof-of-Possession. + The NID of the digest algorithm to be used in RFC 4210's MSG_SIG_ALG + for signature-based message protection and Proof-of-Possession (POPO). Default is SHA256. - OSSL_CMP_OPT_OWF_ALGNID - The digest algorithm NID to be used as one-way function (OWF) - in RFC 4210's MSG_MAC_ALG, if applicable used for message protection. +=item B + The NID of the digest algorithm to be used as one-way function (OWF) + in RFC 4210's MSG_MAC_ALG for PBM-based message protection. Default is SHA256. - OSSL_CMP_OPT_MAC_ALGNID - The MAC algorithm NID to be used in RFC 4210's MSG_MAC_ALG, - if applicable used for message protection. +=item B + The NID of the MAC algorithm to be used in RFC 4210's MSG_MAC_ALG + for PBM-based message protection. Default is HMAC-SHA1 as per RFC 4210. =item B @@ -403,26 +403,26 @@ parameter the entry is cleared. OSSL_CMP_CTX_get0_trustedStore() returns a pointer to the certificate store containing trusted root CA certificates, which may be empty if unset. -OSSL_CMP_CTX_set1_untrusted_certs() takes over a list of certificates containing -non-trusted intermediate certs used for path construction in authentication -of the CMP server and potentially others (TLS server, newly enrolled cert). +OSSL_CMP_CTX_set1_untrusted_certs() sets up a list of non-trusted certificates +of intermediate CAs that may be useful for path construction when authenticating +the CMP server and when verifying newly enrolled certificates. The reference counts of those certificates handled successfully are increased. OSSL_CMP_CTX_get0_untrusted_certs(OSSL_CMP_CTX *ctx) returns a pointer to the -list of untrusted certs, which my be empty if unset. +list of untrusted certs, which may be empty if unset. -OSSL_CMP_CTX_set1_clCert() sets the client certificate in the given B. -The public key of this B must correspond to +OSSL_CMP_CTX_set1_cert() sets the certificate used for CMP message protection. +The public key of this B must correspond to the private key set via B. When using signature-based protection of CMP request messages this "protection certificate" will be included first in the extraCerts field. -The subject of this B will be used as the "sender" field +The subject of this B will be used as the "sender" field of outgoing CMP messages, with the fallback being the B set via B. The B argument may be NULL to clear the entry. -OSSL_CMP_CTX_set1_pkey() sets the private key corresponding to -the client certificate B set via B. +OSSL_CMP_CTX_set1_pkey() sets the private key corresponding to the +protecting certificate B set via B. This key is used create signature-based protection (protectionAlg = MSG_SIG_ALG) of outgoing messages unless a PBM secret has been set via B. @@ -438,11 +438,11 @@ PBM-based protection takes precedence over signature-based protection. OSSL_CMP_CTX_set1_referenceValue() sets the given referenceValue B with length B in the given B or clears it if the B argument is NULL. According to RFC 4210 section 5.1.1, if no value for the "sender" field in -CMP message headers can be determined (i.e., no B and no B -is given) then the "sender" field will contain the NULL-DN +CMP message headers can be determined (i.e., no protecting certificate B +and no B is given) then the "sender" field will contain the NULL-DN and the senderKID field of the CMP message header must be set. When signature-based protection is used the senderKID will be set to -the subjectKeyIdentifier of the as far as present. +the subjectKeyIdentifier of the protecting B as far as present. If not present or when PBM-based protection is used the B value is taken as the fallback value for the senderKID. @@ -451,7 +451,7 @@ PKIHeader of a request message, i.e. the X509 name of the (CA) server. Setting is overruled by subject of B if set. If neither B nor recipient are set, the recipient of the PKI message is determined in the following order: issuer, issuer of old cert (oldCert), -issuer of client cert (B), else NULL-DN. +issuer of protecting certificate (B), else NULL-DN. When a response is received, its sender must match the recipient of the request. OSSL_CMP_CTX_push0_geninfo_ITAV() adds B to the stack in the B to be @@ -481,7 +481,7 @@ the CertTemplate structure when requesting a new cert. For Key Update Requests see B. This default is used for Initialization Requests (IR) and Certification Requests (CR) only if no SANs are set. The B is also used as the "sender" field for outgoing CMP messages -if no B has been set (e.g., in case requests are protected using PBM). +if no B has been set (e.g., in case requests are protected using PBM). OSSL_CMP_CTX_push1_subjectAltName() adds the given X509 name to the list of alternate names on the certificate template request. This cannot be used if @@ -507,7 +507,7 @@ to the X509_EXTENSIONS of the requested certificate template. OSSL_CMP_CTX_set1_oldCert() sets the old certificate to be updated in Key Update Requests (KUR) or to be revoked in Revocation Requests (RR). -It must be given for RR, else it defaults to B. +It must be given for RR, else it defaults to the protecting B. The B determined in this way, if any, is also used for deriving default subject DN and Subject Alternative Names for IR, CR, and KUR. Its issuer, if any, is used as default recipient in the CMP message header. @@ -608,52 +608,56 @@ All other functions return 1 on success, 0 on error. =head1 EXAMPLES -The following code does an Initialization Request: +The following code omits error handling. - cmp_ctx = OSSL_CMP_CTX_new(); - OSSL_CMP_CTX_set1_server(cmp_ctx, address); - OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len); - OSSL_CMP_CTX_set1_secretValue(cmp_ctx, sec, sec_len); - OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1); - OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert); +Set up a CMP client context for sending requests and verifying responses: - initialClCert = OSSL_CMP_exec_IR_ses(cmp_ctx); + cmp_ctx = OSSL_CMP_CTX_new(); + OSSL_CMP_CTX_set1_server(cmp_ctx, name_or_address); + OSSL_CMP_CTX_set1_serverPort(cmp_ctx, port_string); + OSSL_CMP_CTX_set1_serverPath(cmp_ctx, path_or_alias); + OSSL_CMP_CTX_set0_trustedStore(cmp_ctx, ts); -The following code does an Initialization Request using an -external identity certificate (RFC 4210, Appendix E.7): +Set up client credentials for password-based protection (PBM): - cmp_ctx = OSSL_CMP_CTX_new(); - OSSL_CMP_CTX_set1_server(cmp_ctx, sname); - OSSL_CMP_CTX_set1_clCert(cmp_ctx, cl_cert); - OSSL_CMP_CTX_set1_pkey(cmp_ctx, pkey); - OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1); - OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert); + OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len); + OSSL_CMP_CTX_set1_secretValue(cmp_ctx, sec, sec_len); - initialClCert = OSSL_CMP_exec_IR_ses(cmp_ctx); +Set up the details for certificate requests: -Here externalCert is an X509 certificate granted to the EE by another CA -which is trusted by the current CA the code will connect to. + OSSL_CMP_CTX_set1_subjectName(cmp_ctx, name); + OSSL_CMP_CTX_set0_newPkey(cmp_ctx, 1, initialKey); +Perform an Initialization Request transaction: -The following code does a Key Update Request: + initialCert = OSSL_CMP_exec_IR_ses(cmp_ctx); - cmp_ctx = OSSL_CMP_CTX_new(); - OSSL_CMP_CTX_set1_server(cmp_ctx, url); - OSSL_CMP_CTX_set1_pkey(cmp_ctx, pkey); - OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1); - OSSL_CMP_CTX_set1_clCert(cmp_ctx, cl_cert); - OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert); +Reset the transaction state of the CMP context and the credentials: - updatedClCert = OSSL_CMP_exec_KUR_ses(cmp_ctx); + OSSL_CMP_CTX_reinit(cmp_ctx); + OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, NULL, 0); + OSSL_CMP_CTX_set1_secretValue(cmp_ctx, NULL, 0); -The following code (which omits error handling) sends a General Message -including, as an example, the id-it-signKeyPairTypes OID and prints info on -the General Response contents. +Perform a Certification Request transaction, making use of the new credentials: - cmp_ctx = OSSL_CMP_CTX_new(); - OSSL_CMP_CTX_set1_server(cmp_ctx, sname); - OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len); - OSSL_CMP_CTX_set1_secretValue(cmp_ctx, sec, sec_len); + OSSL_CMP_CTX_set1_cert(cmp_ctx, initialCert); + OSSL_CMP_CTX_set1_pkey(cmp_ctx, initialKey); + OSSL_CMP_CTX_set0_newPkey(cmp_ctx, 1, curentKey); + currentCert = OSSL_CMP_exec_CR_ses(cmp_ctx); + +Perform a Key Update Request, signed using the cert (and key) to be updated: + + OSSL_CMP_CTX_reinit(cmp_ctx); + OSSL_CMP_CTX_set1_cert(cmp_ctx, currentCert); + OSSL_CMP_CTX_set1_pkey(cmp_ctx, currentKey); + OSSL_CMP_CTX_set0_newPkey(cmp_ctx, 1, updatedKey); + currentCert = OSSL_CMP_exec_KUR_ses(cmp_ctx); + currentKey = updatedKey; + +Perform a General Message transaction including, as an example, +the id-it-signKeyPairTypes OID and prints info on the General Response contents: + + OSSL_CMP_CTX_reinit(cmp_ctx); ASN1_OBJECT *type = OBJ_txt2obj("1.3.6.1.5.5.7.4.2", 1); OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_new(type, NULL); diff --git a/doc/man3/OSSL_CMP_MSG_get0_header.pod b/doc/man3/OSSL_CMP_MSG_get0_header.pod index bd51eb5598..3ab76c14df 100644 --- a/doc/man3/OSSL_CMP_MSG_get0_header.pod +++ b/doc/man3/OSSL_CMP_MSG_get0_header.pod @@ -3,6 +3,7 @@ =head1 NAME OSSL_CMP_MSG_get0_header, +OSSL_CMP_MSG_update_transactionID, d2i_OSSL_CMP_MSG_bio, i2d_OSSL_CMP_MSG_bio - function(s) manipulating CMP messages @@ -12,17 +13,22 @@ i2d_OSSL_CMP_MSG_bio #include OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); + int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); =head1 DESCRIPTION -OSSL_CMP_MSG_get0_header returns the header of the given CMP message. +OSSL_CMP_MSG_get0_header() returns the header of the given CMP message. -d2i_OSSL_CMP_MSG_bio parses an ASN.1-encoded OSSL_CMP_MSG from the BIO I. +OSSL_CMP_MSG_update_transactionID() updates the transactionID field +in the header of the given message according to the CMP_CTX. +This requires re-protecting the message (if it was protected). + +d2i_OSSL_CMP_MSG_bio() parses an ASN.1-encoded OSSL_CMP_MSG from the BIO I. It assigns a pointer to the new structure to I<*msg> if I is not NULL. -i2d_OSSL_CMP_MSG_bio writes the OSSL_CMP_MSG I in ASN.1 encoding +i2d_OSSL_CMP_MSG_bio() writes the OSSL_CMP_MSG I in ASN.1 encoding to BIO I. =head1 NOTES @@ -36,7 +42,8 @@ or NULL if the respective entry does not exist and on error. d2i_OSSL_CMP_MSG_bio() returns the parsed message or NULL on error. -i2d_OSSL_CMP_MSG_bio() returns 1 on success or 0 on error. +i2d_OSSL_CMP_MSG_bio() and OSSL_CMP_MSG_update_transactionID() +return 1 on success, 0 on error. =head1 HISTORY diff --git a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod index f8c58dfc53..b760db1983 100644 --- a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod +++ b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod @@ -17,16 +17,18 @@ OSSL_CRMF_MSG_get_certReqId OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); ASN1_INTEGER - *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(OSSL_CRMF_CERTTEMPLATE *tmpl); - X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(OSSL_CRMF_CERTTEMPLATE *tmpl); + *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); + X509_NAME + *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); - X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(OSSL_CRMF_ENCRYPTEDVALUE *ecert, - EVP_PKEY *pkey); + X509 + *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert, + EVP_PKEY *pkey); - int OSSL_CRMF_MSG_get_certReqId(OSSL_CRMF_MSG *crm); + int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm); =head1 DESCRIPTION diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h index 66e3f40860..e06fba9b7f 100644 --- a/include/openssl/cmp.h +++ b/include/openssl/cmp.h @@ -294,7 +294,7 @@ X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx); /* client authentication: */ -int OSSL_CMP_CTX_set1_clCert(OSSL_CMP_CTX *ctx, X509 *cert); +int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert); int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, const unsigned char *ref, int len); @@ -310,7 +310,8 @@ int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); -int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, const GENERAL_NAME *name); +int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, + const GENERAL_NAME *name); int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts); int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo); @@ -346,11 +347,13 @@ OSSL_CMP_PKISI * OSSL_CMP_STATUSINFO_new(int status, int fail_info, const char *text); /* from cmp_hdr.c */ -ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const OSSL_CMP_PKIHEADER *hdr); +ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const + OSSL_CMP_PKIHEADER *hdr); ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); /* from cmp_msg.c */ OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); +int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); @@ -387,7 +390,7 @@ typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, const OSSL_CMP_PKISI *statusInfo, const ASN1_INTEGER *errorCode, - const OSSL_CMP_PKIFREETEXT *errorDetails); + const OSSL_CMP_PKIFREETEXT *errDetails); typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId, @@ -418,10 +421,10 @@ X509 *OSSL_CMP_exec_IR_ses(OSSL_CMP_CTX *ctx); X509 *OSSL_CMP_exec_CR_ses(OSSL_CMP_CTX *ctx); X509 *OSSL_CMP_exec_P10CR_ses(OSSL_CMP_CTX *ctx); X509 *OSSL_CMP_exec_KUR_ses(OSSL_CMP_CTX *ctx); -# define OSSL_CMP_IR OSSL_CMP_PKIBODY_IR -# define OSSL_CMP_CR OSSL_CMP_PKIBODY_CR -# define OSSL_CMP_P10CR OSSL_CMP_PKIBODY_P10CR -# define OSSL_CMP_KUR OSSL_CMP_PKIBODY_KUR +# define OSSL_CMP_IR OSSL_CMP_PKIBODY_IR +# define OSSL_CMP_CR OSSL_CMP_PKIBODY_CR +# define OSSL_CMP_P10CR OSSL_CMP_PKIBODY_P10CR +# define OSSL_CMP_KUR OSSL_CMP_PKIBODY_KUR int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, int *checkAfter); int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, const char **text); diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c index b10662349c..ab2b930277 100644 --- a/test/cmp_client_test.c +++ b/test/cmp_client_test.c @@ -67,7 +67,7 @@ static CMP_SES_TEST_FIXTURE *set_up(const char *const test_case_name) || !ossl_cmp_mock_srv_set1_certOut(fixture->srv_ctx, client_cert) || (srv_cmp_ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(fixture->srv_ctx)) == NULL - || !OSSL_CMP_CTX_set1_clCert(srv_cmp_ctx, server_cert) + || !OSSL_CMP_CTX_set1_cert(srv_cmp_ctx, server_cert) || !OSSL_CMP_CTX_set1_pkey(srv_cmp_ctx, server_key)) goto err; if (!TEST_ptr(fixture->cmp_ctx = ctx = OSSL_CMP_CTX_new()) diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c index 6f6a13673c..898053424e 100644 --- a/test/cmp_ctx_test.c +++ b/test/cmp_ctx_test.c @@ -746,7 +746,7 @@ DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set0, get0, 0, trustedStore, DEFAULT_STORE, X509_STORE_new_1(), X509_STORE_free) DEFINE_SET_GET_SK_X509_TEST(OSSL_CMP, CTX, 1, 0, untrusted_certs) -DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, clCert, X509) +DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, cert, X509) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, pkey, EVP_PKEY) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, recipient, X509_NAME) @@ -829,7 +829,7 @@ int setup_tests(void) ADD_TEST(test_CTX_set0_get0_trustedStore); ADD_TEST(test_CTX_set1_get0_untrusted_certs); /* client authentication: */ - ADD_TEST(test_CTX_set1_get0_clCert); + ADD_TEST(test_CTX_set1_get0_cert); ADD_TEST(test_CTX_set1_get0_pkey); /* the following two also test ossl_cmp_asn1_octet_string_set1_bytes(): */ ADD_TEST(test_CTX_set1_get1_referenceValue_str); diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c index 413e284fcc..ca03dc23e3 100644 --- a/test/cmp_msg_test.c +++ b/test/cmp_msg_test.c @@ -165,7 +165,7 @@ static int test_cmp_create_ir_protection_fails(void) if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, newkey)) || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) /* newkey used by default for signing does not match cert: */ - || !TEST_true(OSSL_CMP_CTX_set1_clCert(fixture->cmp_ctx, cert))) { + || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) { tear_down(fixture); fixture = NULL; } diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c index ce5a6cb420..1d1e009aca 100644 --- a/test/cmp_protect_test.c +++ b/test/cmp_protect_test.c @@ -242,7 +242,7 @@ static int test_MSG_protect_with_certificate_and_key(void) OSSL_CMP_MSG_dup(ir_unprotected)) || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey)) - || !TEST_true(OSSL_CMP_CTX_set1_clCert(fixture->cmp_ctx, cert))) { + || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) { tear_down(fixture); fixture = NULL; } diff --git a/test/recipes/65-test_cmp_vfy_data/insta.priv.pem b/test/insta.priv.pem similarity index 100% copy from test/recipes/65-test_cmp_vfy_data/insta.priv.pem copy to test/insta.priv.pem diff --git a/test/recipes/65-test_cmp_vfy_data/insta_ca.cert.pem b/test/insta_ca.cert.pem similarity index 100% copy from test/recipes/65-test_cmp_vfy_data/insta_ca.cert.pem copy to test/insta_ca.cert.pem diff --git a/util/libcrypto.num b/util/libcrypto.num index 590157fe8b..ec6acaefd4 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4771,7 +4771,7 @@ OSSL_CMP_CTX_set0_trustedStore ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_get0_trustedStore ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set1_untrusted_certs ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_get0_untrusted_certs ? 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_clCert ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_cert ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set1_pkey ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set1_referenceValue ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set1_secretValue ? 3_0_0 EXIST::FUNCTION:CMP @@ -4902,6 +4902,7 @@ i2d_X509_PUBKEY_bio ? 3_0_0 EXIST::FUNCTION: RSA_get0_pss_params ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509_cmp_timeframe ? 3_0_0 EXIST::FUNCTION: OSSL_CMP_MSG_get0_header ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_update_transactionID ? 3_0_0 EXIST::FUNCTION:CMP BIO_f_prefix ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_new_from_name ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_new_from_pkey ? 3_0_0 EXIST::FUNCTION: From openssl at openssl.org Thu May 14 00:31:12 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 14 May 2020 00:31:12 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1589416272.517230.7459.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: f523ca6661 Replace misleading error message when loading PEM 914db66d23 CORE: Attach the provider context to the provider late fdaad3f1b3 Fix some misunderstandings in our providers' main modules b0f3c59408 CORE: Fix the signature of OSSL_provider_query_operation_fn b2952366dd Fix d2i_PrivateKey_ex() to work as documented 885a2a399d Fix CHANGES.md issues reported by markdownlint Build log ended with (last 100 lines): rm -f *.ld rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_cmp.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/ISSUER_SIGN_TOOL_new.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/Ed25519.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_cmp.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/ISSUER_SIGN_TOOL_new.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/Ed25519.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/sslprovidertest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_dsa.c providers/common/der/der_ec.c providers/common/der/der_rsa.c providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha2-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:26:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4024: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3010: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Thu May 14 04:43:53 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 14 May 2020 04:43:53 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1589431433.285559.20426.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: f523ca6661 Replace misleading error message when loading PEM 914db66d23 CORE: Attach the provider context to the provider late fdaad3f1b3 Fix some misunderstandings in our providers' main modules b0f3c59408 CORE: Fix the signature of OSSL_provider_query_operation_fn b2952366dd Fix d2i_PrivateKey_ex() to work as documented 885a2a399d Fix CHANGES.md issues reported by markdownlint Build log ended with (last 100 lines): rm -f *.ld rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_cmp.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/ISSUER_SIGN_TOOL_new.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/Ed25519.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_cmp.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/ISSUER_SIGN_TOOL_new.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/Ed25519.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/sslprovidertest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_dsa.c providers/common/der/der_ec.c providers/common/der/der_rsa.c providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha2-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:26:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4008: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:2994: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From beldmit at gmail.com Thu May 14 06:32:21 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Thu, 14 May 2020 06:32:21 +0000 Subject: [openssl] master update Message-ID: <1589437941.692235.3709.nullmailer@dev.openssl.org> The branch master has been updated via c4e3a727209b8ae165a0abe085488845e246ea0e (commit) from 63f1883dca7a42949e8b9db5b035c17fc160f998 (commit) - Log ----------------------------------------------------------------- commit c4e3a727209b8ae165a0abe085488845e246ea0e Author: Nikolay Morozov Date: Mon May 11 20:51:31 2020 +0300 Add documentation for ASN1_INTEGER_new() and ASN1_INTEGER_free() Reviewed-by: Shane Lontis Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/11795) ----------------------------------------------------------------------- Summary of changes: doc/man3/ASN1_INTEGER_new.pod | 44 +++++++++++++++++++++++++++++++++++++++++++ util/missingcrypto.txt | 2 -- 2 files changed, 44 insertions(+), 2 deletions(-) create mode 100644 doc/man3/ASN1_INTEGER_new.pod diff --git a/doc/man3/ASN1_INTEGER_new.pod b/doc/man3/ASN1_INTEGER_new.pod new file mode 100644 index 0000000000..4722f880c0 --- /dev/null +++ b/doc/man3/ASN1_INTEGER_new.pod @@ -0,0 +1,44 @@ +=pod + +=head1 NAME + +ASN1_INTEGER_new, ASN1_INTEGER_free - ASN1_INTEGER allocation functions + +=head1 SYNOPSIS + +=for openssl generic + + #include + + ASN1_INTEGER *ASN1_INTEGER_new(void); + void ASN1_INTEGER_free(ASN1_INTEGER *a); + +=head1 DESCRIPTION + +ASN1_INTEGER_new() returns an allocated B structure. + +ASN1_INTEGER_free() frees up a single B object. + +B structure representing the ASN.1 INTEGER type + +=head1 RETURN VALUES + +ASN1_INTEGER_new() return a valid B structure or NULL +if an error occurred. + +ASN1_INTEGER_free() does not return a value. + +=head1 SEE ALSO + +L + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index 0f53ea5e55..3473a8694c 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -49,9 +49,7 @@ ASN1_IA5STRING_it(3) ASN1_IA5STRING_new(3) ASN1_INTEGER_cmp(3) ASN1_INTEGER_dup(3) -ASN1_INTEGER_free(3) ASN1_INTEGER_it(3) -ASN1_INTEGER_new(3) ASN1_NULL_free(3) ASN1_NULL_it(3) ASN1_NULL_new(3) From levitte at openssl.org Thu May 14 08:06:27 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 14 May 2020 08:06:27 +0000 Subject: [openssl] master update Message-ID: <1589443587.017832.16236.nullmailer@dev.openssl.org> The branch master has been updated via a87820e16bbbbb1f8a68ddaf3aa1159da886acca (commit) via bcb018e70b596811146a17d95532498bbe3ef13a (commit) from c4e3a727209b8ae165a0abe085488845e246ea0e (commit) - Log ----------------------------------------------------------------- commit a87820e16bbbbb1f8a68ddaf3aa1159da886acca Author: Richard Levitte Date: Tue May 12 15:27:32 2020 +0200 test/evp_extra_test.c: Add test for CMAC keygen with a NULL engine Verifies that #11671 is fixed Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11674) commit bcb018e70b596811146a17d95532498bbe3ef13a Author: Richard Levitte Date: Wed Apr 29 06:55:40 2020 +0200 EVP: Only use the engine when one is defined, in pkey_mac_ctrl() Fixes #11671 Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11674) ----------------------------------------------------------------------- Summary of changes: crypto/evp/pkey_mac.c | 18 +++++++++++------- test/evp_extra_test.c | 22 ++++++++++++++++++++++ 2 files changed, 33 insertions(+), 7 deletions(-) diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c index 56231e3938..3503aac6d3 100644 --- a/crypto/evp/pkey_mac.c +++ b/crypto/evp/pkey_mac.c @@ -308,11 +308,14 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) OSSL_PARAM params[3]; size_t params_n = 0; char *ciphname = (char *)OBJ_nid2sn(EVP_CIPHER_nid(p2)); + #ifndef OPENSSL_NO_ENGINE - char *engineid = (char *)ENGINE_get_id(ctx->engine); + if (ctx->engine != NULL) { + char *engid = (char *)ENGINE_get_id(ctx->engine); - params[params_n++] = - OSSL_PARAM_construct_utf8_string("engine", engineid, 0); + params[params_n++] = + OSSL_PARAM_construct_utf8_string("engine", engid, 0); + } #endif params[params_n++] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, @@ -458,13 +461,14 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) size_t params_n = 0; char *mdname = (char *)OBJ_nid2sn(EVP_MD_nid(hctx->raw_data.md)); + #ifndef OPENSSL_NO_ENGINE - char *engineid = ctx->engine == NULL - ? NULL : (char *)ENGINE_get_id(ctx->engine); + if (ctx->engine != NULL) { + char *engid = (char *)ENGINE_get_id(ctx->engine); - if (engineid != NULL) params[params_n++] = - OSSL_PARAM_construct_utf8_string("engine", engineid, 0); + OSSL_PARAM_construct_utf8_string("engine", engid, 0); + } #endif params[params_n++] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 9deae29c47..bbd95850c6 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1179,6 +1179,27 @@ static int test_EVP_PKEY_check(int i) return ret; } +static int test_CMAC_keygen(void) +{ + /* + * This is a legacy method for CMACs, but should still work. + * This verifies that it works without an ENGINE. + */ + EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL); + int ret = 0; + + if (!TEST_true(EVP_PKEY_keygen_init(kctx) > 0) + && !TEST_true(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_CIPHER, + 0, (void *)EVP_aes_256_ecb()) > 0)) + goto done; + ret = 1; + + done: + EVP_PKEY_CTX_free(kctx); + return ret; +} + static int test_HKDF(void) { EVP_PKEY_CTX *pctx; @@ -1630,6 +1651,7 @@ int setup_tests(void) if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) return 0; ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); + ADD_TEST(test_CMAC_keygen); ADD_TEST(test_HKDF); #ifndef OPENSSL_NO_EC ADD_TEST(test_X509_PUBKEY_inplace); From levitte at openssl.org Thu May 14 10:23:12 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 14 May 2020 10:23:12 +0000 Subject: [openssl] master update Message-ID: <1589451792.836620.26710.nullmailer@dev.openssl.org> The branch master has been updated via 90ad284f4e76254f8d67686ae3a5d6c576037091 (commit) via 16e3588d98b313701a55ab1337b1d30ba7b08872 (commit) via d49be019d257149d61b9061be83602ec51fa9812 (commit) via f63f3b72949e5437a9bd6de67e9301a8c24c731e (commit) via d59b7a54a5332303c42c3d097db5764dc809ecc9 (commit) via 106ec30bc74d5cd3086a3b959a11d73e46d7b9d8 (commit) via e25761b10d48abb36a5863b087152be81ea28466 (commit) via 2d5536609ba92481daf42614a36bafb4e1d99293 (commit) via 2c6094baca6476d8b024dc7d9f461dae597ae797 (commit) via ea297dca509b16190ad0a915f1324777b08ed8d8 (commit) via 8a758e96f2865f0aee417025630626f095bb3ae3 (commit) via 0ec36bf117b2c79f5663effd638410f1676c38dd (commit) via 36a2a551d7dd5628a3533f7f23b1f3827f9535f7 (commit) via 2275ff656c6d2043b40663686ec6627613d68318 (commit) via 967cc3f9390740f76f6ef3c91f2aeceab1902b19 (commit) via 15671090f46364a0e92456b32ead7b4714ae0b5e (commit) via e9d6186e0507fb814310c5230293ff62310c5f9d (commit) via 645a541a3fdabd32cb8cbda48651f4150486189d (commit) via 484d1a73c70000ad07b156f04368b3922f9910b7 (commit) from a87820e16bbbbb1f8a68ddaf3aa1159da886acca (commit) - Log ----------------------------------------------------------------- commit 90ad284f4e76254f8d67686ae3a5d6c576037091 Author: Richard Levitte Date: Tue May 12 10:27:46 2020 +0200 PROV: make some DER AID arrays non-static, to avoid clang complaints The problem encountered is that some arrays were deemed unnecessary by clang, for example: providers/common/der/der_rsa.c:424:28: error: variable 'der_aid_sha224Identifier' is not needed and will not be emitted [-Werror,-Wunneeded-internal-declaration] static const unsigned char der_aid_sha224Identifier[] = { ^ However, these arrays are used in sizeof() expressions in other parts of the code that's actually used, making that warning-turned-error a practical problem. We solve this by making the array non-static, which guarantees that the arrays will be emitted, even though unnecessarily. Fortunately, they are very small. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit 16e3588d98b313701a55ab1337b1d30ba7b08872 Author: Richard Levitte Date: Tue May 12 09:54:04 2020 +0200 .travis.yml: never use -Werror, use --strict-warnings instead There are a few things in the OpenSSL code that are known to give warnings that we know are harmless. We test our builds accordingly. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit d49be019d257149d61b9061be83602ec51fa9812 Author: Richard Levitte Date: Mon May 11 18:27:04 2020 +0200 test/recipes/15-test_rsapss.t: Add test with unrestricted signature Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit f63f3b72949e5437a9bd6de67e9301a8c24c731e Author: Richard Levitte Date: Fri May 8 19:39:44 2020 +0200 test/ssl-tests/20-cert-select.cnf.in: Re-enable RSA-PSS related tests There were a few RSA-PSS related tests that were disabled for non-default library contexts. We now re-enable them. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit d59b7a54a5332303c42c3d097db5764dc809ecc9 Author: Richard Levitte Date: Thu May 7 09:56:52 2020 +0200 test/evp_pkey_provided_test.c: Display first, compare after To make it easier to check the generated key manually, display it before comparing diverse other serializations. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit 106ec30bc74d5cd3086a3b959a11d73e46d7b9d8 Author: Richard Levitte Date: Wed May 6 21:52:12 2020 +0200 PROV & ASYM_CIPHER: Adapt the RSA asymmetric cipher code for PSS-parameters Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit e25761b10d48abb36a5863b087152be81ea28466 Author: Richard Levitte Date: Tue May 5 10:29:34 2020 +0200 EVP: Refactor the RSA-PSS key generation controls for providers Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit 2d5536609ba92481daf42614a36bafb4e1d99293 Author: Richard Levitte Date: Sun May 3 06:02:52 2020 +0200 PROV & SIGNATURE: Adapt the RSA signature code for PSS-parameters Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit 2c6094baca6476d8b024dc7d9f461dae597ae797 Author: Richard Levitte Date: Wed May 6 21:44:58 2020 +0200 EVP: For SIGNATURE operations, pass the propquery early Instead of passing it with signature->digest_verify_init() and signature->digest_sign_init(), we pass it with signature->newctx(). This allows the digests that are indicated by RSA PSS parameters to have a useful propquery. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit ea297dca509b16190ad0a915f1324777b08ed8d8 Author: Richard Levitte Date: Sat May 2 13:39:40 2020 +0200 PROV & SERIALIZER: Adapt the RSA serializers for PSS-parameters Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit 8a758e96f2865f0aee417025630626f095bb3ae3 Author: Richard Levitte Date: Sat May 2 13:31:47 2020 +0200 PROV & KEYMGMT: Add PSS-parameter support in the RSA KEYMGMT implementation Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit 0ec36bf117b2c79f5663effd638410f1676c38dd Author: Richard Levitte Date: Thu May 7 08:51:09 2020 +0200 PROV: Refactor the RSA SIGNATURE implementation for better param control We want to catch errors in passed parameters early, which requires kowledge of the ongoing operation. Fortunately, that's possible by re-using the EVP_PKEY_OP macros in specific init functions. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit 36a2a551d7dd5628a3533f7f23b1f3827f9535f7 Author: Richard Levitte Date: Sat May 2 13:25:52 2020 +0200 PROV: Refactor the RSA DER support We separate out the NIST arc OIDs to a separate file, so it can be re-used, and also the DIGEST OIDs. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit 2275ff656c6d2043b40663686ec6627613d68318 Author: Richard Levitte Date: Sat May 2 13:33:24 2020 +0200 DER writer: Add the possibility to abandon empty SEQUENCEs In some cases, a SEQUENCE that contains only optional fields may end up empty. In some cases, this may be represented by dropping the SEQUENCE entirely from the encoded DER. To do this, we detect the case where WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH is used, and adapt accordingly. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit 967cc3f9390740f76f6ef3c91f2aeceab1902b19 Author: Richard Levitte Date: Sat May 2 13:14:04 2020 +0200 RSA: Add PSS-parameter processing in EVP_PKEY_ASN1_METHOD functions The import and export functions are affected. We also refactor them to assign the RSA key type more carefully. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit 15671090f46364a0e92456b32ead7b4714ae0b5e Author: Richard Levitte Date: Sat May 2 12:46:55 2020 +0200 RSA: Add a less loaded PSS-parameter structure RSA_PSS_PARAMS carries with it a lot of baggage in form of X509_ALGOR and ASN1_INTEGER, which we would rather avoid in our providers. Therefore, we create a parallell structure - RSA_PSS_PARAMS_30 - that contains the same information, but uses numeric identities (*) and C integers (**). This makes it simpler to handle. Note that neither this structure nor its contents are passed between libcrypto and the providers. Instead, the numeric identities are translated to and from names, which are then passed over that boundary. For future considerations, we might consider dropping RSA_PSS_PARAMS entirely. For now, it's still reserved for EVP_PKEY_ASN1_METHOD code, which RSA_PSS_PARAMS_30 is (almost entirely) reserved for use in our providers. (*) We use NIDs in this case, because we already have them and because only algorithms that libcrypto knows about are permitted in PSS restrictions. We could use any number series we want, as long as we know for sure what they represent. (**) That's for saltlen and for trailerfield, which are never expect to surpass the set of numbers that fit in a regular 'int'. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit e9d6186e0507fb814310c5230293ff62310c5f9d Author: Richard Levitte Date: Sat May 2 12:41:39 2020 +0200 RSA: Add rsa_schemes.c, to store scheme data and translator functions The scheme currently added is OAEP-PSSDigestAlgorithms codified. The translator functions translate an EVP_MD into a NID, and a NID into a name, to support the creation and parsing of OSSL_PARAM items. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit 645a541a3fdabd32cb8cbda48651f4150486189d Author: Richard Levitte Date: Sat May 2 13:02:29 2020 +0200 RSA: Extract much of the rsa_pkey_export_to() code to a separate function The resulting function, rsa_todata(), is designed to be usable by providers as well. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) commit 484d1a73c70000ad07b156f04368b3922f9910b7 Author: Richard Levitte Date: Sat May 2 11:22:23 2020 +0200 RSA: Add RSA key types The support of restricted RSA key types (OAEP and PSS) was lacking, or dependent on the presence of restriction parameters. For example, this means that even though an RSA-PSS key may have been generated, it may appear as a plain unrestricted RSA key if parameters weren't present (which is the case when default restriction parameters are used) To make it clearer what an RSA key is intended for, and avoid depending in an EVP_PKEY, we introduce RSA key types. This is done by reserving a section of the RSA flags (4 bits, which allows a total of 16 different types). This isn't terribly important for EVP_PKEY_ASN1_METHOD code, as that has access to the wrapping EVP_PKEY. This is very important for provider code, which has no access to the wrapping EVP_PKEY. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 4 +- crypto/der_writer.c | 37 +- crypto/err/openssl.txt | 3 + crypto/evp/m_sigver.c | 9 +- crypto/evp/pmeth_lib.c | 9 +- crypto/evp/signature.c | 3 +- crypto/rsa/build.info | 2 +- crypto/rsa/rsa_ameth.c | 203 +++++++---- crypto/rsa/rsa_backend.c | 191 ++++++++++ crypto/rsa/rsa_lib.c | 132 ++++--- crypto/rsa/rsa_local.h | 13 +- crypto/rsa/rsa_pss.c | 136 +++++++ crypto/rsa/rsa_schemes.c | 86 +++++ include/crypto/rsa.h | 42 +++ include/openssl/core_names.h | 11 +- include/openssl/core_numbers.h | 9 +- include/openssl/evp.h | 2 +- include/openssl/rsa.h | 30 +- providers/common/der/DIGESTS.asn1 | 19 + providers/common/der/NIST.asn1 | 8 + providers/common/der/RSA.asn1 | 2 - providers/common/der/build.info | 11 +- .../common/der/{der_rsa.h.in => der_digests.c.in} | 11 +- .../common/der/{der_rsa.h.in => der_digests.h.in} | 7 +- providers/common/der/der_rsa.c.in | 402 +++++++++++++++++++-- providers/common/der/der_rsa.h.in | 7 +- providers/common/include/prov/providercommonerr.h | 3 + providers/common/provider_err.c | 4 + providers/defltprov.c | 13 + providers/fips/fipsprov.c | 1 + providers/implementations/asymciphers/rsa_enc.c | 11 +- .../implementations/include/prov/implementations.h | 1 + providers/implementations/keymgmt/rsa_kmgmt.c | 261 +++++++++---- providers/implementations/serializers/build.info | 3 + .../implementations/serializers/serializer_local.h | 8 + .../implementations/serializers/serializer_rsa.c | 145 ++++++++ .../serializers/serializer_rsa_priv.c | 39 +- .../serializers/serializer_rsa_pub.c | 10 +- providers/implementations/signature/dsa.c | 15 +- providers/implementations/signature/ecdsa.c | 12 +- providers/implementations/signature/eddsa.c | 4 +- providers/implementations/signature/rsa.c | 376 +++++++++++++------ test/evp_pkey_provided_test.c | 13 +- test/recipes/15-test_rsapss.t | 34 +- test/ssl-tests/20-cert-select.cnf.in | 5 +- util/libcrypto.num | 3 + 46 files changed, 1935 insertions(+), 415 deletions(-) create mode 100644 crypto/rsa/rsa_schemes.c create mode 100644 providers/common/der/DIGESTS.asn1 create mode 100644 providers/common/der/NIST.asn1 copy providers/common/der/{der_rsa.h.in => der_digests.c.in} (62%) copy providers/common/der/{der_rsa.h.in => der_digests.h.in} (67%) diff --git a/.travis.yml b/.travis.yml index 2bc040fe28..0ac0eb5bf9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -31,7 +31,7 @@ compiler: env: # Note: env entry here must exactly match the value in the exclude: table below that contains env:, otherwise it will not find a match. - CONFIG_OPTS="" DESTDIR="_install" - - CONFIG_OPTS="no-asm -Werror --debug no-afalgeng no-shared enable-rc5 enable-md2 -fsanitize=address" LSAN_OPTIONS="report_objects=1" + - CONFIG_OPTS="no-asm --debug --strict-warnings no-afalgeng no-shared enable-rc5 enable-md2 -fsanitize=address" LSAN_OPTIONS="report_objects=1" - CONFIG_OPTS="no-asm no-makedepend enable-buildtest-c++ --strict-warnings -D_DEFAULT_SOURCE" BUILDONLY="yes" CHECKDOCS="yes" CPPFLAGS="-ansi" jobs: @@ -45,7 +45,7 @@ jobs: - os: osx compiler: gcc - os: osx - env: CONFIG_OPTS="no-asm -Werror --debug no-afalgeng no-shared enable-rc5 enable-md2 -fsanitize=address" LSAN_OPTIONS="report_objects=1" + env: CONFIG_OPTS="no-asm --debug --strict-warnings no-afalgeng no-shared enable-rc5 enable-md2 -fsanitize=address" LSAN_OPTIONS="report_objects=1" include: - os: linux arch: arm64 diff --git a/crypto/der_writer.c b/crypto/der_writer.c index 26fd88592d..8762787504 100644 --- a/crypto/der_writer.c +++ b/crypto/der_writer.c @@ -24,12 +24,24 @@ static int int_start_context(WPACKET *pkt, int tag) static int int_end_context(WPACKET *pkt, int tag) { + /* + * If someone set the flag WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH on this + * sub-packet and this sub-packet has nothing written to it, the DER length + * will not be written, and the total written size will be unchanged before + * and after WPACKET_close(). We use size1 and size2 to determine if + * anything was written, and only write our tag if it has. + * + */ + size_t size1, size2; + if (tag < 0) return 1; if (!ossl_assert(tag <= 30)) return 0; - return WPACKET_close(pkt) - && WPACKET_put_bytes_u8(pkt, DER_C_CONTEXT | tag); + return WPACKET_get_total_written(pkt, &size1) + && WPACKET_close(pkt) + && WPACKET_get_total_written(pkt, &size2) + && (size1 == size2 || WPACKET_put_bytes_u8(pkt, DER_C_CONTEXT | tag)); } int DER_w_precompiled(WPACKET *pkt, int tag, @@ -136,7 +148,24 @@ int DER_w_begin_sequence(WPACKET *pkt, int tag) int DER_w_end_sequence(WPACKET *pkt, int tag) { - return WPACKET_close(pkt) - && WPACKET_put_bytes_u8(pkt, DER_F_CONSTRUCTED | DER_P_SEQUENCE) + /* + * If someone set the flag WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH on this + * sub-packet and this sub-packet has nothing written to it, the DER length + * will not be written, and the total written size will be unchanged before + * and after WPACKET_close(). We use size1 and size2 to determine if + * anything was written, and only write our tag if it has. + * + * Because we know that int_end_context() needs to do the same check, + * we reproduce this flag if the written length was unchanged, or we will + * have an erroneous context tag. + */ + size_t size1, size2; + + return WPACKET_get_total_written(pkt, &size1) + && WPACKET_close(pkt) + && WPACKET_get_total_written(pkt, &size2) + && (size1 == size2 + ? WPACKET_set_flags(pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) + : WPACKET_put_bytes_u8(pkt, DER_F_CONSTRUCTED | DER_P_SEQUENCE)) && int_end_context(pkt, tag); } diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 9fa051f5c3..7bf0611ec4 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2842,6 +2842,7 @@ PROV_R_INVALID_PADDING_MODE:168:invalid padding mode PROV_R_INVALID_PSS_SALTLEN:169:invalid pss saltlen PROV_R_INVALID_SALT_LENGTH:112:invalid salt length PROV_R_INVALID_SEED_LENGTH:154:invalid seed length +PROV_R_INVALID_SIGNATURE_SIZE:179:invalid signature size PROV_R_INVALID_TAG:110:invalid tag PROV_R_INVALID_TAGLEN:118:invalid taglen PROV_R_INVALID_X931_DIGEST:170:invalid x931 digest @@ -2863,6 +2864,8 @@ PROV_R_NOT_SUPPORTED:136:not supported PROV_R_NOT_XOF_OR_INVALID_LENGTH:113:not xof or invalid length PROV_R_NO_KEY_SET:114:no key set PROV_R_NO_PARAMETERS_SET:177:no parameters set +PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:178:\ + operation not supported for this keytype PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small PROV_R_PSS_SALTLEN_TOO_SMALL:172:pss saltlen too small PROV_R_READ_KEY:159:read key diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index c77683a69d..44e7cab1af 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -71,6 +71,9 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, locpctx = ctx->pctx; evp_pkey_ctx_free_old_ops(locpctx); + if (props == NULL) + props = locpctx->propquery; + /* * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark() * calls can be removed. @@ -142,7 +145,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, locpctx->operation = ver ? EVP_PKEY_OP_VERIFYCTX : EVP_PKEY_OP_SIGNCTX; locpctx->op.sig.sigprovctx - = signature->newctx(ossl_provider_ctx(signature->prov)); + = signature->newctx(ossl_provider_ctx(signature->prov), props); if (locpctx->op.sig.sigprovctx == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; @@ -182,14 +185,14 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, goto err; } ret = signature->digest_verify_init(locpctx->op.sig.sigprovctx, - mdname, props, provkey); + mdname, provkey); } else { if (signature->digest_sign_init == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; } ret = signature->digest_sign_init(locpctx->op.sig.sigprovctx, - mdname, props, provkey); + mdname, provkey); } return ret ? 1 : 0; diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 3476d83ea6..eca5178129 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -1017,6 +1017,12 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, name = OSSL_PKEY_PARAM_RSA_E; else if (strcmp(name, "rsa_keygen_primes") == 0) name = OSSL_PKEY_PARAM_RSA_PRIMES; + else if (strcmp(name, "rsa_pss_keygen_md") == 0) + name = OSSL_PKEY_PARAM_RSA_DIGEST; + else if (strcmp(name, "rsa_pss_keygen_mgf1_md") == 0) + name = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST; + else if (strcmp(name, "rsa_pss_keygen_saltlen") == 0) + name = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN; # ifndef OPENSSL_NO_DSA else if (strcmp(name, "dsa_paramgen_bits") == 0) name = OSSL_PKEY_PARAM_FFC_PBITS; @@ -1066,7 +1072,8 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, if (!OSSL_PARAM_allocate_from_text(¶ms[0], settable, name, value, strlen(value), &exists)) { if (!exists) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED, + "name=%s,value=%s", name, value); return -2; } return 0; diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c index b7a7f79606..595a93e66e 100644 --- a/crypto/evp/signature.c +++ b/crypto/evp/signature.c @@ -417,7 +417,8 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation) /* No more legacy from here down to legacy: */ ctx->op.sig.signature = signature; - ctx->op.sig.sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov)); + ctx->op.sig.sigprovctx = + signature->newctx(ossl_provider_ctx(signature->prov), ctx->propquery); if (ctx->op.sig.sigprovctx == NULL) { /* The provider key can stay in the cache */ EVPerr(0, EVP_R_INITIALIZATION_ERROR); diff --git a/crypto/rsa/build.info b/crypto/rsa/build.info index 970c493560..984ad775d5 100644 --- a/crypto/rsa/build.info +++ b/crypto/rsa/build.info @@ -3,7 +3,7 @@ LIBS=../../libcrypto $COMMON=rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_pk1.c \ rsa_none.c rsa_oaep.c rsa_chk.c rsa_pss.c rsa_x931.c rsa_crpt.c \ rsa_x931g.c rsa_sp800_56b_gen.c rsa_sp800_56b_check.c rsa_backend.c \ - rsa_mp_names.c + rsa_mp_names.c rsa_schemes.c SOURCE[../../libcrypto]=$COMMON\ rsa_saos.c rsa_err.c rsa_asn1.c rsa_ameth.c rsa_prn.c \ diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 27aa9f422d..e9eddde68e 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -43,7 +43,7 @@ static int rsa_param_encode(const EVP_PKEY *pkey, *pstr = NULL; /* If RSA it's just NULL type */ - if (pkey->ameth->pkey_id != EVP_PKEY_RSA_PSS) { + if (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK) != RSA_FLAG_TYPE_RSASSAPSS) { *pstrtype = V_ASN1_NULL; return 1; } @@ -196,6 +196,20 @@ static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) RSA_free(rsa); return 0; } + + RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); + switch (pkey->ameth->pkey_id) { + case EVP_PKEY_RSA: + RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA); + break; + case EVP_PKEY_RSA_PSS: + RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS); + break; + default: + /* Leave the type bits zero */ + break; + } + EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa); return 1; } @@ -1078,18 +1092,23 @@ static size_t rsa_pkey_dirty_cnt(const EVP_PKEY *pkey) return pkey->pkey.rsa->dirty_cnt; } -DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) - -static int rsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx, - const char *propq) +/* + * For the moment, we trust the call path, where keys going through + * rsa_pkey_export_to() match a KEYMGMT for the "RSA" keytype, while + * keys going through rsa_pss_pkey_export_to() match a KEYMGMT for the + * "RSA-PSS" keytype. + * TODO(3.0) Investigate whether we should simply continue to trust the + * call path, or if we should strengthen this function by checking that + * |rsa_type| matches the RSA key subtype. The latter requires ensuring + * that the type flag for the RSA key is properly set by other functions + * in this file. + */ +static int rsa_int_export_to(const EVP_PKEY *from, int rsa_type, + void *to_keydata, EVP_KEYMGMT *to_keymgmt, + OPENSSL_CTX *libctx, const char *propq) { RSA *rsa = from->pkey.rsa; OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new(); - const BIGNUM *n = RSA_get0_n(rsa), *e = RSA_get0_e(rsa); - const BIGNUM *d = RSA_get0_d(rsa); - STACK_OF(BIGNUM_const) *primes = NULL, *exps = NULL, *coeffs = NULL; - int numprimes = 0, numexps = 0, numcoeffs = 0; OSSL_PARAM *params = NULL; int selection = 0; int rv = 0; @@ -1104,65 +1123,32 @@ static int rsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata, goto err; /* Public parameters must always be present */ - if (n == NULL || e == NULL) + if (RSA_get0_n(rsa) == NULL || RSA_get0_e(rsa) == NULL) goto err; - /* |e| and |n| are always present */ - if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_E, e)) - goto err; - if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_N, n)) + if (!rsa_todata(rsa, tmpl, NULL)) goto err; - selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; - - if (d != NULL) { - int i; - - /* Get all the primes and CRT params */ - if ((primes = sk_BIGNUM_const_new_null()) == NULL - || (exps = sk_BIGNUM_const_new_null()) == NULL - || (coeffs = sk_BIGNUM_const_new_null()) == NULL) - goto err; - if (!rsa_get0_all_params(rsa, primes, exps, coeffs)) - goto err; + selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; + if (RSA_get0_d(rsa) != NULL) + selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY; - numprimes = sk_BIGNUM_const_num(primes); - numexps = sk_BIGNUM_const_num(exps); - numcoeffs = sk_BIGNUM_const_num(coeffs); + if (rsa->pss != NULL) { + const EVP_MD *md = NULL, *mgf1md = NULL; + int md_nid, mgf1md_nid, saltlen; + RSA_PSS_PARAMS_30 pss_params; - /* - * It's permisssible to have zero primes, i.e. no CRT params. - * Otherwise, there must be at least two, as many exponents, - * and one coefficient less. - */ - if (numprimes != 0 - && (numprimes < 2 || numexps < 2 || numcoeffs < 1)) + if (!rsa_pss_get_param(rsa->pss, &md, &mgf1md, &saltlen)) goto err; - - if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_D, d)) + md_nid = EVP_MD_type(md); + mgf1md_nid = EVP_MD_type(mgf1md); + if (!rsa_pss_params_30_set_defaults(&pss_params) + || !rsa_pss_params_30_set_hashalg(&pss_params, md_nid) + || !rsa_pss_params_30_set_maskgenhashalg(&pss_params, mgf1md_nid) + || !rsa_pss_params_30_set_saltlen(&pss_params, saltlen) + || !rsa_pss_params_30_todata(&pss_params, propq, tmpl, NULL)) goto err; - selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY; - - for (i = 0; i < numprimes && rsa_mp_factor_names[i] != NULL; i++) { - const BIGNUM *num = sk_BIGNUM_const_value(primes, i); - - if (!OSSL_PARAM_BLD_push_BN(tmpl, rsa_mp_factor_names[i], num)) - goto err; - } - - for (i = 0; i < numexps && rsa_mp_exp_names[i] != NULL; i++) { - const BIGNUM *num = sk_BIGNUM_const_value(exps, i); - - if (!OSSL_PARAM_BLD_push_BN(tmpl, rsa_mp_exp_names[i], num)) - goto err; - } - - for (i = 0; i < numcoeffs && rsa_mp_coeff_names[i] != NULL; i++) { - const BIGNUM *num = sk_BIGNUM_const_value(coeffs, i); - - if (!OSSL_PARAM_BLD_push_BN(tmpl, rsa_mp_coeff_names[i], num)) - goto err; - } + selection |= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS; } if ((params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) @@ -1172,31 +1158,104 @@ static int rsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata, rv = evp_keymgmt_import(to_keymgmt, to_keydata, selection, params); err: - sk_BIGNUM_const_free(primes); - sk_BIGNUM_const_free(exps); - sk_BIGNUM_const_free(coeffs); OSSL_PARAM_BLD_free_params(params); OSSL_PARAM_BLD_free(tmpl); return rv; } -static int rsa_pkey_import_from(const OSSL_PARAM params[], void *vpctx) +static int rsa_int_import_from(const OSSL_PARAM params[], void *vpctx, + int rsa_type) { EVP_PKEY_CTX *pctx = vpctx; EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); RSA *rsa = rsa_new_with_ctx(pctx->libctx); + RSA_PSS_PARAMS_30 rsa_pss_params = { 0, }; + int ok = 0; if (rsa == NULL) { ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); return 0; } - if (!rsa_fromdata(rsa, params) - || !EVP_PKEY_assign_RSA(pkey, rsa)) { - RSA_free(rsa); - return 0; + RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); + RSA_set_flags(rsa, rsa_type); + + if (!rsa_pss_params_30_fromdata(&rsa_pss_params, params, pctx->libctx)) + goto err; + + switch (rsa_type) { + case RSA_FLAG_TYPE_RSA: + /* + * Were PSS parameters filled in? + * In that case, something's wrong + */ + if (!rsa_pss_params_30_is_unrestricted(&rsa_pss_params)) + goto err; + break; + case RSA_FLAG_TYPE_RSASSAPSS: + /* + * Were PSS parameters filled in? In that case, create the old + * RSA_PSS_PARAMS structure. Otherwise, this is an unrestricted key. + */ + if (!rsa_pss_params_30_is_unrestricted(&rsa_pss_params)) { + /* Create the older RSA_PSS_PARAMS from RSA_PSS_PARAMS_30 data */ + int mdnid = rsa_pss_params_30_hashalg(&rsa_pss_params); + int mgf1mdnid = rsa_pss_params_30_maskgenhashalg(&rsa_pss_params); + int saltlen = rsa_pss_params_30_saltlen(&rsa_pss_params); + const EVP_MD *md = EVP_get_digestbynid(mdnid); + const EVP_MD *mgf1md = EVP_get_digestbynid(mgf1mdnid); + + if ((rsa->pss = rsa_pss_params_create(md, mgf1md, saltlen)) == NULL) + goto err; + } + break; + default: + /* RSA key sub-types we don't know how to handle yet */ + goto err; } - return 1; + + if (!rsa_fromdata(rsa, params)) + goto err; + + switch (rsa_type) { + case RSA_FLAG_TYPE_RSA: + ok = EVP_PKEY_assign_RSA(pkey, rsa); + break; + case RSA_FLAG_TYPE_RSASSAPSS: + ok = EVP_PKEY_assign(pkey, EVP_PKEY_RSA_PSS, rsa); + break; + } + + err: + if (!ok) + RSA_free(rsa); + return ok; +} + +static int rsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata, + EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx, + const char *propq) +{ + return rsa_int_export_to(from, RSA_FLAG_TYPE_RSA, to_keydata, + to_keymgmt, libctx, propq); +} + +static int rsa_pss_pkey_export_to(const EVP_PKEY *from, void *to_keydata, + EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx, + const char *propq) +{ + return rsa_int_export_to(from, RSA_FLAG_TYPE_RSASSAPSS, to_keydata, + to_keymgmt, libctx, propq); +} + +static int rsa_pkey_import_from(const OSSL_PARAM params[], void *vpctx) +{ + return rsa_int_import_from(params, vpctx, RSA_FLAG_TYPE_RSA); +} + +static int rsa_pss_pkey_import_from(const OSSL_PARAM params[], void *vpctx) +{ + return rsa_int_import_from(params, vpctx, RSA_FLAG_TYPE_RSASSAPSS); } const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = { @@ -1283,6 +1342,6 @@ const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = { 0, 0, 0, 0, rsa_pkey_dirty_cnt, - rsa_pkey_export_to, - rsa_pkey_import_from + rsa_pss_pkey_export_to, + rsa_pss_pkey_import_from }; diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index 57a539c051..7497a8579c 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -7,10 +7,16 @@ * https://www.openssl.org/source/license.html */ +#include #include #include +#include +#include "internal/sizes.h" +#include "internal/param_build_set.h" #include "crypto/rsa.h" +#include "e_os.h" /* strcasecmp for Windows() */ + /* * The intention with the "backend" source file is to offer backend support * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider @@ -97,3 +103,188 @@ int rsa_fromdata(RSA *rsa, const OSSL_PARAM params[]) return 0; } +DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) + +int rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) +{ + int ret = 0; + const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL; + STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null(); + STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null(); + STACK_OF(BIGNUM_const) *coeffs = sk_BIGNUM_const_new_null(); + + if (rsa == NULL || factors == NULL || exps == NULL || coeffs == NULL) + goto err; + + RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d); + rsa_get0_all_params(rsa, factors, exps, coeffs); + + /* Check private key data integrity */ + if (rsa_d != NULL) { + int numprimes = sk_BIGNUM_const_num(factors); + int numexps = sk_BIGNUM_const_num(exps); + int numcoeffs = sk_BIGNUM_const_num(coeffs); + + /* + * It's permisssible to have zero primes, i.e. no CRT params. + * Otherwise, there must be at least two, as many exponents, + * and one coefficient less. + */ + if (numprimes != 0 + && (numprimes < 2 || numexps < 2 || numcoeffs < 1)) + goto err; + } + + if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_N, rsa_n) + || !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_E, rsa_e) + || !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D, rsa_d) + || !ossl_param_build_set_multi_key_bn(bld, params, rsa_mp_factor_names, + factors) + || !ossl_param_build_set_multi_key_bn(bld, params, rsa_mp_exp_names, + exps) + || !ossl_param_build_set_multi_key_bn(bld, params, rsa_mp_coeff_names, + coeffs)) + goto err; + ret = 1; + err: + sk_BIGNUM_const_free(factors); + sk_BIGNUM_const_free(exps); + sk_BIGNUM_const_free(coeffs); + return ret; +} + +int rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss, const char *propq, + OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) +{ + if (!rsa_pss_params_30_is_unrestricted(pss)) { + int hashalg_nid = rsa_pss_params_30_hashalg(pss); + int maskgenalg_nid = rsa_pss_params_30_maskgenalg(pss); + int maskgenhashalg_nid = rsa_pss_params_30_maskgenhashalg(pss); + int saltlen = rsa_pss_params_30_saltlen(pss); + int default_hashalg_nid = rsa_pss_params_30_hashalg(NULL); + int default_maskgenalg_nid = rsa_pss_params_30_maskgenalg(NULL); + int default_maskgenhashalg_nid = rsa_pss_params_30_maskgenhashalg(NULL); + const char *mdname = + (hashalg_nid == default_hashalg_nid + ? NULL : rsa_oaeppss_nid2name(hashalg_nid)); + const char *mgfname = + (maskgenalg_nid == default_maskgenalg_nid + ? NULL : rsa_oaeppss_nid2name(maskgenalg_nid)); + const char *mgf1mdname = + (maskgenhashalg_nid == default_maskgenhashalg_nid + ? NULL : rsa_oaeppss_nid2name(maskgenhashalg_nid)); + const char *key_md = OSSL_PKEY_PARAM_RSA_DIGEST; + const char *key_mgf = OSSL_PKEY_PARAM_RSA_MASKGENFUNC; + const char *key_mgf1_md = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST; + const char *key_saltlen = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN; + + /* + * To ensure that the key isn't seen as unrestricted by the recipient, + * we make sure that at least one PSS-related parameter is passed, even + * if it has a default value; saltlen. + */ + if ((mdname != NULL + && !ossl_param_build_set_utf8_string(bld, params, key_md, mdname)) + || (mgfname != NULL + && !ossl_param_build_set_utf8_string(bld, params, + key_mgf, mgfname)) + || (mgf1mdname != NULL + && !ossl_param_build_set_utf8_string(bld, params, + key_mgf1_md, mgf1mdname)) + || (!ossl_param_build_set_int(bld, params, key_saltlen, saltlen))) + return 0; + } + return 1; +} + +int rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params, + const OSSL_PARAM params[], OPENSSL_CTX *libctx) +{ + const OSSL_PARAM *param_md, *param_mgf, *param_mgf1md, *param_saltlen; + EVP_MD *md = NULL, *mgf1md = NULL; + int saltlen; + int ret = 0; + + if (pss_params == NULL) + return 0; + + param_md = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST); + param_mgf = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MASKGENFUNC); + param_mgf1md = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MGF1_DIGEST); + param_saltlen = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PSS_SALTLEN); + + /* + * If we get any of the parameters, we know we have at least some + * restrictions, so we start by setting default values, and let each + * parameter override their specific restriction data. + */ + if (param_md != NULL || param_mgf != NULL || param_mgf1md != NULL + || param_saltlen != NULL) + if (!rsa_pss_params_30_set_defaults(pss_params)) + return 0; + + if (param_mgf != NULL) { + int default_maskgenalg_nid = rsa_pss_params_30_maskgenalg(NULL); + const char *mgfname = NULL; + + if (param_mgf->data_type == OSSL_PARAM_UTF8_STRING) + mgfname = param_mgf->data; + else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgfname)) + return 0; + + /* TODO Revisit this if / when a new MGF algorithm appears */ + if (strcasecmp(param_mgf->data, + rsa_mgf_nid2name(default_maskgenalg_nid)) != 0) + return 0; + } + + /* + * We're only interested in the NIDs that correspond to the MDs, so the + * exact propquery is unimportant in the EVP_MD_fetch() calls below. + */ + + if (param_md != NULL) { + const char *mdname = NULL; + + if (param_md->data_type == OSSL_PARAM_UTF8_STRING) + mdname = param_md->data; + else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mdname)) + goto err; + + if ((md = EVP_MD_fetch(libctx, mdname, NULL)) == NULL + || !rsa_pss_params_30_set_hashalg(pss_params, + rsa_oaeppss_md2nid(md))) + goto err; + } + + if (param_mgf1md != NULL) { + const char *mgf1mdname = NULL; + + if (param_mgf1md->data_type == OSSL_PARAM_UTF8_STRING) + mgf1mdname = param_mgf1md->data; + else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgf1mdname)) + goto err; + + if ((mgf1md = EVP_MD_fetch(libctx, mgf1mdname, NULL)) == NULL + || !rsa_pss_params_30_set_maskgenhashalg(pss_params, + rsa_oaeppss_md2nid(mgf1md))) + goto err; + } + + if (param_saltlen != NULL) { + if (!OSSL_PARAM_get_int(param_saltlen, &saltlen) + || !rsa_pss_params_30_set_saltlen(pss_params, saltlen)) + goto err; + } + + ret = 1; + + err: + EVP_MD_free(md); + EVP_MD_free(mgf1md); + return ret; +} diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 81daec4b34..e80416ed3f 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -162,7 +162,6 @@ void RSA_free(RSA *r) BN_clear_free(r->dmp1); BN_clear_free(r->dmq1); BN_clear_free(r->iqmp); - /* TODO(3.0): Support PSS in FIPS_MODULE */ #ifndef FIPS_MODULE RSA_PSS_PARAMS_free(r->pss); sk_RSA_PRIME_INFO_pop_free(r->prime_infos, rsa_multip_info_free); @@ -185,6 +184,11 @@ int RSA_up_ref(RSA *r) return i > 1 ? 1 : 0; } +OPENSSL_CTX *rsa_get0_libctx(RSA *r) +{ + return r->libctx; +} + #ifndef FIPS_MODULE int RSA_set_ex_data(RSA *r, int idx, void *arg) { @@ -637,7 +641,17 @@ const BIGNUM *RSA_get0_iqmp(const RSA *r) const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r) { +#ifdef FIPS_MODULE + return NULL; +#else return r->pss; +#endif +} + +/* Internal */ +RSA_PSS_PARAMS_30 *rsa_get0_pss_params_30(RSA *r) +{ + return &r->pss_params; } void RSA_clear_flags(RSA *r, int flags) @@ -992,13 +1006,16 @@ int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) return 1; } -int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) +static int int_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, + /* For EVP_PKEY_CTX_ctrl() */ + int keytype, int optype, int cmd, + const EVP_MD *md, + /* For EVP_PKEY_CTX_set_params() */ + const char *mdname, const char *mdprops) { - const char *name; + OSSL_PARAM rsa_params[3], *p = rsa_params; - if (ctx == NULL - || (!EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) - && !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx))) { + if (ctx == NULL || (ctx->operation & optype) == 0) { ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); /* Uses the same return values as EVP_PKEY_CTX_ctrl */ return -2; @@ -1006,43 +1023,25 @@ int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) /* If key type not RSA return error */ if (ctx->pmeth != NULL - && ctx->pmeth->pkey_id != EVP_PKEY_RSA - && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS) + && (keytype == -1 + ? (ctx->pmeth->pkey_id != EVP_PKEY_RSA + && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS) + : ctx->pmeth->pkey_id != keytype)) return -1; /* TODO(3.0): Remove this eventually when no more legacy */ - if ((EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) - && ctx->op.ciph.ciphprovctx == NULL) + if (cmd != -1) { + if ((EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) + && ctx->op.ciph.ciphprovctx == NULL) || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) - && ctx->op.sig.sigprovctx == NULL)) - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, - EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md); - - name = (md == NULL) ? "" : EVP_MD_name(md); + && ctx->op.sig.sigprovctx == NULL) + || (EVP_PKEY_CTX_IS_GEN_OP(ctx) + && ctx->op.keymgmt.genctx == NULL)) + return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, (void *)md); - return EVP_PKEY_CTX_set_rsa_mgf1_md_name(ctx, name, NULL); -} - -int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname, - const char *mdprops) -{ - OSSL_PARAM rsa_params[3], *p = rsa_params; - - if (ctx == NULL - || mdname == NULL - || (!EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) - && !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx))) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; + mdname = (md == NULL) ? "" : EVP_MD_name(md); } - /* If key type not RSA return error */ - if (ctx->pmeth != NULL - && ctx->pmeth->pkey_id != EVP_PKEY_RSA - && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS) - return -1; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_MGF1_DIGEST, /* @@ -1064,6 +1063,36 @@ int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname, return EVP_PKEY_CTX_set_params(ctx, rsa_params); } +int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) +{ + return int_set_rsa_mgf1_md(ctx, -1, + EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, + EVP_PKEY_CTRL_RSA_MGF1_MD, md, NULL, NULL); +} + +int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname, + const char *mdprops) +{ + return int_set_rsa_mgf1_md(ctx, -1, + EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, + -1, NULL, mdname, mdprops); +} + +int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) +{ + return int_set_rsa_mgf1_md(ctx, EVP_PKEY_RSA_PSS, + EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_RSA_MGF1_MD, + md, NULL, NULL); +} + +int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name(EVP_PKEY_CTX *ctx, + const char *mdname) +{ + return int_set_rsa_mgf1_md(ctx, EVP_PKEY_RSA_PSS, + EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, + -1, NULL, mdname, NULL); +} + int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen) { @@ -1202,11 +1231,12 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label) return (int)labellen; } -int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen) +static int int_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen, + int keytype, int optype) { OSSL_PARAM pad_params[2], *p = pad_params; - if (ctx == NULL) { + if (ctx == NULL || (ctx->operation & optype) == 0) { ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); /* Uses the same return values as EVP_PKEY_CTX_ctrl */ return -2; @@ -1214,14 +1244,19 @@ int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen) /* If key type not RSA or RSA-PSS return error */ if (ctx->pmeth != NULL - && ctx->pmeth->pkey_id != EVP_PKEY_RSA - && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS) + && (keytype == -1 + ? (ctx->pmeth->pkey_id != EVP_PKEY_RSA + && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS) + : ctx->pmeth->pkey_id != keytype)) return -1; /* TODO(3.0): Remove this eventually when no more legacy */ - if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) - || ctx->op.sig.sigprovctx == NULL) - return EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_RSA_PSS_SALTLEN, + if ((EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) + && ctx->op.sig.sigprovctx == NULL) + || (EVP_PKEY_CTX_IS_GEN_OP(ctx) + && ctx->op.keymgmt.genctx == NULL)) + return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, saltlen, NULL); *p++ = @@ -1231,6 +1266,17 @@ int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen) return EVP_PKEY_CTX_set_params(ctx, pad_params); } +int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen) +{ + return int_set_rsa_pss_saltlen(ctx, saltlen, -1, EVP_PKEY_OP_TYPE_SIG); +} + +int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *ctx, int saltlen) +{ + return int_set_rsa_pss_saltlen(ctx, saltlen, EVP_PKEY_RSA_PSS, + EVP_PKEY_OP_KEYGEN); +} + int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen) { OSSL_PARAM pad_params[2], *p = pad_params; diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index 6c4ae8611b..f94fc79cdd 100644 --- a/crypto/rsa/rsa_local.h +++ b/crypto/rsa/rsa_local.h @@ -12,6 +12,7 @@ #include #include "internal/refcount.h" +#include "crypto/rsa.h" #define RSA_MAX_PRIME_NUM 5 #define RSA_MIN_MODULUS_BITS 512 @@ -50,8 +51,18 @@ struct rsa_st { BIGNUM *dmp1; BIGNUM *dmq1; BIGNUM *iqmp; - /* If a PSS only key this contains the parameter restrictions */ + + /* + * If a PSS only key this contains the parameter restrictions. + * There are two structures for the same thing, used in different cases. + */ + /* This is used uniquely by OpenSSL provider implementations. */ + RSA_PSS_PARAMS_30 pss_params; +#ifndef FIPS_MODULE + /* This is used uniquely by rsa_ameth.c and rsa_pmeth.c. */ RSA_PSS_PARAMS *pss; +#endif + #ifndef FIPS_MODULE /* for multi-prime RSA, defined in RFC 8017 */ STACK_OF(RSA_PRIME_INFO) *prime_infos; diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index afb558cd36..a5bcdfe1ff 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -256,6 +256,142 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, } +/* + * The defaults for PSS restrictions are defined in RFC 8017, A.2.3 RSASSA-PSS + * (https://tools.ietf.org/html/rfc8017#appendix-A.2.3): + * + * If the default values of the hashAlgorithm, maskGenAlgorithm, and + * trailerField fields of RSASSA-PSS-params are used, then the algorithm + * identifier will have the following value: + * + * rSASSA-PSS-Default-Identifier RSASSA-AlgorithmIdentifier ::= { + * algorithm id-RSASSA-PSS, + * parameters RSASSA-PSS-params : { + * hashAlgorithm sha1, + * maskGenAlgorithm mgf1SHA1, + * saltLength 20, + * trailerField trailerFieldBC + * } + * } + * + * RSASSA-AlgorithmIdentifier ::= AlgorithmIdentifier { + * {PKCS1Algorithms} + * } + */ +static const RSA_PSS_PARAMS_30 default_RSASSA_PSS_params = { + NID_sha1, /* default hashAlgorithm */ + { + NID_mgf1, /* default maskGenAlgorithm */ + NID_sha1 /* default MGF1 hash */ + }, + 20, /* default saltLength */ + 1 /* default trailerField (0xBC) */ +}; + +int rsa_pss_params_30_set_defaults(RSA_PSS_PARAMS_30 *rsa_pss_params) +{ + if (rsa_pss_params == NULL) + return 0; + *rsa_pss_params = default_RSASSA_PSS_params; + return 1; +} + +int rsa_pss_params_30_is_unrestricted(const RSA_PSS_PARAMS_30 *rsa_pss_params) +{ + static RSA_PSS_PARAMS_30 pss_params_cmp = { 0, }; + + return rsa_pss_params == NULL + || memcmp(rsa_pss_params, &pss_params_cmp, + sizeof(*rsa_pss_params)) == 0; +} + +int rsa_pss_params_30_copy(RSA_PSS_PARAMS_30 *to, + const RSA_PSS_PARAMS_30 *from) +{ + memcpy(to, from, sizeof(*to)); + return 1; +} + +int rsa_pss_params_30_set_hashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, + int hashalg_nid) +{ + if (rsa_pss_params == NULL) + return 0; + rsa_pss_params->hash_algorithm_nid = hashalg_nid; + return 1; +} + +int rsa_pss_params_30_set_maskgenalg(RSA_PSS_PARAMS_30 *rsa_pss_params, + int maskgenalg_nid) +{ + if (rsa_pss_params == NULL) + return 0; + rsa_pss_params->mask_gen.algorithm_nid = maskgenalg_nid; + return 1; +} + +int rsa_pss_params_30_set_maskgenhashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, + int maskgenhashalg_nid) +{ + if (rsa_pss_params == NULL) + return 0; + rsa_pss_params->mask_gen.hash_algorithm_nid = maskgenhashalg_nid; + return 1; +} + +int rsa_pss_params_30_set_saltlen(RSA_PSS_PARAMS_30 *rsa_pss_params, + int saltlen) +{ + if (rsa_pss_params == NULL) + return 0; + rsa_pss_params->salt_len = saltlen; + return 1; +} + +int rsa_pss_params_30_set_trailerfield(RSA_PSS_PARAMS_30 *rsa_pss_params, + int trailerfield) +{ + if (rsa_pss_params == NULL) + return 0; + rsa_pss_params->trailer_field = trailerfield; + return 1; +} + +int rsa_pss_params_30_hashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params) +{ + if (rsa_pss_params == NULL) + return default_RSASSA_PSS_params.hash_algorithm_nid; + return rsa_pss_params->hash_algorithm_nid; +} + +int rsa_pss_params_30_maskgenalg(const RSA_PSS_PARAMS_30 *rsa_pss_params) +{ + if (rsa_pss_params == NULL) + return default_RSASSA_PSS_params.mask_gen.algorithm_nid; + return rsa_pss_params->mask_gen.algorithm_nid; +} + +int rsa_pss_params_30_maskgenhashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params) +{ + if (rsa_pss_params == NULL) + return default_RSASSA_PSS_params.hash_algorithm_nid; + return rsa_pss_params->mask_gen.hash_algorithm_nid; +} + +int rsa_pss_params_30_saltlen(const RSA_PSS_PARAMS_30 *rsa_pss_params) +{ + if (rsa_pss_params == NULL) + return default_RSASSA_PSS_params.salt_len; + return rsa_pss_params->salt_len; +} + +int rsa_pss_params_30_trailerfield(const RSA_PSS_PARAMS_30 *rsa_pss_params) +{ + if (rsa_pss_params == NULL) + return default_RSASSA_PSS_params.trailer_field; + return rsa_pss_params->trailer_field; +} + #if defined(_MSC_VER) # pragma optimize("",on) #endif diff --git a/crypto/rsa/rsa_schemes.c b/crypto/rsa/rsa_schemes.c new file mode 100644 index 0000000000..7a54296a59 --- /dev/null +++ b/crypto/rsa/rsa_schemes.c @@ -0,0 +1,86 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include "internal/nelem.h" +#include "crypto/rsa.h" + +static int meth2nid(const void *meth, + int (*meth_is_a)(const void *meth, const char *name), + const OSSL_ITEM *items, size_t items_n) +{ + size_t i; + + if (meth != NULL) + for (i = 0; i < items_n; i++) + if (meth_is_a(meth, items[i].ptr)) + return (int)items[i].id; + return NID_undef; +} + +static const char *nid2name(int meth, const OSSL_ITEM *items, size_t items_n) +{ + size_t i; + + for (i = 0; i < items_n; i++) + if (meth == (int)items[i].id) + return items[i].ptr; + return NULL; +} + +/* + * The list of permitted hash functions are taken from + * https://tools.ietf.org/html/rfc8017#appendix-A.2.1: + * + * OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= { + * { OID id-sha1 PARAMETERS NULL }| + * { OID id-sha224 PARAMETERS NULL }| + * { OID id-sha256 PARAMETERS NULL }| + * { OID id-sha384 PARAMETERS NULL }| + * { OID id-sha512 PARAMETERS NULL }| + * { OID id-sha512-224 PARAMETERS NULL }| + * { OID id-sha512-256 PARAMETERS NULL }, + * ... -- Allows for future expansion -- + * } + */ +static const OSSL_ITEM oaeppss_name_nid_map[] = { + { NID_sha1, OSSL_DIGEST_NAME_SHA1 }, + { NID_sha224, OSSL_DIGEST_NAME_SHA2_224 }, + { NID_sha256, OSSL_DIGEST_NAME_SHA2_256 }, + { NID_sha384, OSSL_DIGEST_NAME_SHA2_384 }, + { NID_sha512, OSSL_DIGEST_NAME_SHA2_512 }, + { NID_sha512_224, OSSL_DIGEST_NAME_SHA2_512_224 }, + { NID_sha512_256, OSSL_DIGEST_NAME_SHA2_512_256 }, +}; + +static int md_is_a(const void *md, const char *name) +{ + return EVP_MD_is_a(md, name); +} + +int rsa_oaeppss_md2nid(const EVP_MD *md) +{ + return meth2nid(md, md_is_a, + oaeppss_name_nid_map, OSSL_NELEM(oaeppss_name_nid_map)); +} + +const char *rsa_oaeppss_nid2name(int md) +{ + return nid2name(md, oaeppss_name_nid_map, OSSL_NELEM(oaeppss_name_nid_map)); +} + +const char *rsa_mgf_nid2name(int mgf) +{ + if (mgf == NID_mgf1) + return SN_mgf1; + return NULL; +} diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h index 7ce1fdb339..6f32ec422f 100644 --- a/include/crypto/rsa.h +++ b/include/crypto/rsa.h @@ -13,7 +13,43 @@ #include #include +typedef struct rsa_pss_params_30_st { + int hash_algorithm_nid; + struct { + int algorithm_nid; /* Currently always NID_mgf1 */ + int hash_algorithm_nid; + } mask_gen; + unsigned int salt_len; + unsigned int trailer_field; +} RSA_PSS_PARAMS_30; + +RSA_PSS_PARAMS_30 *rsa_get0_pss_params_30(RSA *r); +int rsa_pss_params_30_set_defaults(RSA_PSS_PARAMS_30 *rsa_pss_params); +int rsa_pss_params_30_copy(RSA_PSS_PARAMS_30 *to, + const RSA_PSS_PARAMS_30 *from); +int rsa_pss_params_30_is_unrestricted(const RSA_PSS_PARAMS_30 *rsa_pss_params); +int rsa_pss_params_30_set_hashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, + int hashalg_nid); +int rsa_pss_params_30_set_maskgenalg(RSA_PSS_PARAMS_30 *rsa_pss_params, + int maskgenalg_nid); +int rsa_pss_params_30_set_maskgenhashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, + int maskgenhashalg_nid); +int rsa_pss_params_30_set_saltlen(RSA_PSS_PARAMS_30 *rsa_pss_params, + int saltlen); +int rsa_pss_params_30_set_trailerfield(RSA_PSS_PARAMS_30 *rsa_pss_params, + int trailerfield); +int rsa_pss_params_30_hashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params); +int rsa_pss_params_30_maskgenalg(const RSA_PSS_PARAMS_30 *rsa_pss_params); +int rsa_pss_params_30_maskgenhashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params); +int rsa_pss_params_30_saltlen(const RSA_PSS_PARAMS_30 *rsa_pss_params); +int rsa_pss_params_30_trailerfield(const RSA_PSS_PARAMS_30 *rsa_pss_params); + +const char *rsa_mgf_nid2name(int mgf); +int rsa_oaeppss_md2nid(const EVP_MD *md); +const char *rsa_oaeppss_nid2name(int md); + RSA *rsa_new_with_ctx(OPENSSL_CTX *libctx); +OPENSSL_CTX *rsa_get0_libctx(RSA *r); int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, const STACK_OF(BIGNUM) *exps, @@ -21,7 +57,13 @@ int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, int rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes, STACK_OF(BIGNUM_const) *exps, STACK_OF(BIGNUM_const) *coeffs); + +int rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]); int rsa_fromdata(RSA *rsa, const OSSL_PARAM params[]); +int rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss, const char *propq, + OSSL_PARAM_BLD *bld, OSSL_PARAM params[]); +int rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params, + const OSSL_PARAM params[], OPENSSL_CTX *libctx); int rsa_padding_check_PKCS1_type_2_TLS(OPENSSL_CTX *ctx, unsigned char *to, size_t tlen, const unsigned char *from, diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 6e93738ae0..1bd122482c 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -182,6 +182,7 @@ extern "C" { #define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST #define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES #define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size" +#define OSSL_PKEY_PARAM_MASKGENFUNC "mgf" #define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest" #define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties" @@ -271,8 +272,12 @@ extern "C" { /* Key generation parameters */ -#define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS -#define OSSL_PKEY_PARAM_RSA_PRIMES "primes" +#define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS +#define OSSL_PKEY_PARAM_RSA_PRIMES "primes" +#define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST +#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC +#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST +#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen" /* Key generation parameters */ #define OSSL_PKEY_PARAM_FFC_TYPE "type" @@ -310,7 +315,7 @@ extern "C" { #define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE #define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST #define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES -#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "pss-saltlen" +#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen" #define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST #define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES \ OSSL_PKEY_PARAM_MGF1_PROPERTIES diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 6af086fc2b..3d91741601 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -524,7 +524,8 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keyexch_gettable_ctx_params, # define OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS 24 # define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS 25 -OSSL_CORE_MAKE_FUNC(void *, OP_signature_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_signature_newctx, (void *provctx, + const char *propq)) OSSL_CORE_MAKE_FUNC(int, OP_signature_sign_init, (void *ctx, void *provkey)) OSSL_CORE_MAKE_FUNC(int, OP_signature_sign, (void *ctx, unsigned char *sig, size_t *siglen, size_t sigsize, @@ -545,8 +546,7 @@ OSSL_CORE_MAKE_FUNC(int, OP_signature_verify_recover, (void *ctx, const unsigned char *sig, size_t siglen)) OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_sign_init, - (void *ctx, const char *mdname, const char *props, - void *provkey)) + (void *ctx, const char *mdname, void *provkey)) OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_sign_update, (void *ctx, const unsigned char *data, size_t datalen)) OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_sign_final, @@ -556,8 +556,7 @@ OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_sign, (void *ctx, unsigned char *sigret, size_t *siglen, size_t sigsize, const unsigned char *tbs, size_t tbslen)) OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_verify_init, - (void *ctx, const char *mdname, const char *props, - void *provkey)) + (void *ctx, const char *mdname, void *provkey)) OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_verify_update, (void *ctx, const unsigned char *data, size_t datalen)) OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_verify_final, diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 5dc29d1976..fe2e440a8b 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -437,7 +437,7 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, # ifndef OPENSSL_NO_RSA # define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ - (rsa)) + (rsa)) # endif # ifndef OPENSSL_NO_DSA diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 2508abd81c..bf12b90088 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -107,6 +107,24 @@ extern "C" { # define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME # endif +/*- + * New with 3.0: use part of the flags to denote exact type of RSA key, + * some of which are limited to specific signature and encryption schemes. + * These different types share the same RSA structure, but indicate the + * use of certain fields in that structure. + * Currently known are: + * RSA - this is the "normal" unlimited RSA structure (typenum 0) + * RSASSA-PSS - indicates that the PSS parameters are used. + * RSAES-OAEP - no specific field used for the moment, but OAEP padding + * is expected. (currently unused) + * + * 4 bits allow for 16 types + */ +# define RSA_FLAG_TYPE_MASK 0xF000 +# define RSA_FLAG_TYPE_RSA 0x0000 +# define RSA_FLAG_TYPE_RSASSAPSS 0x1000 +# define RSA_FLAG_TYPE_RSAESOAEP 0x2000 + int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode); int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad_mode); @@ -116,6 +134,7 @@ int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen); int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int bits); int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); +int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *ctx, int saltlen); /* Salt length matches digest */ # define RSA_PSS_SALTLEN_DIGEST -1 @@ -126,20 +145,15 @@ int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); /* Old compatible max salt length for sign only */ # define RSA_PSS_SALTLEN_MAX_SIGN -2 -# define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ - EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) - int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname, const char *mdprops); int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen); - -# define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ - EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) +int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name(EVP_PKEY_CTX *ctx, + const char *mdname); int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname, diff --git a/providers/common/der/DIGESTS.asn1 b/providers/common/der/DIGESTS.asn1 new file mode 100644 index 0000000000..afed372186 --- /dev/null +++ b/providers/common/der/DIGESTS.asn1 @@ -0,0 +1,19 @@ +-- ------------------------------------------------------------------- +-- Taken from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration + +id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 } +id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 } +id-sha512 OBJECT IDENTIFIER ::= { hashAlgs 3 } +id-sha224 OBJECT IDENTIFIER ::= { hashAlgs 4 } +id-sha512-224 OBJECT IDENTIFIER ::= { hashAlgs 5 } +id-sha512-256 OBJECT IDENTIFIER ::= { hashAlgs 6 } +id-sha3-224 OBJECT IDENTIFIER ::= { hashAlgs 7 } +id-sha3-256 OBJECT IDENTIFIER ::= { hashAlgs 8 } +id-sha3-384 OBJECT IDENTIFIER ::= { hashAlgs 9 } +id-sha3-512 OBJECT IDENTIFIER ::= { hashAlgs 10 } +id-shake128 OBJECT IDENTIFIER ::= { hashAlgs 11 } +id-shake256 OBJECT IDENTIFIER ::= { hashAlgs 12 } +id-shake128-len OBJECT IDENTIFIER ::= { hashAlgs 17 } +id-shake256-len OBJECT IDENTIFIER ::= { hashAlgs 18 } +id-KMACWithSHAKE128 OBJECT IDENTIFIER ::={hashAlgs 19} +id-KMACWithSHAKE256 OBJECT IDENTIFIER ::={ hashAlgs 20} diff --git a/providers/common/der/NIST.asn1 b/providers/common/der/NIST.asn1 new file mode 100644 index 0000000000..3e43848495 --- /dev/null +++ b/providers/common/der/NIST.asn1 @@ -0,0 +1,8 @@ +-- ------------------------------------------------------------------- +-- Taken from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration + +-- Copies of common OIDs used by other ASN.1 files. +csor OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 } +nistAlgorithms OBJECT IDENTIFIER ::= { csor nistAlgorithm(4) } +hashAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 2 } +sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 } diff --git a/providers/common/der/RSA.asn1 b/providers/common/der/RSA.asn1 index 66511be50e..d0c54d71ef 100644 --- a/providers/common/der/RSA.asn1 +++ b/providers/common/der/RSA.asn1 @@ -80,8 +80,6 @@ id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 } -- ------------------------------------------------------------------- -- Taken from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration -sigAlgs OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 4 3 } - id-rsassa-pkcs1-v1_5-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 13 } id-rsassa-pkcs1-v1_5-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 14 } id-rsassa-pkcs1-v1_5-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 15 } diff --git a/providers/common/der/build.info b/providers/common/der/build.info index eda763ea8e..837fe73fed 100644 --- a/providers/common/der/build.info +++ b/providers/common/der/build.info @@ -1,4 +1,4 @@ -$FIPSABLE=der_rsa.c der_dsa.c der_ec.c +$FIPSABLE=der_rsa.c der_dsa.c der_ec.c der_digests.c SOURCE[../../libfips.a]=$FIPSABLE SOURCE[../../libnonfips.a]=$FIPSABLE @@ -6,7 +6,7 @@ SOURCE[../../libnonfips.a]=$FIPSABLE GENERATE[der_rsa.c]=der_rsa.c.in DEPEND[der_rsa.c]=oids_to_c.pm -DEPEND[der_rsa.o]=../include/prov/der_rsa.h +DEPEND[der_rsa.o]=../include/prov/der_rsa.h ../include/prov/der_digests.h GENERATE[../include/prov/der_rsa.h]=der_rsa.h.in DEPEND[../include/prov/der_rsa.h]=oids_to_c.pm @@ -23,3 +23,10 @@ DEPEND[der_ec.c]=oids_to_c.pm DEPEND[der_ec.o]=../include/prov/der_ec.h GENERATE[../include/prov/der_ec.h]=der_ec.h.in DEPEND[../include/prov/der_ec.h]=oids_to_c.pm + +GENERATE[der_digests.c]=der_digests.c.in +DEPEND[der_digests.c]=oids_to_c.pm + +DEPEND[der_digests.o]=../include/prov/der_digests.h +GENERATE[../include/prov/der_digests.h]=der_digests.h.in +DEPEND[../include/prov/der_digests.h]=oids_to_c.pm diff --git a/providers/common/der/der_rsa.h.in b/providers/common/der/der_digests.c.in similarity index 62% copy from providers/common/der/der_rsa.h.in copy to providers/common/der/der_digests.c.in index 3f7cc0e029..433c107420 100644 --- a/providers/common/der/der_rsa.h.in +++ b/providers/common/der/der_digests.c.in @@ -7,15 +7,12 @@ * https://www.openssl.org/source/license.html */ -#include "internal/der.h" +#include "prov/der_digests.h" /* Well known OIDs precompiled */ {- - $OUT = oids_to_c::process_leaves('providers/common/der/RSA.asn1', + $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', + 'providers/common/der/DIGESTS.asn1', { dir => $config{sourcedir}, - filter => \&oids_to_c::filter_to_H }); + filter => \&oids_to_c::filter_to_C }); -} - -int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa); -int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, - RSA *rsa, int mdnid); diff --git a/providers/common/der/der_rsa.h.in b/providers/common/der/der_digests.h.in similarity index 67% copy from providers/common/der/der_rsa.h.in copy to providers/common/der/der_digests.h.in index 3f7cc0e029..91fbe1f72c 100644 --- a/providers/common/der/der_rsa.h.in +++ b/providers/common/der/der_digests.h.in @@ -11,11 +11,8 @@ /* Well known OIDs precompiled */ {- - $OUT = oids_to_c::process_leaves('providers/common/der/RSA.asn1', + $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', + 'providers/common/der/DIGESTS.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_H }); -} - -int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa); -int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, - RSA *rsa, int mdnid); diff --git a/providers/common/der/der_rsa.c.in b/providers/common/der/der_rsa.c.in index bc7c0095e9..30e945cf58 100644 --- a/providers/common/der/der_rsa.c.in +++ b/providers/common/der/der_rsa.c.in @@ -9,25 +9,381 @@ #include #include +#include "internal/cryptlib.h" #include "prov/der_rsa.h" +#include "prov/der_digests.h" /* Well known OIDs precompiled */ {- - $OUT = oids_to_c::process_leaves('providers/common/der/RSA.asn1', + $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', + 'providers/common/der/DIGESTS.asn1', + 'providers/common/der/RSA.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_C }); -} +/* More complex pre-compiled sequences. TODO(3.0) refactor? */ +/*- + * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1 + * + * OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= { + * { OID id-sha1 PARAMETERS NULL }| + * { OID id-sha224 PARAMETERS NULL }| + * { OID id-sha256 PARAMETERS NULL }| + * { OID id-sha384 PARAMETERS NULL }| + * { OID id-sha512 PARAMETERS NULL }| + * { OID id-sha512-224 PARAMETERS NULL }| + * { OID id-sha512-256 PARAMETERS NULL }, + * ... -- Allows for future expansion -- + * } + */ +#define DER_V_NULL DER_P_NULL, 0 +#define DER_SZ_NULL 2 + +/* + * The names for the hash function AlgorithmIdentifiers are borrowed and + * expanded from https://tools.ietf.org/html/rfc4055#section-2.1 + * + * sha1Identifier AlgorithmIdentifier ::= { id-sha1, NULL } + * sha224Identifier AlgorithmIdentifier ::= { id-sha224, NULL } + * sha256Identifier AlgorithmIdentifier ::= { id-sha256, NULL } + * sha384Identifier AlgorithmIdentifier ::= { id-sha384, NULL } + * sha512Identifier AlgorithmIdentifier ::= { id-sha512, NULL } + */ +/* + * NOTE: Some of the arrays aren't used other than inside sizeof(), which + * clang complains about (-Wno-unneeded-internal-declaration). To get + * around that, we make them non-static, and declare them an extra time to + * avoid compilers complaining about definitions without declarations. + */ +#if 0 /* Currently unused */ +#define DER_AID_V_sha1Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha1 + DER_SZ_NULL, \ + DER_OID_V_id_sha1, \ + DER_V_NULL +extern const unsigned char der_aid_sha1Identifier[]; +const unsigned char der_aid_sha1Identifier[] = { + DER_AID_V_sha1Identifier +}; +#define DER_AID_SZ_sha1Identifier sizeof(der_aid_sha1Identifier) +#endif + +#define DER_AID_V_sha224Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha224 + DER_SZ_NULL, \ + DER_OID_V_id_sha224, \ + DER_V_NULL +extern const unsigned char der_aid_sha224Identifier[]; +const unsigned char der_aid_sha224Identifier[] = { + DER_AID_V_sha224Identifier +}; +#define DER_AID_SZ_sha224Identifier sizeof(der_aid_sha224Identifier) + +#define DER_AID_V_sha256Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha256 + DER_SZ_NULL, \ + DER_OID_V_id_sha256, \ + DER_V_NULL +extern const unsigned char der_aid_sha256Identifier[]; +const unsigned char der_aid_sha256Identifier[] = { + DER_AID_V_sha256Identifier +}; +#define DER_AID_SZ_sha256Identifier sizeof(der_aid_sha256Identifier) + +#define DER_AID_V_sha384Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha384 + DER_SZ_NULL, \ + DER_OID_V_id_sha384, \ + DER_V_NULL +extern const unsigned char der_aid_sha384Identifier[]; +const unsigned char der_aid_sha384Identifier[] = { + DER_AID_V_sha384Identifier +}; +#define DER_AID_SZ_sha384Identifier sizeof(der_aid_sha384Identifier) + +#define DER_AID_V_sha512Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha512 + DER_SZ_NULL, \ + DER_OID_V_id_sha512, \ + DER_V_NULL +extern const unsigned char der_aid_sha512Identifier[]; +const unsigned char der_aid_sha512Identifier[] = { + DER_AID_V_sha512Identifier +}; +#define DER_AID_SZ_sha512Identifier sizeof(der_aid_sha512Identifier) + +#define DER_AID_V_sha512_224Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha512_224 + DER_SZ_NULL, \ + DER_OID_V_id_sha512_224, \ + DER_V_NULL +extern const unsigned char der_aid_sha512_224Identifier[]; +const unsigned char der_aid_sha512_224Identifier[] = { + DER_AID_V_sha512_224Identifier +}; +#define DER_AID_SZ_sha512_224Identifier sizeof(der_aid_sha512_224Identifier) + +#define DER_AID_V_sha512_256Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha512_256 + DER_SZ_NULL, \ + DER_OID_V_id_sha512_256, \ + DER_V_NULL +extern const unsigned char der_aid_sha512_256Identifier[]; +const unsigned char der_aid_sha512_256Identifier[] = { + DER_AID_V_sha512_256Identifier +}; +#define DER_AID_SZ_sha512_256Identifier sizeof(der_aid_sha512_256Identifier) + +/*- + * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1 + * + * HashAlgorithm ::= AlgorithmIdentifier { + * {OAEP-PSSDigestAlgorithms} + * } + * + * ... + * + * PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= { + * { OID id-mgf1 PARAMETERS HashAlgorithm }, + * ... -- Allows for future expansion -- + * } + */ + +/* + * The names for the MGF1 AlgorithmIdentifiers are borrowed and expanded + * from https://tools.ietf.org/html/rfc4055#section-2.1 + * + * mgf1SHA1Identifier AlgorithmIdentifier ::= + * { id-mgf1, sha1Identifier } + * mgf1SHA224Identifier AlgorithmIdentifier ::= + * { id-mgf1, sha224Identifier } + * mgf1SHA256Identifier AlgorithmIdentifier ::= + * { id-mgf1, sha256Identifier } + * mgf1SHA384Identifier AlgorithmIdentifier ::= + * { id-mgf1, sha384Identifier } + * mgf1SHA512Identifier AlgorithmIdentifier ::= + * { id-mgf1, sha512Identifier } + */ +#if 0 /* Currently unused */ +#define DER_AID_V_mgf1SHA1Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha1Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha1Identifier +static const unsigned char der_aid_mgf1SHA1Identifier[] = { + DER_AID_V_mgf1SHA1Identifier +}; +#define DER_AID_SZ_mgf1SHA1Identifier sizeof(der_aid_mgf1SHA1Identifier) +#endif + +#define DER_AID_V_mgf1SHA224Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha224Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha224Identifier +static const unsigned char der_aid_mgf1SHA224Identifier[] = { + DER_AID_V_mgf1SHA224Identifier +}; +#define DER_AID_SZ_mgf1SHA224Identifier sizeof(der_aid_mgf1SHA224Identifier) + +#define DER_AID_V_mgf1SHA256Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha256Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha256Identifier +static const unsigned char der_aid_mgf1SHA256Identifier[] = { + DER_AID_V_mgf1SHA256Identifier +}; +#define DER_AID_SZ_mgf1SHA256Identifier sizeof(der_aid_mgf1SHA256Identifier) + +#define DER_AID_V_mgf1SHA384Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha384Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha384Identifier +static const unsigned char der_aid_mgf1SHA384Identifier[] = { + DER_AID_V_mgf1SHA384Identifier +}; +#define DER_AID_SZ_mgf1SHA384Identifier sizeof(der_aid_mgf1SHA384Identifier) + +#define DER_AID_V_mgf1SHA512Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha512Identifier +static const unsigned char der_aid_mgf1SHA512Identifier[] = { + DER_AID_V_mgf1SHA512Identifier +}; +#define DER_AID_SZ_mgf1SHA512Identifier sizeof(der_aid_mgf1SHA512Identifier) + +#define DER_AID_V_mgf1SHA512_224Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_224Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha512_224Identifier +static const unsigned char der_aid_mgf1SHA512_224Identifier[] = { + DER_AID_V_mgf1SHA512_224Identifier +}; +#define DER_AID_SZ_mgf1SHA512_224Identifier sizeof(der_aid_mgf1SHA512_224Identifier) + +#define DER_AID_V_mgf1SHA512_256Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_256Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha512_256Identifier +static const unsigned char der_aid_mgf1SHA512_256Identifier[] = { + DER_AID_V_mgf1SHA512_256Identifier +}; +#define DER_AID_SZ_mgf1SHA512_256Identifier sizeof(der_aid_mgf1SHA512_256Identifier) + + +#define MGF1_SHA_CASE(bits, var) \ + case NID_sha##bits: \ + var = der_aid_mgf1SHA##bits##Identifier; \ + var##_sz = sizeof(der_aid_mgf1SHA##bits##Identifier); \ + break; + +/*- + * The name is borrowed from https://tools.ietf.org/html/rfc8017#appendix-A.2.1 + * + * MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} } + */ +static int DER_w_MaskGenAlgorithm(WPACKET *pkt, int tag, + const RSA_PSS_PARAMS_30 *pss) +{ + if (pss != NULL && rsa_pss_params_30_maskgenalg(pss) == NID_mgf1) { + int maskgenhashalg_nid = rsa_pss_params_30_maskgenhashalg(pss); + const unsigned char *maskgenalg = NULL; + size_t maskgenalg_sz = 0; + + switch (maskgenhashalg_nid) { + case NID_sha1: + break; + MGF1_SHA_CASE(224, maskgenalg); + MGF1_SHA_CASE(256, maskgenalg); + MGF1_SHA_CASE(384, maskgenalg); + MGF1_SHA_CASE(512, maskgenalg); + MGF1_SHA_CASE(512_224, maskgenalg); + MGF1_SHA_CASE(512_256, maskgenalg); + default: + return 0; + } + + /* If there is none (or it was the default), we write nothing */ + if (maskgenalg == NULL) + return 1; + + return DER_w_precompiled(pkt, tag, maskgenalg, maskgenalg_sz); + } + return 0; +} + +#define OAEP_PSS_MD_CASE(name, var) \ + case NID_##name: \ + var = der_oid_id_##name; \ + var##_sz = sizeof(der_oid_id_##name); \ + break; + +int DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag, const RSA_PSS_PARAMS_30 *pss) +{ + int hashalg_nid, default_hashalg_nid; + int saltlen, default_saltlen; + int trailerfield, default_trailerfield; + const unsigned char *hashalg = NULL; + size_t hashalg_sz = 0; + + /* + * For an unrestricted key, this function should not have been called; + * the caller must be in control, because unrestricted keys are permitted + * in some situations (when encoding the public key in a SubjectKeyInfo, + * for example) while not in others, and this function doesn't know the + * intent. Therefore, we assert that here, the PSS parameters must show + * that the key is restricted. + */ + if (!ossl_assert(pss != NULL && !rsa_pss_params_30_is_unrestricted(pss))) + return 0; + + hashalg_nid = rsa_pss_params_30_hashalg(pss); + saltlen = rsa_pss_params_30_saltlen(pss); + trailerfield = rsa_pss_params_30_trailerfield(pss); + + /* Getting default values */ + default_hashalg_nid = rsa_pss_params_30_hashalg(NULL); + default_saltlen = rsa_pss_params_30_saltlen(NULL); + default_trailerfield = rsa_pss_params_30_trailerfield(NULL); + + /* + * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1: + * + * OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= { + * { OID id-sha1 PARAMETERS NULL }| + * { OID id-sha224 PARAMETERS NULL }| + * { OID id-sha256 PARAMETERS NULL }| + * { OID id-sha384 PARAMETERS NULL }| + * { OID id-sha512 PARAMETERS NULL }| + * { OID id-sha512-224 PARAMETERS NULL }| + * { OID id-sha512-256 PARAMETERS NULL }, + * ... -- Allows for future expansion -- + * } + */ + switch (hashalg_nid) { + OAEP_PSS_MD_CASE(sha1, hashalg); + OAEP_PSS_MD_CASE(sha224, hashalg); + OAEP_PSS_MD_CASE(sha256, hashalg); + OAEP_PSS_MD_CASE(sha384, hashalg); + OAEP_PSS_MD_CASE(sha512, hashalg); + OAEP_PSS_MD_CASE(sha512_224, hashalg); + OAEP_PSS_MD_CASE(sha512_256, hashalg); + default: + return 0; + } + + return DER_w_begin_sequence(pkt, tag) + && (trailerfield == default_trailerfield + || DER_w_ulong(pkt, 3, trailerfield)) + && (saltlen == default_saltlen || DER_w_ulong(pkt, 2, saltlen)) + && DER_w_MaskGenAlgorithm(pkt, 1, pss) + && (hashalg_nid == default_hashalg_nid + || DER_w_precompiled(pkt, 0, hashalg, hashalg_sz)) + && DER_w_end_sequence(pkt, tag); +} + +/* Aliases so we can have a uniform RSA_CASE */ +#define der_oid_rsassaPss der_oid_id_RSASSA_PSS + +#define RSA_CASE(name, var) \ + var##_nid = NID_##name; \ + var##_oid = der_oid_##name; \ + var##_oid_sz = sizeof(der_oid_##name); \ + break; + int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa) { + int rsa_nid = NID_undef; + const unsigned char *rsa_oid = NULL; + size_t rsa_oid_sz = 0; + RSA_PSS_PARAMS_30 *pss_params = rsa_get0_pss_params_30(rsa); + + switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { + case RSA_FLAG_TYPE_RSA: + RSA_CASE(rsaEncryption, rsa); + case RSA_FLAG_TYPE_RSASSAPSS: + RSA_CASE(rsassaPss, rsa); + } + + if (rsa_oid == NULL) + return 0; + return DER_w_begin_sequence(pkt, tag) - /* No parameters (yet?) */ - && DER_w_precompiled(pkt, -1, der_oid_rsaEncryption, - sizeof(der_oid_rsaEncryption)) + && (rsa_nid != NID_rsassaPss + || rsa_pss_params_30_is_unrestricted(pss_params) + || DER_w_RSASSA_PSS_params(pkt, -1, pss_params)) + && DER_w_precompiled(pkt, -1, rsa_oid, rsa_oid_sz) && DER_w_end_sequence(pkt, tag); } -/* Aliases so we can have a uniform MD_CASE */ +/* Aliases so we can have a uniform MD_with_RSA_CASE */ #define der_oid_sha3_224WithRSAEncryption \ der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224 #define der_oid_sha3_256WithRSAEncryption \ @@ -37,10 +393,10 @@ int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa) #define der_oid_sha3_512WithRSAEncryption \ der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512 -#define MD_CASE(name) \ +#define MD_with_RSA_CASE(name, var) \ case NID_##name: \ - precompiled = der_oid_##name##WithRSAEncryption; \ - precompiled_sz = sizeof(der_oid_##name##WithRSAEncryption); \ + var = der_oid_##name##WithRSAEncryption; \ + var##_sz = sizeof(der_oid_##name##WithRSAEncryption); \ break; int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, @@ -51,23 +407,23 @@ int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, switch (mdnid) { #ifndef FIPS_MODULE - MD_CASE(md2); - MD_CASE(md5); - MD_CASE(md4); - MD_CASE(ripemd160); + MD_with_RSA_CASE(md2, precompiled); + MD_with_RSA_CASE(md5, precompiled); + MD_with_RSA_CASE(md4, precompiled); + MD_with_RSA_CASE(ripemd160, precompiled); /* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */ #endif - MD_CASE(sha1); - MD_CASE(sha224); - MD_CASE(sha256); - MD_CASE(sha384); - MD_CASE(sha512); - MD_CASE(sha512_224); - MD_CASE(sha512_256); - MD_CASE(sha3_224); - MD_CASE(sha3_256); - MD_CASE(sha3_384); - MD_CASE(sha3_512); + MD_with_RSA_CASE(sha1, precompiled); + MD_with_RSA_CASE(sha224, precompiled); + MD_with_RSA_CASE(sha256, precompiled); + MD_with_RSA_CASE(sha384, precompiled); + MD_with_RSA_CASE(sha512, precompiled); + MD_with_RSA_CASE(sha512_224, precompiled); + MD_with_RSA_CASE(sha512_256, precompiled); + MD_with_RSA_CASE(sha3_224, precompiled); + MD_with_RSA_CASE(sha3_256, precompiled); + MD_with_RSA_CASE(sha3_384, precompiled); + MD_with_RSA_CASE(sha3_512, precompiled); default: return 0; } diff --git a/providers/common/der/der_rsa.h.in b/providers/common/der/der_rsa.h.in index 3f7cc0e029..53f6227825 100644 --- a/providers/common/der/der_rsa.h.in +++ b/providers/common/der/der_rsa.h.in @@ -7,15 +7,20 @@ * https://www.openssl.org/source/license.html */ +#include "crypto/rsa.h" #include "internal/der.h" /* Well known OIDs precompiled */ {- - $OUT = oids_to_c::process_leaves('providers/common/der/RSA.asn1', + $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', + 'providers/common/der/DIGESTS.asn1', + 'providers/common/der/RSA.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_H }); -} +int DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag, + const RSA_PSS_PARAMS_30 *pss); int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa); int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, RSA *rsa, int mdnid); diff --git a/providers/common/include/prov/providercommonerr.h b/providers/common/include/prov/providercommonerr.h index 5b3bcbb6a0..87bea503ab 100644 --- a/providers/common/include/prov/providercommonerr.h +++ b/providers/common/include/prov/providercommonerr.h @@ -10,6 +10,7 @@ #ifndef OPENSSL_PROVERR_H # define OPENSSL_PROVERR_H +# pragma once # include # include @@ -89,6 +90,7 @@ int ERR_load_PROV_strings(void); # define PROV_R_INVALID_PSS_SALTLEN 169 # define PROV_R_INVALID_SALT_LENGTH 112 # define PROV_R_INVALID_SEED_LENGTH 154 +# define PROV_R_INVALID_SIGNATURE_SIZE 179 # define PROV_R_INVALID_TAG 110 # define PROV_R_INVALID_TAGLEN 118 # define PROV_R_INVALID_X931_DIGEST 170 @@ -110,6 +112,7 @@ int ERR_load_PROV_strings(void); # define PROV_R_NOT_XOF_OR_INVALID_LENGTH 113 # define PROV_R_NO_KEY_SET 114 # define PROV_R_NO_PARAMETERS_SET 177 +# define PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 178 # define PROV_R_OUTPUT_BUFFER_TOO_SMALL 106 # define PROV_R_PSS_SALTLEN_TOO_SMALL 172 # define PROV_R_READ_KEY 159 diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index 1018fa31ea..f79cdb0e0b 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -75,6 +75,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "invalid salt length"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SEED_LENGTH), "invalid seed length"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SIGNATURE_SIZE), + "invalid signature size"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAG), "invalid tag"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAGLEN), "invalid taglen"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_X931_DIGEST), @@ -101,6 +103,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "not xof or invalid length"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NO_KEY_SET), "no key set"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NO_PARAMETERS_SET), "no parameters set"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), + "operation not supported for this keytype"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_OUTPUT_BUFFER_TOO_SMALL), "output buffer too small"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PSS_SALTLEN_TOO_SMALL), diff --git a/providers/defltprov.c b/providers/defltprov.c index 5667825072..cedbddb80e 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -363,6 +363,7 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = { { "DSA:dsaEncryption", "provider=default", dsa_keymgmt_functions }, #endif { "RSA:rsaEncryption", "provider=default", rsa_keymgmt_functions }, + { "RSA-PSS:RSASSA-PSS", "provider=default", rsapss_keymgmt_functions }, #ifndef OPENSSL_NO_EC { "EC:id-ecPublicKey", "provider=default", ec_keymgmt_functions }, { "X25519", "provider=default", x25519_keymgmt_functions }, @@ -391,6 +392,18 @@ static const OSSL_ALGORITHM deflt_serializer[] = { rsa_priv_pem_serializer_functions }, { "RSA", "provider=default,fips=yes,format=pem,type=public", rsa_pub_pem_serializer_functions }, + { "RSA-PSS", "provider=default,fips=yes,format=text,type=private", + rsa_priv_text_serializer_functions }, + { "RSA-PSS", "provider=default,fips=yes,format=text,type=public", + rsa_pub_text_serializer_functions }, + { "RSA-PSS", "provider=default,fips=yes,format=der,type=private", + rsa_priv_der_serializer_functions }, + { "RSA-PSS", "provider=default,fips=yes,format=der,type=public", + rsa_pub_der_serializer_functions }, + { "RSA-PSS", "provider=default,fips=yes,format=pem,type=private", + rsa_priv_pem_serializer_functions }, + { "RSA-PSS", "provider=default,fips=yes,format=pem,type=public", + rsa_pub_pem_serializer_functions }, #ifndef OPENSSL_NO_DH { "DH", "provider=default,fips=yes,format=text,type=private", diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index ac92b7885f..1d19c1b91a 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -477,6 +477,7 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { { "DSA", "provider=fips,fips=yes", dsa_keymgmt_functions }, #endif { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_keymgmt_functions }, + { "RSA-PSS:RSASSA-PSS", "provider=default", rsapss_keymgmt_functions }, #ifndef OPENSSL_NO_EC { "EC:id-ecPublicKey", "provider=fips,fips=yes", ec_keymgmt_functions }, { "X25519", "provider=fips,fips=no", x25519_keymgmt_functions }, diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c index 0ca52ae743..f7e7b549f8 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -95,7 +95,16 @@ static int rsa_init(void *vprsactx, void *vrsa) return 0; RSA_free(prsactx->rsa); prsactx->rsa = vrsa; - prsactx->pad_mode = RSA_PKCS1_PADDING; + + switch (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK)) { + case RSA_FLAG_TYPE_RSA: + prsactx->pad_mode = RSA_PKCS1_PADDING; + break; + default: + ERR_raise(ERR_LIB_PROV, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return 0; + } + return 1; } diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index 1f761e0ec4..0589a6e996 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -257,6 +257,7 @@ extern const OSSL_DISPATCH kdf_krb5kdf_functions[]; extern const OSSL_DISPATCH dh_keymgmt_functions[]; extern const OSSL_DISPATCH dsa_keymgmt_functions[]; extern const OSSL_DISPATCH rsa_keymgmt_functions[]; +extern const OSSL_DISPATCH rsapss_keymgmt_functions[]; extern const OSSL_DISPATCH x25519_keymgmt_functions[]; extern const OSSL_DISPATCH x448_keymgmt_functions[]; extern const OSSL_DISPATCH ed25519_keymgmt_functions[]; diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index 181df998ad..295cdf61a4 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -26,9 +26,12 @@ #include "internal/param_build_set.h" static OSSL_OP_keymgmt_new_fn rsa_newdata; +static OSSL_OP_keymgmt_new_fn rsapss_newdata; static OSSL_OP_keymgmt_gen_init_fn rsa_gen_init; +static OSSL_OP_keymgmt_gen_init_fn rsapss_gen_init; static OSSL_OP_keymgmt_gen_set_params_fn rsa_gen_set_params; static OSSL_OP_keymgmt_gen_settable_params_fn rsa_gen_settable_params; +static OSSL_OP_keymgmt_gen_settable_params_fn rsapss_gen_settable_params; static OSSL_OP_keymgmt_gen_fn rsa_gen; static OSSL_OP_keymgmt_gen_cleanup_fn rsa_gen_cleanup; static OSSL_OP_keymgmt_free_fn rsa_freedata; @@ -41,51 +44,53 @@ static OSSL_OP_keymgmt_import_fn rsa_import; static OSSL_OP_keymgmt_import_types_fn rsa_import_types; static OSSL_OP_keymgmt_export_fn rsa_export; static OSSL_OP_keymgmt_export_types_fn rsa_export_types; +static OSSL_OP_keymgmt_query_operation_name_fn rsapss_query_operation_name; #define RSA_DEFAULT_MD "SHA256" -#define RSA_POSSIBLE_SELECTIONS \ +#define RSA_PSS_DEFAULT_MD OSSL_DIGEST_NAME_SHA1 +#define RSA_POSSIBLE_SELECTIONS \ (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) DEFINE_STACK_OF(BIGNUM) DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) -static int key_to_params(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) +static int pss_params_fromdata(RSA_PSS_PARAMS_30 *pss_params, + const OSSL_PARAM params[], int rsa_type, + OPENSSL_CTX *libctx) { - int ret = 0; - const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL; - STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null(); - STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null(); - STACK_OF(BIGNUM_const) *coeffs = sk_BIGNUM_const_new_null(); + if (!rsa_pss_params_30_fromdata(pss_params, params, libctx)) + return 0; - if (rsa == NULL || factors == NULL || exps == NULL || coeffs == NULL) - goto err; + /* If not a PSS type RSA, sending us PSS parameters is wrong */ + if (rsa_type != RSA_FLAG_TYPE_RSASSAPSS + && !rsa_pss_params_30_is_unrestricted(pss_params)) + return 0; - RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d); - rsa_get0_all_params(rsa, factors, exps, coeffs); - - if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_N, rsa_n) - || !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_E, rsa_e) - || !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D, rsa_d) - || !ossl_param_build_set_multi_key_bn(bld, params, rsa_mp_factor_names, - factors) - || !ossl_param_build_set_multi_key_bn(bld, params, rsa_mp_exp_names, - exps) - || !ossl_param_build_set_multi_key_bn(bld, params, rsa_mp_coeff_names, - coeffs)) - goto err; - ret = 1; - err: - sk_BIGNUM_const_free(factors); - sk_BIGNUM_const_free(exps); - sk_BIGNUM_const_free(coeffs); - return ret; + return 1; } static void *rsa_newdata(void *provctx) { OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); + RSA *rsa = rsa_new_with_ctx(libctx); + + if (rsa != NULL) { + RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); + RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA); + } + return rsa; +} + +static void *rsapss_newdata(void *provctx) +{ + OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); + RSA *rsa = rsa_new_with_ctx(libctx); - return rsa_new_with_ctx(libctx); + if (rsa != NULL) { + RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); + RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS); + } + return rsa; } static void rsa_freedata(void *keydata) @@ -103,7 +108,8 @@ static int rsa_has(void *keydata, int selection) ok = 1; if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) - ok = ok && 0; /* This will change with PSS and OAEP */ + /* This will change with OAEP */ + ok = ok && (RSA_test_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS) != 0); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) ok = ok && (RSA_get0_e(rsa) != NULL); if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) @@ -132,13 +138,22 @@ static int rsa_match(const void *keydata1, const void *keydata2, int selection) static int rsa_import(void *keydata, int selection, const OSSL_PARAM params[]) { RSA *rsa = keydata; + int rsa_type; int ok = 1; if (rsa == NULL) return 0; - /* TODO(3.0) PSS and OAEP should bring on parameters */ + if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) + return 0; + + rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); + + /* TODO(3.0) OAEP should bring on parameters as well */ + if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) + ok = ok && pss_params_fromdata(rsa_get0_pss_params_30(rsa), params, + rsa_type, rsa_get0_libctx(rsa)); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) ok = ok && rsa_fromdata(rsa, params); @@ -149,6 +164,7 @@ static int rsa_export(void *keydata, int selection, OSSL_CALLBACK *param_callback, void *cbarg) { RSA *rsa = keydata; + const RSA_PSS_PARAMS_30 *pss_params = rsa_get0_pss_params_30(rsa); OSSL_PARAM_BLD *tmpl; OSSL_PARAM *params = NULL; int ok = 1; @@ -156,14 +172,17 @@ static int rsa_export(void *keydata, int selection, if (rsa == NULL) return 0; - /* TODO(3.0) PSS and OAEP should bring on parameters */ + /* TODO(3.0) OAEP should bring on parameters */ tmpl = OSSL_PARAM_BLD_new(); if (tmpl == NULL) return 0; + if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) + ok = ok && (rsa_pss_params_30_is_unrestricted(pss_params) + || rsa_pss_params_30_todata(pss_params, NULL, tmpl, NULL)); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) - ok = ok && key_to_params(rsa, tmpl, NULL); + ok = ok && rsa_todata(rsa, tmpl, NULL); if (!ok || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) @@ -265,6 +284,8 @@ static const OSSL_PARAM *rsa_export_types(int selection) static int rsa_get_params(void *key, OSSL_PARAM params[]) { RSA *rsa = key; + const RSA_PSS_PARAMS_30 *pss_params = rsa_get0_pss_params_30(rsa); + int rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); OSSL_PARAM *p; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL @@ -277,32 +298,36 @@ static int rsa_get_params(void *key, OSSL_PARAM params[]) && !OSSL_PARAM_set_int(p, RSA_size(rsa))) return 0; -# if 0 /* TODO(3.0): PSS support pending */ + /* + * For RSA-PSS keys, we ignore the default digest request + * TODO(3.0) with RSA-OAEP keys, this may need to be amended + */ + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL + && rsa_type != RSA_FLAG_TYPE_RSASSAPSS) { + if (!OSSL_PARAM_set_utf8_string(p, RSA_DEFAULT_MD)) + return 0; + } + + /* + * For non-RSA-PSS keys, we ignore the mandatory digest request + * TODO(3.0) with RSA-OAEP keys, this may need to be amended + */ if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MANDATORY_DIGEST)) != NULL - && RSA_get0_pss_params(rsa) != NULL) { - const EVP_MD *md, *mgf1md; - int min_saltlen; + && rsa_type == RSA_FLAG_TYPE_RSASSAPSS) { + const char *mdname = RSA_PSS_DEFAULT_MD; - if (!rsa_pss_get_param(RSA_get0_pss_params(rsa), - &md, &mgf1md, &min_saltlen)) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); - return 0; + if (!rsa_pss_params_30_is_unrestricted(pss_params)) { + mdname = + rsa_oaeppss_nid2name(rsa_pss_params_30_hashalg(pss_params)); + + if (mdname == NULL || !OSSL_PARAM_set_utf8_string(p, mdname)) + return 0; } - if (!OSSL_PARAM_set_utf8_string(p, EVP_MD_name(md))) - return 0; - } -#endif - if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL -/* TODO(3.0): PSS support pending */ -#if 0 - && RSA_get0_pss_params(rsa) == NULL -#endif - ) { - if (!OSSL_PARAM_set_utf8_string(p, RSA_DEFAULT_MD)) - return 0; } - return key_to_params(rsa, NULL, params); + return (rsa_type != RSA_FLAG_TYPE_RSASSAPSS + || rsa_pss_params_30_todata(pss_params, NULL, NULL, params)) + && rsa_todata(rsa, NULL, params); } static const OSSL_PARAM rsa_params[] = { @@ -343,10 +368,15 @@ static int rsa_validate(void *keydata, int selection) struct rsa_gen_ctx { OPENSSL_CTX *libctx; + int rsa_type; + size_t nbits; BIGNUM *pub_exp; size_t primes; + /* For PSS */ + RSA_PSS_PARAMS_30 pss_params; + /* For generation callback */ OSSL_CALLBACK *cb; void *cbarg; @@ -363,7 +393,7 @@ static int rsa_gencb(int p, int n, BN_GENCB *cb) return gctx->cb(params, gctx->cbarg); } -static void *rsa_gen_init(void *provctx, int selection) +static void *gen_init(void *provctx, int selection, int rsa_type) { OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); struct rsa_gen_ctx *gctx = NULL; @@ -382,10 +412,26 @@ static void *rsa_gen_init(void *provctx, int selection) gctx->nbits = 2048; gctx->primes = RSA_DEFAULT_PRIME_NUM; } + gctx->rsa_type = rsa_type; } return gctx; } +static void *rsa_gen_init(void *provctx, int selection) +{ + return gen_init(provctx, selection, RSA_FLAG_TYPE_RSA); +} + +static void *rsapss_gen_init(void *provctx, int selection) +{ + return gen_init(provctx, selection, RSA_FLAG_TYPE_RSASSAPSS); +} + +/* + * This function is common for all RSA sub-types, to detect possible + * misuse, such as PSS parameters being passed when a plain RSA key + * is generated. + */ static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) { struct rsa_gen_ctx *gctx = genctx; @@ -400,15 +446,44 @@ static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E)) != NULL && !OSSL_PARAM_get_BN(p, &gctx->pub_exp)) return 0; + /* Only attempt to get PSS parameters when generating an RSA-PSS key */ + if (gctx->rsa_type == RSA_FLAG_TYPE_RSASSAPSS + && !pss_params_fromdata(&gctx->pss_params, params, gctx->rsa_type, + gctx->libctx)) + return 0; return 1; } +#define rsa_gen_basic \ + OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_BITS, NULL), \ + OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_PRIMES, NULL), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0) + +/* + * The following must be kept in sync with rsa_pss_params_30_fromdata() + * in crypto/rsa/rsa_backend.c + */ +#define rsa_gen_pss \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST, NULL, 0), \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MASKGENFUNC, NULL, 0), \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MGF1_DIGEST, NULL, 0), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, NULL) + static const OSSL_PARAM *rsa_gen_settable_params(void *provctx) { static OSSL_PARAM settable[] = { - OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_BITS, NULL), - OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_PRIMES, NULL), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), + rsa_gen_basic, + OSSL_PARAM_END + }; + + return settable; +} + +static const OSSL_PARAM *rsapss_gen_settable_params(void *provctx) +{ + static OSSL_PARAM settable[] = { + rsa_gen_basic, + rsa_gen_pss, OSSL_PARAM_END }; @@ -418,11 +493,28 @@ static const OSSL_PARAM *rsa_gen_settable_params(void *provctx) static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) { struct rsa_gen_ctx *gctx = genctx; - RSA *rsa = NULL; + RSA *rsa = NULL, *rsa_tmp = NULL; BN_GENCB *gencb = NULL; + switch (gctx->rsa_type) { + case RSA_FLAG_TYPE_RSA: + /* For plain RSA keys, PSS parameters must not be set */ + if (!rsa_pss_params_30_is_unrestricted(&gctx->pss_params)) + goto err; + break; + case RSA_FLAG_TYPE_RSASSAPSS: + /* + * For plain RSA-PSS keys, PSS parameters may be set but don't have + * to, so not check. + */ + break; + default: + /* Unsupported RSA key sub-type... */ + return NULL; + } + if (gctx == NULL - || (rsa = rsa_new_with_ctx(gctx->libctx)) == NULL) + || (rsa_tmp = rsa_new_with_ctx(gctx->libctx)) == NULL) return NULL; gctx->cb = osslcb; @@ -431,14 +523,23 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) if (gencb != NULL) BN_GENCB_set(gencb, rsa_gencb, genctx); - if (!RSA_generate_multi_prime_key(rsa, (int)gctx->nbits, (int)gctx->primes, - gctx->pub_exp, gencb)) { - RSA_free(rsa); - rsa = NULL; - } + if (!RSA_generate_multi_prime_key(rsa_tmp, + (int)gctx->nbits, (int)gctx->primes, + gctx->pub_exp, gencb)) + goto err; - BN_GENCB_free(gencb); + if (!rsa_pss_params_30_copy(rsa_get0_pss_params_30(rsa_tmp), + &gctx->pss_params)) + goto err; + RSA_clear_flags(rsa_tmp, RSA_FLAG_TYPE_MASK); + RSA_set_flags(rsa_tmp, gctx->rsa_type); + + rsa = rsa_tmp; + rsa_tmp = NULL; + err: + BN_GENCB_free(gencb); + RSA_free(rsa_tmp); return rsa; } @@ -453,6 +554,12 @@ static void rsa_gen_cleanup(void *genctx) OPENSSL_free(gctx); } +/* For any RSA key, we use the "RSA" algorithms regardless of sub-type. */ +static const char *rsapss_query_operation_name(int operation_id) +{ + return "RSA"; +} + const OSSL_DISPATCH rsa_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsa_newdata }, { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsa_gen_init }, @@ -474,3 +581,25 @@ const OSSL_DISPATCH rsa_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, { 0, NULL } }; + +const OSSL_DISPATCH rsapss_keymgmt_functions[] = { + { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsapss_newdata }, + { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsapss_gen_init }, + { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))rsa_gen_set_params }, + { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, + (void (*)(void))rsapss_gen_settable_params }, + { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, + { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, + { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params }, + { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, + { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, + { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import }, + { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, + { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export }, + { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, + { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, + (void (*)(void))rsapss_query_operation_name }, + { 0, NULL } +}; diff --git a/providers/implementations/serializers/build.info b/providers/implementations/serializers/build.info index 097bdcac1c..ffafbe38e5 100644 --- a/providers/implementations/serializers/build.info +++ b/providers/implementations/serializers/build.info @@ -10,7 +10,10 @@ $ECX_GOAL=../../libimplementations.a $EC_GOAL=../../libimplementations.a SOURCE[$SERIALIZER_GOAL]=serializer_common.c + SOURCE[$RSA_GOAL]=serializer_rsa.c serializer_rsa_priv.c serializer_rsa_pub.c +DEPEND[serializer_rsa.o]=../../common/include/prov/der_rsa.h + IF[{- !$disabled{"dh"} || !$disabled{"dsa"} -}] SOURCE[$FFC_GOAL]=serializer_ffc_params.c ENDIF diff --git a/providers/implementations/serializers/serializer_local.h b/providers/implementations/serializers/serializer_local.h index 39fb3ab1e7..f4aee6fc23 100644 --- a/providers/implementations/serializers/serializer_local.h +++ b/providers/implementations/serializers/serializer_local.h @@ -82,6 +82,14 @@ int ossl_prov_prepare_all_dsa_params(const void *dsa, int nid, int ossl_prov_dsa_pub_to_der(const void *dsa, unsigned char **pder); int ossl_prov_dsa_priv_to_der(const void *dsa, unsigned char **pder); +/* + * ossl_prov_prepare_rsa_params() is designed to work with the ossl_prov_write_ + * functions, hence 'void *rsa' rather than 'RSA *rsa'. + */ +int ossl_prov_prepare_rsa_params(const void *rsa, int nid, + void **pstr, int *pstrtype); +int ossl_prov_rsa_type_to_evp(const RSA *rsa); + int ossl_prov_print_labeled_bignum(BIO *out, const char *label, const BIGNUM *bn); int ossl_prov_print_labeled_buf(BIO *out, const char *label, diff --git a/providers/implementations/serializers/serializer_rsa.c b/providers/implementations/serializers/serializer_rsa.c index 7578fec7c2..564210ede2 100644 --- a/providers/implementations/serializers/serializer_rsa.c +++ b/providers/implementations/serializers/serializer_rsa.c @@ -13,8 +13,10 @@ */ #include "internal/deprecated.h" +#include "internal/packet.h" #include "crypto/rsa.h" /* rsa_get0_all_params() */ #include "prov/bio.h" /* ossl_prov_bio_printf() */ +#include "prov/der_rsa.h" /* DER_w_RSASSA_PSS_params() */ #include "prov/implementations.h" /* rsa_keymgmt_functions */ #include "serializer_local.h" @@ -43,6 +45,7 @@ int ossl_prov_print_rsa(BIO *out, RSA *rsa, int priv) STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null(); STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null(); STACK_OF(BIGNUM_const) *coeffs = sk_BIGNUM_const_new_null(); + RSA_PSS_PARAMS_30 *pss_params = rsa_get0_pss_params_30(rsa); int ret = 0; if (rsa == NULL || factors == NULL || exps == NULL || coeffs == NULL) @@ -109,6 +112,61 @@ int ossl_prov_print_rsa(BIO *out, RSA *rsa, int priv) goto err; } } + + switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { + case RSA_FLAG_TYPE_RSA: + if (!rsa_pss_params_30_is_unrestricted(pss_params)) { + if (ossl_prov_bio_printf(out, "(INVALID PSS PARAMETERS)\n") <= 0) + goto err; + } + break; + case RSA_FLAG_TYPE_RSASSAPSS: + if (rsa_pss_params_30_is_unrestricted(pss_params)) { + if (ossl_prov_bio_printf(out, + "No PSS parameter restrictions\n") <= 0) + goto err; + } else { + int hashalg_nid = rsa_pss_params_30_hashalg(pss_params); + int maskgenalg_nid = rsa_pss_params_30_maskgenalg(pss_params); + int maskgenhashalg_nid = + rsa_pss_params_30_maskgenhashalg(pss_params); + int saltlen = rsa_pss_params_30_saltlen(pss_params); + int trailerfield = rsa_pss_params_30_trailerfield(pss_params); + + if (ossl_prov_bio_printf(out, "PSS parameter restrictions:\n") <= 0) + goto err; + if (ossl_prov_bio_printf(out, " Hash Algorithm: %s%s\n", + rsa_oaeppss_nid2name(hashalg_nid), + (hashalg_nid == NID_sha1 + ? " (default)" : "")) <= 0) + goto err; + if (ossl_prov_bio_printf(out, " Mask Algorithm: %s with %s%s\n", + rsa_mgf_nid2name(maskgenalg_nid), + rsa_oaeppss_nid2name(maskgenhashalg_nid), + (maskgenalg_nid == NID_mgf1 + && maskgenhashalg_nid == NID_sha1 + ? " (default)" : "")) <= 0) + goto err; + if (ossl_prov_bio_printf(out, " Minimum Salt Length: %d%s\n", + saltlen, + (saltlen == 20 ? " (default)" : "")) <= 0) + goto err; + /* + * TODO(3.0) Should we show the ASN.1 trailerField value, or + * the actual trailerfield byte (i.e. 0xBC for 1)? + * crypto/rsa/rsa_ameth.c isn't very clear on that, as it + * does display 0xBC when the default applies, but the ASN.1 + * trailerField value otherwise... + */ + if (ossl_prov_bio_printf(out, " Trailer Field: 0x%x%s\n", + trailerfield, + (trailerfield == 1 ? " (default)" : "")) + <= 0) + goto err; + } + break; + } + ret = 1; err: sk_BIGNUM_const_free(factors); @@ -116,3 +174,90 @@ int ossl_prov_print_rsa(BIO *out, RSA *rsa, int priv) sk_BIGNUM_const_free(coeffs); return ret; } + +/* + * Helper functions to prepare RSA-PSS params for serialization. We would + * have simply written the whole AlgorithmIdentifier, but existing libcrypto + * functionality doesn't allow that. + */ + +int ossl_prov_prepare_rsa_params(const void *rsa, int nid, + void **pstr, int *pstrtype) +{ + const RSA_PSS_PARAMS_30 *pss = rsa_get0_pss_params_30((RSA *)rsa); + + *pstr = NULL; + + switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { + case RSA_FLAG_TYPE_RSA: + /* If plain RSA, the parameters shall be NULL */ + *pstrtype = V_ASN1_NULL; + return 1; + case RSA_FLAG_TYPE_RSASSAPSS: + if (rsa_pss_params_30_is_unrestricted(pss)) { + *pstrtype = V_ASN1_UNDEF; + } else { + ASN1_STRING *astr = NULL; + WPACKET pkt; + unsigned char *str = NULL; + size_t str_sz = 0; + int i; + + for (i = 0; i < 2; i++) { + switch (i) { + case 0: + if (!WPACKET_init_null_der(&pkt)) + goto err; + break; + case 1: + if ((str = OPENSSL_malloc(str_sz)) == NULL + || !WPACKET_init_der(&pkt, str, str_sz)) { + goto err; + } + break; + } + if (!DER_w_RSASSA_PSS_params(&pkt, -1, pss) + || !WPACKET_finish(&pkt)) + goto err; + WPACKET_get_total_written(&pkt, &str_sz); + WPACKET_cleanup(&pkt); + + /* + * If no PSS parameters are going to be written, there's no + * point going for another iteration. + * This saves us from getting |str| allocated just to have it + * immediately de-allocated. + */ + if (str_sz == 0) + break; + } + + if ((astr = ASN1_STRING_new()) == NULL) + goto err; + *pstrtype = V_ASN1_SEQUENCE; + ASN1_STRING_set0(astr, str, (int)str_sz); + *pstr = astr; + + return 1; + err: + OPENSSL_free(str); + return 0; + } + } + + /* Currently unsupported RSA key type */ + return 0; +} + +int ossl_prov_rsa_type_to_evp(const RSA *rsa) +{ + switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { + case RSA_FLAG_TYPE_RSA: + return EVP_PKEY_RSA; + case RSA_FLAG_TYPE_RSASSAPSS: + return EVP_PKEY_RSA_PSS; + } + + /* Currently unsupported RSA key type */ + return EVP_PKEY_NONE; +} diff --git a/providers/implementations/serializers/serializer_rsa_priv.c b/providers/implementations/serializers/serializer_rsa_priv.c index 8196473a04..8c68f5de34 100644 --- a/providers/implementations/serializers/serializer_rsa_priv.c +++ b/providers/implementations/serializers/serializer_rsa_priv.c @@ -21,6 +21,7 @@ #include #include #include +#include "crypto/rsa.h" #include "prov/bio.h" #include "prov/implementations.h" #include "prov/providercommonerr.h" @@ -49,34 +50,6 @@ struct rsa_priv_ctx_st { struct pkcs8_encrypt_ctx_st sc; }; -/* Helper functions to prepare RSA-PSS params for serialization */ - -static int prepare_rsa_params(const void *rsa, int nid, - void **pstr, int *pstrtype) -{ - const RSA_PSS_PARAMS *pss = RSA_get0_pss_params(rsa); - *pstr = NULL; - - /* If RSA it's just NULL type */ - if (nid != EVP_PKEY_RSA_PSS) { - *pstrtype = V_ASN1_NULL; - return 1; - } - /* If no PSS parameters we omit parameters entirely */ - if (pss == NULL) { - *pstrtype = V_ASN1_UNDEF; - return 1; - } - /* Encode PSS parameters */ - if (ASN1_item_pack((void *)pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), - (ASN1_STRING **)pstr) - == NULL) - return 0; - - *pstrtype = V_ASN1_SEQUENCE; - return 1; -} - /* Private key : context */ static void *rsa_priv_newctx(void *provctx) { @@ -176,8 +149,9 @@ static int rsa_priv_der(void *vctx, void *rsa, BIO *out, ctx->sc.cb = cb; ctx->sc.cbarg = cbarg; - ret = ossl_prov_write_priv_der_from_obj(out, rsa, EVP_PKEY_RSA, - prepare_rsa_params, + ret = ossl_prov_write_priv_der_from_obj(out, rsa, + ossl_prov_rsa_type_to_evp(rsa), + ossl_prov_prepare_rsa_params, (i2d_of_void *)i2d_RSAPrivateKey, &ctx->sc); @@ -215,8 +189,9 @@ static int rsa_pem_priv(void *vctx, void *rsa, BIO *out, ctx->sc.cb = cb; ctx->sc.cbarg = cbarg; - ret = ossl_prov_write_priv_pem_from_obj(out, rsa, EVP_PKEY_RSA, - prepare_rsa_params, + ret = ossl_prov_write_priv_pem_from_obj(out, rsa, + ossl_prov_rsa_type_to_evp(rsa), + ossl_prov_prepare_rsa_params, (i2d_of_void *)i2d_RSAPrivateKey, &ctx->sc); diff --git a/providers/implementations/serializers/serializer_rsa_pub.c b/providers/implementations/serializers/serializer_rsa_pub.c index bcae074480..28df00877e 100644 --- a/providers/implementations/serializers/serializer_rsa_pub.c +++ b/providers/implementations/serializers/serializer_rsa_pub.c @@ -72,7 +72,10 @@ static int rsa_pub_der_data(void *ctx, const OSSL_PARAM params[], BIO *out, static int rsa_pub_der(void *ctx, void *rsa, BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return i2d_RSA_PUBKEY_bio(out, rsa); + return ossl_prov_write_pub_der_from_obj(out, rsa, + ossl_prov_rsa_type_to_evp(rsa), + ossl_prov_prepare_rsa_params, + (i2d_of_void *)i2d_RSAPublicKey); } /* Public key : PEM */ @@ -100,7 +103,10 @@ static int rsa_pub_pem_data(void *ctx, const OSSL_PARAM params[], BIO *out, static int rsa_pub_pem(void *ctx, void *rsa, BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return PEM_write_bio_RSA_PUBKEY(out, rsa); + return ossl_prov_write_pub_pem_from_obj(out, rsa, + ossl_prov_rsa_type_to_evp(rsa), + ossl_prov_prepare_rsa_params, + (i2d_of_void *)i2d_RSAPublicKey); } static int rsa_pub_print_data(void *ctx, const OSSL_PARAM params[], BIO *out, diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c index f0662d1ee8..bfab22488f 100644 --- a/providers/implementations/signature/dsa.c +++ b/providers/implementations/signature/dsa.c @@ -63,6 +63,7 @@ static OSSL_OP_signature_settable_ctx_md_params_fn dsa_settable_ctx_md_params; typedef struct { OPENSSL_CTX *libctx; + char *propq; DSA *dsa; /* @@ -131,7 +132,7 @@ static int dsa_get_md_nid(const EVP_MD *md) return mdnid; } -static void *dsa_newctx(void *provctx) +static void *dsa_newctx(void *provctx, const char *propq) { PROV_DSA_CTX *pdsactx = OPENSSL_zalloc(sizeof(PROV_DSA_CTX)); @@ -140,12 +141,20 @@ static void *dsa_newctx(void *provctx) pdsactx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx); pdsactx->flag_allow_md = 1; + if (propq != NULL && (pdsactx->propq = OPENSSL_strdup(propq)) == NULL) { + OPENSSL_free(pdsactx); + pdsactx = NULL; + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + } return pdsactx; } static int dsa_setup_md(PROV_DSA_CTX *ctx, const char *mdname, const char *mdprops) { + if (mdprops == NULL) + mdprops = ctx->propq; + if (mdname != NULL) { EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); int md_nid = dsa_get_md_nid(md); @@ -234,7 +243,7 @@ static int dsa_verify(void *vpdsactx, const unsigned char *sig, size_t siglen, } static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname, - const char *props, void *vdsa) + void *vdsa) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; @@ -242,7 +251,7 @@ static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname, if (!dsa_signature_init(vpdsactx, vdsa)) return 0; - if (!dsa_setup_md(pdsactx, mdname, props)) + if (!dsa_setup_md(pdsactx, mdname, NULL)) return 0; pdsactx->mdctx = EVP_MD_CTX_new(); diff --git a/providers/implementations/signature/ecdsa.c b/providers/implementations/signature/ecdsa.c index e05830f500..267950d537 100644 --- a/providers/implementations/signature/ecdsa.c +++ b/providers/implementations/signature/ecdsa.c @@ -60,6 +60,7 @@ static OSSL_OP_signature_settable_ctx_md_params_fn ecdsa_settable_ctx_md_params; typedef struct { OPENSSL_CTX *libctx; + char *propq; EC_KEY *ec; char mdname[OSSL_MAX_NAME_SIZE]; @@ -90,7 +91,7 @@ typedef struct { BIGNUM *r; } PROV_ECDSA_CTX; -static void *ecdsa_newctx(void *provctx) +static void *ecdsa_newctx(void *provctx, const char *propq) { PROV_ECDSA_CTX *ctx = OPENSSL_zalloc(sizeof(PROV_ECDSA_CTX)); @@ -98,6 +99,11 @@ static void *ecdsa_newctx(void *provctx) return NULL; ctx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx); + if (propq != NULL && (ctx->propq = OPENSSL_strdup(propq)) == NULL) { + OPENSSL_free(ctx); + ctx = NULL; + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + } return ctx; } @@ -203,7 +209,7 @@ static void free_md(PROV_ECDSA_CTX *ctx) } static int ecdsa_digest_signverify_init(void *vctx, const char *mdname, - const char *props, void *ec) + void *ec) { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; int md_nid = NID_undef; @@ -214,7 +220,7 @@ static int ecdsa_digest_signverify_init(void *vctx, const char *mdname, if (!ecdsa_signature_init(vctx, ec)) return 0; - ctx->md = EVP_MD_fetch(ctx->libctx, mdname, props); + ctx->md = EVP_MD_fetch(ctx->libctx, mdname, ctx->propq); if ((md_nid = get_md_nid(ctx->md)) == NID_undef) goto error; diff --git a/providers/implementations/signature/eddsa.c b/providers/implementations/signature/eddsa.c index 1a7bf94702..4ecc5266e2 100644 --- a/providers/implementations/signature/eddsa.c +++ b/providers/implementations/signature/eddsa.c @@ -36,7 +36,7 @@ typedef struct { ECX_KEY *key; } PROV_EDDSA_CTX; -static void *eddsa_newctx(void *provctx) +static void *eddsa_newctx(void *provctx, const char *propq_unused) { PROV_EDDSA_CTX *peddsactx = OPENSSL_zalloc(sizeof(PROV_EDDSA_CTX)); @@ -51,7 +51,7 @@ static void *eddsa_newctx(void *provctx) } static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname, - const char *props, void *vedkey) + void *vedkey) { PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx; ECX_KEY *edkey = (ECX_KEY *)vedkey; diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index 0670447480..4dc3a89878 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -31,16 +31,16 @@ #include "prov/der_rsa.h" static OSSL_OP_signature_newctx_fn rsa_newctx; -static OSSL_OP_signature_sign_init_fn rsa_signature_init; -static OSSL_OP_signature_verify_init_fn rsa_signature_init; -static OSSL_OP_signature_verify_recover_init_fn rsa_signature_init; +static OSSL_OP_signature_sign_init_fn rsa_sign_init; +static OSSL_OP_signature_verify_init_fn rsa_verify_init; +static OSSL_OP_signature_verify_recover_init_fn rsa_verify_recover_init; static OSSL_OP_signature_sign_fn rsa_sign; static OSSL_OP_signature_verify_fn rsa_verify; static OSSL_OP_signature_verify_recover_fn rsa_verify_recover; -static OSSL_OP_signature_digest_sign_init_fn rsa_digest_signverify_init; +static OSSL_OP_signature_digest_sign_init_fn rsa_digest_sign_init; static OSSL_OP_signature_digest_sign_update_fn rsa_digest_signverify_update; static OSSL_OP_signature_digest_sign_final_fn rsa_digest_sign_final; -static OSSL_OP_signature_digest_verify_init_fn rsa_digest_signverify_init; +static OSSL_OP_signature_digest_verify_init_fn rsa_digest_verify_init; static OSSL_OP_signature_digest_verify_update_fn rsa_digest_signverify_update; static OSSL_OP_signature_digest_verify_final_fn rsa_digest_verify_final; static OSSL_OP_signature_freectx_fn rsa_freectx; @@ -73,7 +73,9 @@ static OSSL_ITEM padding_item[] = { typedef struct { OPENSSL_CTX *libctx; + char *propq; RSA *rsa; + int operation; /* * Flag to determine if the hash function can be changed (1) or not (0) @@ -155,9 +157,6 @@ static int rsa_get_md_nid(const EVP_MD *md) } } - if (mdnid == NID_undef) - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); - end: return mdnid; } @@ -179,44 +178,51 @@ static int rsa_check_padding(int mdnid, int padding) return 1; } -static void *rsa_newctx(void *provctx) +static int rsa_check_parameters(EVP_MD *md, PROV_RSA_CTX *prsactx) { - PROV_RSA_CTX *prsactx = OPENSSL_zalloc(sizeof(PROV_RSA_CTX)); + if (prsactx->pad_mode == RSA_PKCS1_PSS_PADDING) { + int max_saltlen; + + /* See if minimum salt length exceeds maximum possible */ + max_saltlen = RSA_size(prsactx->rsa) - EVP_MD_size(md); + if ((RSA_bits(prsactx->rsa) & 0x7) == 1) + max_saltlen--; + if (prsactx->min_saltlen > max_saltlen) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH); + return 0; + } + } + return 1; +} - if (prsactx == NULL) +static void *rsa_newctx(void *provctx, const char *propq) +{ + PROV_RSA_CTX *prsactx = NULL; + char *propq_copy = NULL; + + if ((prsactx = OPENSSL_zalloc(sizeof(PROV_RSA_CTX))) == NULL + || (propq != NULL + && (propq_copy = OPENSSL_strdup(propq)) == NULL)) { + OPENSSL_free(prsactx); + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; + } prsactx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx); prsactx->flag_allow_md = 1; + prsactx->propq = propq_copy; return prsactx; } /* True if PSS parameters are restricted */ #define rsa_pss_restricted(prsactx) (prsactx->min_saltlen != -1) -static int rsa_signature_init(void *vprsactx, void *vrsa) -{ - PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; - - if (prsactx == NULL || vrsa == NULL || !RSA_up_ref(vrsa)) - return 0; - - RSA_free(prsactx->rsa); - prsactx->rsa = vrsa; - if (RSA_get0_pss_params(prsactx->rsa) != NULL) - prsactx->pad_mode = RSA_PKCS1_PSS_PADDING; - else - prsactx->pad_mode = RSA_PKCS1_PADDING; - /* Maximum for sign, auto for verify */ - prsactx->saltlen = RSA_PSS_SALTLEN_AUTO; - prsactx->min_saltlen = -1; - - return 1; -} - static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, const char *mdprops) { + if (mdprops == NULL) + mdprops = ctx->propq; + if (mdname != NULL) { EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); int md_nid = rsa_get_md_nid(md); @@ -224,7 +230,14 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, if (md == NULL || md_nid == NID_undef - || !rsa_check_padding(md_nid, ctx->pad_mode)) { + || !rsa_check_padding(md_nid, ctx->pad_mode) + || !rsa_check_parameters(md, ctx)) { + if (md == NULL) + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, + "%s could not be fetched", mdname); + if (md_nid == NID_undef) + ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, + "digest=%s", mdname); EVP_MD_free(md); return 0; } @@ -258,18 +271,90 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, } static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname, - const char *props) + const char *mdprops) { + if (mdprops == NULL) + mdprops = ctx->propq; + if (ctx->mgf1_mdname[0] != '\0') EVP_MD_free(ctx->mgf1_md); - if ((ctx->mgf1_md = EVP_MD_fetch(ctx->libctx, mdname, props)) == NULL) + if ((ctx->mgf1_md = EVP_MD_fetch(ctx->libctx, mdname, mdprops)) == NULL) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, + "%s could not be fetched", mdname); return 0; + } OPENSSL_strlcpy(ctx->mgf1_mdname, mdname, sizeof(ctx->mgf1_mdname)); return 1; } +static int rsa_signature_init(void *vprsactx, void *vrsa, int operation) +{ + PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + + if (prsactx == NULL || vrsa == NULL || !RSA_up_ref(vrsa)) + return 0; + + RSA_free(prsactx->rsa); + prsactx->rsa = vrsa; + prsactx->operation = operation; + + /* Maximum for sign, auto for verify */ + prsactx->saltlen = RSA_PSS_SALTLEN_AUTO; + prsactx->min_saltlen = -1; + + switch (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK)) { + case RSA_FLAG_TYPE_RSA: + prsactx->pad_mode = RSA_PKCS1_PADDING; + break; + case RSA_FLAG_TYPE_RSASSAPSS: + prsactx->pad_mode = RSA_PKCS1_PSS_PADDING; + + { + const RSA_PSS_PARAMS_30 *pss = + rsa_get0_pss_params_30(prsactx->rsa); + + if (!rsa_pss_params_30_is_unrestricted(pss)) { + int md_nid = rsa_pss_params_30_hashalg(pss); + int mgf1md_nid = rsa_pss_params_30_maskgenhashalg(pss); + int min_saltlen = rsa_pss_params_30_saltlen(pss); + const char *mdname, *mgf1mdname; + + mdname = rsa_oaeppss_nid2name(md_nid); + mgf1mdname = rsa_oaeppss_nid2name(mgf1md_nid); + prsactx->min_saltlen = min_saltlen; + + if (mdname == NULL) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, + "PSS restrictions lack hash algorithm"); + return 0; + } + if (mgf1mdname == NULL) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, + "PSS restrictions lack MGF1 hash algorithm"); + return 0; + } + + strncpy(prsactx->mdname, mdname, sizeof(prsactx->mdname)); + strncpy(prsactx->mgf1_mdname, mgf1mdname, + sizeof(prsactx->mgf1_mdname)); + prsactx->saltlen = min_saltlen; + + return rsa_setup_md(prsactx, mdname, prsactx->propq) + && rsa_setup_mgf1_md(prsactx, mgf1mdname, prsactx->propq); + } + } + + break; + default: + ERR_raise(ERR_LIB_RSA, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return 0; + } + + return 1; +} + static int setup_tbuf(PROV_RSA_CTX *ctx) { if (ctx->tbuf != NULL) @@ -289,10 +374,16 @@ static void clean_tbuf(PROV_RSA_CTX *ctx) static void free_tbuf(PROV_RSA_CTX *ctx) { - OPENSSL_clear_free(ctx->tbuf, RSA_size(ctx->rsa)); + clean_tbuf(ctx); + OPENSSL_free(ctx->tbuf); ctx->tbuf = NULL; } +static int rsa_sign_init(void *vprsactx, void *vrsa) +{ + return rsa_signature_init(vprsactx, vrsa, EVP_PKEY_OP_SIGN); +} + static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen, size_t sigsize, const unsigned char *tbs, size_t tbslen) { @@ -306,8 +397,11 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen, return 1; } - if (sigsize < (size_t)rsasize) + if (sigsize < rsasize) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_SIGNATURE_SIZE, + "is %zu, should be at least %zu", sigsize, rsasize); return 0; + } if (mdsize != 0) { if (tbslen != mdsize) { @@ -338,7 +432,9 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen, switch (prsactx->pad_mode) { case RSA_X931_PADDING: if ((size_t)RSA_size(prsactx->rsa) < tbslen + 1) { - ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); + ERR_raise_data(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL, + "RSA key size = %d, expected minimum = %d", + RSA_size(prsactx->rsa), tbslen + 1); return 0; } if (!setup_tbuf(prsactx)) { @@ -372,14 +468,24 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen, switch (prsactx->saltlen) { case RSA_PSS_SALTLEN_DIGEST: if (prsactx->min_saltlen > EVP_MD_size(prsactx->md)) { - ERR_raise(ERR_LIB_PROV, PROV_R_PSS_SALTLEN_TOO_SMALL); + ERR_raise_data(ERR_LIB_PROV, + PROV_R_PSS_SALTLEN_TOO_SMALL, + "minimum salt length set to %d, " + "but the digest only gives %d", + prsactx->min_saltlen, + EVP_MD_size(prsactx->md)); return 0; } /* FALLTHRU */ default: if (prsactx->saltlen >= 0 && prsactx->saltlen < prsactx->min_saltlen) { - ERR_raise(ERR_LIB_PROV, PROV_R_PSS_SALTLEN_TOO_SMALL); + ERR_raise_data(ERR_LIB_PROV, + PROV_R_PSS_SALTLEN_TOO_SMALL, + "minimum salt length set to %d, but the" + "actual salt length is only set to %d", + prsactx->min_saltlen, + prsactx->saltlen); return 0; } break; @@ -421,6 +527,11 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen, return 1; } +static int rsa_verify_recover_init(void *vprsactx, void *vrsa) +{ + return rsa_signature_init(vprsactx, vrsa, EVP_PKEY_OP_VERIFYRECOVER); +} + static int rsa_verify_recover(void *vprsactx, unsigned char *rout, size_t *routlen, @@ -461,7 +572,9 @@ static int rsa_verify_recover(void *vprsactx, *routlen = ret; if (routsize < (size_t)ret) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + ERR_raise_data(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL, + "buffer size is %d, should be %d", + routsize, ret); return 0; } memcpy(rout, prsactx->tbuf, ret); @@ -498,6 +611,11 @@ static int rsa_verify_recover(void *vprsactx, return 1; } +static int rsa_verify_init(void *vprsactx, void *vrsa) +{ + return rsa_signature_init(vprsactx, vrsa, EVP_PKEY_OP_VERIFY); +} + static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen) { @@ -522,29 +640,6 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen, int ret; size_t mdsize; - /* Check PSS restrictions */ - if (rsa_pss_restricted(prsactx)) { - switch (prsactx->saltlen) { - case RSA_PSS_SALTLEN_AUTO: - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PSS_SALTLEN); - return 0; - case RSA_PSS_SALTLEN_DIGEST: - if (prsactx->min_saltlen > EVP_MD_size(prsactx->md)) { - ERR_raise(ERR_LIB_PROV, - PROV_R_PSS_SALTLEN_TOO_SMALL); - return 0; - } - /* FALLTHRU */ - default: - if (prsactx->saltlen >= 0 - && prsactx->saltlen < prsactx->min_saltlen) { - ERR_raise(ERR_LIB_PROV, PROV_R_PSS_SALTLEN_TOO_SMALL); - return 0; - } - break; - } - } - /* * We need to check this for the RSA_verify_PKCS1_PSS_mgf1() * call @@ -598,18 +693,20 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen, } static int rsa_digest_signverify_init(void *vprsactx, const char *mdname, - const char *props, void *vrsa) + void *vrsa, int operation) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; prsactx->flag_allow_md = 0; - if (!rsa_signature_init(vprsactx, vrsa) - || !rsa_setup_md(prsactx, mdname, props)) + if (!rsa_signature_init(vprsactx, vrsa, operation) + || !rsa_setup_md(prsactx, mdname, NULL)) /* TODO RL */ return 0; prsactx->mdctx = EVP_MD_CTX_new(); - if (prsactx->mdctx == NULL) + if (prsactx->mdctx == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); goto error; + } if (!EVP_DigestInit_ex(prsactx->mdctx, prsactx->md, NULL)) goto error; @@ -624,8 +721,9 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname, return 0; } -int rsa_digest_signverify_update(void *vprsactx, const unsigned char *data, - size_t datalen) +static int rsa_digest_signverify_update(void *vprsactx, + const unsigned char *data, + size_t datalen) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; @@ -635,8 +733,15 @@ int rsa_digest_signverify_update(void *vprsactx, const unsigned char *data, return EVP_DigestUpdate(prsactx->mdctx, data, datalen); } -int rsa_digest_sign_final(void *vprsactx, unsigned char *sig, size_t *siglen, - size_t sigsize) +static int rsa_digest_sign_init(void *vprsactx, const char *mdname, + void *vrsa) +{ + return rsa_digest_signverify_init(vprsactx, mdname, vrsa, + EVP_PKEY_OP_SIGN); +} + +static int rsa_digest_sign_final(void *vprsactx, unsigned char *sig, + size_t *siglen, size_t sigsize) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; unsigned char digest[EVP_MAX_MD_SIZE]; @@ -663,6 +768,12 @@ int rsa_digest_sign_final(void *vprsactx, unsigned char *sig, size_t *siglen, return rsa_sign(vprsactx, sig, siglen, sigsize, digest, (size_t)dlen); } +static int rsa_digest_verify_init(void *vprsactx, const char *mdname, + void *vrsa) +{ + return rsa_digest_signverify_init(vprsactx, mdname, vrsa, + EVP_PKEY_OP_VERIFY); +} int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig, size_t siglen) @@ -697,6 +808,7 @@ static void rsa_freectx(void *vprsactx) EVP_MD_CTX_free(prsactx->mdctx); EVP_MD_free(prsactx->md); EVP_MD_free(prsactx->mgf1_md); + OPENSSL_free(prsactx->propq); free_tbuf(prsactx); OPENSSL_clear_free(prsactx, sizeof(prsactx)); @@ -708,8 +820,10 @@ static void *rsa_dupctx(void *vprsactx) PROV_RSA_CTX *dstctx; dstctx = OPENSSL_zalloc(sizeof(*srcctx)); - if (dstctx == NULL) + if (dstctx == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; + } *dstctx = *srcctx; dstctx->rsa = NULL; @@ -860,11 +974,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) return 0; - if (propsp != NULL - && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops))) + + if (propsp == NULL) + pmdprops = NULL; + else if (!OSSL_PARAM_get_utf8_string(propsp, + &pmdprops, sizeof(mdprops))) return 0; - /* TODO(3.0) PSS check needs more work */ if (rsa_pss_restricted(prsactx)) { /* TODO(3.0) figure out what to do for prsactx->md == NULL */ if (prsactx->md == NULL || EVP_MD_is_a(prsactx->md, mdname)) @@ -874,13 +990,14 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) } /* non-PSS code follows */ - if (!rsa_setup_md(prsactx, mdname, mdprops)) + if (!rsa_setup_md(prsactx, mdname, pmdprops)) return 0; } p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_PAD_MODE); if (p != NULL) { int pad_mode = 0; + const char *err_extra_text = NULL; switch (p->data_type) { case OSSL_PARAM_INTEGER: /* Support for legacy pad mode number */ @@ -912,31 +1029,49 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) * OAEP padding is for asymmetric cipher only so is not compatible * with signature use. */ - ERR_raise_data(ERR_LIB_PROV, - PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE, - "OAEP padding not allowed for signing / verifying"); - return 0; + err_extra_text = "OAEP padding not allowed for signing / verifying"; + goto bad_pad; case RSA_PKCS1_PSS_PADDING: - if (prsactx->mdname[0] == '\0') - rsa_setup_md(prsactx, "SHA1", ""); - goto cont; + if ((prsactx->operation + & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)) == 0) { + err_extra_text = + "PSS padding only allowed for sign and verify operations"; + goto bad_pad; + } + if (prsactx->md == NULL + && !rsa_setup_md(prsactx, OSSL_DIGEST_NAME_SHA1, NULL)) { + return 0; + } + break; case RSA_PKCS1_PADDING: + err_extra_text = "PKCS#1 padding not allowed with RSA-PSS"; + goto cont; case RSA_SSLV23_PADDING: + err_extra_text = "SSLv3 padding not allowed with RSA-PSS"; + goto cont; case RSA_NO_PADDING: + err_extra_text = "No padding not allowed with RSA-PSS"; + goto cont; case RSA_X931_PADDING: - if (RSA_get0_pss_params(prsactx->rsa) != NULL) { - ERR_raise_data(ERR_LIB_PROV, - PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE, - "X.931 padding not allowed with RSA-PSS"); - return 0; - } + err_extra_text = "X.931 padding not allowed with RSA-PSS"; cont: - if (!rsa_check_padding(prsactx->mdnid, pad_mode)) - return 0; - break; + if (RSA_test_flags(prsactx->rsa, + RSA_FLAG_TYPE_MASK) == RSA_FLAG_TYPE_RSA) + break; + /* FALLTHRU */ default: + bad_pad: + if (err_extra_text == NULL) + ERR_raise(ERR_LIB_PROV, + PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); + else + ERR_raise_data(ERR_LIB_PROV, + PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE, + err_extra_text); return 0; } + if (!rsa_check_padding(prsactx->mdnid, pad_mode)) + return 0; prsactx->pad_mode = pad_mode; } @@ -980,6 +1115,37 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) return 0; } + if (rsa_pss_restricted(prsactx)) { + switch (prsactx->saltlen) { + case RSA_PSS_SALTLEN_AUTO: + if (prsactx->operation == EVP_PKEY_OP_VERIFY) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PSS_SALTLEN); + return 0; + } + break; + case RSA_PSS_SALTLEN_DIGEST: + if (prsactx->min_saltlen > EVP_MD_size(prsactx->md)) { + ERR_raise_data(ERR_LIB_PROV, + PROV_R_PSS_SALTLEN_TOO_SMALL, + "Should be more than %d, but would be " + "set to match digest size (%d)", + prsactx->min_saltlen, + EVP_MD_size(prsactx->md)); + return 0; + } + /* FALLTHRU */ + default: + if (saltlen >= 0 && saltlen < prsactx->min_saltlen) { + ERR_raise_data(ERR_LIB_PROV, + PROV_R_PSS_SALTLEN_TOO_SMALL, + "Should be more than %d, " + "but would be set to %d", + prsactx->min_saltlen, saltlen); + return 0; + } + } + } + prsactx->saltlen = saltlen; } @@ -993,8 +1159,11 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) return 0; - if (propsp != NULL - && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops))) + + if (propsp == NULL) + pmdprops = NULL; + else if (!OSSL_PARAM_get_utf8_string(propsp, + &pmdprops, sizeof(mdprops))) return 0; if (prsactx->pad_mode != RSA_PKCS1_PSS_PADDING) { @@ -1002,9 +1171,8 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) return 0; } - /* TODO(3.0) PSS check needs more work */ if (rsa_pss_restricted(prsactx)) { - /* TODO(3.0) figure out what to do for prsactx->md == NULL */ + /* TODO(3.0) figure out what to do for prsactx->mgf1_md == NULL */ if (prsactx->mgf1_md == NULL || EVP_MD_is_a(prsactx->mgf1_md, mdname)) return 1; @@ -1013,7 +1181,7 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) } /* non-PSS code follows */ - if (!rsa_setup_mgf1_md(prsactx, mdname, mdprops)) + if (!rsa_setup_mgf1_md(prsactx, mdname, pmdprops)) return 0; } @@ -1083,20 +1251,22 @@ static const OSSL_PARAM *rsa_settable_ctx_md_params(void *vprsactx) const OSSL_DISPATCH rsa_signature_functions[] = { { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx }, - { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_signature_init }, + { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init }, { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))rsa_sign }, - { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))rsa_signature_init }, + { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))rsa_verify_init }, { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))rsa_verify }, - { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT, (void (*)(void))rsa_signature_init }, - { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER, (void (*)(void))rsa_verify_recover }, + { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT, + (void (*)(void))rsa_verify_recover_init }, + { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER, + (void (*)(void))rsa_verify_recover }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, - (void (*)(void))rsa_digest_signverify_init }, + (void (*)(void))rsa_digest_sign_init }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, (void (*)(void))rsa_digest_signverify_update }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, (void (*)(void))rsa_digest_sign_final }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, - (void (*)(void))rsa_digest_signverify_init }, + (void (*)(void))rsa_digest_verify_init }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, (void (*)(void))rsa_digest_signverify_update }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index 2c07ed0282..c5ef7241db 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -130,7 +130,12 @@ static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk) if (!TEST_ptr(membio)) goto err; - if (!TEST_true(EVP_PKEY_print_private(membio, pk, 0, NULL)) + if (/* Output Encrypted private key in PEM form */ + !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(), + (unsigned char *)"pass", 4, + NULL, NULL)) + /* Private key in text form */ + || !TEST_true(EVP_PKEY_print_private(membio, pk, 0, NULL)) || !TEST_true(compare_with_file(alg, PRIV_TEXT, membio)) /* Public key in PEM form */ || !TEST_true(PEM_write_bio_PUBKEY(membio, pk)) @@ -138,11 +143,7 @@ static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk) /* Unencrypted private key in PEM form */ || !TEST_true(PEM_write_bio_PrivateKey(membio, pk, NULL, NULL, 0, NULL, NULL)) - || !TEST_true(compare_with_file(alg, PRIV_PEM, membio)) - /* Encrypted private key in PEM form */ - || !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(), - (unsigned char *)"pass", 4, - NULL, NULL))) + || !TEST_true(compare_with_file(alg, PRIV_PEM, membio))) goto err; ret = 1; diff --git a/test/recipes/15-test_rsapss.t b/test/recipes/15-test_rsapss.t index 0d7e7bf2e3..5c8340259f 100644 --- a/test/recipes/15-test_rsapss.t +++ b/test/recipes/15-test_rsapss.t @@ -16,14 +16,22 @@ use OpenSSL::Test::Utils; setup("test_rsapss"); -plan tests => 5; +plan tests => 7; #using test/testrsa.pem which happens to be a 512 bit RSA ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', - '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max', - '-sigopt', 'rsa_mgf1_md:sha512', '-out', 'testrsapss.sig', + '-sigopt', 'rsa_padding_mode:pss', + '-sigopt', 'rsa_pss_saltlen:max', + '-sigopt', 'rsa_mgf1_md:sha512', + '-out', 'testrsapss-restricted.sig', srctop_file('test', 'testrsa.pem')])), - "openssl dgst -sign"); + "openssl dgst -sign [plain RSA key, PSS padding mode, PSS restrictions]"); + +ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', + '-sigopt', 'rsa_padding_mode:pss', + '-out', 'testrsapss-unrestricted.sig', + srctop_file('test', 'testrsa.pem')])), + "openssl dgst -sign [plain RSA key, PSS padding mode, no PSS restrictions]"); with({ exit_checker => sub { return shift == 1; } }, sub { ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512', @@ -41,8 +49,18 @@ with({ exit_checker => sub { return shift == 1; } }, "openssl dgst -prverify, expect to fail gracefully"); }); -ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha1', - '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max', - '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig', +ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), + '-sha1', + '-sigopt', 'rsa_padding_mode:pss', + '-sigopt', 'rsa_pss_saltlen:max', + '-sigopt', 'rsa_mgf1_md:sha512', + '-signature', 'testrsapss-restricted.sig', + srctop_file('test', 'testrsa.pem')])), + "openssl dgst -prverify [plain RSA key, PSS padding mode, PSS restrictions]"); + +ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), + '-sha1', + '-sigopt', 'rsa_padding_mode:pss', + '-signature', 'testrsapss-unrestricted.sig', srctop_file('test', 'testrsa.pem')])), - "openssl dgst -prverify"); + "openssl dgst -prverify [plain RSA key, PSS padding mode, no PSS restrictions]"); diff --git a/test/ssl-tests/20-cert-select.cnf.in b/test/ssl-tests/20-cert-select.cnf.in index fd3f09d7fb..79325e71c1 100644 --- a/test/ssl-tests/20-cert-select.cnf.in +++ b/test/ssl-tests/20-cert-select.cnf.in @@ -599,10 +599,7 @@ my @tests_tls_1_1 = ( ); push @tests, @tests_non_fips unless $fips_mode; - -#TODO(3.0): Re-enable these PSS tests in a $no_deflt_libctx build once we have -# support for it -push @tests, @tests_pss unless $no_deflt_libctx; +push @tests, @tests_pss; push @tests, @tests_tls_1_1 unless disabled("tls1_1") || $no_deflt_libctx; my $server_tls_1_3; diff --git a/util/libcrypto.num b/util/libcrypto.num index ec6acaefd4..104e065bbd 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5089,3 +5089,6 @@ EVP_PKEY_new_raw_private_key_with_libctx ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_new_raw_public_key_with_libctx ? 3_0_0 EXIST::FUNCTION: OSSL_STORE_attach ? 3_0_0 EXIST::FUNCTION: OSSL_STORE_LOADER_set_attach ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen ? 3_0_0 EXIST::FUNCTION:RSA +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md ? 3_0_0 EXIST::FUNCTION:RSA +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name ? 3_0_0 EXIST::FUNCTION:RSA From openssl at openssl.org Thu May 14 10:42:45 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 14 May 2020 10:42:45 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1589452965.916960.5241.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: f523ca6661 Replace misleading error message when loading PEM 914db66d23 CORE: Attach the provider context to the provider late fdaad3f1b3 Fix some misunderstandings in our providers' main modules b0f3c59408 CORE: Fix the signature of OSSL_provider_query_operation_fn b2952366dd Fix d2i_PrivateKey_ex() to work as documented 885a2a399d Fix CHANGES.md issues reported by markdownlint Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1987, 657 wallclock secs ( 7.99 usr 1.63 sys + 620.59 cusr 43.68 csys = 673.89 CPU) Result: FAIL Makefile:3049: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3047: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu May 14 12:18:46 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 14 May 2020 12:18:46 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1589458726.160042.23597.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: f523ca6661 Replace misleading error message when loading PEM 914db66d23 CORE: Attach the provider context to the provider late fdaad3f1b3 Fix some misunderstandings in our providers' main modules b0f3c59408 CORE: Fix the signature of OSSL_provider_query_operation_fn b2952366dd Fix d2i_PrivateKey_ex() to work as documented 885a2a399d Fix CHANGES.md issues reported by markdownlint Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslprovider.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=197, Tests=1904, 576 wallclock secs ( 6.96 usr 1.59 sys + 543.76 cusr 40.81 csys = 593.12 CPU) Result: FAIL Makefile:3022: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:3020: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu May 14 12:58:54 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 14 May 2020 12:58:54 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1589461134.138681.31834.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: f523ca6661 Replace misleading error message when loading PEM 914db66d23 CORE: Attach the provider context to the provider late fdaad3f1b3 Fix some misunderstandings in our providers' main modules b0f3c59408 CORE: Fix the signature of OSSL_provider_query_operation_fn b2952366dd Fix d2i_PrivateKey_ex() to work as documented 885a2a399d Fix CHANGES.md issues reported by markdownlint Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1989, 653 wallclock secs ( 8.12 usr 1.36 sys + 616.27 cusr 43.44 csys = 669.19 CPU) Result: FAIL Makefile:3040: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3038: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu May 14 14:17:27 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 14 May 2020 14:17:27 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1589465847.451376.15783.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: f523ca6661 Replace misleading error message when loading PEM 914db66d23 CORE: Attach the provider context to the provider late fdaad3f1b3 Fix some misunderstandings in our providers' main modules b0f3c59408 CORE: Fix the signature of OSSL_provider_query_operation_fn b2952366dd Fix d2i_PrivateKey_ex() to work as documented 885a2a399d Fix CHANGES.md issues reported by markdownlint Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslprovider.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=197, Tests=1904, 580 wallclock secs ( 6.80 usr 1.40 sys + 550.01 cusr 39.04 csys = 597.25 CPU) Result: FAIL Makefile:3035: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:3033: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu May 14 14:57:42 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 14 May 2020 14:57:42 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1589468262.278900.23995.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: f523ca6661 Replace misleading error message when loading PEM 914db66d23 CORE: Attach the provider context to the provider late fdaad3f1b3 Fix some misunderstandings in our providers' main modules b0f3c59408 CORE: Fix the signature of OSSL_provider_query_operation_fn b2952366dd Fix d2i_PrivateKey_ex() to work as documented 885a2a399d Fix CHANGES.md issues reported by markdownlint Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1989, 655 wallclock secs ( 8.22 usr 1.50 sys + 617.60 cusr 44.73 csys = 672.05 CPU) Result: FAIL Makefile:3047: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3045: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Thu May 14 15:01:10 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 14 May 2020 15:01:10 +0000 Subject: Build failed: openssl master.34086 Message-ID: <20200514150110.1.7B5063CBB38D70E0@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu May 14 16:22:09 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 14 May 2020 16:22:09 +0000 Subject: [openssl] master update Message-ID: <1589473329.224924.29422.nullmailer@dev.openssl.org> The branch master has been updated via fab8fde3fc5ee871b0f92e207343a45ad8cc36b1 (commit) from 90ad284f4e76254f8d67686ae3a5d6c576037091 (commit) - Log ----------------------------------------------------------------- commit fab8fde3fc5ee871b0f92e207343a45ad8cc36b1 Author: Richard Levitte Date: Thu May 14 17:15:05 2020 +0200 test/evp_extra_test.c: Add OPENSSL_NO_CMAC around CMAC test Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11833) ----------------------------------------------------------------------- Summary of changes: test/evp_extra_test.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index bbd95850c6..53d2f3afdb 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1179,6 +1179,7 @@ static int test_EVP_PKEY_check(int i) return ret; } +#ifndef OPENSSL_NO_CMAC static int test_CMAC_keygen(void) { /* @@ -1199,6 +1200,7 @@ static int test_CMAC_keygen(void) EVP_PKEY_CTX_free(kctx); return ret; } +#endif static int test_HKDF(void) { @@ -1651,7 +1653,9 @@ int setup_tests(void) if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) return 0; ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); +#ifndef OPENSSL_NO_CMAC ADD_TEST(test_CMAC_keygen); +#endif ADD_TEST(test_HKDF); #ifndef OPENSSL_NO_EC ADD_TEST(test_X509_PUBKEY_inplace); From no-reply at appveyor.com Fri May 15 02:21:14 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 15 May 2020 02:21:14 +0000 Subject: Build failed: openssl master.34103 Message-ID: <20200515022114.1.795ADE6CAD5E2FC5@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri May 15 02:47:59 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 15 May 2020 02:47:59 +0000 Subject: Build completed: openssl OpenSSL_1_1_1-stable.34104 Message-ID: <20200515024759.1.A5543EAF72BB40B1@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri May 15 05:58:14 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 15 May 2020 05:58:14 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1589522294.958410.26440.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: fab8fde3fc test/evp_extra_test.c: Add OPENSSL_NO_CMAC around CMAC test 90ad284f4e PROV: make some DER AID arrays non-static, to avoid clang complaints 16e3588d98 .travis.yml: never use -Werror, use --strict-warnings instead d49be019d2 test/recipes/15-test_rsapss.t: Add test with unrestricted signature f63f3b7294 test/ssl-tests/20-cert-select.cnf.in: Re-enable RSA-PSS related tests d59b7a54a5 test/evp_pkey_provided_test.c: Display first, compare after 106ec30bc7 PROV & ASYM_CIPHER: Adapt the RSA asymmetric cipher code for PSS-parameters e25761b10d EVP: Refactor the RSA-PSS key generation controls for providers 2d5536609b PROV & SIGNATURE: Adapt the RSA signature code for PSS-parameters 2c6094baca EVP: For SIGNATURE operations, pass the propquery early ea297dca50 PROV & SERIALIZER: Adapt the RSA serializers for PSS-parameters 8a758e96f2 PROV & KEYMGMT: Add PSS-parameter support in the RSA KEYMGMT implementation 0ec36bf117 PROV: Refactor the RSA SIGNATURE implementation for better param control 36a2a551d7 PROV: Refactor the RSA DER support 2275ff656c DER writer: Add the possibility to abandon empty SEQUENCEs 967cc3f939 RSA: Add PSS-parameter processing in EVP_PKEY_ASN1_METHOD functions 15671090f4 RSA: Add a less loaded PSS-parameter structure e9d6186e05 RSA: Add rsa_schemes.c, to store scheme data and translator functions 645a541a3f RSA: Extract much of the rsa_pkey_export_to() code to a separate function 484d1a73c7 RSA: Add RSA key types a87820e16b test/evp_extra_test.c: Add test for CMAC keygen with a NULL engine bcb018e70b EVP: Only use the engine when one is defined, in pkey_mac_ctrl() c4e3a72720 Add documentation for ASN1_INTEGER_new() and ASN1_INTEGER_free() 63f1883dca Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert() 143be4748e Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID() 6b326fc396 Improve CMP documentation regarding use of untrusted certs 8d9a4d833f Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface 3c38fa4b79 Preliminary fix of memory leak in try_decode_PKCS12() - full fix is in #11733 d3d0784e41 Improve description of algorithm NIDs in doc/man3/OSSL_CMP_CTX_new.pod 05f920db39 Reflect constifications of 62dcd2aa in doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod f55838f34d OSSL_STORE: Make the 'file' scheme loader handle MSBLOB and PVK files bac4bffbfb OSSL_STORE: Better information when prompting for pass phrases 6ab6ecfd6d OSSL_STORE: Make it possible to attach an OSSL_STORE to an opened BIO 78906fff4a PROV: Adapt all our providers to use the new PROV_CTX structure 05aa8790ac PROV: Add a proper provider context structure for OpenSSL providers 484c24c8d7 Remove explicit dependency on configdata.pm when processing .in files dd63f9bbfc Fix FreeBSD build with --strict-warnings 7ef4379061 Fix rsa8192.pem Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1989, 646 wallclock secs ( 7.91 usr 1.36 sys + 605.67 cusr 43.75 csys = 658.69 CPU) Result: FAIL Makefile:3058: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3056: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Fri May 15 06:22:19 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 15 May 2020 06:22:19 +0000 Subject: Build failed: openssl master.34107 Message-ID: <20200515062219.1.A0F2F28E5E4D46E8@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri May 15 07:21:11 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 15 May 2020 07:21:11 +0000 Subject: Build completed: openssl master.34108 Message-ID: <20200515072111.1.4F4F3C46EB4ECA23@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Fri May 15 09:21:43 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 15 May 2020 09:21:43 +0000 Subject: [openssl] master update Message-ID: <1589534503.738819.31722.nullmailer@dev.openssl.org> The branch master has been updated via 6c3cbc939125e24e65c7d6e82319d811e6e29c0f (commit) from fab8fde3fc5ee871b0f92e207343a45ad8cc36b1 (commit) - Log ----------------------------------------------------------------- commit 6c3cbc939125e24e65c7d6e82319d811e6e29c0f Author: Thomas Dwyer III Date: Wed May 13 10:32:47 2020 -0700 Pass "-z defs" to the linker via "-Wl,-z,defs" rather than with gcc's -z flag (which is not supported by older compilers). CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11815) ----------------------------------------------------------------------- Summary of changes: Configurations/shared-info.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configurations/shared-info.pl b/Configurations/shared-info.pl index a673c7cada..461ce3c51f 100644 --- a/Configurations/shared-info.pl +++ b/Configurations/shared-info.pl @@ -36,7 +36,7 @@ my %shared_info; (grep /(?:^|\s)-fsanitize/, @{$config{CFLAGS}}, @{$config{cflags}}) ? '' - : '-z defs', + : '-Wl,-z,defs', }; }, 'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; }, From matt at openssl.org Fri May 15 10:20:58 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 15 May 2020 10:20:58 +0000 Subject: [openssl] master update Message-ID: <1589538058.201692.21362.nullmailer@dev.openssl.org> The branch master has been updated via 64af3aecaea73906325c64d3cf36c9f4e3f180a4 (commit) from 6c3cbc939125e24e65c7d6e82319d811e6e29c0f (commit) - Log ----------------------------------------------------------------- commit 64af3aecaea73906325c64d3cf36c9f4e3f180a4 Author: Richard Levitte Date: Fri Apr 24 11:03:28 2020 +0200 dev/release.sh: Add --reviewer to set reviewers Doing this is kind of contrary to how we normally do things, as this constitutes a kind of pre-approval. However, without this, the normal review process will modify the reviewed commits, and render the annotated release tag invalid, which forces the person doing the release to re-tag manually. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11630) ----------------------------------------------------------------------- Summary of changes: dev/release.sh | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/dev/release.sh b/dev/release.sh index c7f19fe16d..7f7042fb18 100755 --- a/dev/release.sh +++ b/dev/release.sh @@ -24,6 +24,7 @@ Usage: release.sh [ options ... ] where '{major}' and '{minor}' are the major and minor version numbers. +--reviewer= The reviewer of the commits. --local-user= For the purpose of signing tags and tar files, use this key (default: use the default e-mail address? key). @@ -65,6 +66,7 @@ do_manual=false tagkey=' -s' gpgkey= +reviewers= upload_address=upload at dev.openssl.org @@ -73,6 +75,7 @@ TEMP=$(getopt -l 'alpha,next-beta,beta,final' \ -l 'no-upload,no-update' \ -l 'verbose,debug' \ -l 'local-user:' \ + -l 'reviewer:' \ -l 'force' \ -l 'help,manual' \ -n release.sh -- - "$@") @@ -122,6 +125,11 @@ while true; do gpgkey=" -u $1" shift ;; + --reviewer ) + reviewers="$reviewers $1=$2" + shift + shift + ;; --force ) force=true shift @@ -311,6 +319,9 @@ if [ -n "$(git status --porcelain)" ]; then $VERBOSE "== Committing updates" git add -u git commit $git_quiet -m 'make update' + if [ -n "$reviewers" ]; then + addrev --nopr $reviewers + fi fi # Write the version information we updated @@ -339,6 +350,9 @@ done $VERBOSE "== Comitting updates and tagging" git add -u git commit $git_quiet -m "Prepare for release of $release_text" +if [ -n "$reviewers" ]; then + addrev --nopr $reviewers +fi echo "Tagging release with tag $tag. You may need to enter a pass phrase" git tag$tagkey "$tag" -m "OpenSSL $release release tag" @@ -436,6 +450,9 @@ done $VERBOSE "== Comitting updates" git add -u git commit $git_quiet -m "Prepare for $release_text" +if [ -n "$reviewers" ]; then + addrev --nopr $reviewers +fi if $do_branch; then $VERBOSE "== Going back to the main branch $current_branch" @@ -460,6 +477,9 @@ if $do_branch; then $VERBOSE "== Comitting updates" git add -u git commit $git_quiet -m "Prepare for $release_text" + if [ -n "$reviewers" ]; then + addrev --nopr $reviewers + fi fi # Done ############################################################### @@ -543,6 +563,7 @@ B<--beta> | B<--final> | B<--branch> | B<--local-user>=I | +B<--reviewer>=I | B<--no-upload> | B<--no-update> | B<--verbose> | @@ -619,6 +640,14 @@ Use I as the local user for C and for signing with C. If not given, then the default e-mail address' key is used. +=item B<--reviewer>=I + +Add I to the set of reviewers for the commits performed by this script. +Multiple reviewers are allowed. + +If no reviewer is given, you will have to run C manually, which +means retagging a release commit manually as well. + =item B<--force> Force execution. Precisely, the check that the current branch is C From matt at openssl.org Fri May 15 10:23:09 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 15 May 2020 10:23:09 +0000 Subject: [openssl] master update Message-ID: <1589538189.328649.25100.nullmailer@dev.openssl.org> The branch master has been updated via 76899264cbff822929f29f3d56c640368461d7f6 (commit) from 64af3aecaea73906325c64d3cf36c9f4e3f180a4 (commit) - Log ----------------------------------------------------------------- commit 76899264cbff822929f29f3d56c640368461d7f6 Author: Orgad Shaneh Date: Mon Feb 24 09:02:31 2020 +0200 Configure: Avoid SIXTY_FOUR_BIT for linux-mips64 This is a 32-bit ABI build (as opposed to linux64-mips64). Setting SIXTY_FOUR_BIT breaks hardware optimizations, at least on octeon processors. Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11725) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index a462f9e719..7b5da5c469 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -790,7 +790,7 @@ my %targets = ( inherit_from => [ "linux-generic32" ], cflags => add("-mabi=n32"), cxxflags => add("-mabi=n32"), - bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", + bn_ops => "RC4_CHAR", asm_arch => 'mips64', perlasm_scheme => "n32", multilib => "32", From matt at openssl.org Fri May 15 10:24:23 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 15 May 2020 10:24:23 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1589538263.743399.28104.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via fa41bbe00ef03cf7f8bb0c6f20fa59d451fc7bca (commit) from 024035b6e018405d7c29bce2e10e884066203601 (commit) - Log ----------------------------------------------------------------- commit fa41bbe00ef03cf7f8bb0c6f20fa59d451fc7bca Author: Orgad Shaneh Date: Mon Feb 24 09:02:31 2020 +0200 Configure: Avoid SIXTY_FOUR_BIT for linux-mips64 This is a 32-bit ABI build (as opposed to linux64-mips64). Setting SIXTY_FOUR_BIT breaks hardware optimizations, at least on octeon processors. Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11154) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index df1cc00529..d61b9ee108 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -741,7 +741,7 @@ my %targets = ( inherit_from => [ "linux-generic32", asm("mips64_asm") ], cflags => add("-mabi=n32"), cxxflags => add("-mabi=n32"), - bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", + bn_ops => "RC4_CHAR", perlasm_scheme => "n32", multilib => "32", }, From matt at openssl.org Fri May 15 10:36:18 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 15 May 2020 10:36:18 +0000 Subject: [openssl] master update Message-ID: <1589538978.272757.13737.nullmailer@dev.openssl.org> The branch master has been updated via d30ef639647ad263d09740c931a5bfb5a8b6a5f6 (commit) from 76899264cbff822929f29f3d56c640368461d7f6 (commit) - Log ----------------------------------------------------------------- commit d30ef639647ad263d09740c931a5bfb5a8b6a5f6 Author: Matt Caswell Date: Fri May 8 11:12:10 2020 +0100 Correct alignment calculation in ssl3_setup_write The alignment calculation in ssl3_setup_write incorrectly results in an alignment allowance of (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1) bytes. This equals 3 in almost all cases. The maximum alignment actually used in do_ssl3_write is (SSL3_ALIGN_PAYLOAD - 1). This equals 7 bytes in almost all cases. So there is a potential to overrun the buffer by up to 4 bytes. Fortunately, the encryption overhead allowed for is 80 bytes which consists of 16 bytes for the cipher block size and 64 bytes for the MAC output. However the biggest MAC that we ever produce is HMAC-384 which is 48 bytes - so we have a headroom of 16 bytes (i.e. more than the 4 bytes of potential overrun). Thanks to Nagesh Hegde for reporting this. Fixes #11766 Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11768) ----------------------------------------------------------------------- Summary of changes: ssl/record/ssl3_buffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index 5e2cceee27..2c25099e10 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -94,7 +94,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len) headerlen = SSL3_RT_HEADER_LENGTH; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); + align = SSL3_ALIGN_PAYLOAD - 1; #endif len = ssl_get_max_send_fragment(s) From matt at openssl.org Fri May 15 10:43:20 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 15 May 2020 10:43:20 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1589539400.287291.24478.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via df943912046aee2e5e541949dbdbafa38819f195 (commit) from fa41bbe00ef03cf7f8bb0c6f20fa59d451fc7bca (commit) - Log ----------------------------------------------------------------- commit df943912046aee2e5e541949dbdbafa38819f195 Author: Matt Caswell Date: Fri May 8 11:12:10 2020 +0100 Correct alignment calculation in ssl3_setup_write The alignment calculation in ssl3_setup_write incorrectly results in an alignment allowance of (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1) bytes. This equals 3 in almost all cases. The maximum alignment actually used in do_ssl3_write is (SSL3_ALIGN_PAYLOAD - 1). This equals 7 bytes in almost all cases. So there is a potential to overrun the buffer by up to 4 bytes. Fortunately, the encryption overhead allowed for is 80 bytes which consists of 16 bytes for the cipher block size and 64 bytes for the MAC output. However the biggest MAC that we ever produce is HMAC-384 which is 48 bytes - so we have a headroom of 16 bytes (i.e. more than the 4 bytes of potential overrun). Thanks to Nagesh Hegde for reporting this. Fixes #11766 Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11768) (cherry picked from commit d30ef639647ad263d09740c931a5bfb5a8b6a5f6) ----------------------------------------------------------------------- Summary of changes: ssl/record/ssl3_buffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index 605f8f9b75..56c0d78b12 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -94,7 +94,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len) headerlen = SSL3_RT_HEADER_LENGTH; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); + align = SSL3_ALIGN_PAYLOAD - 1; #endif len = ssl_get_max_send_fragment(s) From matt at openssl.org Fri May 15 10:48:24 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 15 May 2020 10:48:24 +0000 Subject: [openssl] master update Message-ID: <1589539704.106975.32316.nullmailer@dev.openssl.org> The branch master has been updated via 11d7d903447ab866d037fb8bba4ceb49c7d89191 (commit) from d30ef639647ad263d09740c931a5bfb5a8b6a5f6 (commit) - Log ----------------------------------------------------------------- commit 11d7d903447ab866d037fb8bba4ceb49c7d89191 Author: Nicolas Vigier Date: Thu Mar 5 20:39:05 2020 +0100 If SOURCE_DATE_EPOCH is defined, use it for copyright year Using the date from SOURCE_DATE_EPOCH instead of the current date makes it possible to reproduce a build that was built on a different year: https://reproducible-builds.org/specs/source-date-epoch/ This is fixing an issue we had while building Tor Browser: https://trac.torproject.org/projects/tor/ticket/33535 CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11296) ----------------------------------------------------------------------- Summary of changes: util/mkrc.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mkrc.pl b/util/mkrc.pl index 8ff358857d..5b1111abd9 100755 --- a/util/mkrc.pl +++ b/util/mkrc.pl @@ -25,7 +25,7 @@ if ( $filename =~ /openssl/i ) { $vft = "VFT_APP"; } -my $YEAR = [localtime()]->[5] + 1900; +my $YEAR = [gmtime($ENV{SOURCE_DATE_EPOCH} || time())]->[5] + 1900; print <<___; #include From matt at openssl.org Fri May 15 10:48:35 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 15 May 2020 10:48:35 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1589539715.878045.999.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 4268df6608684ea179a15e79e7a6213dfd255833 (commit) from df943912046aee2e5e541949dbdbafa38819f195 (commit) - Log ----------------------------------------------------------------- commit 4268df6608684ea179a15e79e7a6213dfd255833 Author: Nicolas Vigier Date: Thu Mar 5 20:39:05 2020 +0100 If SOURCE_DATE_EPOCH is defined, use it for copyright year Using the date from SOURCE_DATE_EPOCH instead of the current date makes it possible to reproduce a build that was built on a different year: https://reproducible-builds.org/specs/source-date-epoch/ This is fixing an issue we had while building Tor Browser: https://trac.torproject.org/projects/tor/ticket/33535 CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11296) (cherry picked from commit 11d7d903447ab866d037fb8bba4ceb49c7d89191) ----------------------------------------------------------------------- Summary of changes: util/mkrc.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mkrc.pl b/util/mkrc.pl index 6762bc4a56..ee61b9e598 100755 --- a/util/mkrc.pl +++ b/util/mkrc.pl @@ -46,7 +46,7 @@ if ( $filename =~ /openssl/i ) { $vft = "VFT_APP"; } -my $YEAR = [localtime()]->[5] + 1900; +my $YEAR = [gmtime($ENV{SOURCE_DATE_EPOCH} || time())]->[5] + 1900; print <<___; #include From matt at openssl.org Fri May 15 13:19:04 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 15 May 2020 13:19:04 +0000 Subject: [openssl] master update Message-ID: <1589548744.357898.22194.nullmailer@dev.openssl.org> The branch master has been updated via 454afd9866300b984306c5b565a9d55568a5bc50 (commit) from 11d7d903447ab866d037fb8bba4ceb49c7d89191 (commit) - Log ----------------------------------------------------------------- commit 454afd9866300b984306c5b565a9d55568a5bc50 Author: Matt Caswell Date: Fri May 15 14:09:49 2020 +0100 Update copyright year Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11839) ----------------------------------------------------------------------- Summary of changes: Configurations/shared-info.pl | 2 +- apps/asn1pars.c | 2 +- apps/cmp.c | 2 +- apps/include/apps_ui.h | 2 +- apps/include/fmt.h | 2 +- apps/include/s_apps.h | 2 +- apps/lib/apps_ui.c | 2 +- apps/lib/fmt.c | 2 +- apps/lib/names.c | 2 +- apps/lib/s_socket.c | 2 +- apps/provider.c | 2 +- crypto/asn1/a_strnid.c | 2 +- crypto/asn1/asn1_gen.c | 2 +- crypto/asn1/asn_moid.c | 2 +- crypto/asn1/asn_mstbl.c | 2 +- crypto/asn1/tasn_dec.c | 2 +- crypto/asn1/tasn_fre.c | 2 +- crypto/asn1/tasn_new.c | 2 +- crypto/bn/bn_conv.c | 2 +- crypto/bn/bn_ctx.c | 2 +- crypto/bn/bn_prime.c | 2 +- crypto/bn/bn_rsa_fips186_4.c | 2 +- crypto/cms/cms_ess.c | 2 +- crypto/cms/cms_pwri.c | 2 +- crypto/cms/cms_sd.c | 2 +- crypto/conf/conf_api.c | 2 +- crypto/conf/conf_def.c | 2 +- crypto/conf/conf_ssl.c | 2 +- crypto/ct/ct_oct.c | 2 +- crypto/ct/ct_prn.c | 2 +- crypto/ct/ct_x509v3.c | 2 +- crypto/dso/dso_dlfcn.c | 2 +- crypto/dso/dso_lib.c | 2 +- crypto/dso/dso_win32.c | 2 +- crypto/engine/eng_cnf.c | 2 +- crypto/engine/eng_dyn.c | 2 +- crypto/evp/evp_cnf.c | 2 +- crypto/include/internal/pem_int.h | 2 +- crypto/modes/siv128.c | 2 +- crypto/ocsp/ocsp_prn.c | 2 +- crypto/ocsp/v3_ocsp.c | 2 +- crypto/pem/pem_lib.c | 2 +- crypto/perlasm/s390x.pm | 2 +- crypto/pkcs12/p12_kiss.c | 2 +- crypto/pkcs12/p12_npas.c | 2 +- crypto/pkcs7/pk7_attr.c | 2 +- crypto/pkcs7/pk7_doit.c | 2 +- crypto/pkcs7/pk7_lib.c | 2 +- crypto/pkcs7/pk7_smime.c | 2 +- crypto/ppccap.c | 2 +- crypto/property/property.c | 2 +- crypto/rand/rand_win.c | 2 +- crypto/store/store_register.c | 2 +- crypto/threads_pthread.c | 2 +- crypto/ts/ts_conf.c | 2 +- crypto/ts/ts_req_utils.c | 2 +- crypto/ts/ts_rsp_print.c | 2 +- crypto/ts/ts_rsp_sign.c | 2 +- crypto/ts/ts_rsp_utils.c | 2 +- crypto/ts/ts_verify_ctx.c | 2 +- crypto/x509/by_file.c | 2 +- crypto/x509/pcy_cache.c | 2 +- crypto/x509/pcy_data.c | 2 +- crypto/x509/pcy_map.c | 2 +- crypto/x509/pcy_node.c | 2 +- crypto/x509/pcy_tree.c | 2 +- crypto/x509/t_crl.c | 2 +- crypto/x509/t_req.c | 2 +- crypto/x509/v3_addr.c | 2 +- crypto/x509/v3_admis.c | 2 +- crypto/x509/v3_akey.c | 2 +- crypto/x509/v3_alt.c | 2 +- crypto/x509/v3_asid.c | 2 +- crypto/x509/v3_bcons.c | 2 +- crypto/x509/v3_bitst.c | 2 +- crypto/x509/v3_conf.c | 2 +- crypto/x509/v3_cpols.c | 2 +- crypto/x509/v3_extku.c | 2 +- crypto/x509/v3_info.c | 2 +- crypto/x509/v3_lib.c | 2 +- crypto/x509/v3_pci.c | 2 +- crypto/x509/v3_pcons.c | 2 +- crypto/x509/v3_pmaps.c | 2 +- crypto/x509/v3_prn.c | 2 +- crypto/x509/v3_sxnet.c | 2 +- crypto/x509/v3_tlsf.c | 2 +- crypto/x509/x509_att.c | 2 +- crypto/x509/x509_obj.c | 2 +- crypto/x509/x509_v3.c | 2 +- crypto/x509/x_attrib.c | 2 +- crypto/x509/x_x509a.c | 2 +- doc/man1/openssl-cmp.pod.in | 2 +- doc/man3/DEFINE_STACK_OF.pod | 2 +- doc/man3/OSSL_STORE_LOADER.pod | 2 +- doc/man3/SSL_CTX_config.pod | 2 +- doc/man3/SSL_CTX_set_num_tickets.pod | 2 +- doc/man3/SSL_set_async_callback.pod | 2 +- doc/man3/SSL_shutdown.pod | 2 +- doc/man7/EVP_KDF-SSHKDF.pod | 2 +- engines/e_capi.c | 2 +- fuzz/client.c | 2 +- fuzz/server.c | 2 +- include/internal/thread_once.h | 2 +- include/openssl/ess.h | 2 +- include/openssl/opensslv.h.in | 2 +- include/openssl/pkcs12.h | 2 +- include/openssl/pkcs7.h | 2 +- include/openssl/safestack.h | 2 +- include/openssl/store.h | 2 +- include/openssl/ts.h | 2 +- providers/common/include/prov/provider_ctx.h | 2 +- providers/implementations/kdfs/pbkdf2_fips.c | 2 +- providers/implementations/kdfs/sshkdf.c | 2 +- providers/implementations/macs/kmac_prov.c | 2 +- ssl/bio_ssl.c | 2 +- ssl/d1_srtp.c | 2 +- test/aesgcmtest.c | 2 +- test/bio_memleak_test.c | 2 +- test/bn_internal_test.c | 2 +- test/cipherbytes_test.c | 2 +- test/cipherlist_test.c | 2 +- test/confdump.c | 2 +- test/crltest.c | 2 +- test/drbg_cavs_test.c | 2 +- test/dtls_mtu_test.c | 2 +- test/property_test.c | 2 +- test/recipes/03-test_internal_bn.t | 2 +- test/recipes/03-test_internal_rsa_sp800_56b.t | 2 +- test/recipes/04-test_pem.t | 2 +- test/recipes/20-test_kdf.t | 2 +- test/recipes/20-test_mac.t | 2 +- test/recipes/30-test_afalg.t | 2 +- test/recipes/30-test_evp_data/evpaessiv.txt | 2 +- test/recipes/90-test_bio_memleak.t | 2 +- test/rsa_sp800_56b_test.c | 2 +- test/run_tests.pl | 2 +- test/ssl_ctx_test.c | 2 +- test/ssl_test_ctx.c | 2 +- test/testutil/test_options.c | 2 +- test/v3nametest.c | 2 +- util/mkrc.pl | 2 +- util/perl/OpenSSL/ParseC.pm | 2 +- 142 files changed, 142 insertions(+), 142 deletions(-) diff --git a/Configurations/shared-info.pl b/Configurations/shared-info.pl index 461ce3c51f..4243591493 100644 --- a/Configurations/shared-info.pl +++ b/Configurations/shared-info.pl @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -*- mode: perl; -*- -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 4b34e7e622..9f21f0c730 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/cmp.c b/apps/cmp.c index 9e40534995..7375b795ca 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * diff --git a/apps/include/apps_ui.h b/apps/include/apps_ui.h index 8c6a48113d..67d61e1396 100644 --- a/apps/include/apps_ui.h +++ b/apps/include/apps_ui.h @@ -1,5 +1,5 @@ /* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/include/fmt.h b/apps/include/fmt.h index ef18fc0dd0..c9edd4707e 100644 --- a/apps/include/fmt.h +++ b/apps/include/fmt.h @@ -1,5 +1,5 @@ /* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h index baedbee9d3..0a1ae526a5 100644 --- a/apps/include/s_apps.h +++ b/apps/include/s_apps.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/lib/apps_ui.c b/apps/lib/apps_ui.c index ae0f5f217c..2a6e01ec10 100644 --- a/apps/lib/apps_ui.c +++ b/apps/lib/apps_ui.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/lib/fmt.c b/apps/lib/fmt.c index 2cdd55e924..af0e63b85b 100644 --- a/apps/lib/fmt.c +++ b/apps/lib/fmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/lib/names.c b/apps/lib/names.c index a1116d68f8..42b9e9065c 100644 --- a/apps/lib/names.c +++ b/apps/lib/names.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c index 52c4a0a764..b9baef913d 100644 --- a/apps/lib/s_socket.c +++ b/apps/lib/s_socket.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/provider.c b/apps/provider.c index de8fd34cf3..d1a1ce7e4f 100644 --- a/apps/provider.c +++ b/apps/provider.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 518d408937..b2be461208 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index c5fb8f91b1..9723da0a3c 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c index 02ca99db79..676d1eca2d 100644 --- a/crypto/asn1/asn_moid.c +++ b/crypto/asn1/asn_moid.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/asn_mstbl.c b/crypto/asn1/asn_mstbl.c index dedf1c3240..fc21cb3098 100644 --- a/crypto/asn1/asn_mstbl.c +++ b/crypto/asn1/asn_mstbl.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 421991146d..379d1e6ee1 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c index a8cd914f4e..9bd2099c5e 100644 --- a/crypto/asn1/tasn_fre.c +++ b/crypto/asn1/tasn_fre.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index a6335691a0..48ba9f3f74 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_conv.c b/crypto/bn/bn_conv.c index 089b755748..15f94079c7 100644 --- a/crypto/bn/bn_conv.c +++ b/crypto/bn/bn_conv.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 5fc8322a31..d6c55cb16c 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 20fa0baac7..579a386fbf 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c index 624829c684..935320ff2d 100644 --- a/crypto/bn/bn_rsa_fips186_4.c +++ b/crypto/bn/bn_rsa_fips186_4.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index 12243dd869..3901074033 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index dee4a53ca1..4726165234 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -1,5 +1,5 @@ /* - * Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 264a4c9ba0..54a836028f 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 827b4032c7..b4edfb28ae 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 6efe291ac8..1d34519d1a 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/conf/conf_ssl.c b/crypto/conf/conf_ssl.c index 14d5dc1d5b..eefd279a10 100644 --- a/crypto/conf/conf_ssl.c +++ b/crypto/conf/conf_ssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ct/ct_oct.c b/crypto/ct/ct_oct.c index dfc6e99e2a..4aca0385d0 100644 --- a/crypto/ct/ct_oct.c +++ b/crypto/ct/ct_oct.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ct/ct_prn.c b/crypto/ct/ct_prn.c index e2ab6b2fd5..a89b4aa6e7 100644 --- a/crypto/ct/ct_prn.c +++ b/crypto/ct/ct_prn.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ct/ct_x509v3.c b/crypto/ct/ct_x509v3.c index 55190debc1..51dd779a3a 100644 --- a/crypto/ct/ct_x509v3.c +++ b/crypto/ct/ct_x509v3.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index 57fa43fa41..b8bbed87e8 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c index 82215dde7d..6c347b58d6 100644 --- a/crypto/dso/dso_lib.c +++ b/crypto/dso/dso_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c index 5826d410b5..49e7100c4e 100644 --- a/crypto/dso/dso_win32.c +++ b/crypto/dso/dso_win32.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c index de215952ab..0ddad7dd80 100644 --- a/crypto/engine/eng_cnf.c +++ b/crypto/engine/eng_cnf.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index f7595b7420..798ff1e3af 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c index 7798c4fcfa..27815553bd 100644 --- a/crypto/evp/evp_cnf.c +++ b/crypto/evp/evp_cnf.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/include/internal/pem_int.h b/crypto/include/internal/pem_int.h index e065ac75a5..c8f90528c3 100644 --- a/crypto/include/internal/pem_int.h +++ b/crypto/include/internal/pem_int.h @@ -1,5 +1,5 @@ /* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c index b214011f34..f45e7e2f97 100644 --- a/crypto/modes/siv128.c +++ b/crypto/modes/siv128.c @@ -1,5 +1,5 @@ /* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index 170fb275a6..c782a8e531 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c index 33451ec4a5..1501321948 100644 --- a/crypto/ocsp/v3_ocsp.c +++ b/crypto/ocsp/v3_ocsp.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 40a31dec97..c170f60bcd 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/perlasm/s390x.pm b/crypto/perlasm/s390x.pm index af8ab6ab7d..dbf4842681 100644 --- a/crypto/perlasm/s390x.pm +++ b/crypto/perlasm/s390x.pm @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index 9a12ef1035..88925f76d9 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c index 838abe352a..a83d745bd5 100644 --- a/crypto/pkcs12/p12_npas.c +++ b/crypto/pkcs12/p12_npas.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c index 1c95a3cfce..926a02a32e 100644 --- a/crypto/pkcs7/pk7_attr.c +++ b/crypto/pkcs7/pk7_attr.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 9fb3ffc1a2..3e2065244d 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 0eb140e6ae..32e2ffc820 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index 3ef59c57ba..385b4af42e 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ppccap.c b/crypto/ppccap.c index 829e46c65e..4989e43221 100644 --- a/crypto/ppccap.c +++ b/crypto/ppccap.c @@ -1,5 +1,5 @@ /* - * Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/property/property.c b/crypto/property/property.c index 93df1bb679..ef39057c54 100644 --- a/crypto/property/property.c +++ b/crypto/property/property.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index a154ad7bf3..89f9d6f1f6 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/store/store_register.c b/crypto/store/store_register.c index 45fbd2fa1c..12efb3e89b 100644 --- a/crypto/store/store_register.c +++ b/crypto/store/store_register.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c index 59aa960a34..8b60251e77 100644 --- a/crypto/threads_pthread.c +++ b/crypto/threads_pthread.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c index 8d2d7129f9..9044920e3f 100644 --- a/crypto/ts/ts_conf.c +++ b/crypto/ts/ts_conf.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ts/ts_req_utils.c b/crypto/ts/ts_req_utils.c index ec36868d88..2d14ed1145 100644 --- a/crypto/ts/ts_req_utils.c +++ b/crypto/ts/ts_req_utils.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ts/ts_rsp_print.c b/crypto/ts/ts_rsp_print.c index 5334cea534..b5374e0fc1 100644 --- a/crypto/ts/ts_rsp_print.c +++ b/crypto/ts/ts_rsp_print.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index e1f187995b..33f2b511e8 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ts/ts_rsp_utils.c b/crypto/ts/ts_rsp_utils.c index b9ec82a2e6..86e1a9d49d 100644 --- a/crypto/ts/ts_rsp_utils.c +++ b/crypto/ts/ts_rsp_utils.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index 2205345b0f..2c95fd1f14 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index 178ec2aeb5..f9e1e73fc4 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/pcy_cache.c b/crypto/x509/pcy_cache.c index a7bcfe6013..61423bf2c2 100644 --- a/crypto/x509/pcy_cache.c +++ b/crypto/x509/pcy_cache.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/pcy_data.c b/crypto/x509/pcy_data.c index 0a98a11169..966b0b2ecb 100644 --- a/crypto/x509/pcy_data.c +++ b/crypto/x509/pcy_data.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c index 76cca2f842..0dec624525 100644 --- a/crypto/x509/pcy_map.c +++ b/crypto/x509/pcy_map.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c index 5afd08121a..baa4fa8d32 100644 --- a/crypto/x509/pcy_node.c +++ b/crypto/x509/pcy_node.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c index f9519d3a19..30879197f8 100644 --- a/crypto/x509/pcy_tree.c +++ b/crypto/x509/pcy_tree.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c index f6705286f2..0824bb6def 100644 --- a/crypto/x509/t_crl.c +++ b/crypto/x509/t_crl.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c index 4cf6493b79..e1ee12de95 100644 --- a/crypto/x509/t_req.c +++ b/crypto/x509/t_req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c index 943423f301..9e2b9d48a9 100644 --- a/crypto/x509/v3_addr.c +++ b/crypto/x509/v3_addr.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_admis.c b/crypto/x509/v3_admis.c index 4cccaf644f..2fbb11bdaf 100644 --- a/crypto/x509/v3_admis.c +++ b/crypto/x509/v3_admis.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_akey.c b/crypto/x509/v3_akey.c index bd231f65a0..a40963d9f0 100644 --- a/crypto/x509/v3_akey.c +++ b/crypto/x509/v3_akey.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_alt.c b/crypto/x509/v3_alt.c index 45f7bac271..5fece4f985 100644 --- a/crypto/x509/v3_alt.c +++ b/crypto/x509/v3_alt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_asid.c b/crypto/x509/v3_asid.c index 798185a7b4..0ff37073cf 100644 --- a/crypto/x509/v3_asid.c +++ b/crypto/x509/v3_asid.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_bcons.c b/crypto/x509/v3_bcons.c index 0ba3c0cc1b..6ab4aaf687 100644 --- a/crypto/x509/v3_bcons.c +++ b/crypto/x509/v3_bcons.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_bitst.c b/crypto/x509/v3_bitst.c index b0a807d35a..ec8fdc55a1 100644 --- a/crypto/x509/v3_bitst.c +++ b/crypto/x509/v3_bitst.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_conf.c b/crypto/x509/v3_conf.c index 38e364709a..bbe67dc3d3 100644 --- a/crypto/x509/v3_conf.c +++ b/crypto/x509/v3_conf.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_cpols.c b/crypto/x509/v3_cpols.c index a5f1453492..abbf5fbe60 100644 --- a/crypto/x509/v3_cpols.c +++ b/crypto/x509/v3_cpols.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_extku.c b/crypto/x509/v3_extku.c index b60d999402..ed51b60f0c 100644 --- a/crypto/x509/v3_extku.c +++ b/crypto/x509/v3_extku.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_info.c b/crypto/x509/v3_info.c index 4acc514af2..489daa7199 100644 --- a/crypto/x509/v3_info.c +++ b/crypto/x509/v3_info.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_lib.c b/crypto/x509/v3_lib.c index a3bb8be8ec..b1e32bb419 100644 --- a/crypto/x509/v3_lib.c +++ b/crypto/x509/v3_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_pci.c b/crypto/x509/v3_pci.c index 4e02f9c546..30711149ce 100644 --- a/crypto/x509/v3_pci.c +++ b/crypto/x509/v3_pci.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_pcons.c b/crypto/x509/v3_pcons.c index 43e5bc555b..e7bb7e9546 100644 --- a/crypto/x509/v3_pcons.c +++ b/crypto/x509/v3_pcons.c @@ -1,5 +1,5 @@ /* - * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_pmaps.c b/crypto/x509/v3_pmaps.c index 9dcd459852..d54384dac2 100644 --- a/crypto/x509/v3_pmaps.c +++ b/crypto/x509/v3_pmaps.c @@ -1,5 +1,5 @@ /* - * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_prn.c b/crypto/x509/v3_prn.c index e5f062b668..aa902204f0 100644 --- a/crypto/x509/v3_prn.c +++ b/crypto/x509/v3_prn.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_sxnet.c b/crypto/x509/v3_sxnet.c index 364348d9dc..d90073754e 100644 --- a/crypto/x509/v3_sxnet.c +++ b/crypto/x509/v3_sxnet.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_tlsf.c b/crypto/x509/v3_tlsf.c index ec9652aeef..e494e4e8d1 100644 --- a/crypto/x509/v3_tlsf.c +++ b/crypto/x509/v3_tlsf.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c index 03b90262ee..ce003615ec 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c index 1229c01b6b..c1e893bf13 100644 --- a/crypto/x509/x509_obj.c +++ b/crypto/x509/x509_obj.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index 31438d2017..f059667263 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c index 99609cfca6..fca6df5067 100644 --- a/crypto/x509/x_attrib.c +++ b/crypto/x509/x_attrib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c index 957386b8e2..f0dc9d6535 100644 --- a/crypto/x509/x_x509a.c +++ b/crypto/x509/x_x509a.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index cf7f6aa418..102f99aea4 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -1155,7 +1155,7 @@ L, L, L =head1 COPYRIGHT -Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DEFINE_STACK_OF.pod b/doc/man3/DEFINE_STACK_OF.pod index 6c165c0043..9088dc040b 100644 --- a/doc/man3/DEFINE_STACK_OF.pod +++ b/doc/man3/DEFINE_STACK_OF.pod @@ -270,7 +270,7 @@ B_reserve>() and B_new_reserve>() were added in OpenSSL =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index 97fde1268f..ad9544ebd1 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -273,7 +273,7 @@ were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_config.pod b/doc/man3/SSL_CTX_config.pod index 7aba58f826..8ddb4a9739 100644 --- a/doc/man3/SSL_CTX_config.pod +++ b/doc/man3/SSL_CTX_config.pod @@ -80,7 +80,7 @@ The SSL_CTX_config() and SSL_config() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_num_tickets.pod b/doc/man3/SSL_CTX_set_num_tickets.pod index 5d4bd6f5be..aa673bd8d0 100644 --- a/doc/man3/SSL_CTX_set_num_tickets.pod +++ b/doc/man3/SSL_CTX_set_num_tickets.pod @@ -81,7 +81,7 @@ SSL_CTX_get_num_tickets() were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_set_async_callback.pod b/doc/man3/SSL_set_async_callback.pod index 4b808dc33a..5a0bd2bfc1 100644 --- a/doc/man3/SSL_set_async_callback.pod +++ b/doc/man3/SSL_set_async_callback.pod @@ -121,7 +121,7 @@ SSL_get_async_status() were first added to OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_shutdown.pod b/doc/man3/SSL_shutdown.pod index f7476500fd..25191130ae 100644 --- a/doc/man3/SSL_shutdown.pod +++ b/doc/man3/SSL_shutdown.pod @@ -165,7 +165,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_KDF-SSHKDF.pod b/doc/man7/EVP_KDF-SSHKDF.pod index a9358168c6..e91858c051 100644 --- a/doc/man7/EVP_KDF-SSHKDF.pod +++ b/doc/man7/EVP_KDF-SSHKDF.pod @@ -148,7 +148,7 @@ L =head1 COPYRIGHT -Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/engines/e_capi.c b/engines/e_capi.c index c8d181c93a..4ac559026a 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/fuzz/client.c b/fuzz/client.c index f80e8a0a48..01bd70a49f 100644 --- a/fuzz/client.c +++ b/fuzz/client.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/fuzz/server.c b/fuzz/server.c index fe4fa5c70b..f00029b0a9 100644 --- a/fuzz/server.c +++ b/fuzz/server.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/include/internal/thread_once.h b/include/internal/thread_once.h index 3f62bd344e..cbc9cc1e6d 100644 --- a/include/internal/thread_once.h +++ b/include/internal/thread_once.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/ess.h b/include/openssl/ess.h index 91e1d32e63..17962473c1 100644 --- a/include/openssl/ess.h +++ b/include/openssl/ess.h @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/opensslv.h.in b/include/openssl/opensslv.h.in index d9eee21c2d..3f47a2ac08 100644 --- a/include/openssl/opensslv.h.in +++ b/include/openssl/opensslv.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h index 72a2dc643b..abf124f27a 100644 --- a/include/openssl/pkcs12.h +++ b/include/openssl/pkcs12.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h index 4d114d75e7..0e1c50032f 100644 --- a/include/openssl/pkcs7.h +++ b/include/openssl/pkcs7.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h index 5d099e6246..c94ce78cf9 100644 --- a/include/openssl/safestack.h +++ b/include/openssl/safestack.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/store.h b/include/openssl/store.h index 619829dc97..ffea2df15b 100644 --- a/include/openssl/store.h +++ b/include/openssl/store.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/ts.h b/include/openssl/ts.h index c4d96d8b8e..48cea0f503 100644 --- a/include/openssl/ts.h +++ b/include/openssl/ts.h @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/common/include/prov/provider_ctx.h b/providers/common/include/prov/provider_ctx.h index 0984f13635..fc2df2ee67 100644 --- a/providers/common/include/prov/provider_ctx.h +++ b/providers/common/include/prov/provider_ctx.h @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/kdfs/pbkdf2_fips.c b/providers/implementations/kdfs/pbkdf2_fips.c index cbfc6b7fc3..be60be1fa0 100644 --- a/providers/implementations/kdfs/pbkdf2_fips.c +++ b/providers/implementations/kdfs/pbkdf2_fips.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c index 077e451562..4ba9a16408 100644 --- a/providers/implementations/kdfs/sshkdf.c +++ b/providers/implementations/kdfs/sshkdf.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c index 451b52460c..da465965de 100644 --- a/providers/implementations/macs/kmac_prov.c +++ b/providers/implementations/macs/kmac_prov.c @@ -1,5 +1,5 @@ /* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index ca364fd14f..ce8d148cb9 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index c46bc2e641..66c1b54eeb 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/aesgcmtest.c b/test/aesgcmtest.c index 3bb3a54fcb..bacbb8f114 100644 --- a/test/aesgcmtest.c +++ b/test/aesgcmtest.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/bio_memleak_test.c b/test/bio_memleak_test.c index beadd79c43..cafc60e7b7 100644 --- a/test/bio_memleak_test.c +++ b/test/bio_memleak_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/bn_internal_test.c b/test/bn_internal_test.c index 31d51cb804..2dda2345cb 100644 --- a/test/bn_internal_test.c +++ b/test/bn_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/cipherbytes_test.c b/test/cipherbytes_test.c index 9e2c5eaaea..cbbfff2a41 100644 --- a/test/cipherbytes_test.c +++ b/test/cipherbytes_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c index 3bc103c737..f850d7bbe9 100644 --- a/test/cipherlist_test.c +++ b/test/cipherlist_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/test/confdump.c b/test/confdump.c index 48b3779df7..3750d2cc8c 100644 --- a/test/confdump.c +++ b/test/confdump.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/crltest.c b/test/crltest.c index ac2d27b328..ff2fadaa6b 100644 --- a/test/crltest.c +++ b/test/crltest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/drbg_cavs_test.c b/test/drbg_cavs_test.c index d82cc81a6c..2873417ff0 100644 --- a/test/drbg_cavs_test.c +++ b/test/drbg_cavs_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/dtls_mtu_test.c b/test/dtls_mtu_test.c index b45df8a2e9..b0730077b7 100644 --- a/test/dtls_mtu_test.c +++ b/test/dtls_mtu_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/property_test.c b/test/property_test.c index aad43b9184..6f8216ef33 100644 --- a/test/property_test.c +++ b/test/property_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/test/recipes/03-test_internal_bn.t b/test/recipes/03-test_internal_bn.t index 0b73314988..3018ccff12 100644 --- a/test/recipes/03-test_internal_bn.t +++ b/test/recipes/03-test_internal_bn.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/03-test_internal_rsa_sp800_56b.t b/test/recipes/03-test_internal_rsa_sp800_56b.t index 8a379908fc..3922f0b257 100644 --- a/test/recipes/03-test_internal_rsa_sp800_56b.t +++ b/test/recipes/03-test_internal_rsa_sp800_56b.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/04-test_pem.t b/test/recipes/04-test_pem.t index d553bec0a8..b7b28ea7d3 100644 --- a/test/recipes/04-test_pem.t +++ b/test/recipes/04-test_pem.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/20-test_kdf.t b/test/recipes/20-test_kdf.t index b308ae6d6b..d0ea07ee9a 100755 --- a/test/recipes/20-test_kdf.t +++ b/test/recipes/20-test_kdf.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/20-test_mac.t b/test/recipes/20-test_mac.t index cfca431fcc..e34381c025 100644 --- a/test/recipes/20-test_mac.t +++ b/test/recipes/20-test_mac.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_afalg.t b/test/recipes/30-test_afalg.t index 98ffc9908c..572a847511 100644 --- a/test/recipes/30-test_afalg.t +++ b/test/recipes/30-test_afalg.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_evp_data/evpaessiv.txt b/test/recipes/30-test_evp_data/evpaessiv.txt index 022aa33281..e891b2149a 100644 --- a/test/recipes/30-test_evp_data/evpaessiv.txt +++ b/test/recipes/30-test_evp_data/evpaessiv.txt @@ -1,5 +1,5 @@ # -# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/90-test_bio_memleak.t b/test/recipes/90-test_bio_memleak.t index 061e5460ad..f61d2a8d8e 100644 --- a/test/recipes/90-test_bio_memleak.t +++ b/test/recipes/90-test_bio_memleak.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/rsa_sp800_56b_test.c b/test/rsa_sp800_56b_test.c index bb14887e98..b80df0137a 100644 --- a/test/rsa_sp800_56b_test.c +++ b/test/rsa_sp800_56b_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/run_tests.pl b/test/run_tests.pl index 0ed768ed41..b75f763979 100644 --- a/test/run_tests.pl +++ b/test/run_tests.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/ssl_ctx_test.c b/test/ssl_ctx_test.c index 9558aebe71..e461d72595 100644 --- a/test/ssl_ctx_test.c +++ b/test/ssl_ctx_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index f591adf90b..aee9773bf8 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/testutil/test_options.c b/test/testutil/test_options.c index 25774fe0f9..51d880399b 100644 --- a/test/testutil/test_options.c +++ b/test/testutil/test_options.c @@ -1,5 +1,5 @@ /* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/v3nametest.c b/test/v3nametest.c index 507b0fcf9f..a5fa482215 100644 --- a/test/v3nametest.c +++ b/test/v3nametest.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/util/mkrc.pl b/util/mkrc.pl index 5b1111abd9..d3617663eb 100755 --- a/util/mkrc.pl +++ b/util/mkrc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/perl/OpenSSL/ParseC.pm b/util/perl/OpenSSL/ParseC.pm index 6d060bb77a..dd1da99f58 100644 --- a/util/perl/OpenSSL/ParseC.pm +++ b/util/perl/OpenSSL/ParseC.pm @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy From matt at openssl.org Fri May 15 14:02:05 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 15 May 2020 14:02:05 +0000 Subject: [openssl] master update Message-ID: <1589551325.529324.15237.nullmailer@dev.openssl.org> The branch master has been updated via 5d979e0484865f48ef4d180e1698be6f2b58fd9f (commit) via 9e8604b891483e2d06bb994460ca18b93011fdde (commit) from 454afd9866300b984306c5b565a9d55568a5bc50 (commit) - Log ----------------------------------------------------------------- commit 5d979e0484865f48ef4d180e1698be6f2b58fd9f Author: Matt Caswell Date: Fri May 15 14:35:04 2020 +0100 Prepare for 3.0 alpha 3 Reviewed-by: Richard Levitte commit 9e8604b891483e2d06bb994460ca18b93011fdde Author: Matt Caswell Date: Fri May 15 14:33:29 2020 +0100 Prepare for release of 3.0 alpha 2 Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index dde825f846..a342bef4c0 100644 --- a/VERSION +++ b/VERSION @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 PATCH=0 -PRE_RELEASE_TAG=alpha2-dev +PRE_RELEASE_TAG=alpha3-dev BUILD_METADATA= RELEASE_DATE="" SHLIB_VERSION=3 From matt at openssl.org Fri May 15 14:03:25 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 15 May 2020 14:03:25 +0000 Subject: [web] master update Message-ID: <1589551405.868115.17050.nullmailer@dev.openssl.org> The branch master has been updated via a3ca66fc68fce2216fa885db22706d0396bf8cfc (commit) from d874d260ef2e325c946ae152ea0d09c640c73d8b (commit) - Log ----------------------------------------------------------------- commit a3ca66fc68fce2216fa885db22706d0396bf8cfc Author: Matt Caswell Date: Fri May 15 14:53:08 2020 +0100 Update newsflash for alpha2 release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/177) ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 5267af2..91573a2 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +15-May-2020: Alpha 2 of OpenSSL 3.0 is now available: please download and test it 23-Apr-2020: New Blog post: OpenSSL 3.0 Alpha1 Release 23-Apr-2020: Alpha 1 of OpenSSL 3.0 is now available: please download and test it 21-Apr-2020: Security Advisory: one high severity fix in SSL_check_chain() From levitte at openssl.org Fri May 15 14:34:27 2020 From: levitte at openssl.org (Richard Levitte) Date: Fri, 15 May 2020 14:34:27 +0000 Subject: [openssl] master update Message-ID: <1589553267.690117.31714.nullmailer@dev.openssl.org> The branch master has been updated via 80627240638673eb605f48486b2651712690985f (commit) from 5d979e0484865f48ef4d180e1698be6f2b58fd9f (commit) - Log ----------------------------------------------------------------- commit 80627240638673eb605f48486b2651712690985f Author: Matt Caswell Date: Thu May 14 14:21:40 2020 +0100 Ignore some auto-generated DER files Reviewed-by: Dmitry Belyavskiy Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11830) ----------------------------------------------------------------------- Summary of changes: .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 856a6c71d5..d15303e49b 100644 --- a/.gitignore +++ b/.gitignore @@ -32,9 +32,11 @@ doc/man1/openssl-*.pod providers/common/der/der_dsa.c providers/common/der/der_ec.c providers/common/der/der_rsa.c +providers/common/der/der_digests.c providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h +providers/common/include/prov/der_digests.h # error code files /crypto/err/openssl.txt.old From levitte at openssl.org Fri May 15 14:44:31 2020 From: levitte at openssl.org (Richard Levitte) Date: Fri, 15 May 2020 14:44:31 +0000 Subject: [openssl] master update Message-ID: <1589553871.560271.8846.nullmailer@dev.openssl.org> The branch master has been updated via 92dc275f95a5a87465a1ae3bac54bb2ead9732ca (commit) from 80627240638673eb605f48486b2651712690985f (commit) - Log ----------------------------------------------------------------- commit 92dc275f95a5a87465a1ae3bac54bb2ead9732ca Author: Richard Levitte Date: Thu May 14 14:04:41 2020 +0200 SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys Fixes #11720 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11828) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_cert.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 408404958e..e81542a89e 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -1068,19 +1068,20 @@ int ssl_cert_lookup_by_nid(int nid, size_t *pidx) const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx) { - int nid = EVP_PKEY_id(pk); - size_t tmpidx; - - if (nid == NID_undef) - return NULL; + size_t i; - if (!ssl_cert_lookup_by_nid(nid, &tmpidx)) - return NULL; + for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) { + const SSL_CERT_LOOKUP *tmp_lu = &ssl_cert_info[i]; - if (pidx != NULL) - *pidx = tmpidx; + if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->nid)) + || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->nid))) { + if (pidx != NULL) + *pidx = i; + return tmp_lu; + } + } - return &ssl_cert_info[tmpidx]; + return NULL; } const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx) From matt at openssl.org Fri May 15 14:53:33 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 15 May 2020 14:53:33 +0000 Subject: [web] master update Message-ID: <1589554413.363771.24716.nullmailer@dev.openssl.org> The branch master has been updated via a31146714fc598622c0439b595047fa0000782f0 (commit) from a3ca66fc68fce2216fa885db22706d0396bf8cfc (commit) - Log ----------------------------------------------------------------- commit a31146714fc598622c0439b595047fa0000782f0 Author: Matt Caswell Date: Thu Apr 23 16:22:08 2020 +0100 Add some notes about 3.0 on the download page Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/174) ----------------------------------------------------------------------- Summary of changes: source/index.html | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/source/index.html b/source/index.html index b617cfe..d0ae87b 100644 --- a/source/index.html +++ b/source/index.html @@ -32,7 +32,7 @@

    Note: The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September - 2023. All other versions (including 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are + 2023. All older versions (including 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are now out of support and should not be used. Users of these older versions are encourage to upgrade to 1.1.1 as soon as possible. Extended support for 1.0.2 to gain access to security fixes for that version is @@ -43,6 +43,12 @@ conjunction with a FIPS capable version of OpenSSL (1.0.2 series). A new FIPS module is currently in development.

    +

    OpenSSL 3.0 is the next major version of OpenSSL that is currently + in development and includes the new FIPS Object Module. A pre-release + version of this is available below. This is for testing only. It should + not be used in production. Information and notes about OpenSSL 3.0 are + available on the OpenSSL + Wiki

    From tmraz at fedoraproject.org Fri May 15 16:14:17 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Fri, 15 May 2020 16:14:17 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1589559257.027894.6695.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 6b4b92d7f212caf4c525af4bf0c35fbbf5f38a3b (commit) via dea4e33a92a8c6a49bfabda4e78afa3d0e2e0d61 (commit) from 4268df6608684ea179a15e79e7a6213dfd255833 (commit) - Log ----------------------------------------------------------------- commit 6b4b92d7f212caf4c525af4bf0c35fbbf5f38a3b Author: raja-ashok Date: Sun May 10 22:47:00 2020 +0530 Test TLSv1.3 out-of-band PSK with all 5 ciphersuites Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11809) commit dea4e33a92a8c6a49bfabda4e78afa3d0e2e0d61 Author: raja-ashok Date: Fri May 8 19:17:21 2020 +0530 Fix crash in early data send with out-of-band PSK using AES CCM Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11809) ----------------------------------------------------------------------- Summary of changes: ssl/tls13_enc.c | 11 +++++- test/sslapitest.c | 110 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 118 insertions(+), 3 deletions(-) diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 86754dc967..b8fb07f210 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -390,11 +390,18 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, uint32_t algenc; ivlen = EVP_CCM_TLS_IV_LEN; - if (s->s3->tmp.new_cipher == NULL) { + if (s->s3->tmp.new_cipher != NULL) { + algenc = s->s3->tmp.new_cipher->algorithm_enc; + } else if (s->session->cipher != NULL) { /* We've not selected a cipher yet - we must be doing early data */ algenc = s->session->cipher->algorithm_enc; + } else if (s->psksession != NULL && s->psksession->cipher != NULL) { + /* We must be doing early data with out-of-band PSK */ + algenc = s->psksession->cipher->algorithm_enc; } else { - algenc = s->s3->tmp.new_cipher->algorithm_enc; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV, + ERR_R_EVP_LIB); + goto err; } if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8)) taglen = EVP_CCM8_TLS_TAG_LEN; diff --git a/test/sslapitest.c b/test/sslapitest.c index b3cd30d9a8..62d22e85b0 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -2129,8 +2129,11 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, #define MSG6 "test" #define MSG7 "message." -#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") #define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") +#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") +#define TLS13_CHACHA20_POLY1305_SHA256_BYTES ((const unsigned char *)"\x13\x03") +#define TLS13_AES_128_CCM_SHA256_BYTES ((const unsigned char *)"\x13\x04") +#define TLS13_AES_128_CCM_8_SHA256_BYTES ((const unsigned char *)"\x13\05") static SSL_SESSION *create_a_psk(SSL *ssl) @@ -3058,6 +3061,110 @@ static int test_early_data_psk(int idx) return testresult; } +/* + * Test TLSv1.3 PSK can be used to send early_data with all 5 ciphersuites + * idx == 0: Test with TLS1_3_RFC_AES_128_GCM_SHA256 + * idx == 1: Test with TLS1_3_RFC_AES_256_GCM_SHA384 + * idx == 2: Test with TLS1_3_RFC_CHACHA20_POLY1305_SHA256, + * idx == 3: Test with TLS1_3_RFC_AES_128_CCM_SHA256 + * idx == 4: Test with TLS1_3_RFC_AES_128_CCM_8_SHA256 + */ +static int test_early_data_psk_with_all_ciphers(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + SSL_SESSION *sess = NULL; + unsigned char buf[20]; + size_t readbytes, written; + const SSL_CIPHER *cipher; + const char *cipher_str[] = { + TLS1_3_RFC_AES_128_GCM_SHA256, + TLS1_3_RFC_AES_256_GCM_SHA384, +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + TLS1_3_RFC_CHACHA20_POLY1305_SHA256, +# else + NULL, +# endif + TLS1_3_RFC_AES_128_CCM_SHA256, + TLS1_3_RFC_AES_128_CCM_8_SHA256 + }; + const unsigned char *cipher_bytes[] = { + TLS13_AES_128_GCM_SHA256_BYTES, + TLS13_AES_256_GCM_SHA384_BYTES, +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + TLS13_CHACHA20_POLY1305_SHA256_BYTES, +# else + NULL, +# endif + TLS13_AES_128_CCM_SHA256_BYTES, + TLS13_AES_128_CCM_8_SHA256_BYTES + }; + + if (cipher_str[idx] == NULL) + return 1; + + /* We always set this up with a final parameter of "2" for PSK */ + if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, + &serverssl, &sess, 2))) + goto end; + + if (!TEST_true(SSL_set_ciphersuites(clientssl, cipher_str[idx])) + || !TEST_true(SSL_set_ciphersuites(serverssl, cipher_str[idx]))) + goto end; + + /* + * 'setupearly_data_test' creates only one instance of SSL_SESSION + * and assigns to both client and server with incremented reference + * and the same instance is updated in 'sess'. + * So updating ciphersuite in 'sess' which will get reflected in + * PSK handshake using psk use sess and find sess cb. + */ + cipher = SSL_CIPHER_find(clientssl, cipher_bytes[idx]); + if (!TEST_ptr(cipher) || !TEST_true(SSL_SESSION_set_cipher(sess, cipher))) + goto end; + + SSL_set_connect_state(clientssl); + if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), + &written))) + goto end; + + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_SUCCESS) + || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_ACCEPTED) + || !TEST_int_eq(SSL_connect(clientssl), 1) + || !TEST_int_eq(SSL_accept(serverssl), 1)) + goto end; + + /* Send some normal data from client to server */ + if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written)) + || !TEST_size_t_eq(written, strlen(MSG2))) + goto end; + + if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) + goto end; + + testresult = 1; + end: + SSL_SESSION_free(sess); + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; + if (clientssl != NULL) + SSL_shutdown(clientssl); + if (serverssl != NULL) + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + /* * Test that a server that doesn't try to read early data can handle a * client sending some. @@ -6549,6 +6656,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_early_data_skip_abort, 3); ADD_ALL_TESTS(test_early_data_not_sent, 3); ADD_ALL_TESTS(test_early_data_psk, 8); + ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 5); ADD_ALL_TESTS(test_early_data_not_expected, 3); # ifndef OPENSSL_NO_TLS1_2 ADD_ALL_TESTS(test_early_data_tls1_2, 3); From levitte at openssl.org Fri May 15 18:06:14 2020 From: levitte at openssl.org (Richard Levitte) Date: Fri, 15 May 2020 18:06:14 +0000 Subject: [openssl] master update Message-ID: <1589565974.752496.22443.nullmailer@dev.openssl.org> The branch master has been updated via c6601bd2d728d4c61711a016c6267fb45910e7cd (commit) from 92dc275f95a5a87465a1ae3bac54bb2ead9732ca (commit) - Log ----------------------------------------------------------------- commit c6601bd2d728d4c61711a016c6267fb45910e7cd Author: Richard Levitte Date: Thu May 14 12:33:09 2020 +0200 Build: make apps/progs.c depend on configdata.pm Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11824) ----------------------------------------------------------------------- Summary of changes: apps/build.info | 3 +++ 1 file changed, 3 insertions(+) diff --git a/apps/build.info b/apps/build.info index d51e825bc5..8bfcec65d0 100644 --- a/apps/build.info +++ b/apps/build.info @@ -67,6 +67,9 @@ IF[{- !$disabled{apps} -}] # progs.pl tries to read all 'openssl' sources, including progs.c, so we make # sure things are generated in the correct order. DEPEND[progs.h]=progs.c + # Because the files to look through may change (depends on $OPENSSLSRC), + # always depend on a changed configuration. + DEPEND[progs.c]=../configdata.pm IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}] GENERATE[openssl.rc]=../util/mkrc.pl openssl From dev at ddvo.net Fri May 15 18:21:13 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Fri, 15 May 2020 18:21:13 +0000 Subject: [openssl] master update Message-ID: <1589566873.929925.12625.nullmailer@dev.openssl.org> The branch master has been updated via 6d382c74b375f1f8c44f04ec3de95ff781598a3b (commit) via 60d5331350a5e557908eed0ba7420dba2ad3b79f (commit) via db71d315479762eefbf2bcda8be3b44b1867133f (commit) from c6601bd2d728d4c61711a016c6267fb45910e7cd (commit) - Log ----------------------------------------------------------------- commit 6d382c74b375f1f8c44f04ec3de95ff781598a3b Author: Dr. David von Oheimb Date: Wed May 6 13:51:50 2020 +0200 Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c This also adds the more flexible and general load_key_cert_crl() as well as helper functions get_passwd(), cleanse(), and clear_free() to be used also in apps/cmp.c etc. Reviewed-by: Richard Levitte Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11755) commit 60d5331350a5e557908eed0ba7420dba2ad3b79f Author: Dr. David von Oheimb Date: Fri May 8 10:56:14 2020 +0200 Nit-fix: remove whitespace in doc/man3/EVP_PKEY_fromdata.pod causing warning Reviewed-by: Richard Levitte Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11755) commit db71d315479762eefbf2bcda8be3b44b1867133f Author: Dr. David von Oheimb Date: Thu May 7 21:37:28 2020 +0200 Guard use of struct tms with #ifdef __TMS like done earlier in apps/lib/apps.c Reviewed-by: Richard Levitte Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11755) ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 9 +- apps/cmp.c | 153 +------------- apps/cms.c | 15 +- apps/crl.c | 6 +- apps/dgst.c | 2 +- apps/dsa.c | 2 +- apps/ec.c | 2 +- apps/enc.c | 2 +- apps/include/apps.h | 17 +- apps/include/opt.h | 4 +- apps/lib/apps.c | 432 ++++++++++++++++++--------------------- apps/lib/s_cb.c | 4 +- apps/ocsp.c | 10 +- apps/pkey.c | 2 +- apps/pkeyutl.c | 10 +- apps/req.c | 2 +- apps/rsa.c | 2 +- apps/rsautl.c | 6 +- apps/s_client.c | 11 +- apps/s_server.c | 17 +- apps/smime.c | 8 +- apps/spkac.c | 2 +- apps/verify.c | 2 +- apps/x509.c | 20 +- crypto/store/store_lib.c | 2 + doc/man1/openssl-ca.pod.in | 18 +- doc/man1/openssl-cms.pod.in | 14 +- doc/man1/openssl-crl.pod.in | 24 ++- doc/man1/openssl-dgst.pod.in | 4 + doc/man1/openssl-ec.pod.in | 12 +- doc/man1/openssl-ocsp.pod.in | 4 +- doc/man1/openssl-pkey.pod.in | 12 +- doc/man1/openssl-pkeyutl.pod.in | 14 +- doc/man1/openssl-req.pod.in | 8 +- doc/man1/openssl-rsa.pod.in | 12 +- doc/man1/openssl-rsautl.pod.in | 8 +- doc/man1/openssl-s_client.pod.in | 16 +- doc/man1/openssl-s_server.pod.in | 32 +-- doc/man1/openssl-smime.pod.in | 14 +- doc/man1/openssl-spkac.pod.in | 10 +- doc/man1/openssl-verify.pod.in | 1 - doc/man1/openssl-x509.pod.in | 42 ++-- doc/man1/openssl.pod | 34 +-- doc/man3/EVP_PKEY_fromdata.pod | 2 +- 44 files changed, 472 insertions(+), 551 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index a18ff0998e..d91b39c91c 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -215,12 +215,12 @@ const OPTIONS ca_options[] = { OPT_SECTION("Signing"), {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"}, {"keyfile", OPT_KEYFILE, 's', "Private key"}, - {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"}, + {"keyform", OPT_KEYFORM, 'f', "Private key file format (ENGINE, other values ignored)"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"key", OPT_KEY, 's', "Key to decode the private key if it is encrypted"}, {"cert", OPT_CERT, '<', "The CA cert"}, {"certform", OPT_CERTFORM, 'F', - "certificate input format (DER or PEM); default PEM"}, + "certificate input format (DER/PEM/P12); has no effect"}, {"selfsign", OPT_SELFSIGN, '-', "Sign a cert with the key associated with it"}, {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, @@ -385,7 +385,7 @@ opthelp: certfile = opt_arg(); break; case OPT_CERTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &certformat)) + if (!opt_format(opt_arg(), OPT_FMT_ANY, &certformat)) goto opthelp; break; case OPT_SELFSIGN: @@ -573,8 +573,7 @@ end_of_options: } } pkey = load_key(keyfile, keyformat, 0, key, e, "CA private key"); - if (key != NULL) - OPENSSL_cleanse(key, strlen(key)); + cleanse(key); if (pkey == NULL) /* load_key() has already printed an appropriate message */ goto end; diff --git a/apps/cmp.c b/apps/cmp.c index 7375b795ca..7a2ce2963d 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -46,157 +46,6 @@ DEFINE_STACK_OF(X509) DEFINE_STACK_OF(X509_EXTENSION) DEFINE_STACK_OF(OSSL_CMP_ITAV) -/* start TODO remove when PR #11755 is merged */ -static char *get_passwd(const char *pass, const char *desc) -{ - char *result = NULL; - - app_passwd(pass, NULL, &result, NULL); - return result; -} - -static void cleanse(char *str) -{ - if (str != NULL) - OPENSSL_cleanse(str, strlen(str)); -} - -static void clear_free(char *str) -{ - if (str != NULL) - OPENSSL_clear_free(str, strlen(str)); -} - -static int load_key_cert_crl(const char *uri, int maybe_stdin, - const char *pass, const char *desc, - EVP_PKEY **ppkey, X509 **pcert, X509_CRL **pcrl) -{ - PW_CB_DATA uidata; - OSSL_STORE_CTX *ctx = NULL; - int ret = 0; - - if (ppkey != NULL) - *ppkey = NULL; - if (pcert != NULL) - *pcert = NULL; - if (pcrl != NULL) - *pcrl = NULL; - - uidata.password = pass; - uidata.prompt_info = uri; - - ctx = OSSL_STORE_open(uri, get_ui_method(), &uidata, NULL, NULL); - if (ctx == NULL) { - BIO_printf(bio_err, "Could not open file or uri %s for loading %s\n", - uri, desc); - goto end; - } - - for (;;) { - OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); - int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info); - const char *infostr = - info == NULL ? NULL : OSSL_STORE_INFO_type_string(type); - int err = 0; - - if (info == NULL) { - if (OSSL_STORE_eof(ctx)) - ret = 1; - break; - } - - switch (type) { - case OSSL_STORE_INFO_PKEY: - if (ppkey != NULL && *ppkey == NULL) - err = ((*ppkey = OSSL_STORE_INFO_get1_PKEY(info)) == NULL); - break; - case OSSL_STORE_INFO_CERT: - if (pcert != NULL && *pcert == NULL) - err = ((*pcert = OSSL_STORE_INFO_get1_CERT(info)) == NULL); - break; - case OSSL_STORE_INFO_CRL: - if (pcrl != NULL && *pcrl == NULL) - err = ((*pcrl = OSSL_STORE_INFO_get1_CRL(info)) == NULL); - break; - default: - /* skip any other type */ - break; - } - OSSL_STORE_INFO_free(info); - if (err) { - BIO_printf(bio_err, "Could not read %s of %s from %s\n", - infostr, desc, uri); - break; - } - } - - end: - if (ctx != NULL) - OSSL_STORE_close(ctx); - if (!ret) - ERR_print_errors(bio_err); - return ret; -} - -static -EVP_PKEY *load_key_preliminary(const char *uri, int format, int may_stdin, - const char *pass, ENGINE *e, const char *desc) -{ - EVP_PKEY *pkey = NULL; - - if (desc == NULL) - desc = "private key"; - - if (format == FORMAT_ENGINE) { - if (e == NULL) { - BIO_printf(bio_err, "No engine specified for loading %s\n", desc); - } else { -#ifndef OPENSSL_NO_ENGINE - PW_CB_DATA cb_data; - - cb_data.password = pass; - cb_data.prompt_info = uri; - if (ENGINE_init(e)) { - pkey = ENGINE_load_private_key(e, uri, - (UI_METHOD *)get_ui_method(), - &cb_data); - ENGINE_finish(e); - } - if (pkey == NULL) { - BIO_printf(bio_err, "Cannot load %s from engine\n", desc); - ERR_print_errors(bio_err); - } -#else - BIO_printf(bio_err, "Engines not supported for loading %s\n", desc); -#endif - } - } else { - (void)load_key_cert_crl(uri, may_stdin, pass, desc, &pkey, NULL, NULL); - } - - if (pkey == NULL) { - BIO_printf(bio_err, "Unable to load %s\n", desc); - ERR_print_errors(bio_err); - } - return pkey; -} - -static X509 *load_cert_pass(const char *uri, int maybe_stdin, - const char *pass, const char *desc) -{ - X509 *cert = NULL; - - if (desc == NULL) - desc = "certificate"; - (void)load_key_cert_crl(uri, maybe_stdin, pass, desc, NULL, &cert, NULL); - if (cert == NULL) { - BIO_printf(bio_err, "Unable to load %s\n", desc); - ERR_print_errors(bio_err); - } - return cert; -} -/* end TODO remove when PR #11755 is merged */ - static char *opt_config = NULL; #define CMP_SECTION "cmp" #define SECTION_NAME_MAX 40 /* max length of section name */ @@ -832,7 +681,7 @@ static EVP_PKEY *load_key_pwd(const char *uri, int format, const char *pass, ENGINE *e, const char *desc) { char *pass_string = get_passwd(pass, desc); - EVP_PKEY *pkey = load_key_preliminary(uri, format, 0, pass_string, e, desc); + EVP_PKEY *pkey = load_key(uri, format, 0, pass_string, e, desc); clear_free(pass_string); return pkey; diff --git a/apps/cms.c b/apps/cms.c index 0c8af3dab7..6b5577ecee 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -196,7 +196,7 @@ const OPTIONS cms_options[] = { {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"inkey", OPT_INKEY, 's', "Input private key (if not signer or recipient)"}, - {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"}, + {"keyform", OPT_KEYFORM, 'f', "Input private key format (ENGINE, other values ignored)"}, {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"}, OPT_SECTION("Mail header"), @@ -576,7 +576,7 @@ int cms_main(int argc, char **argv) if (operation == SMIME_ENCRYPT) { if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL) goto end; - cert = load_cert(opt_arg(), FORMAT_PEM, + cert = load_cert(opt_arg(), FORMAT_UNDEF, "recipient certificate file"); if (cert == NULL) goto end; @@ -756,7 +756,7 @@ int cms_main(int argc, char **argv) if ((encerts = sk_X509_new_null()) == NULL) goto end; while (*argv) { - if ((cert = load_cert(*argv, FORMAT_PEM, + if ((cert = load_cert(*argv, FORMAT_UNDEF, "recipient certificate file")) == NULL) goto end; sk_X509_push(encerts, cert); @@ -774,7 +774,7 @@ int cms_main(int argc, char **argv) } if (recipfile != NULL && (operation == SMIME_DECRYPT)) { - if ((recip = load_cert(recipfile, FORMAT_PEM, + if ((recip = load_cert(recipfile, FORMAT_UNDEF, "recipient certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; @@ -782,7 +782,7 @@ int cms_main(int argc, char **argv) } if (originatorfile != NULL) { - if ((originator = load_cert(originatorfile, FORMAT_PEM, + if ((originator = load_cert(originatorfile, FORMAT_UNDEF, "originator certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; @@ -790,7 +790,7 @@ int cms_main(int argc, char **argv) } if (operation == SMIME_SIGN_RECEIPT) { - if ((signer = load_cert(signerfile, FORMAT_PEM, + if ((signer = load_cert(signerfile, FORMAT_UNDEF, "receipt signer certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; @@ -1019,7 +1019,8 @@ int cms_main(int argc, char **argv) signerfile = sk_OPENSSL_STRING_value(sksigners, i); keyfile = sk_OPENSSL_STRING_value(skkeys, i); - signer = load_cert(signerfile, FORMAT_PEM, "signer certificate"); + signer = load_cert(signerfile, FORMAT_UNDEF, + "signer certificate"); if (signer == NULL) { ret = 2; goto end; diff --git a/apps/crl.c b/apps/crl.c index 8028fef5de..d417642cce 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -34,9 +34,9 @@ const OPTIONS crl_options[] = { OPT_SECTION("Input"), {"in", OPT_IN, '<', "Input file - default stdin"}, - {"inform", OPT_INFORM, 'F', "Input format; default PEM"}, + {"inform", OPT_INFORM, 'F', "CRL input format (DER or PEM); has no effect"}, {"key", OPT_KEY, '<', "CRL signing Private key to use"}, - {"keyform", OPT_KEYFORM, 'F', "Private key file format (PEM or ENGINE)"}, + {"keyform", OPT_KEYFORM, 'F', "Private key file format (DER/PEM/P12); has no effect"}, OPT_SECTION("Output"), {"out", OPT_OUT, '>', "output file - default stdout"}, @@ -122,7 +122,7 @@ int crl_main(int argc, char **argv) outfile = opt_arg(); break; case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat)) + if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat)) goto opthelp; break; case OPT_KEY: diff --git a/apps/dgst.c b/apps/dgst.c index 90aaf982ae..da162e6ed6 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -64,7 +64,7 @@ const OPTIONS dgst_options[] = { {"c", OPT_C, '-', "Print the digest with separating colons"}, {"r", OPT_R, '-', "Print the digest in coreutils format"}, {"out", OPT_OUT, '>', "Output to filename rather than stdout"}, - {"keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)"}, + {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"}, {"hex", OPT_HEX, '-', "Print as hex dump"}, {"binary", OPT_BINARY, '-', "Print in binary form"}, {"d", OPT_DEBUG, '-', "Print debug info"}, diff --git a/apps/dsa.c b/apps/dsa.c index 65397ab053..8ef802e0da 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -48,7 +48,7 @@ const OPTIONS dsa_options[] = { OPT_SECTION("Input"), {"in", OPT_IN, 's', "Input key"}, - {"inform", OPT_INFORM, 'f', "Input format, DER PEM PVK"}, + {"inform", OPT_INFORM, 'f', "Input format (DER/PEM/PVK); has no effect"}, {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, diff --git a/apps/ec.c b/apps/ec.c index 9cf6e1a545..43e2be1346 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -49,7 +49,7 @@ const OPTIONS ec_options[] = { OPT_SECTION("Input"), {"in", OPT_IN, 's', "Input file"}, - {"inform", OPT_INFORM, 'f', "Input format - DER or PEM"}, + {"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)"}, {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"check", OPT_CHECK, '-', "check key consistency"}, diff --git a/apps/enc.c b/apps/enc.c index d7e99b43e7..4d59391c22 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -538,7 +538,7 @@ int enc_main(int argc, char **argv) goto end; } /* wiping secret data as we no longer need it */ - OPENSSL_cleanse(hkey, strlen(hkey)); + cleanse(hkey); } if ((benc = BIO_new(BIO_f_cipher())) == NULL) diff --git a/apps/include/apps.h b/apps/include/apps.h index e168942e19..7789bd2b0a 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -102,19 +102,28 @@ int set_cert_ex(unsigned long *flags, const char *arg); int set_name_ex(unsigned long *flags, const char *arg); int set_ext_copy(int *copy_type, const char *arg); int copy_extensions(X509 *x, X509_REQ *req, int copy_type); +char *get_passwd(const char *pass, const char *desc); int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2); int add_oid_section(CONF *conf); X509_REQ *load_csr(const char *file, int format, const char *desc); -X509 *load_cert(const char *file, int format, const char *desc); -X509_CRL *load_crl(const char *infile, int format, const char *desc); -EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, +X509 *load_cert_pass(const char *uri, int maybe_stdin, + const char *pass, const char *desc); +/* the format parameter is meanwhile not needed anymore and thus ignored */ +X509 *load_cert(const char *uri, int format, const char *desc); +X509_CRL *load_crl(const char *uri, int format, const char *desc); +void cleanse(char *str); +void clear_free(char *str); +EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *desc); -EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, +EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *desc); int load_certs(const char *file, STACK_OF(X509) **certs, int format, const char *pass, const char *desc); int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format, const char *pass, const char *desc); +int load_key_cert_crl(const char *uri, int maybe_stdin, + const char *pass, const char *desc, + EVP_PKEY **ppkey, X509 **pcert, X509_CRL **pcrl); X509_STORE *setup_verify(const char *CAfile, int noCAfile, const char *CApath, int noCApath, const char *CAstore, int noCAstore); diff --git a/apps/include/opt.h b/apps/include/opt.h index b4753dc42e..5afbad1bbe 100644 --- a/apps/include/opt.h +++ b/apps/include/opt.h @@ -132,9 +132,9 @@ { "xchain_build", OPT_X_CHAIN_BUILD, '-', \ "build certificate chain for the extended certificates"}, \ { "xcertform", OPT_X_CERTFORM, 'F', \ - "format of Extended certificate (PEM or DER) PEM default " }, \ + "format of Extended certificate (PEM/DER/P12); has no effect" }, \ { "xkeyform", OPT_X_KEYFORM, 'F', \ - "format of Extended certificate's key (PEM or DER) PEM default"} + "format of Extended certificate's key (DER/PEM/P12); has no effect"} # define OPT_X_CASES \ OPT_X__FIRST: case OPT_X__LAST: break; \ diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 6facdf3e5b..8063a0e272 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #include #include @@ -209,6 +210,24 @@ int wrap_password_callback(char *buf, int bufsiz, int verify, void *userdata) static char *app_get_pass(const char *arg, int keepbio); +char *get_passwd(const char *pass, const char *desc) +{ + char *result = NULL; + + if (desc == NULL) + desc = ""; + if (!app_passwd(pass, NULL, &result, NULL)) + BIO_printf(bio_err, "Error getting password for %s\n", desc); + if (pass != NULL && result == NULL) { + BIO_printf(bio_err, + "Trying plain input string (better precede with 'pass:')\n"); + result = OPENSSL_strdup(pass); + if (result == NULL) + BIO_printf(bio_err, "Out of memory getting password for %s\n", desc); + } + return result; +} + int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2) { int same = arg1 != NULL && arg2 != NULL && strcmp(arg1, arg2) == 0; @@ -412,126 +431,44 @@ int add_oid_section(CONF *conf) return 1; } -static int load_pkcs12(BIO *in, const char *desc, - pem_password_cb *pem_cb, PW_CB_DATA *cb_data, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) -{ - const char *pass; - char tpass[PEM_BUFSIZE]; - int len, ret = 0; - PKCS12 *p12; - - p12 = d2i_PKCS12_bio(in, NULL); - if (p12 == NULL) { - if (desc != NULL) - BIO_printf(bio_err, "Error loading PKCS12 file for %s\n", desc); - else - BIO_printf(bio_err, "Error loading PKCS12 file\n"); - goto die; - } - /* See if an empty password will do */ - if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0)) { - pass = ""; - } else { - if (pem_cb == NULL) - pem_cb = (pem_password_cb *)password_callback; - len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data); - if (len < 0) { - BIO_printf(bio_err, "Passphrase callback error for %s\n", - desc != NULL ? desc : "PKCS12 input"); - goto die; - } - if (len < PEM_BUFSIZE) - tpass[len] = 0; - if (!PKCS12_verify_mac(p12, tpass, len)) { - BIO_printf(bio_err, - "Mac verify error (wrong password?) in PKCS12 file for %s\n", - desc != NULL ? desc : "PKCS12 input"); - goto die; - } - pass = tpass; - } - ret = PKCS12_parse(p12, pass, pkey, cert, ca); - die: - PKCS12_free(p12); - return ret; -} - -X509 *load_cert(const char *file, int format, const char *desc) +X509 *load_cert_pass(const char *uri, int maybe_stdin, + const char *pass, const char *desc) { - X509 *x = NULL; - BIO *cert; - - if (format == FORMAT_HTTP) { -#if !defined(OPENSSL_NO_SOCK) - x = X509_load_http(file, NULL, NULL, 0 /* timeout */); -#endif - return x; - } + X509 *cert = NULL; - if (file == NULL) { + if (desc == NULL) + desc = "certificate"; + if (uri == NULL) { unbuffer(stdin); - cert = dup_bio_in(format); - } else { - cert = bio_open_default(file, 'r', format); + uri = ""; } - if (cert == NULL) - goto end; - - if (format == FORMAT_ASN1) { - x = d2i_X509_bio(cert, NULL); - } else if (format == FORMAT_PEM) { - x = PEM_read_bio_X509_AUX(cert, NULL, - (pem_password_cb *)password_callback, NULL); - } else if (format == FORMAT_PKCS12) { - if (!load_pkcs12(cert, desc, NULL, NULL, NULL, &x, NULL)) - goto end; - } else { - print_format_error(format, -#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK) - OPT_FMT_HTTP | -#endif - OPT_FMT_PEMDER | OPT_FMT_PKCS12); - } - - end: - if (x == NULL && desc != NULL) { + (void)load_key_cert_crl(uri, maybe_stdin, pass, desc, NULL, &cert, NULL); + if (cert == NULL) { BIO_printf(bio_err, "Unable to load %s\n", desc); ERR_print_errors(bio_err); } - BIO_free(cert); - return x; + return cert; } -X509_CRL *load_crl(const char *infile, int format, const char *desc) +/* the format parameter is meanwhile not needed anymore and thus ignored */ +X509 *load_cert(const char *uri, int format, const char *desc) { - X509_CRL *x = NULL; - BIO *in = NULL; - - if (format == FORMAT_HTTP) { -#if !defined(OPENSSL_NO_SOCK) - x = X509_CRL_load_http(infile, NULL, NULL, 0 /* timeout */); -#endif - return x; - } + return load_cert_pass(uri, 0, NULL, desc); +} - in = bio_open_default(infile, 'r', format); - if (in == NULL) - goto end; - if (format == FORMAT_ASN1) { - x = d2i_X509_CRL_bio(in, NULL); - } else if (format == FORMAT_PEM) { - x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); - } else - print_format_error(format, OPT_FMT_PEMDER); +/* the format parameter is meanwhile not needed anymore and thus ignored */ +X509_CRL *load_crl(const char *uri, int format, const char *desc) +{ + X509_CRL *crl = NULL; - end: - if (x == NULL && desc != NULL) { + if (desc == NULL) + desc = "CRL"; + (void)load_key_cert_crl(uri, 0, NULL, desc, NULL, NULL, &crl); + if (crl == NULL) { BIO_printf(bio_err, "Unable to load %s\n", desc); ERR_print_errors(bio_err); } - BIO_free(in); - return x; + return crl; } X509_REQ *load_csr(const char *file, int format, const char *desc) @@ -539,6 +476,8 @@ X509_REQ *load_csr(const char *file, int format, const char *desc) X509_REQ *req = NULL; BIO *in; + if (desc == NULL) + desc = "CSR"; in = bio_open_default(file, 'r', format); if (in == NULL) goto end; @@ -551,7 +490,7 @@ X509_REQ *load_csr(const char *file, int format, const char *desc) print_format_error(format, OPT_FMT_PEMDER); end: - if (req == NULL && desc != NULL) { + if (req == NULL) { BIO_printf(bio_err, "Unable to load %s\n", desc); ERR_print_errors(bio_err); } @@ -559,173 +498,92 @@ X509_REQ *load_csr(const char *file, int format, const char *desc) return req; } -EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, +void cleanse(char *str) +{ + if (str != NULL) + OPENSSL_cleanse(str, strlen(str)); +} + +void clear_free(char *str) +{ + if (str != NULL) + OPENSSL_clear_free(str, strlen(str)); +} + +EVP_PKEY *load_key(const char *uri, int format, int may_stdin, const char *pass, ENGINE *e, const char *desc) { - BIO *key = NULL; EVP_PKEY *pkey = NULL; - PW_CB_DATA cb_data; - cb_data.password = pass; - cb_data.prompt_info = file; + if (desc == NULL) + desc = "private key"; - if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) { - BIO_printf(bio_err, "No keyfile specified\n"); - goto end; - } if (format == FORMAT_ENGINE) { if (e == NULL) { - BIO_printf(bio_err, "No engine specified\n"); + BIO_printf(bio_err, "No engine specified for loading %s\n", desc); } else { #ifndef OPENSSL_NO_ENGINE + PW_CB_DATA cb_data; + + cb_data.password = pass; + cb_data.prompt_info = uri; if (ENGINE_init(e)) { - pkey = ENGINE_load_private_key(e, file, + pkey = ENGINE_load_private_key(e, uri, (UI_METHOD *)get_ui_method(), &cb_data); ENGINE_finish(e); } - if (pkey == NULL && desc != NULL) { + if (pkey == NULL) { BIO_printf(bio_err, "Cannot load %s from engine\n", desc); ERR_print_errors(bio_err); } #else - BIO_printf(bio_err, "Engines not supported\n"); + BIO_printf(bio_err, "Engines not supported for loading %s\n", desc); #endif } - goto end; - } - if (file == NULL && maybe_stdin) { - unbuffer(stdin); - key = dup_bio_in(format); } else { - key = bio_open_default(file, 'r', format); - } - if (key == NULL) - goto end; - if (format == FORMAT_ASN1) { - pkey = d2i_PrivateKey_bio(key, NULL); - } else if (format == FORMAT_PEM) { - pkey = PEM_read_bio_PrivateKey(key, NULL, wrap_password_callback, &cb_data); - } else if (format == FORMAT_PKCS12) { - if (!load_pkcs12(key, desc, - (pem_password_cb *)password_callback, &cb_data, - &pkey, NULL, NULL)) - goto end; -#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4) - } else if (format == FORMAT_MSBLOB) { - pkey = b2i_PrivateKey_bio(key); - } else if (format == FORMAT_PVK) { - pkey = b2i_PVK_bio(key, wrap_password_callback, &cb_data); -#endif - } else { - print_format_error(format, OPT_FMT_PEMDER | OPT_FMT_PKCS12 -#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4) - | OPT_FMT_MSBLOB | FORMAT_PVK -#endif -#ifndef OPENSSL_NO_ENGINE - | OPT_FMT_ENGINE -#endif - ); + (void)load_key_cert_crl(uri, may_stdin, pass, desc, &pkey, NULL, NULL); } - end: - BIO_free(key); - if (pkey == NULL && desc != NULL) { + if (pkey == NULL) { BIO_printf(bio_err, "Unable to load %s\n", desc); ERR_print_errors(bio_err); } return pkey; } -EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, +EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *desc) { - BIO *key = NULL; EVP_PKEY *pkey = NULL; - PW_CB_DATA cb_data; - cb_data.password = pass; - cb_data.prompt_info = file; + if (desc == NULL) + desc = "public key"; - if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) { - BIO_printf(bio_err, "No keyfile specified\n"); - goto end; - } if (format == FORMAT_ENGINE) { if (e == NULL) { - BIO_printf(bio_err, "No engine specified\n"); + BIO_printf(bio_err, "No engine specified for loading %s\n", desc); } else { #ifndef OPENSSL_NO_ENGINE - pkey = ENGINE_load_public_key(e, file, (UI_METHOD *)get_ui_method(), + PW_CB_DATA cb_data; + + cb_data.password = pass; + cb_data.prompt_info = uri; + pkey = ENGINE_load_public_key(e, uri, (UI_METHOD *)get_ui_method(), &cb_data); - if (pkey == NULL && desc != NULL) { + if (pkey == NULL) { BIO_printf(bio_err, "Cannot load %s from engine\n", desc); ERR_print_errors(bio_err); } #else - BIO_printf(bio_err, "Engines not supported\n"); + BIO_printf(bio_err, "Engines not supported for loading %s\n", desc); #endif } - goto end; - } - if (file == NULL && maybe_stdin) { - unbuffer(stdin); - key = dup_bio_in(format); - } else { - key = bio_open_default(file, 'r', format); - } - if (key == NULL) - goto end; - if (format == FORMAT_ASN1) { - pkey = d2i_PUBKEY_bio(key, NULL); - } else if (format == FORMAT_ASN1RSA) { -#ifndef OPENSSL_NO_RSA - RSA *rsa; - rsa = d2i_RSAPublicKey_bio(key, NULL); - if (rsa) { - pkey = EVP_PKEY_new(); - if (pkey != NULL) - EVP_PKEY_set1_RSA(pkey, rsa); - RSA_free(rsa); - } else -#else - BIO_printf(bio_err, "RSA keys not supported\n"); -#endif - pkey = NULL; - } else if (format == FORMAT_PEMRSA) { -#ifndef OPENSSL_NO_RSA - RSA *rsa; - rsa = PEM_read_bio_RSAPublicKey(key, NULL, - (pem_password_cb *)password_callback, - &cb_data); - if (rsa != NULL) { - pkey = EVP_PKEY_new(); - if (pkey != NULL) - EVP_PKEY_set1_RSA(pkey, rsa); - RSA_free(rsa); - } else -#else - BIO_printf(bio_err, "RSA keys not supported\n"); -#endif - pkey = NULL; - } else if (format == FORMAT_PEM) { - pkey = PEM_read_bio_PUBKEY(key, NULL, - (pem_password_cb *)password_callback, - &cb_data); -#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) - } else if (format == FORMAT_MSBLOB) { - pkey = b2i_PublicKey_bio(key); -#endif } else { - print_format_error(format, OPT_FMT_PEMDER -#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) - | OPT_FMT_MSBLOB -#endif - ); + (void)load_key_cert_crl(uri, maybe_stdin, pass, desc, &pkey, + NULL, NULL); } - end: - BIO_free(key); - if (pkey == NULL && desc != NULL) { + if (pkey == NULL) { BIO_printf(bio_err, "Unable to load %s\n", desc); ERR_print_errors(bio_err); } @@ -807,11 +665,8 @@ static int load_certs_crls(const char *file, int format, sk_X509_CRL_pop_free(*pcrls, X509_CRL_free); *pcrls = NULL; } - if (desc != NULL) { - BIO_printf(bio_err, "Unable to load %s for %s\n", - pcerts ? "certificates" : "CRLs", desc); - ERR_print_errors(bio_err); - } + BIO_printf(bio_err, "Unable to load %s\n", desc != NULL ? desc : + pcerts != NULL ? "certificates" : "CRLs"); } return rv; } @@ -847,6 +702,102 @@ int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format, return load_certs_crls(file, format, pass, desc, NULL, crls); } +/* + * Load those types of credentials for which the result pointer is not NULL. + * Reads from stdio if uri is NULL and maybe_stdin is nonzero. + * For each type the first credential found in the store is loaded. + * May yield partial result even if rv == 0. + */ +int load_key_cert_crl(const char *uri, int maybe_stdin, + const char *pass, const char *desc, + EVP_PKEY **ppkey, X509 **pcert, X509_CRL **pcrl) +{ + PW_CB_DATA uidata; + OSSL_STORE_CTX *ctx = NULL; + int ret = 0; + /* TODO make use of the engine reference 'eng' when loading pkeys */ + + if (ppkey != NULL) + *ppkey = NULL; + if (pcert != NULL) + *pcert = NULL; + if (pcrl != NULL) + *pcrl = NULL; + + if (desc == NULL) + desc = "key/certificate/CRL"; + uidata.password = pass; + uidata.prompt_info = uri; + + if (uri == NULL) { + BIO *bio; + + if (!maybe_stdin) { + BIO_printf(bio_err, "No filename or uri specified for loading %s\n", + desc); + goto end; + } + unbuffer(stdin); + bio = BIO_new_fp(stdin, 0); + if (bio != NULL) + ctx = OSSL_STORE_attach(bio, NULL, "file", NULL, + get_ui_method(), &uidata, NULL, NULL); + uri = ""; + } else { + ctx = OSSL_STORE_open(uri, get_ui_method(), &uidata, NULL, NULL); + } + if (ctx == NULL) { + BIO_printf(bio_err, "Could not open file or uri %s for loading %s\n", + uri, desc); + goto end; + } + + for (;;) { + OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); + int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info); + const char *infostr = + info == NULL ? NULL : OSSL_STORE_INFO_type_string(type); + int err = 0; + + if (info == NULL) { + if (OSSL_STORE_eof(ctx)) + ret = 1; + break; + } + + switch (type) { + case OSSL_STORE_INFO_PKEY: + if (ppkey != NULL && *ppkey == NULL) + err = ((*ppkey = OSSL_STORE_INFO_get1_PKEY(info)) == NULL); + break; + case OSSL_STORE_INFO_CERT: + if (pcert != NULL && *pcert == NULL) + err = ((*pcert = OSSL_STORE_INFO_get1_CERT(info)) == NULL); + break; + case OSSL_STORE_INFO_CRL: + if (pcrl != NULL && *pcrl == NULL) + err = ((*pcrl = OSSL_STORE_INFO_get1_CRL(info)) == NULL); + break; + default: + /* skip any other type */ + break; + } + OSSL_STORE_INFO_free(info); + if (err) { + BIO_printf(bio_err, "Could not read %s of %s from %s\n", + infostr, desc, uri); + break; + } + } + + end: + OSSL_STORE_close(ctx); + if (!ret) + ERR_print_errors(bio_err); + return ret; +} + + #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) /* Return error for unknown extensions */ #define X509V3_EXT_DEFAULT 0 @@ -2320,17 +2271,30 @@ double app_tminterval(int stop, int usertime) double app_tminterval(int stop, int usertime) { double ret = 0; - struct tms rus; - clock_t now = times(&rus); + clock_t now; static clock_t tmstart; + long int tck = sysconf(_SC_CLK_TCK); +# ifdef __TMS + struct tms rus; + now = times(&rus); if (usertime) now = rus.tms_utime; +# else + if (usertime) + now = clock(); /* sum of user and kernel times */ + else { + struct timeval tv; + gettimeofday(&tv, NULL); + now = (clock_t)((unsigned long long)tv.tv_sec * tck + + (unsigned long long)tv.tv_usec * (1000000 / tck) + ); + } +# endif if (stop == TM_START) { tmstart = now; } else { - long int tck = sysconf(_SC_CLK_TCK); ret = (now - tmstart) / (double)tck; } diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 5f2f2792fa..34bc4a9995 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -1094,11 +1094,11 @@ int args_excert(int opt, SSL_EXCERT **pexc) exc->build_chain = 1; break; case OPT_X_CERTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->certform)) + if (!opt_format(opt_arg(), OPT_FMT_ANY, &exc->certform)) return 0; break; case OPT_X_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->keyform)) + if (!opt_format(opt_arg(), OPT_FMT_ANY, &exc->keyform)) return 0; break; } diff --git a/apps/ocsp.c b/apps/ocsp.c index 5f9c5cf326..fd03611fe9 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -404,7 +404,8 @@ int ocsp_main(int argc, char **argv) path = opt_arg(); break; case OPT_ISSUER: - issuer = load_cert(opt_arg(), FORMAT_PEM, "issuer certificate"); + issuer = load_cert(opt_arg(), FORMAT_UNDEF, + "issuer certificate"); if (issuer == NULL) goto end; if (issuers == NULL) { @@ -416,7 +417,7 @@ int ocsp_main(int argc, char **argv) break; case OPT_CERT: X509_free(cert); - cert = load_cert(opt_arg(), FORMAT_PEM, "certificate"); + cert = load_cert(opt_arg(), FORMAT_UNDEF, "certificate"); if (cert == NULL) goto end; if (cert_id_md == NULL) @@ -560,7 +561,8 @@ int ocsp_main(int argc, char **argv) if (rsignfile != NULL) { if (rkeyfile == NULL) rkeyfile = rsignfile; - rsigner = load_cert(rsignfile, FORMAT_PEM, "responder certificate"); + rsigner = load_cert(rsignfile, FORMAT_UNDEF, + "responder certificate"); if (rsigner == NULL) { BIO_printf(bio_err, "Error loading responder certificate\n"); goto end; @@ -653,7 +655,7 @@ redo_accept: if (signfile != NULL) { if (keyfile == NULL) keyfile = signfile; - signer = load_cert(signfile, FORMAT_PEM, "signer certificate"); + signer = load_cert(signfile, FORMAT_UNDEF, "signer certificate"); if (signer == NULL) { BIO_printf(bio_err, "Error loading signer certificate\n"); goto end; diff --git a/apps/pkey.c b/apps/pkey.c index ec68185663..8aafcb4277 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -57,7 +57,7 @@ const OPTIONS pkey_options[] = { OPT_SECTION("Input"), {"in", OPT_IN, 's', "Input key"}, - {"inform", OPT_INFORM, 'f', "Input format (DER or PEM)"}, + {"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"pubin", OPT_PUBIN, '-', "Read public key from input (default is private key)"}, diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 1e3802045f..231547e291 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -71,11 +71,11 @@ const OPTIONS pkeyutl_options[] = { {"inkey", OPT_INKEY, 's', "Input private key file"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"}, - {"peerform", OPT_PEERFORM, 'E', "Peer key format - default PEM"}, + {"peerform", OPT_PEERFORM, 'E', "Peer key format (DER/PEM/P12/ENGINE)"}, {"certin", OPT_CERTIN, '-', "Input is a cert with a public key"}, {"rev", OPT_REV, '-', "Reverse the order of the input buffer"}, {"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"}, - {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"}, + {"keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)"}, OPT_SECTION("Output"), {"out", OPT_OUT, '>', "Output file - default stdout"}, @@ -157,11 +157,11 @@ int pkeyutl_main(int argc, char **argv) passinarg = opt_arg(); break; case OPT_PEERFORM: - if (!opt_format(opt_arg(), OPT_FMT_PDE, &peerform)) + if (!opt_format(opt_arg(), OPT_FMT_ANY, &peerform)) goto opthelp; break; case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyform)) + if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform)) goto opthelp; break; case OPT_R_CASES: @@ -519,7 +519,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, break; case KEY_CERT: - x = load_cert(keyfile, keyform, "Certificate"); + x = load_cert(keyfile, FORMAT_UNDEF, "Certificate"); if (x) { pkey = X509_get_pubkey(x); X509_free(x); diff --git a/apps/req.c b/apps/req.c index cba6952cad..a2212b988d 100644 --- a/apps/req.c +++ b/apps/req.c @@ -137,7 +137,7 @@ const OPTIONS req_options[] = { OPT_SECTION("Keys and Signing"), {"key", OPT_KEY, 's', "Private key to use"}, - {"keyform", OPT_KEYFORM, 'f', "Key file format"}, + {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"}, {"pubkey", OPT_PUBKEY, '-', "Output public key"}, {"keyout", OPT_KEYOUT, '>', "File to send the key to"}, {"passin", OPT_PASSIN, 's', "Private key password source"}, diff --git a/apps/rsa.c b/apps/rsa.c index bb9bcb0bb2..9f91b72d20 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -45,7 +45,7 @@ const OPTIONS rsa_options[] = { OPT_SECTION("Input"), {"in", OPT_IN, 's', "Input file"}, - {"inform", OPT_INFORM, 'f', "Input format, one of DER PEM"}, + {"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE"}, {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"}, {"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, diff --git a/apps/rsautl.c b/apps/rsautl.c index f74ea3164f..0f9789c39c 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -51,7 +51,7 @@ const OPTIONS rsautl_options[] = { OPT_SECTION("Input"), {"in", OPT_IN, '<', "Input file"}, {"inkey", OPT_INKEY, 's', "Input key"}, - {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"}, + {"keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)"}, {"pubin", OPT_PUBIN, '-', "Input is an RSA public"}, {"certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key"}, {"rev", OPT_REV, '-', "Reverse the order of the input buffer"}, @@ -101,7 +101,7 @@ int rsautl_main(int argc, char **argv) ret = 0; goto end; case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyformat)) + if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat)) goto opthelp; break; case OPT_IN: @@ -197,7 +197,7 @@ int rsautl_main(int argc, char **argv) break; case KEY_CERT: - x = load_cert(keyfile, keyformat, "Certificate"); + x = load_cert(keyfile, FORMAT_UNDEF, "Certificate"); if (x) { pkey = X509_get_pubkey(x); X509_free(x); diff --git a/apps/s_client.c b/apps/s_client.c index 875ebf2253..8bab4e2827 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -636,12 +636,12 @@ const OPTIONS s_client_options[] = { OPT_SECTION("Identity"), {"cert", OPT_CERT, '<', "Client certificate file to use"}, {"certform", OPT_CERTFORM, 'F', - "Client certificate file format (PEM or DER) PEM default"}, + "Client certificate file format (PEM/DER/P12); has no effect"}, {"cert_chain", OPT_CERT_CHAIN, '<', "Client certificate chain file (in PEM format)"}, {"build_chain", OPT_BUILD_CHAIN, '-', "Build client certificate chain"}, {"key", OPT_KEY, 's', "Private key file to use; default is: -cert file"}, - {"keyform", OPT_KEYFORM, 'E', "Key format (PEM, DER or engine) PEM default"}, + {"keyform", OPT_KEYFORM, 'E', "Key format (ENGINE, other values ignored)"}, {"pass", OPT_PASS, 's', "Private key file pass phrase source"}, {"verify", OPT_VERIFY, 'p', "Turn on peer certificate verification"}, {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"}, @@ -1144,7 +1144,7 @@ int s_client_main(int argc, char **argv) sess_in = opt_arg(); break; case OPT_CERTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &cert_format)) + if (!opt_format(opt_arg(), OPT_FMT_ANY, &cert_format)) goto opthelp; break; case OPT_CRLFORM: @@ -1378,7 +1378,7 @@ int s_client_main(int argc, char **argv) fallback_scsv = 1; break; case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_PDE, &key_format)) + if (!opt_format(opt_arg(), OPT_FMT_ANY, &key_format)) goto opthelp; break; case OPT_PASS: @@ -3137,8 +3137,7 @@ int s_client_main(int argc, char **argv) OPENSSL_clear_free(cbuf, BUFSIZZ); OPENSSL_clear_free(sbuf, BUFSIZZ); OPENSSL_clear_free(mbuf, BUFSIZZ); - if (proxypass != NULL) - OPENSSL_clear_free(proxypass, strlen(proxypass)); + clear_free(proxypass); release_engine(e); BIO_free(bio_c_out); bio_c_out = NULL; diff --git a/apps/s_server.c b/apps/s_server.c index 7ac4221860..bbc311befd 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -813,7 +813,7 @@ const OPTIONS s_server_options[] = { {"cert2", OPT_CERT2, '<', "Certificate file to use for servername; default is" TEST_CERT2}, {"certform", OPT_CERTFORM, 'F', - "Server certificate file format (PEM or DER) PEM default"}, + "Server certificate file format (PEM/DER/P12); has no effect"}, {"cert_chain", OPT_CERT_CHAIN, '<', "Server certificate chain file in PEM format"}, {"build_chain", OPT_BUILD_CHAIN, '-', "Build server certificate chain"}, @@ -823,19 +823,18 @@ const OPTIONS s_server_options[] = { "Private key file to use; default is -cert file or else" TEST_CERT}, {"key2", OPT_KEY2, '<', "-Private Key file to use for servername if not in -cert2"}, - {"keyform", OPT_KEYFORM, 'f', - "Key format (PEM, DER or ENGINE) PEM default"}, + {"keyform", OPT_KEYFORM, 'f', "Key format (ENGINE, other values ignored)"}, {"pass", OPT_PASS, 's', "Private key file pass phrase source"}, {"dcert", OPT_DCERT, '<', "Second server certificate file to use (usually for DSA)"}, {"dcertform", OPT_DCERTFORM, 'F', - "Second server certificate file format (PEM or DER) PEM default"}, + "Second server certificate file format (PEM/DER/P12); has no effect"}, {"dcert_chain", OPT_DCERT_CHAIN, '<', "second server certificate chain file in PEM format"}, {"dkey", OPT_DKEY, '<', "Second private key file to use (usually for DSA)"}, {"dkeyform", OPT_DKEYFORM, 'F', - "Second key file format (PEM, DER or ENGINE) PEM default"}, + "Second key file format (ENGINE, other values ignored)"}, {"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"}, {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"}, {"servername", OPT_SERVERNAME, 's', @@ -1246,14 +1245,14 @@ int s_server_main(int argc, char *argv[]) s_serverinfo_file = opt_arg(); break; case OPT_CERTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_cert_format)) + if (!opt_format(opt_arg(), OPT_FMT_ANY, &s_cert_format)) goto opthelp; break; case OPT_KEY: s_key_file = opt_arg(); break; case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_PDE, &s_key_format)) + if (!opt_format(opt_arg(), OPT_FMT_ANY, &s_key_format)) goto opthelp; break; case OPT_PASS: @@ -1268,14 +1267,14 @@ int s_server_main(int argc, char *argv[]) #endif break; case OPT_DCERTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_dcert_format)) + if (!opt_format(opt_arg(), OPT_FMT_ANY, &s_dcert_format)) goto opthelp; break; case OPT_DCERT: s_dcert_file = opt_arg(); break; case OPT_DKEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_PDE, &s_dkey_format)) + if (!opt_format(opt_arg(), OPT_FMT_ANY, &s_dkey_format)) goto opthelp; break; case OPT_DPASS: diff --git a/apps/smime.c b/apps/smime.c index 50f03fdc04..6b7d51b76a 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -63,7 +63,7 @@ const OPTIONS smime_options[] = { "Output format SMIME (default), PEM or DER"}, {"inkey", OPT_INKEY, 's', "Input private key (if not signer or recipient)"}, - {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"}, + {"keyform", OPT_KEYFORM, 'f', "Input private key format (ENGINE, other values ignored)"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif @@ -429,7 +429,7 @@ int smime_main(int argc, char **argv) if (encerts == NULL) goto end; while (*argv != NULL) { - cert = load_cert(*argv, FORMAT_PEM, + cert = load_cert(*argv, FORMAT_UNDEF, "recipient certificate file"); if (cert == NULL) goto end; @@ -448,7 +448,7 @@ int smime_main(int argc, char **argv) } if (recipfile != NULL && (operation == SMIME_DECRYPT)) { - if ((recip = load_cert(recipfile, FORMAT_PEM, + if ((recip = load_cert(recipfile, FORMAT_UNDEF, "recipient certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; @@ -548,7 +548,7 @@ int smime_main(int argc, char **argv) for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { signerfile = sk_OPENSSL_STRING_value(sksigners, i); keyfile = sk_OPENSSL_STRING_value(skkeys, i); - signer = load_cert(signerfile, FORMAT_PEM, + signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate"); if (signer == NULL) goto end; diff --git a/apps/spkac.c b/apps/spkac.c index 03cc3d9199..2b4009d457 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -40,7 +40,7 @@ const OPTIONS spkac_options[] = { OPT_SECTION("Input"), {"in", OPT_IN, '<', "Input file"}, {"key", OPT_KEY, '<', "Create SPKAC using private key"}, - {"keyform", OPT_KEYFORM, 'f', "Private key file format - default PEM (PEM, DER, or ENGINE)"}, + {"keyform", OPT_KEYFORM, 'f', "Private key file format (ENGINE, other values ignored)"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"challenge", OPT_CHALLENGE, 's', "Challenge string"}, {"spkac", OPT_SPKAC, 's', "Alternative SPKAC name"}, diff --git a/apps/verify.c b/apps/verify.c index 558866806f..e0eaaabe20 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -256,7 +256,7 @@ static int check(X509_STORE *ctx, const char *file, STACK_OF(X509) *chain = NULL; int num_untrusted; - x = load_cert(file, FORMAT_PEM, "certificate file"); + x = load_cert(file, FORMAT_UNDEF, "certificate file"); if (x == NULL) goto end; diff --git a/apps/x509.c b/apps/x509.c index a2a52e41b1..ea083abc64 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -78,13 +78,13 @@ const OPTIONS x509_options[] = { #endif {"inform", OPT_INFORM, 'f', - "Input format - default PEM (one of DER or PEM)"}, + "CSR input format (DER or PEM) - default PEM"}, {"in", OPT_IN, '<', "Input file - default stdin"}, {"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"}, {"outform", OPT_OUTFORM, 'f', - "Output format - default PEM (one of DER or PEM)"}, + "Output format (DER or PEM) - default PEM"}, {"out", OPT_OUT, '>', "Output file - default stdout"}, - {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"}, + {"keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)"}, {"req", OPT_REQ, '-', "Input is a certificate request, sign and output"}, {"vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form"}, @@ -152,8 +152,8 @@ const OPTIONS x509_options[] = { {"extfile", OPT_EXTFILE, '<', "File with X509V3 extensions to add"}, OPT_R_OPTIONS, OPT_PROV_OPTIONS, - {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"}, - {"CAkeyform", OPT_CAKEYFORM, 'E', "CA key format - default PEM"}, + {"CAform", OPT_CAFORM, 'F', "CA cert format (PEM/DER/P12); has no effect"}, + {"CAkeyform", OPT_CAKEYFORM, 'E', "CA key format (ENGINE, other values ignored)"}, {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, {"CAcreateserial", OPT_CACREATESERIAL, '-', "Create serial number file if it does not exist"}, @@ -228,7 +228,7 @@ int x509_main(int argc, char **argv) ret = 0; goto end; case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat)) + if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) goto opthelp; break; case OPT_IN: @@ -239,15 +239,15 @@ int x509_main(int argc, char **argv) goto opthelp; break; case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyformat)) + if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat)) goto opthelp; break; case OPT_CAFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &CAformat)) + if (!opt_format(opt_arg(), OPT_FMT_ANY, &CAformat)) goto opthelp; break; case OPT_CAKEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_PDE, &CAkeyformat)) + if (!opt_format(opt_arg(), OPT_FMT_ANY, &CAkeyformat)) goto opthelp; break; case OPT_OUT: @@ -631,7 +631,7 @@ int x509_main(int argc, char **argv) if (!X509_set_pubkey(x, fkey != NULL ? fkey : X509_REQ_get0_pubkey(req))) goto end; } else { - x = load_cert(infile, informat, "Certificate"); + x = load_cert(infile, FORMAT_UNDEF, "Certificate"); if (x == NULL) goto end; if (fkey != NULL && !X509_set_pubkey(x, fkey)) diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index 15c0862019..e1fc591894 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -231,6 +231,8 @@ int OSSL_STORE_close(OSSL_STORE_CTX *ctx) { int loader_ret; + if (ctx == NULL) + return 1; OSSL_TRACE1(STORE, "Closing %p\n", (void *)ctx->loader_ctx); loader_ret = ctx->loader->close(ctx->loader_ctx); diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in index 0202661845..35b36afbb4 100644 --- a/doc/man1/openssl-ca.pod.in +++ b/doc/man1/openssl-ca.pod.in @@ -32,11 +32,11 @@ B B [B<-md> I] [B<-policy> I] [B<-keyfile> I] -[B<-keyform> B|B] +[B<-keyform> B|B|B|B] [B<-key> I] [B<-passin> I] [B<-cert> I] -[B<-certform> B|] +[B<-certform> B|B|B] [B<-selfsign>] [B<-in> I] [B<-inform> B|] @@ -142,18 +142,19 @@ F<.pem> appended. The CA certificate file. -=item B<-certform> B|B +=item B<-certform> B|B|B The format of the data in certificate input files. -The default is PEM. +This option has no effect and is retained for backward compatibility only. =item B<-keyfile> I The private key to sign requests with. -=item B<-keyform> B|B +=item B<-keyform> B|B|B|B -The format of the private key file; the default is B. +The format of the private key input file; the default is B. +The only value with effect is B; all others have become obsolete. See L for details. =item B<-sigopt> I:I @@ -788,6 +789,11 @@ retained mainly for compatibility reasons. The B<-section> option was added in OpenSSL 3.0.0. +The B<-certform> option has become obsolete in OpenSSL 3.0.0 and has no effect. + +All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 +and have no effect. + =head1 SEE ALSO L, diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in index 4fbb7c0e16..375d358703 100644 --- a/doc/man1/openssl-cms.pod.in +++ b/doc/man1/openssl-cms.pod.in @@ -36,7 +36,7 @@ B B [B<-inform> B|B|B] [B<-outform> B|B|B] [B<-rctform> B|B|B] -[B<-keyform> B|B|B] +[B<-keyform> B|B|B|B] [B<-stream>] [B<-indef>] [B<-noindef>] @@ -82,7 +82,7 @@ B B {- $OpenSSL::safe::opt_r_synopsis -} {- $OpenSSL::safe::opt_engine_synopsis -} {- $OpenSSL::safe::opt_provider_synopsis -} -[I ...] +[I ...] =for openssl ifdef des-wrap engine @@ -235,9 +235,10 @@ The output format of the CMS structure (if one is being written); the default is B. See L for details. -=item B<-keyform> B|B|B +=item B<-keyform> B|B|B|B The format of the private key file; the default is B. +The only value with effect is B; all others have become obsolete. See L for details. =item B<-rctform> B|B|B @@ -370,7 +371,7 @@ the MIME type multipart/signed is used. Allows additional certificates to be specified. When signing these will be included with the message. When verifying these will be searched for -the signers certificates. The certificates should be in PEM format. +the signers certificates. =item B<-certsout> I @@ -493,7 +494,7 @@ Any verification errors cause the command to exit. {- $OpenSSL::safe::opt_provider_item -} -=item I ... +=item I ... One or more certificates of message recipients: used when encrypting a message. @@ -766,6 +767,9 @@ was added in OpenSSL 1.0.2. The -no_alt_chains option was added in OpenSSL 1.0.2b. +All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 +and have no effect. + =head1 COPYRIGHT Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-crl.pod.in b/doc/man1/openssl-crl.pod.in index 409f0b6020..19e72f1b60 100644 --- a/doc/man1/openssl-crl.pod.in +++ b/doc/man1/openssl-crl.pod.in @@ -12,7 +12,7 @@ B B [B<-inform> B|B] [B<-outform> B|B] [B<-key> I] -[B<-keyform> B|B|B] +[B<-keyform> B|B|B] [B<-text>] [B<-in> I] [B<-out> I] @@ -45,19 +45,24 @@ This command processes CRL files in DER or PEM format. Print out a usage message. -=item B<-inform> B|B, B<-outform> B|B +=item B<-inform> B|B -The input and output formats of the CRL; the default is B. +The CRL input format. +This option has no effect and is retained for backward compatibility only. + +=item B<-outform> B|B + +The CRL output format; the default is B. See L for details. =item B<-key> I The private key to be used to sign the CRL. -=item B<-keyform> B|B|B +=item B<-keyform> B|B|B -The format of the private key file; the default is B. -See L for details. +The format of the private key file. +This option has no effect and is retained for backward compatibility only. =item B<-in> I @@ -136,7 +141,7 @@ Convert a CRL file from PEM to DER: Output the text form of a DER encoded certificate: - openssl crl -in crl.der -inform DER -text -noout + openssl crl -in crl.der -text -noout =head1 BUGS @@ -151,6 +156,11 @@ L, L, L +=head1 HISTORY + +The B<-inform> and B<-keyform> options have become obsolete in OpenSSL 3.0.0 +and have no effect. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-dgst.pod.in b/doc/man1/openssl-dgst.pod.in index 84bd133f84..22c07a5a7f 100644 --- a/doc/man1/openssl-dgst.pod.in +++ b/doc/man1/openssl-dgst.pod.in @@ -103,6 +103,7 @@ command instead for this. =item B<-keyform> B|B|B|B The format of the key to sign with; the default is B. +The only value with effect is B; all others have become obsolete. See L for details. =item B<-sigopt> I:I @@ -247,6 +248,9 @@ L The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. The FIPS-related options were removed in OpenSSL 1.1.0. +All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 +and have no effect. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-ec.pod.in b/doc/man1/openssl-ec.pod.in index cad26289b4..c1e92ef51e 100644 --- a/doc/man1/openssl-ec.pod.in +++ b/doc/man1/openssl-ec.pod.in @@ -13,7 +13,7 @@ openssl-ec - EC key processing B B [B<-help>] -[B<-inform> B|B] +[B<-inform> B|B|B|B] [B<-outform> B|B] [B<-in> I] [B<-passin> I] @@ -52,9 +52,15 @@ PKCS#8 private key format use the L command. Print out a usage message. -=item B<-inform> B|B, B<-outform> B|B +=item B<-inform> B|B|B|B -The input and formats; the default is B. +The key input format; the default is B. +The only value with effect is B; all others have become obsolete. +See L for details. + +=item B<-outform> B|B + +The key output formats; the default is B. See L for details. Private keys are an SEC1 private key or PKCS#8 format. diff --git a/doc/man1/openssl-ocsp.pod.in b/doc/man1/openssl-ocsp.pod.in index e227f50e75..a738ddbdd7 100644 --- a/doc/man1/openssl-ocsp.pod.in +++ b/doc/man1/openssl-ocsp.pod.in @@ -103,8 +103,8 @@ specify output filename, default is standard output. =item B<-issuer> I This specifies the current issuer certificate. This option can be used -multiple times. The certificate specified in I must be in -PEM format. This option B come before any B<-cert> options. +multiple times. +This option B come before any B<-cert> options. =item B<-cert> I diff --git a/doc/man1/openssl-pkey.pod.in b/doc/man1/openssl-pkey.pod.in index a678bd7516..de1bef954c 100644 --- a/doc/man1/openssl-pkey.pod.in +++ b/doc/man1/openssl-pkey.pod.in @@ -13,7 +13,7 @@ openssl-pkey - public or private key processing command B B [B<-help>] -[B<-inform> B|B] +[B<-inform> B|B|B|B] [B<-outform> B|B] [B<-in> I] [B<-passin> I] @@ -48,9 +48,15 @@ converted between various forms and their components printed out. Print out a usage message. -=item B<-inform> B|B, B<-outform> B|B +=item B<-inform> B|B|B|B -The input and formats; the default is B. +The key input format; the default is B. +The only value with effect is B; all others have become obsolete. +See L for details. + +=item B<-outform> B|B + +The key output formats; the default is B. See L for details. =item B<-in> I diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index 0a65f6acc5..d823f0b851 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -15,10 +15,10 @@ B B [B<-out> I] [B<-sigfile> I] [B<-inkey> I] -[B<-keyform> B|B|B] +[B<-keyform> B|B|B|B] [B<-passin> I] [B<-peerkey> I] -[B<-peerform> B|B|B] +[B<-peerform> B|B|B|B] [B<-pubin>] [B<-certin>] [B<-rev>] @@ -89,9 +89,10 @@ Signature file, required for B<-verify> operations only The input key file, by default it should be a private key. -=item B<-keyform> B|B|B +=item B<-keyform> B|B|B|B The key format; the default is B. +The only value with effect is B; all others have become obsolete. See L for details. =item B<-passin> I @@ -103,9 +104,10 @@ see L. The peer key file, used by key derivation (agreement) operations. -=item B<-peerform> B|B|B +=item B<-peerform> B|B|B|B The peer key format; the default is B. +The only value with effect is B; all others have become obsolete. See L for details. =item B<-pubin> @@ -402,6 +404,10 @@ L L, L, +=head1 HISTORY + +All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 +and have no effect. =head1 COPYRIGHT diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index 397bf552ad..ab6b3d78a2 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -25,7 +25,7 @@ B B [B<-pkeyopt> I:I] [B<-nodes>] [B<-key> I] -[B<-keyform> B|B] +[B<-keyform> B|B|B|B] [B<-keyout> I] [B<-keygen_engine> I] [B<-I>] @@ -186,9 +186,10 @@ See L for more details. This specifies the file to read the private key from. It also accepts PKCS#8 format private keys for PEM format files. -=item B<-keyform> B|B +=item B<-keyform> B|B|B|B The format of the private key; the default is B. +The only value with effect is B; all others have become obsolete. See L for details. =item B<-keyout> I @@ -691,6 +692,9 @@ L The B<-section> option was added in OpenSSL 3.0.0. +All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 +and have no effect. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-rsa.pod.in b/doc/man1/openssl-rsa.pod.in index 5dacdf9313..b2477b2b2c 100644 --- a/doc/man1/openssl-rsa.pod.in +++ b/doc/man1/openssl-rsa.pod.in @@ -13,7 +13,7 @@ openssl-rsa - RSA key processing command B B [B<-help>] -[B<-inform> B|B] +[B<-inform> B|B|B|B] [B<-outform> B|B] [B<-in> I] [B<-passin> I] @@ -61,9 +61,15 @@ L command. Print out a usage message. -=item B<-inform> B|B, B<-outform> B|B +=item B<-inform> B|B|B|B -The input and formats; the default is B. +The key input format; the default is B. +The only value with effect is B; all others have become obsolete. +See L for details. + +=item B<-outform> B|B + +The key output format; the default is B. See L for details. =item B<-inform> B|B diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in index 2461db537d..5383fe2116 100644 --- a/doc/man1/openssl-rsautl.pod.in +++ b/doc/man1/openssl-rsautl.pod.in @@ -14,7 +14,7 @@ B B [B<-rev>] [B<-out> I] [B<-inkey> I] -[B<-keyform> B|B|B] +[B<-keyform> B|B|B|B] [B<-pubin>] [B<-certin>] [B<-sign>] @@ -76,9 +76,10 @@ default. The input key file, by default it should be an RSA private key. -=item B<-keyform> B|B|B +=item B<-keyform> B|B|B|B The key format; the default is B. +The only value with effect is B; all others have become obsolete. See L for details. =item B<-pubin> @@ -237,6 +238,9 @@ L This command was deprecated in OpenSSL 3.0. +All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 +and have no effect. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index 5f04358a84..4d6b54a5e3 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -29,14 +29,14 @@ B B [B<-verifyCApath> I] [B<-verifyCAstore> I] [B<-cert> I] -[B<-certform> B|B] +[B<-certform> B|B|B] [B<-cert_chain> I] [B<-build_chain>] [B<-CRL> I] [B<-CRLform> B|B] [B<-crl_download>] [B<-key> I] -[B<-keyform> B|B|B] +[B<-keyform> B|B|B|B] [B<-pass> I] [B<-chainCAfile> I] [B<-chainCApath> I] @@ -240,10 +240,10 @@ The default is not to use a certificate. The chain for the client certificate may be specified using B<-cert_chain>. -=item B<-certform> B|B +=item B<-certform> B|B|B The client certificate file format to use; the default is B. -see L. +This option has no effect and is retained for backward compatibility only. =item B<-cert_chain> @@ -273,9 +273,10 @@ Download CRL from distribution points in the certificate. The client private key file to use. If not specified then the certificate file will be used to read also the key. -=item B<-keyform> B|B|B +=item B<-keyform> B|B|B|B The key format; the default is B. +The only value with effect is B; all others have become obsolete. See L for details. =item B<-pass> I @@ -894,6 +895,11 @@ L The B<-no_alt_chains> option was added in OpenSSL 1.1.0. The B<-name> option was added in OpenSSL 1.1.1. +The B<-certform> option has become obsolete in OpenSSL 3.0.0 and has no effect. + +All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 +and have no effect. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index c9f4bfc11b..8e5da51c40 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -20,19 +20,19 @@ B B [B<-Verify> I] [B<-cert> I] [B<-cert2> I] -[B<-certform> B|B] +[B<-certform> B|B|B] [B<-cert_chain> I] [B<-build_chain>] [B<-serverinfo> I] [B<-key> I] [B<-key2> I] -[B<-keyform> B|B|B] +[B<-keyform> B|B|B|B] [B<-pass> I] [B<-dcert> I] -[B<-dcertform> B|B] +[B<-dcertform> B|B|B] [B<-dcert_chain> I] [B<-dkey> I] -[B<-dkeyform> B|B|B] +[B<-dkeyform> B|B|B|B] [B<-dpass> I] [B<-nbio_test>] [B<-crlf>] @@ -220,10 +220,10 @@ certificate and some require a certificate with a certain public key type: for example the DSS cipher suites require a certificate containing a DSS (DSA) key. If not specified then the filename F will be used. -=item B<-certform> B|B +=item B<-certform> B|B|B -The server certificate file format; the default is B. -See L for details. +The server certificate file format. +This option has no effect and is retained for backward compatibility only. =item B<-cert_chain> @@ -248,9 +248,10 @@ ServerHello extension will be returned. The private key to use. If not specified then the certificate file will be used. -=item B<-keyform> B|B|B +=item B<-keyform> B|B|B|B The key format; the default is B. +The only value with effect is B; all others have become obsolete. See L for details. =item B<-pass> I @@ -276,14 +277,15 @@ A file containing untrusted certificates to use when attempting to build the server certificate chain when a certificate specified via the B<-dcert> option is in use. -=item B<-dcertform> B|B +=item B<-dcertform> B|B|B -The format of the additional certificate file; the default is B. -See L. +The format of the additional certificate file. +This option has no effect and is retained for backward compatibility only. -=item B<-dkeyform> B|B|B +=item B<-dkeyform> B|B|B|B The format of the additional private key; the default is B. +The only value with effect is B; all others have become obsolete. See L. =item B<-dpass> I @@ -822,6 +824,12 @@ The -no_alt_chains option was added in OpenSSL 1.1.0. The -allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1. +All B<-keyform> and B<-dkeyform> values except B +have become obsolete in OpenSSL 3.0.0 and have no effect. + +The B<-certform> and B<-dcertform> options have become obsolete in OpenSSL 3.0.0 +and have no effect. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-smime.pod.in b/doc/man1/openssl-smime.pod.in index 13a0e4a47e..4dce01a46e 100644 --- a/doc/man1/openssl-smime.pod.in +++ b/doc/man1/openssl-smime.pod.in @@ -32,7 +32,7 @@ B B [B<-recip> I< file>] [B<-inform> B|B|B] [B<-outform> B|B|B] -[B<-keyform> B|B|B] +[B<-keyform> B|B|B|B] [B<-passin> I] [B<-inkey> I] [B<-out> I] @@ -50,7 +50,7 @@ B B {- $OpenSSL::safe::opt_r_synopsis -} {- $OpenSSL::safe::opt_v_synopsis -} {- $OpenSSL::safe::opt_provider_synopsis -} -I ... +I ... =for openssl ifdef engine @@ -125,9 +125,10 @@ The output format of the PKCS#7 (S/MIME) structure (if one is being written); the default is B. See L for details. -=item B<-keyform> B|B +=item B<-keyform> B|B|B|B The key format; the default is B. +The only value with effect is B; all others have become obsolete. See L for details. =item B<-stream>, B<-indef>, B<-noindef> @@ -235,7 +236,7 @@ option is present B is used instead. Allows additional certificates to be specified. When signing these will be included with the message. When verifying these will be searched for -the signers certificates. The certificates should be in PEM format. +the signers certificates. =item B<-signer> I @@ -291,7 +292,7 @@ Any verification errors cause the command to exit. {- $OpenSSL::safe::opt_provider_item -} -=item I ... +=item I ... One or more certificates of message recipients, used when encrypting a message. @@ -479,6 +480,9 @@ added in OpenSSL 1.0.0 The -no_alt_chains option was added in OpenSSL 1.1.0. +All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 +and have no effect. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-spkac.pod.in b/doc/man1/openssl-spkac.pod.in index 72e4788fd1..ca7d097d85 100644 --- a/doc/man1/openssl-spkac.pod.in +++ b/doc/man1/openssl-spkac.pod.in @@ -16,7 +16,7 @@ B B [B<-in> I] [B<-out> I] [B<-key> I] -[B<-keyform> B|B|B] +[B<-keyform> B|B|B|B] [B<-passin> I] [B<-challenge> I] [B<-pubkey>] @@ -59,9 +59,10 @@ Create an SPKAC file using the private key in I. The B<-in>, B<-noout>, B<-spksect> and B<-verify> options are ignored if present. -=item B<-keyform> B|B|B +=item B<-keyform> B|B|B|B The key format; the default is B. +The only value with effect is B; all others have become obsolete. See L for details. =item B<-passin> I @@ -148,6 +149,11 @@ to be used in a "replay attack". L, L +=head1 HISTORY + +All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 +and have no effect. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-verify.pod.in b/doc/man1/openssl-verify.pod.in index e4e394faa6..7271efe833 100644 --- a/doc/man1/openssl-verify.pod.in +++ b/doc/man1/openssl-verify.pod.in @@ -99,7 +99,6 @@ with a B<->. One or more certificates to verify. If no certificates are given, this command will attempt to read a certificate from standard input. -Certificates must be in PEM format. If a certificate chain has multiple problems, this program tries to display all of them. diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in index b8fd2a4041..918c91b34b 100644 --- a/doc/man1/openssl-x509.pod.in +++ b/doc/man1/openssl-x509.pod.in @@ -11,9 +11,9 @@ B B [B<-help>] [B<-inform> B|B] [B<-outform> B|B] -[B<-keyform> B|B|B] -[B<-CAform> B|B] -[B<-CAkeyform> B|B|B] +[B<-keyform> B|B|B|B] +[B<-CAform> B|B|B] +[B<-CAkeyform> B|B|B|B] [B<-in> I] [B<-out> I] [B<-serial>] @@ -100,13 +100,18 @@ various sections. Print out a usage message. -=item B<-inform> B|B, B<-outform> B|B +=item B<-inform> B|B -The input and formats; the default is B. +The CSR input format; the default is B. See L for details. -The input is normally an X.509 certificate, but this can change if other -options such as B<-req> are used. +The input is normally an X.509 certificate file of any format, +but this can change if other options such as B<-req> are used. + +B<-outform> B|B + +The output format; the default is B. +See L for details. =item B<-in> I @@ -355,8 +360,7 @@ can thus behave like a "mini CA". =item B<-signkey> I This option causes the input file to be self signed using the supplied -private key or engine. The private key's format is specified with the -B<-keyform> option. +private key or engine. It sets the issuer name to the subject name (i.e., makes it self-issued) and changes the public key to the supplied value (unless overridden by @@ -392,14 +396,21 @@ certificate is being created from another certificate (for example with the B<-signkey> or the B<-CA> options). Normally all extensions are retained. -=item B<-keyform> B|B|B +=item B<-keyform> B|B|B|B The key format; the default is B. +The only value with effect is B; all others have become obsolete. See L for details. -=item B<-CAform> B|B, B<-CAkeyform> B|B|B +=item B<-CAform> B|B|B, + +The format for the CA certificate. +This option has no effect and is retained for backward compatibility. -The format for the CA certificate and key; the default is B. +=item B<-CAkeyform> B|B|B|B + +The format for the CA key; the default is B. +The only value with effect is B; all others have become obsolete. See L for details. =item B<-days> I @@ -502,8 +513,6 @@ self-signed, for instance when the key cannot be used for signing, such as DH. It can also be used in conjunction with b<-new> and B<-subj> to directly generate a certificate containing any desired public key. -The format of the key file can be specified using the B<-keyform> option. - =item B<-subj> I When a certificate is created set its subject name to the given value. @@ -821,6 +830,11 @@ of the distinguished name. In OpenSSL 1.0.0 and later it is based on a canonical version of the DN using SHA1. This means that any directories using the old form must have their links rebuilt using L or similar. +All B<-keyform> and B<-CAkeyform> values except B +have become obsolete in OpenSSL 3.0.0 and have no effect. + +The B<-CAform> option has become obsolete in OpenSSL 3.0.0 and has no effect. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index 1cdcd8b8bb..7170a98448 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -525,7 +525,12 @@ parameters start with a minus sign: =head2 Format Options Several OpenSSL commands can take input or generate output in a variety -of formats. The list of acceptable formats, and the default, is +of formats. +Since OpenSSL 3.0 keys, single certificates, and CRLs can be read from +files in any of the B, B, or B formats, +while specifying their input format is no more needed. + +The list of acceptable formats, and the default, is described in each command documentation. The list of formats is described below. Both uppercase and lowercase are accepted. @@ -618,6 +623,8 @@ The format of the input or output streams. =item B<-keyform> I Format of a private key input source. +The only value with effect is B; all others have become obsolete. +See L for details. =item B<-CRLform> I @@ -789,12 +796,6 @@ OpenSSL command to generate an alternative chain. =over 4 -=item B<-xchain_build> - -Specify whether the application should build the certificate chain to be -provided to the server for the extra certificates via the B<-xkey>, -B<-xcert>, and B<-xchain> options. - =item B<-xkey> I, B<-xcert> I, B<-xchain> Specify an extra certificate, private key and certificate chain. These behave @@ -802,21 +803,21 @@ in the same manner as the B<-cert>, B<-key> and B<-cert_chain> options. When specified, the callback returning the first valid chain will be in use by the client. -=item B<-xcertform> B|B, B<-xkeyform> B|B - -The input format for the extra certificate and key, respectively. -See L for details. - =item B<-xchain_build> Specify whether the application should build the certificate chain to be provided to the server for the extra certificates via the B<-xkey>, B<-xcert>, and B<-xchain> options. -=item B<-xcertform> B|B, B<-xkeyform> B|B +=item B<-xcertform> B|B|B -The input format for the extra certificate and key, respectively. -See L for details. +The input format for the extra certificate. +This option has no effect and is retained for backward compatibility only. + +=item B<-xkeyform> B|B|B + +The input format for the extra key. +This option has no effect and is retained for backward compatibility only. =back @@ -1403,6 +1404,9 @@ manual pages. The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and is silently ignored. +The B<-xcertform> and B<-xkeyform> options +are obsolete since OpenSSL 3.0.0 and have no effect. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/EVP_PKEY_fromdata.pod b/doc/man3/EVP_PKEY_fromdata.pod index 71ba642180..526109386e 100644 --- a/doc/man3/EVP_PKEY_fromdata.pod +++ b/doc/man3/EVP_PKEY_fromdata.pod @@ -103,7 +103,7 @@ TODO Write a set of cookbook documents and link to them. OSSL_PARAM_ulong("d", &rsa_d), OSSL_PARAM_END }; - + int main() { EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); From dev at ddvo.net Fri May 15 18:24:37 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Fri, 15 May 2020 18:24:37 +0000 Subject: [openssl] master update Message-ID: <1589567077.659502.11267.nullmailer@dev.openssl.org> The branch master has been updated via 538404d2186954d58c04c46232f985ddf9675b6f (commit) via 8c10e1b660be1286439e15c9a955461f25b53616 (commit) from 6d382c74b375f1f8c44f04ec3de95ff781598a3b (commit) - Log ----------------------------------------------------------------- commit 538404d2186954d58c04c46232f985ddf9675b6f Author: David von Oheimb Date: Mon Aug 28 19:14:47 2017 +0200 Add 'methods' parameter to setup_engine() in apps.c for individual method defaults Reviewed-by: Richard Levitte Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/4277) commit 8c10e1b660be1286439e15c9a955461f25b53616 Author: Dr. David von Oheimb Date: Tue Apr 21 14:08:49 2020 +0200 Clean up macro definitions of openssl_fdset() in apps.h and sockets.h Reviewed-by: Richard Levitte Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/4277) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 9 +-------- apps/include/apps.h | 17 ++++++----------- apps/lib/apps.c | 23 +++++++++++------------ apps/s_server.c | 4 +++- include/internal/sockets.h | 4 ++-- 5 files changed, 23 insertions(+), 34 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 7a2ce2963d..72ebe34d26 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -61,13 +61,6 @@ static int read_config(void); static CONF *conf = NULL; /* OpenSSL config file context structure */ static OSSL_CMP_CTX *cmp_ctx = NULL; /* the client-side CMP context */ -/* TODO remove when new setup_engine_flags() is in apps/lib/apps.c (PR #4277) */ -static -ENGINE *setup_engine_flags(const char *engine, unsigned int flags, int debug) -{ - return setup_engine(engine, debug); -} - /* the type of cmp command we want to send */ typedef enum { CMP_IR, @@ -2938,7 +2931,7 @@ int cmp_main(int argc, char **argv) } if (opt_engine != NULL) - e = setup_engine_flags(opt_engine, 0 /* not: ENGINE_METHOD_ALL */, 0); + e = setup_engine_methods(opt_engine, 0 /* not: ENGINE_METHOD_ALL */, 0); if (opt_port != NULL) { if (opt_use_mock_srv) { diff --git a/apps/include/apps.h b/apps/include/apps.h index 7789bd2b0a..b051222244 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -12,6 +12,7 @@ # include "e_os.h" /* struct timeval for DTLS */ # include "internal/nelem.h" +# include "internal/sockets.h" /* for openssl_fdset() */ # include # include @@ -35,19 +36,12 @@ # include "fmt.h" # include "platform.h" -/* also in include/internal/sockets.h */ -# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE) -# define openssl_fdset(a,b) FD_SET((unsigned int)a, b) -# else -# define openssl_fdset(a,b) FD_SET(a, b) -# endif - /* * quick macro when you need to pass an unsigned char instead of a char. * this is true for some implementations of the is*() functions, for * example. */ -#define _UC(c) ((unsigned char)(c)) +# define _UC(c) ((unsigned char)(c)) void app_RAND_load_conf(CONF *c, const char *section); void app_RAND_write(void); @@ -132,7 +126,7 @@ __owur int ctx_set_verify_locations(SSL_CTX *ctx, const char *CApath, int noCApath, const char *CAstore, int noCAstore); -#ifndef OPENSSL_NO_CT +# ifndef OPENSSL_NO_CT /* * Sets the file to load the Certificate Transparency log list from. @@ -141,9 +135,10 @@ __owur int ctx_set_verify_locations(SSL_CTX *ctx, */ __owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path); -#endif +# endif -ENGINE *setup_engine(const char *engine, int debug); +ENGINE *setup_engine_methods(const char *id, unsigned int methods, int debug); +# define setup_engine(e, debug) setup_engine_methods(e, (unsigned int)-1, debug) void release_engine(ENGINE *e); # ifndef OPENSSL_NO_OCSP diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 8063a0e272..4337cc6c87 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -1115,29 +1115,28 @@ static ENGINE *try_load_engine(const char *engine) } #endif -ENGINE *setup_engine(const char *engine, int debug) +ENGINE *setup_engine_methods(const char *id, unsigned int methods, int debug) { ENGINE *e = NULL; #ifndef OPENSSL_NO_ENGINE - if (engine != NULL) { - if (strcmp(engine, "auto") == 0) { + if (id != NULL) { + if (strcmp(id, "auto") == 0) { BIO_printf(bio_err, "Enabling auto ENGINE support\n"); ENGINE_register_all_complete(); return NULL; } - if ((e = ENGINE_by_id(engine)) == NULL - && (e = try_load_engine(engine)) == NULL) { - BIO_printf(bio_err, "Invalid engine \"%s\"\n", engine); + if ((e = ENGINE_by_id(id)) == NULL + && (e = try_load_engine(id)) == NULL) { + BIO_printf(bio_err, "Invalid engine \"%s\"\n", id); ERR_print_errors(bio_err); return NULL; } - if (debug) { - ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0); - } - ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, (void *)get_ui_method(), - 0, 1); - if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { + if (debug) + (void)ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0); + if (!ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, + (void *)get_ui_method(), 0, 1) + || !ENGINE_set_default(e, methods)) { BIO_printf(bio_err, "Cannot use engine \"%s\"\n", ENGINE_get_id(e)); ERR_print_errors(bio_err); ENGINE_free(e); diff --git a/apps/s_server.c b/apps/s_server.c index bbc311befd..09bcc0cfb8 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1576,7 +1576,9 @@ int s_server_main(int argc, char *argv[]) session_id_prefix = opt_arg(); break; case OPT_ENGINE: - engine = setup_engine(opt_arg(), 1); +#ifndef OPENSSL_NO_ENGINE + engine = setup_engine(opt_arg(), s_debug); +#endif break; case OPT_R_CASES: if (!opt_rand(o)) diff --git a/include/internal/sockets.h b/include/internal/sockets.h index e7708516d8..6d17363d9b 100644 --- a/include/internal/sockets.h +++ b/include/internal/sockets.h @@ -154,9 +154,9 @@ struct servent *PASCAL getservbyname(const char *, const char *); /* also in apps/include/apps.h */ # if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE) -# define openssl_fdset(a,b) FD_SET((unsigned int)a, b) +# define openssl_fdset(a, b) FD_SET((unsigned int)(a), b) # else -# define openssl_fdset(a,b) FD_SET(a, b) +# define openssl_fdset(a, b) FD_SET(a, b) # endif #endif From matthias.st.pierre at ncp-e.com Fri May 15 18:50:54 2020 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Fri, 15 May 2020 18:50:54 +0000 Subject: [openssl] master update Message-ID: <1589568654.643822.20080.nullmailer@dev.openssl.org> The branch master has been updated via 43a70f02022ebbc29aa71853f04f1dc0d9772846 (commit) via a51f225d0d6a9ea5b25a07091a67bb3c737ffe31 (commit) from 538404d2186954d58c04c46232f985ddf9675b6f (commit) - Log ----------------------------------------------------------------- commit 43a70f02022ebbc29aa71853f04f1dc0d9772846 Author: Rich Salz Date: Wed May 13 11:16:50 2020 -0400 Fix all MD036 (emphasis used instead of heading) The main fixes were errors in itemized lists "*)" instead of "*" Reviewed-by: Tomas Mraz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/11770) commit a51f225d0d6a9ea5b25a07091a67bb3c737ffe31 Author: Rich Salz Date: Fri May 8 10:34:22 2020 -0400 Add "md-nits" make target Also fix a nit in recent CHANGES.md update. Reviewed-by: Tomas Mraz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/11770) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 12 ++++--- CHANGES.md | 70 +++++++++++++++++++-------------------- Configurations/unix-Makefile.tmpl | 13 ++++++-- INSTALL.md | 7 ++-- util/markdownlint.rb | 1 - 5 files changed, 58 insertions(+), 45 deletions(-) diff --git a/.travis.yml b/.travis.yml index 0ac0eb5bf9..413d87475f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -205,10 +205,14 @@ script: travis_terminate 1; fi - if test -n "$MARKDOWNLINT" ; then - echo -e "====START MARKDOWNLINT===="; - gem install mdl || travis_terminate 1; - mdl -s util/markdownlint.rb . || travis_terminate 1; - echo -e "====END MARKDOWNLINT===="; + if ! gem install mdl ; then + echo -e '\052\052 FAILED -- GEM INSTALL MDL'; + travis_terminate 1; + fi; + if ! $make md-nits ; then + echo -e '\052\052 FAILED -- MAKE MD-NITS'; + travis_terminate 1; + fi; fi - if ! $make2; then echo -e '\052\052 FAILED -- MAKE'; diff --git a/CHANGES.md b/CHANGES.md index 6ee0b1efde..589cc5537e 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -6001,40 +6001,40 @@ OpenSSL 1.0.1 *Steve Henson* - *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect - results on some platforms, including x86_64. This bug occurs at random - with a very low probability, and is not known to be exploitable in any - way, though its exact impact is difficult to determine. Thanks to Pieter - Wuille (Blockstream) who reported this issue and also suggested an initial - fix. Further analysis was conducted by the OpenSSL development team and - Adam Langley of Google. The final fix was developed by Andy Polyakov of - the OpenSSL core team. - [CVE-2014-3570][] + * Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect + results on some platforms, including x86_64. This bug occurs at random + with a very low probability, and is not known to be exploitable in any + way, though its exact impact is difficult to determine. Thanks to Pieter + Wuille (Blockstream) who reported this issue and also suggested an initial + fix. Further analysis was conducted by the OpenSSL development team and + Adam Langley of Google. The final fix was developed by Andy Polyakov of + the OpenSSL core team. + [CVE-2014-3570][] *Andy Polyakov* - *) Do not resume sessions on the server if the negotiated protocol - version does not match the session's version. Resuming with a different - version, while not strictly forbidden by the RFC, is of questionable - sanity and breaks all known clients. + * Do not resume sessions on the server if the negotiated protocol + version does not match the session's version. Resuming with a different + version, while not strictly forbidden by the RFC, is of questionable + sanity and breaks all known clients. *David Benjamin, Emilia K?sper* - *) Tighten handling of the ChangeCipherSpec (CCS) message: reject - early CCS messages during renegotiation. (Note that because - renegotiation is encrypted, this early CCS was not exploitable.) + * Tighten handling of the ChangeCipherSpec (CCS) message: reject + early CCS messages during renegotiation. (Note that because + renegotiation is encrypted, this early CCS was not exploitable.) *Emilia K?sper* - *) Tighten client-side session ticket handling during renegotiation: - ensure that the client only accepts a session ticket if the server sends - the extension anew in the ServerHello. Previously, a TLS client would - reuse the old extension state and thus accept a session ticket if one was - announced in the initial ServerHello. + * Tighten client-side session ticket handling during renegotiation: + ensure that the client only accepts a session ticket if the server sends + the extension anew in the ServerHello. Previously, a TLS client would + reuse the old extension state and thus accept a session ticket if one was + announced in the initial ServerHello. - Similarly, ensure that the client requires a session ticket if one - was advertised in the ServerHello. Previously, a TLS client would - ignore a missing NewSessionTicket message. + Similarly, ensure that the client requires a session ticket if one + was advertised in the ServerHello. Previously, a TLS client would + ignore a missing NewSessionTicket message. *Emilia K?sper* @@ -7020,19 +7020,19 @@ OpenSSL 1.0.0 *Steve Henson* - *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect - results on some platforms, including x86_64. This bug occurs at random - with a very low probability, and is not known to be exploitable in any - way, though its exact impact is difficult to determine. Thanks to Pieter - Wuille (Blockstream) who reported this issue and also suggested an initial - fix. Further analysis was conducted by the OpenSSL development team and - Adam Langley of Google. The final fix was developed by Andy Polyakov of - the OpenSSL core team. - [CVE-2014-3570][] + * Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect + results on some platforms, including x86_64. This bug occurs at random + with a very low probability, and is not known to be exploitable in any + way, though its exact impact is difficult to determine. Thanks to Pieter + Wuille (Blockstream) who reported this issue and also suggested an initial + fix. Further analysis was conducted by the OpenSSL development team and + Adam Langley of Google. The final fix was developed by Andy Polyakov of + the OpenSSL core team. + [CVE-2014-3570][] - *Andy Polyakov* + *Andy Polyakov* - *) Fix various certificate fingerprint issues. + * Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 41a35aae65..126180ace7 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -519,7 +519,7 @@ clean: libclean -$(RM) `find . -name '*{- platform->depext() -}' \! -name '.*' \! -type d -print` -$(RM) `find . -name '*{- platform->objext() -}' \! -name '.*' \! -type d -print` $(RM) core - $(RM) tags TAGS doc-nits cmd-nits + $(RM) tags TAGS doc-nits cmd-nits md-nits $(RM) -r test/test-runs $(RM) openssl.pc libcrypto.pc libssl.pc -$(RM) `find . -type l \! -name '.*' -print` @@ -982,13 +982,22 @@ update: generate errors ordinals generate: generate_apps generate_crypto_bn generate_crypto_objects \ generate_crypto_conf generate_crypto_asn1 generate_fuzz_oids -.PHONY: doc-nits cmd-nits +.PHONY: doc-nits cmd-nits md-nits doc-nits: build_generated $(PERL) $(SRCDIR)/util/find-doc-nits -n -l -e cmd-nits: build_generated apps/openssl $(PERL) $(SRCDIR)/util/find-doc-nits -c +# This uses "mdl", the markdownlint application, which is written in ruby. +# The source is at https://github.com/markdownlint/markdownlint +# If you have ruby installed, "gem install mdl" should work. +# Another option is at https://snapcraft.io/install/mdl/debian +# Finally, there's a Node.js version, which we haven't tried, that +# can be found at https://github.com/DavidAnson/markdownlint +md-nits: + mdl -s util/markdownlint.rb . + # Test coverage is a good idea for the future #coverage: $(PROGRAMS) $(TESTPROGRAMS) # ... diff --git a/INSTALL.md b/INSTALL.md index d4da50c7f7..88961aa74b 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -262,13 +262,14 @@ for 32bit binaries on 64bit Windows (WOW64). #### Installing to a different location To install OpenSSL to a different location (for example into your home -directory for testing purposes) run config like this: +directory for testing purposes) run config as shown in the following +examples. -**On Unix** +On Unix: $ ./config --prefix=/opt/openssl --openssldir=/usr/local/ssl -**On OpenVMS** +On OpenVMS: $ @config --prefix=PROGRAM:[INSTALLS] --openssldir=SYS$MANAGER:[OPENSSL] diff --git a/util/markdownlint.rb b/util/markdownlint.rb index 75eb21ecb8..66517484ad 100644 --- a/util/markdownlint.rb +++ b/util/markdownlint.rb @@ -18,4 +18,3 @@ exclude_rule 'MD014' # Dollar signs used before commands without showing output exclude_rule 'MD024' # Multiple headers with the same content exclude_rule 'MD025' # Multiple top level headers in the same document exclude_rule 'MD029' # Ordered list item prefix -exclude_rule 'MD036' # Emphasis used instead of a header From kaduk at mit.edu Fri May 15 19:56:25 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Fri, 15 May 2020 19:56:25 +0000 Subject: [openssl] master update Message-ID: <1589572585.644203.26037.nullmailer@dev.openssl.org> The branch master has been updated via 0b2b0be948404cefe7160c9b1096bc554e982f03 (commit) via 2e1a4f6aeb5a9935e3055f61740381e17a31fc9a (commit) from 43a70f02022ebbc29aa71853f04f1dc0d9772846 (commit) - Log ----------------------------------------------------------------- commit 0b2b0be948404cefe7160c9b1096bc554e982f03 Author: raja-ashok Date: Sun May 10 22:47:00 2020 +0530 Test TLSv1.3 out-of-band PSK with all 5 ciphersuites Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11785) commit 2e1a4f6aeb5a9935e3055f61740381e17a31fc9a Author: raja-ashok Date: Fri May 8 19:17:21 2020 +0530 Fix crash in early data send with out-of-band PSK using AES CCM Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11785) ----------------------------------------------------------------------- Summary of changes: ssl/tls13_enc.c | 11 +++++- test/sslapitest.c | 113 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 121 insertions(+), 3 deletions(-) diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index e81f3656ee..1775152eeb 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -436,11 +436,18 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, uint32_t algenc; ivlen = EVP_CCM_TLS_IV_LEN; - if (s->s3.tmp.new_cipher == NULL) { + if (s->s3.tmp.new_cipher != NULL) { + algenc = s->s3.tmp.new_cipher->algorithm_enc; + } else if (s->session->cipher != NULL) { /* We've not selected a cipher yet - we must be doing early data */ algenc = s->session->cipher->algorithm_enc; + } else if (s->psksession != NULL && s->psksession->cipher != NULL) { + /* We must be doing early data with out-of-band PSK */ + algenc = s->psksession->cipher->algorithm_enc; } else { - algenc = s->s3.tmp.new_cipher->algorithm_enc; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV, + ERR_R_EVP_LIB); + goto err; } if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8)) taglen = EVP_CCM8_TLS_TAG_LEN; diff --git a/test/sslapitest.c b/test/sslapitest.c index ea86b13f80..c1c288e50a 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -2755,8 +2755,11 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, #define MSG6 "test" #define MSG7 "message." -#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") #define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") +#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") +#define TLS13_CHACHA20_POLY1305_SHA256_BYTES ((const unsigned char *)"\x13\x03") +#define TLS13_AES_128_CCM_SHA256_BYTES ((const unsigned char *)"\x13\x04") +#define TLS13_AES_128_CCM_8_SHA256_BYTES ((const unsigned char *)"\x13\05") static SSL_SESSION *create_a_psk(SSL *ssl) @@ -3689,6 +3692,113 @@ static int test_early_data_psk(int idx) return testresult; } +/* + * Test TLSv1.3 PSK can be used to send early_data with all 5 ciphersuites + * idx == 0: Test with TLS1_3_RFC_AES_128_GCM_SHA256 + * idx == 1: Test with TLS1_3_RFC_AES_256_GCM_SHA384 + * idx == 2: Test with TLS1_3_RFC_CHACHA20_POLY1305_SHA256, + * idx == 3: Test with TLS1_3_RFC_AES_128_CCM_SHA256 + * idx == 4: Test with TLS1_3_RFC_AES_128_CCM_8_SHA256 + */ +static int test_early_data_psk_with_all_ciphers(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + SSL_SESSION *sess = NULL; + unsigned char buf[20]; + size_t readbytes, written; + const SSL_CIPHER *cipher; + const char *cipher_str[] = { + TLS1_3_RFC_AES_128_GCM_SHA256, + TLS1_3_RFC_AES_256_GCM_SHA384, +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + TLS1_3_RFC_CHACHA20_POLY1305_SHA256, +# else + NULL, +# endif + TLS1_3_RFC_AES_128_CCM_SHA256, + TLS1_3_RFC_AES_128_CCM_8_SHA256 + }; + const unsigned char *cipher_bytes[] = { + TLS13_AES_128_GCM_SHA256_BYTES, + TLS13_AES_256_GCM_SHA384_BYTES, +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + TLS13_CHACHA20_POLY1305_SHA256_BYTES, +# else + NULL, +# endif + TLS13_AES_128_CCM_SHA256_BYTES, + TLS13_AES_128_CCM_8_SHA256_BYTES + }; + + if (cipher_str[idx] == NULL) + return 1; + /* Skip ChaCha20Poly1305 as currently FIPS module does not support it */ + if (idx == 2 && is_fips == 1) + return 1; + + /* We always set this up with a final parameter of "2" for PSK */ + if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, + &serverssl, &sess, 2))) + goto end; + + if (!TEST_true(SSL_set_ciphersuites(clientssl, cipher_str[idx])) + || !TEST_true(SSL_set_ciphersuites(serverssl, cipher_str[idx]))) + goto end; + + /* + * 'setupearly_data_test' creates only one instance of SSL_SESSION + * and assigns to both client and server with incremented reference + * and the same instance is updated in 'sess'. + * So updating ciphersuite in 'sess' which will get reflected in + * PSK handshake using psk use sess and find sess cb. + */ + cipher = SSL_CIPHER_find(clientssl, cipher_bytes[idx]); + if (!TEST_ptr(cipher) || !TEST_true(SSL_SESSION_set_cipher(sess, cipher))) + goto end; + + SSL_set_connect_state(clientssl); + if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), + &written))) + goto end; + + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_SUCCESS) + || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_ACCEPTED) + || !TEST_int_eq(SSL_connect(clientssl), 1) + || !TEST_int_eq(SSL_accept(serverssl), 1)) + goto end; + + /* Send some normal data from client to server */ + if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written)) + || !TEST_size_t_eq(written, strlen(MSG2))) + goto end; + + if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) + goto end; + + testresult = 1; + end: + SSL_SESSION_free(sess); + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; + if (clientssl != NULL) + SSL_shutdown(clientssl); + if (serverssl != NULL) + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + /* * Test that a server that doesn't try to read early data can handle a * client sending some. @@ -7641,6 +7751,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_early_data_skip_abort, 3); ADD_ALL_TESTS(test_early_data_not_sent, 3); ADD_ALL_TESTS(test_early_data_psk, 8); + ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 5); ADD_ALL_TESTS(test_early_data_not_expected, 3); # ifndef OPENSSL_NO_TLS1_2 ADD_ALL_TESTS(test_early_data_tls1_2, 3); From openssl at openssl.org Fri May 15 23:42:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 15 May 2020 23:42:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1589586175.102304.1024.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: fab8fde3fc test/evp_extra_test.c: Add OPENSSL_NO_CMAC around CMAC test 90ad284f4e PROV: make some DER AID arrays non-static, to avoid clang complaints 16e3588d98 .travis.yml: never use -Werror, use --strict-warnings instead d49be019d2 test/recipes/15-test_rsapss.t: Add test with unrestricted signature f63f3b7294 test/ssl-tests/20-cert-select.cnf.in: Re-enable RSA-PSS related tests d59b7a54a5 test/evp_pkey_provided_test.c: Display first, compare after 106ec30bc7 PROV & ASYM_CIPHER: Adapt the RSA asymmetric cipher code for PSS-parameters e25761b10d EVP: Refactor the RSA-PSS key generation controls for providers 2d5536609b PROV & SIGNATURE: Adapt the RSA signature code for PSS-parameters 2c6094baca EVP: For SIGNATURE operations, pass the propquery early ea297dca50 PROV & SERIALIZER: Adapt the RSA serializers for PSS-parameters 8a758e96f2 PROV & KEYMGMT: Add PSS-parameter support in the RSA KEYMGMT implementation 0ec36bf117 PROV: Refactor the RSA SIGNATURE implementation for better param control 36a2a551d7 PROV: Refactor the RSA DER support 2275ff656c DER writer: Add the possibility to abandon empty SEQUENCEs 967cc3f939 RSA: Add PSS-parameter processing in EVP_PKEY_ASN1_METHOD functions 15671090f4 RSA: Add a less loaded PSS-parameter structure e9d6186e05 RSA: Add rsa_schemes.c, to store scheme data and translator functions 645a541a3f RSA: Extract much of the rsa_pkey_export_to() code to a separate function 484d1a73c7 RSA: Add RSA key types a87820e16b test/evp_extra_test.c: Add test for CMAC keygen with a NULL engine bcb018e70b EVP: Only use the engine when one is defined, in pkey_mac_ctrl() c4e3a72720 Add documentation for ASN1_INTEGER_new() and ASN1_INTEGER_free() 63f1883dca Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert() 143be4748e Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID() 6b326fc396 Improve CMP documentation regarding use of untrusted certs 8d9a4d833f Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface 3c38fa4b79 Preliminary fix of memory leak in try_decode_PKCS12() - full fix is in #11733 d3d0784e41 Improve description of algorithm NIDs in doc/man3/OSSL_CMP_CTX_new.pod 05f920db39 Reflect constifications of 62dcd2aa in doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod f55838f34d OSSL_STORE: Make the 'file' scheme loader handle MSBLOB and PVK files bac4bffbfb OSSL_STORE: Better information when prompting for pass phrases 6ab6ecfd6d OSSL_STORE: Make it possible to attach an OSSL_STORE to an opened BIO 78906fff4a PROV: Adapt all our providers to use the new PROV_CTX structure 05aa8790ac PROV: Add a proper provider context structure for OpenSSL providers 484c24c8d7 Remove explicit dependency on configdata.pm when processing .in files dd63f9bbfc Fix FreeBSD build with --strict-warnings 7ef4379061 Fix rsa8192.pem Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_cmp.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/ISSUER_SIGN_TOOL_new.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/Ed25519.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_cmp.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/ISSUER_SIGN_TOOL_new.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/Ed25519.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/sslprovidertest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests.c providers/common/der/der_dsa.c providers/common/der/der_ec.c providers/common/der/der_rsa.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha2-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4055: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3039: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Sat May 16 03:48:41 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 16 May 2020 03:48:41 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1589600921.943075.15418.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: fab8fde3fc test/evp_extra_test.c: Add OPENSSL_NO_CMAC around CMAC test 90ad284f4e PROV: make some DER AID arrays non-static, to avoid clang complaints 16e3588d98 .travis.yml: never use -Werror, use --strict-warnings instead d49be019d2 test/recipes/15-test_rsapss.t: Add test with unrestricted signature f63f3b7294 test/ssl-tests/20-cert-select.cnf.in: Re-enable RSA-PSS related tests d59b7a54a5 test/evp_pkey_provided_test.c: Display first, compare after 106ec30bc7 PROV & ASYM_CIPHER: Adapt the RSA asymmetric cipher code for PSS-parameters e25761b10d EVP: Refactor the RSA-PSS key generation controls for providers 2d5536609b PROV & SIGNATURE: Adapt the RSA signature code for PSS-parameters 2c6094baca EVP: For SIGNATURE operations, pass the propquery early ea297dca50 PROV & SERIALIZER: Adapt the RSA serializers for PSS-parameters 8a758e96f2 PROV & KEYMGMT: Add PSS-parameter support in the RSA KEYMGMT implementation 0ec36bf117 PROV: Refactor the RSA SIGNATURE implementation for better param control 36a2a551d7 PROV: Refactor the RSA DER support 2275ff656c DER writer: Add the possibility to abandon empty SEQUENCEs 967cc3f939 RSA: Add PSS-parameter processing in EVP_PKEY_ASN1_METHOD functions 15671090f4 RSA: Add a less loaded PSS-parameter structure e9d6186e05 RSA: Add rsa_schemes.c, to store scheme data and translator functions 645a541a3f RSA: Extract much of the rsa_pkey_export_to() code to a separate function 484d1a73c7 RSA: Add RSA key types a87820e16b test/evp_extra_test.c: Add test for CMAC keygen with a NULL engine bcb018e70b EVP: Only use the engine when one is defined, in pkey_mac_ctrl() c4e3a72720 Add documentation for ASN1_INTEGER_new() and ASN1_INTEGER_free() 63f1883dca Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert() 143be4748e Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID() 6b326fc396 Improve CMP documentation regarding use of untrusted certs 8d9a4d833f Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface 3c38fa4b79 Preliminary fix of memory leak in try_decode_PKCS12() - full fix is in #11733 d3d0784e41 Improve description of algorithm NIDs in doc/man3/OSSL_CMP_CTX_new.pod 05f920db39 Reflect constifications of 62dcd2aa in doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod f55838f34d OSSL_STORE: Make the 'file' scheme loader handle MSBLOB and PVK files bac4bffbfb OSSL_STORE: Better information when prompting for pass phrases 6ab6ecfd6d OSSL_STORE: Make it possible to attach an OSSL_STORE to an opened BIO 78906fff4a PROV: Adapt all our providers to use the new PROV_CTX structure 05aa8790ac PROV: Add a proper provider context structure for OpenSSL providers 484c24c8d7 Remove explicit dependency on configdata.pm when processing .in files dd63f9bbfc Fix FreeBSD build with --strict-warnings 7ef4379061 Fix rsa8192.pem Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_cmp.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/ISSUER_SIGN_TOOL_new.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/Ed25519.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/sslprovidertest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests.c providers/common/der/der_dsa.c providers/common/der/der_ec.c providers/common/der/der_rsa.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha2-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_socket.d.tmp -MT apps/lib/libapps-lib-s_socket.o -c -o apps/lib/libapps-lib-s_socket.o ../openssl/apps/lib/s_socket.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4033: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3017: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From matt at openssl.org Sat May 16 09:22:05 2020 From: matt at openssl.org (Matt Caswell) Date: Sat, 16 May 2020 09:22:05 +0000 Subject: [openssl] openssl-3.0.0-alpha2 create Message-ID: <1589620925.996153.28999.nullmailer@dev.openssl.org> The annotated tag openssl-3.0.0-alpha2 has been created at 7ada644fb969b94b096f2bbe0ced03c9d10398f7 (tag) tagging 9e8604b891483e2d06bb994460ca18b93011fdde (commit) replaces openssl-3.0.0-alpha1 tagged by Matt Caswell on Fri May 15 14:33:29 2020 +0100 - Log ----------------------------------------------------------------- OpenSSL 3.0.0-alpha2 release tag -----BEGIN PGP SIGNATURE----- iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl6+mikRHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJEtdQf+MAbL5I10xJ0/yoVvaUHARAsY41BSe98e hChKvqhhqwCd9Pn/DG0Vod300dm58jCyfwIIsYNUKOJhZQTBUEmaWqZEJlZm/rSZ jkoYY8BEbVWWTrraJynRxp97OZFxH8kFu8uBxvx+gNSCSM8EPbuAhfiBtz73rp8C t6tVY26kbGualouu46RDh3wrhXGVvpWXro9v8Ixil8s+JEfcWcSxwUlbVu95/+jf h+/j4RV6rhApIM+cG05Mdw8BiOQqqObocL4B+zWiy5oKMDPBtGbjAgcGTk2daAsm 7o6qWscEjDQ9/YYNb6Jn4eMOfZyP+RCQVsCyTB+qSmT76JJs1BKdSA== =wyJ7 -----END PGP SIGNATURE----- Arne Schwabe (1): Fix type cast in SSL_CTX_set1_groups macro Beat Bolli (1): doc: fix two invalid tags Benjamin Kaduk (7): sslapitest: only compile test when it will be used Fix whitespace nit in ossl_statem_server_pre_work Add SSL_new_session_ticket() API Add test for SSL_new_session_ticket() make update for SSL_new_session_ticket Fix up whitespace nits introduced by PR #11416 Fix FreeBSD build with --strict-warnings Bernd Edlinger (1): Fix rsa8192.pem Christian Heimes (1): Use fips=yes consistently in documentation Christian Hohnstaedt (1): i2b_PVK_bio: don't set PEM_R_BIO_WRITE_FAILURE in case of success David von Oheimb (3): Add function load_csr(file,format,desc) to apps/lib/apps.c Improve feedback on wrong format with new print_format_error() in apps/lib/opt.c Remove a bad 'goto end' and a few superfluous ones in apps/lib/apps.c Dirk-Willem van Gulik (1): Add support for unusal 'othername' subjectAltNames Dmitry Belyavskiy (1): s_server normal shutdown Dr. David von Oheimb (13): Clean up the use of ERR_print_errors() in apps.c and in four apps Strengthen X509_STORE_CTX_print_verify_cb() to print expected host etc. Fix bug in OSSL_CMP_SRV_process_request() on transaction renewal Constify 'req' parameter of OSSL_HTTP_post_asn1() Fix bio_wait() in crypto/bio/bio_lib.c in case OPENSSL_NO_SOCK Extract HTTP server code from apps/ocsp.c to apps/lib/http_server.c Reflect constifications of 62dcd2aa in doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod Improve description of algorithm NIDs in doc/man3/OSSL_CMP_CTX_new.pod Preliminary fix of memory leak in try_decode_PKCS12() - full fix is in #11733 Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface Improve CMP documentation regarding use of untrusted certs Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID() Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert() Dr. Matthias St. Pierre (1): Fix use-after-free in BIO_C_SET_SSL callback Jakub Zelenka (1): Add documentation for CMS_EnvelopedData_create() Kurt Roeckx (1): Improve SSL_shutdown documentation. Leo Neat (1): CIFuzz turning dry_run off Mat Berchtold (2): When a private key is validated and there is no private key, return early. Add a test for EVP_PKEY_*_check functions for "DSA" keys Matt Caswell (20): Prepare for 3.0 alpha 2 Update README.ssltests.md Make EVP_new_raw_[private|public]_key provider aware Ensure OSSL_PARAM_BLD_free() can accept a NULL Add the ability to ECX to import keys with only the private key Add the library ctx into an ECX_KEY Ensure EVP_PKEY_get_raw_[private|public]_key work with provider keys Don't export ECX key data twice Fix the KEYNID2TYPE macro Implement key match functionality for ECX keys Document the new raw private/public key functions Add some tests for the newly added raw private/public key functions Allow OSSL_PARAM_get_octet_string() to pass a NULL buffer Centralise Environment Variables for the tests Fix a memory leak in CONF .include handling Don't offer or accept ciphersuites that we can't support Extend test_ssl_get_shared_ciphers Correct alignment calculation in ssl3_setup_write Update copyright year Prepare for release of 3.0 alpha 2 Maximilian Blenk (1): Fix PEM certificate loading that sometimes fails Nicola Tuveri (2): Fix typo from #10631 Fix links in CONTRIBUTING.md Nicolas Vigier (1): If SOURCE_DATE_EPOCH is defined, use it for copyright year Nikolay Morozov (4): Code cleanup in X509v3 String Extentions Fix GOST curve sec bits SSL_OP_DISABLE_TLSEXT_CA_NAMES option implementation Add documentation for ASN1_INTEGER_new() and ASN1_INTEGER_free() Orgad Shaneh (1): Configure: Avoid SIXTY_FOUR_BIT for linux-mips64 Pauli (36): params: handle the modified sentinel. evp: convert existing code to use the new modified sentinel for params. params: change OSSL_PARAM_set_unmodified() to operate on a params array keymgmt: convert to use the params modification detection. travis: add GENERATE=yes no-makedepend to the ARM64 build. travis: remove GENERATE=yes from some non no-deprecated builds Undeprecate DH, DSA and RSA _bits() functions. param bld: avoid freeing the param builder structure on error paths. coverity 1462577: Incorrect expression coverity 1462565: Null pointer dereferences coverity 1462550 Resource leak coverity 1462541 Dereference after null check coverity 1462543 Logically dead code coverity: 1462544 Dereference after null check coverity 1462545 Dereference after null check coverity 1462546 Dereference after null check coverity 1462548 Resource leak coverity 1462549 Dereference before null check coverity 1462554 Dereference after null check coverity 1462556 Resource leak coverity 1462560 Resource leak coverity 1462561 Uninitialized scalar variable coverity 1462562 Dereference before null check coverity 1462564 Improper use of negative value coverity 1462566 Resource leak coverity 1462570 Resource leak coverity 1462571 Dereference after null check coverity 1462572 Dereference after null check coverity 1462573 Dereference after null check coverity 1462574 Resource leak coverity 1462567: Null pointer dereferences coverity 1462576 Resource leak coverity 1462578 Resource leak coverity 1462580 Improper use of negative value coverity 1462581 Dereference after null check doc: remove deprecation notes for apps that are staying. Rich Salz (7): Update some nits around the FIPS module Rename fipsinstall.cnf->fipsmodule.cnf SSL_CTX_config.pod: Remove needless "NOTE" heading Rewrite man5/config.pod and related conf code cleanup In OpenSSL builds, declare STACK for datatypes ... travis: enable markdownlint checks Fix issues reported by markdownlint Richard Levitte (50): Fix dev/release-aux-openssl-announce-pre-release.tmpl Configure: Allow quoted values in VERSION Configurations/windows-makefile.tmpl: Fix template code for INSTALL_MODULES crypto/x509/v3_alt.c: make 'othername' a bit bigger fuzz/asn1.c: Add missing #include Configurations/unix-Makefile.tmpl: fix typo Configure: change all references to INSTALL to INSTALL.md Rename FIPS_MODE to FIPS_MODULE include/openssl/x509v3.h: restore previous stack definition arrangement include/openssl/ts.h: clean away a misplaced EVP_MD stack definition EVP: Fix evp_keymgmt_util_copy() for to->keymgmt == NULL util/perl/OpenSSL/OID.pm: remove the included unit test Fix reason code clash WPACKET: don't write DER length when we don't want to Configure: avoid perl regexp bugs EVP: when setting the operation to EVP_PKEY_OP_UNDEFINED, clean up! Fix CHANGES.md issues reported by markdownlint Fix d2i_PrivateKey_ex() to work as documented CORE: Fix the signature of OSSL_provider_query_operation_fn Fix some misunderstandings in our providers' main modules CORE: Attach the provider context to the provider late Remove explicit dependency on configdata.pm when processing .in files PROV: Add a proper provider context structure for OpenSSL providers PROV: Adapt all our providers to use the new PROV_CTX structure OSSL_STORE: Make it possible to attach an OSSL_STORE to an opened BIO OSSL_STORE: Better information when prompting for pass phrases OSSL_STORE: Make the 'file' scheme loader handle MSBLOB and PVK files EVP: Only use the engine when one is defined, in pkey_mac_ctrl() test/evp_extra_test.c: Add test for CMAC keygen with a NULL engine RSA: Add RSA key types RSA: Extract much of the rsa_pkey_export_to() code to a separate function RSA: Add rsa_schemes.c, to store scheme data and translator functions RSA: Add a less loaded PSS-parameter structure RSA: Add PSS-parameter processing in EVP_PKEY_ASN1_METHOD functions DER writer: Add the possibility to abandon empty SEQUENCEs PROV: Refactor the RSA DER support PROV: Refactor the RSA SIGNATURE implementation for better param control PROV & KEYMGMT: Add PSS-parameter support in the RSA KEYMGMT implementation PROV & SERIALIZER: Adapt the RSA serializers for PSS-parameters EVP: For SIGNATURE operations, pass the propquery early PROV & SIGNATURE: Adapt the RSA signature code for PSS-parameters EVP: Refactor the RSA-PSS key generation controls for providers PROV & ASYM_CIPHER: Adapt the RSA asymmetric cipher code for PSS-parameters test/evp_pkey_provided_test.c: Display first, compare after test/ssl-tests/20-cert-select.cnf.in: Re-enable RSA-PSS related tests test/recipes/15-test_rsapss.t: Add test with unrestricted signature .travis.yml: never use -Werror, use --strict-warnings instead PROV: make some DER AID arrays non-static, to avoid clang complaints test/evp_extra_test.c: Add OPENSSL_NO_CMAC around CMAC test dev/release.sh: Add --reviewer to set reviewers Sebastian Andrzej Siewior (2): doc: Random spellchecking Configurations: Identify the shell variables around MANSUFFIX Shane Lontis (10): Fix snprintf missing for windows build Add default property API's to enable and test for fips Add solaris assembler fixes for legacy provider Fix incorrect default keysize for CAST ofb and cfb modes. Fix aix compile error in cmp_ctx_test.c Remove cipher table lookup from EVP_CipherInit_ex Remove gen_get_params & gen_gettable_params from keygen operation Add OIDS for md4 and ripemd160 to der_rsa Add RSA SHA512 truncated digest support Remove legacy FIPS_mode functions Shourya Shukla (1): Amend references to "OpenSSL license" Thomas Dwyer III (1): Pass "-z defs" to the linker via "-Wl,-z,defs" rather than with gcc's -z flag (which is not supported by older compilers). Tomas Mraz (2): The synthesized OPENSSL_VERSION_NUMBER must be long Replace misleading error message when loading PEM nia (3): rand_unix.c: Include correct headers for sysctl() on NetBSD rand_unix.c: Only enable hack for old FreeBSD versions on FreeBSD rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes. opensignature (1): Update EVP_PKEY_fromdata.pod ----------------------------------------------------------------------- From openssl at openssl.org Sat May 16 09:34:42 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 16 May 2020 09:34:42 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1589621682.218234.1772.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: fab8fde3fc test/evp_extra_test.c: Add OPENSSL_NO_CMAC around CMAC test 90ad284f4e PROV: make some DER AID arrays non-static, to avoid clang complaints 16e3588d98 .travis.yml: never use -Werror, use --strict-warnings instead d49be019d2 test/recipes/15-test_rsapss.t: Add test with unrestricted signature f63f3b7294 test/ssl-tests/20-cert-select.cnf.in: Re-enable RSA-PSS related tests d59b7a54a5 test/evp_pkey_provided_test.c: Display first, compare after 106ec30bc7 PROV & ASYM_CIPHER: Adapt the RSA asymmetric cipher code for PSS-parameters e25761b10d EVP: Refactor the RSA-PSS key generation controls for providers 2d5536609b PROV & SIGNATURE: Adapt the RSA signature code for PSS-parameters 2c6094baca EVP: For SIGNATURE operations, pass the propquery early ea297dca50 PROV & SERIALIZER: Adapt the RSA serializers for PSS-parameters 8a758e96f2 PROV & KEYMGMT: Add PSS-parameter support in the RSA KEYMGMT implementation 0ec36bf117 PROV: Refactor the RSA SIGNATURE implementation for better param control 36a2a551d7 PROV: Refactor the RSA DER support 2275ff656c DER writer: Add the possibility to abandon empty SEQUENCEs 967cc3f939 RSA: Add PSS-parameter processing in EVP_PKEY_ASN1_METHOD functions 15671090f4 RSA: Add a less loaded PSS-parameter structure e9d6186e05 RSA: Add rsa_schemes.c, to store scheme data and translator functions 645a541a3f RSA: Extract much of the rsa_pkey_export_to() code to a separate function 484d1a73c7 RSA: Add RSA key types a87820e16b test/evp_extra_test.c: Add test for CMAC keygen with a NULL engine bcb018e70b EVP: Only use the engine when one is defined, in pkey_mac_ctrl() c4e3a72720 Add documentation for ASN1_INTEGER_new() and ASN1_INTEGER_free() 63f1883dca Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert() 143be4748e Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID() 6b326fc396 Improve CMP documentation regarding use of untrusted certs 8d9a4d833f Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface 3c38fa4b79 Preliminary fix of memory leak in try_decode_PKCS12() - full fix is in #11733 d3d0784e41 Improve description of algorithm NIDs in doc/man3/OSSL_CMP_CTX_new.pod 05f920db39 Reflect constifications of 62dcd2aa in doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod f55838f34d OSSL_STORE: Make the 'file' scheme loader handle MSBLOB and PVK files bac4bffbfb OSSL_STORE: Better information when prompting for pass phrases 6ab6ecfd6d OSSL_STORE: Make it possible to attach an OSSL_STORE to an opened BIO 78906fff4a PROV: Adapt all our providers to use the new PROV_CTX structure 05aa8790ac PROV: Add a proper provider context structure for OpenSSL providers 484c24c8d7 Remove explicit dependency on configdata.pm when processing .in files dd63f9bbfc Fix FreeBSD build with --strict-warnings 7ef4379061 Fix rsa8192.pem Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1989, 592 wallclock secs ( 7.46 usr 1.34 sys + 559.33 cusr 39.03 csys = 607.16 CPU) Result: FAIL Makefile:3052: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3050: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Sat May 16 10:09:15 2020 From: levitte at openssl.org (Richard Levitte) Date: Sat, 16 May 2020 10:09:15 +0000 Subject: [openssl] master update Message-ID: <1589623755.038046.29232.nullmailer@dev.openssl.org> The branch master has been updated via 827f04d5105e9bec0af214c42b8ad799fba5bb0d (commit) from 0b2b0be948404cefe7160c9b1096bc554e982f03 (commit) - Log ----------------------------------------------------------------- commit 827f04d5105e9bec0af214c42b8ad799fba5bb0d Author: Richard Levitte Date: Fri May 15 07:50:43 2020 +0200 CORE: Fix a couple of bugs in algorithm_do_this() The call of ossl_provider_query_operation() used |data->operation_id|, when |cur_operation| should be used. If any ossl_provider_query_operation() call returned NULL, the loop was stopped, when it should just continue on to the next operation. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11837) ----------------------------------------------------------------------- Summary of changes: crypto/core_algorithm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c index 2973b37604..79625fdea6 100644 --- a/crypto/core_algorithm.c +++ b/crypto/core_algorithm.c @@ -37,11 +37,11 @@ static int algorithm_do_this(OSSL_PROVIDER *provider, void *cbdata) cur_operation <= last_operation; cur_operation++) { const OSSL_ALGORITHM *map = - ossl_provider_query_operation(provider, data->operation_id, + ossl_provider_query_operation(provider, cur_operation, &no_store); if (map == NULL) - break; + continue; ok = 1; /* As long as we've found *something* */ while (map->algorithm_names != NULL) { From openssl at openssl.org Sat May 16 11:03:50 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 16 May 2020 11:03:50 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1589627030.009435.18784.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: fab8fde3fc test/evp_extra_test.c: Add OPENSSL_NO_CMAC around CMAC test 90ad284f4e PROV: make some DER AID arrays non-static, to avoid clang complaints 16e3588d98 .travis.yml: never use -Werror, use --strict-warnings instead d49be019d2 test/recipes/15-test_rsapss.t: Add test with unrestricted signature f63f3b7294 test/ssl-tests/20-cert-select.cnf.in: Re-enable RSA-PSS related tests d59b7a54a5 test/evp_pkey_provided_test.c: Display first, compare after 106ec30bc7 PROV & ASYM_CIPHER: Adapt the RSA asymmetric cipher code for PSS-parameters e25761b10d EVP: Refactor the RSA-PSS key generation controls for providers 2d5536609b PROV & SIGNATURE: Adapt the RSA signature code for PSS-parameters 2c6094baca EVP: For SIGNATURE operations, pass the propquery early ea297dca50 PROV & SERIALIZER: Adapt the RSA serializers for PSS-parameters 8a758e96f2 PROV & KEYMGMT: Add PSS-parameter support in the RSA KEYMGMT implementation 0ec36bf117 PROV: Refactor the RSA SIGNATURE implementation for better param control 36a2a551d7 PROV: Refactor the RSA DER support 2275ff656c DER writer: Add the possibility to abandon empty SEQUENCEs 967cc3f939 RSA: Add PSS-parameter processing in EVP_PKEY_ASN1_METHOD functions 15671090f4 RSA: Add a less loaded PSS-parameter structure e9d6186e05 RSA: Add rsa_schemes.c, to store scheme data and translator functions 645a541a3f RSA: Extract much of the rsa_pkey_export_to() code to a separate function 484d1a73c7 RSA: Add RSA key types a87820e16b test/evp_extra_test.c: Add test for CMAC keygen with a NULL engine bcb018e70b EVP: Only use the engine when one is defined, in pkey_mac_ctrl() c4e3a72720 Add documentation for ASN1_INTEGER_new() and ASN1_INTEGER_free() 63f1883dca Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert() 143be4748e Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID() 6b326fc396 Improve CMP documentation regarding use of untrusted certs 8d9a4d833f Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface 3c38fa4b79 Preliminary fix of memory leak in try_decode_PKCS12() - full fix is in #11733 d3d0784e41 Improve description of algorithm NIDs in doc/man3/OSSL_CMP_CTX_new.pod 05f920db39 Reflect constifications of 62dcd2aa in doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod f55838f34d OSSL_STORE: Make the 'file' scheme loader handle MSBLOB and PVK files bac4bffbfb OSSL_STORE: Better information when prompting for pass phrases 6ab6ecfd6d OSSL_STORE: Make it possible to attach an OSSL_STORE to an opened BIO 78906fff4a PROV: Adapt all our providers to use the new PROV_CTX structure 05aa8790ac PROV: Add a proper provider context structure for OpenSSL providers 484c24c8d7 Remove explicit dependency on configdata.pm when processing .in files dd63f9bbfc Fix FreeBSD build with --strict-warnings 7ef4379061 Fix rsa8192.pem Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslprovider.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=197, Tests=1906, 528 wallclock secs ( 6.21 usr 1.70 sys + 500.40 cusr 37.16 csys = 545.47 CPU) Result: FAIL Makefile:3066: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:3064: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat May 16 11:41:16 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 16 May 2020 11:41:16 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1589629276.662681.28800.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: fab8fde3fc test/evp_extra_test.c: Add OPENSSL_NO_CMAC around CMAC test 90ad284f4e PROV: make some DER AID arrays non-static, to avoid clang complaints 16e3588d98 .travis.yml: never use -Werror, use --strict-warnings instead d49be019d2 test/recipes/15-test_rsapss.t: Add test with unrestricted signature f63f3b7294 test/ssl-tests/20-cert-select.cnf.in: Re-enable RSA-PSS related tests d59b7a54a5 test/evp_pkey_provided_test.c: Display first, compare after 106ec30bc7 PROV & ASYM_CIPHER: Adapt the RSA asymmetric cipher code for PSS-parameters e25761b10d EVP: Refactor the RSA-PSS key generation controls for providers 2d5536609b PROV & SIGNATURE: Adapt the RSA signature code for PSS-parameters 2c6094baca EVP: For SIGNATURE operations, pass the propquery early ea297dca50 PROV & SERIALIZER: Adapt the RSA serializers for PSS-parameters 8a758e96f2 PROV & KEYMGMT: Add PSS-parameter support in the RSA KEYMGMT implementation 0ec36bf117 PROV: Refactor the RSA SIGNATURE implementation for better param control 36a2a551d7 PROV: Refactor the RSA DER support 2275ff656c DER writer: Add the possibility to abandon empty SEQUENCEs 967cc3f939 RSA: Add PSS-parameter processing in EVP_PKEY_ASN1_METHOD functions 15671090f4 RSA: Add a less loaded PSS-parameter structure e9d6186e05 RSA: Add rsa_schemes.c, to store scheme data and translator functions 645a541a3f RSA: Extract much of the rsa_pkey_export_to() code to a separate function 484d1a73c7 RSA: Add RSA key types a87820e16b test/evp_extra_test.c: Add test for CMAC keygen with a NULL engine bcb018e70b EVP: Only use the engine when one is defined, in pkey_mac_ctrl() c4e3a72720 Add documentation for ASN1_INTEGER_new() and ASN1_INTEGER_free() 63f1883dca Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert() 143be4748e Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID() 6b326fc396 Improve CMP documentation regarding use of untrusted certs 8d9a4d833f Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface 3c38fa4b79 Preliminary fix of memory leak in try_decode_PKCS12() - full fix is in #11733 d3d0784e41 Improve description of algorithm NIDs in doc/man3/OSSL_CMP_CTX_new.pod 05f920db39 Reflect constifications of 62dcd2aa in doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod f55838f34d OSSL_STORE: Make the 'file' scheme loader handle MSBLOB and PVK files bac4bffbfb OSSL_STORE: Better information when prompting for pass phrases 6ab6ecfd6d OSSL_STORE: Make it possible to attach an OSSL_STORE to an opened BIO 78906fff4a PROV: Adapt all our providers to use the new PROV_CTX structure 05aa8790ac PROV: Add a proper provider context structure for OpenSSL providers 484c24c8d7 Remove explicit dependency on configdata.pm when processing .in files dd63f9bbfc Fix FreeBSD build with --strict-warnings 7ef4379061 Fix rsa8192.pem Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1991, 617 wallclock secs ( 7.97 usr 1.49 sys + 582.56 cusr 40.41 csys = 632.43 CPU) Result: FAIL Makefile:3079: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3077: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat May 16 12:54:38 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 16 May 2020 12:54:38 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1589633678.300331.11893.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: fab8fde3fc test/evp_extra_test.c: Add OPENSSL_NO_CMAC around CMAC test 90ad284f4e PROV: make some DER AID arrays non-static, to avoid clang complaints 16e3588d98 .travis.yml: never use -Werror, use --strict-warnings instead d49be019d2 test/recipes/15-test_rsapss.t: Add test with unrestricted signature f63f3b7294 test/ssl-tests/20-cert-select.cnf.in: Re-enable RSA-PSS related tests d59b7a54a5 test/evp_pkey_provided_test.c: Display first, compare after 106ec30bc7 PROV & ASYM_CIPHER: Adapt the RSA asymmetric cipher code for PSS-parameters e25761b10d EVP: Refactor the RSA-PSS key generation controls for providers 2d5536609b PROV & SIGNATURE: Adapt the RSA signature code for PSS-parameters 2c6094baca EVP: For SIGNATURE operations, pass the propquery early ea297dca50 PROV & SERIALIZER: Adapt the RSA serializers for PSS-parameters 8a758e96f2 PROV & KEYMGMT: Add PSS-parameter support in the RSA KEYMGMT implementation 0ec36bf117 PROV: Refactor the RSA SIGNATURE implementation for better param control 36a2a551d7 PROV: Refactor the RSA DER support 2275ff656c DER writer: Add the possibility to abandon empty SEQUENCEs 967cc3f939 RSA: Add PSS-parameter processing in EVP_PKEY_ASN1_METHOD functions 15671090f4 RSA: Add a less loaded PSS-parameter structure e9d6186e05 RSA: Add rsa_schemes.c, to store scheme data and translator functions 645a541a3f RSA: Extract much of the rsa_pkey_export_to() code to a separate function 484d1a73c7 RSA: Add RSA key types a87820e16b test/evp_extra_test.c: Add test for CMAC keygen with a NULL engine bcb018e70b EVP: Only use the engine when one is defined, in pkey_mac_ctrl() c4e3a72720 Add documentation for ASN1_INTEGER_new() and ASN1_INTEGER_free() 63f1883dca Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert() 143be4748e Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID() 6b326fc396 Improve CMP documentation regarding use of untrusted certs 8d9a4d833f Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface 3c38fa4b79 Preliminary fix of memory leak in try_decode_PKCS12() - full fix is in #11733 d3d0784e41 Improve description of algorithm NIDs in doc/man3/OSSL_CMP_CTX_new.pod 05f920db39 Reflect constifications of 62dcd2aa in doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod f55838f34d OSSL_STORE: Make the 'file' scheme loader handle MSBLOB and PVK files bac4bffbfb OSSL_STORE: Better information when prompting for pass phrases 6ab6ecfd6d OSSL_STORE: Make it possible to attach an OSSL_STORE to an opened BIO 78906fff4a PROV: Adapt all our providers to use the new PROV_CTX structure 05aa8790ac PROV: Add a proper provider context structure for OpenSSL providers 484c24c8d7 Remove explicit dependency on configdata.pm when processing .in files dd63f9bbfc Fix FreeBSD build with --strict-warnings 7ef4379061 Fix rsa8192.pem Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslprovider.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=197, Tests=1906, 534 wallclock secs ( 6.25 usr 1.13 sys + 505.99 cusr 37.13 csys = 550.50 CPU) Result: FAIL Makefile:3054: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:3052: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat May 16 13:32:54 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 16 May 2020 13:32:54 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1589635974.144532.21401.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: fab8fde3fc test/evp_extra_test.c: Add OPENSSL_NO_CMAC around CMAC test 90ad284f4e PROV: make some DER AID arrays non-static, to avoid clang complaints 16e3588d98 .travis.yml: never use -Werror, use --strict-warnings instead d49be019d2 test/recipes/15-test_rsapss.t: Add test with unrestricted signature f63f3b7294 test/ssl-tests/20-cert-select.cnf.in: Re-enable RSA-PSS related tests d59b7a54a5 test/evp_pkey_provided_test.c: Display first, compare after 106ec30bc7 PROV & ASYM_CIPHER: Adapt the RSA asymmetric cipher code for PSS-parameters e25761b10d EVP: Refactor the RSA-PSS key generation controls for providers 2d5536609b PROV & SIGNATURE: Adapt the RSA signature code for PSS-parameters 2c6094baca EVP: For SIGNATURE operations, pass the propquery early ea297dca50 PROV & SERIALIZER: Adapt the RSA serializers for PSS-parameters 8a758e96f2 PROV & KEYMGMT: Add PSS-parameter support in the RSA KEYMGMT implementation 0ec36bf117 PROV: Refactor the RSA SIGNATURE implementation for better param control 36a2a551d7 PROV: Refactor the RSA DER support 2275ff656c DER writer: Add the possibility to abandon empty SEQUENCEs 967cc3f939 RSA: Add PSS-parameter processing in EVP_PKEY_ASN1_METHOD functions 15671090f4 RSA: Add a less loaded PSS-parameter structure e9d6186e05 RSA: Add rsa_schemes.c, to store scheme data and translator functions 645a541a3f RSA: Extract much of the rsa_pkey_export_to() code to a separate function 484d1a73c7 RSA: Add RSA key types a87820e16b test/evp_extra_test.c: Add test for CMAC keygen with a NULL engine bcb018e70b EVP: Only use the engine when one is defined, in pkey_mac_ctrl() c4e3a72720 Add documentation for ASN1_INTEGER_new() and ASN1_INTEGER_free() 63f1883dca Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert() 143be4748e Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID() 6b326fc396 Improve CMP documentation regarding use of untrusted certs 8d9a4d833f Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface 3c38fa4b79 Preliminary fix of memory leak in try_decode_PKCS12() - full fix is in #11733 d3d0784e41 Improve description of algorithm NIDs in doc/man3/OSSL_CMP_CTX_new.pod 05f920db39 Reflect constifications of 62dcd2aa in doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod f55838f34d OSSL_STORE: Make the 'file' scheme loader handle MSBLOB and PVK files bac4bffbfb OSSL_STORE: Better information when prompting for pass phrases 6ab6ecfd6d OSSL_STORE: Make it possible to attach an OSSL_STORE to an opened BIO 78906fff4a PROV: Adapt all our providers to use the new PROV_CTX structure 05aa8790ac PROV: Add a proper provider context structure for OpenSSL providers 484c24c8d7 Remove explicit dependency on configdata.pm when processing .in files dd63f9bbfc Fix FreeBSD build with --strict-warnings 7ef4379061 Fix rsa8192.pem Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1991, 626 wallclock secs ( 7.74 usr 1.37 sys + 591.41 cusr 40.69 csys = 641.21 CPU) Result: FAIL Makefile:3066: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3064: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Sat May 16 16:17:42 2020 From: matt at openssl.org (Matt Caswell) Date: Sat, 16 May 2020 16:17:42 +0000 Subject: [openssl] master update Message-ID: <1589645862.607427.26640.nullmailer@dev.openssl.org> The branch master has been updated via 06a2027bd58bcd109cab88e3ce27726613eeab50 (commit) via d40b42ab4c8a88740a2cc2a20c709fe869c4dd1e (commit) from 827f04d5105e9bec0af214c42b8ad799fba5bb0d (commit) - Log ----------------------------------------------------------------- commit 06a2027bd58bcd109cab88e3ce27726613eeab50 Author: Matt Caswell Date: Thu May 7 12:11:44 2020 +0100 Update documentation following changes of various types The previous commit changed the types of various objects passed between the core and providers. Therefore the documentation needs to be updated to reflect that. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11758) commit d40b42ab4c8a88740a2cc2a20c709fe869c4dd1e Author: Matt Caswell Date: Wed May 6 12:29:57 2020 +0100 Maintain strict type discipline between the core and providers A provider could be linked against a different version of libcrypto than the version of libcrypto that loaded the provider. Different versions of libcrypto could define opaque types differently. It must never occur that a type created in one libcrypto is used directly by the other libcrypto. This will cause crashes. We can "cheat" for "built-in" providers that are part of libcrypto itself, because we know that the two libcrypto versions are the same - but not for other providers. To ensure this does not occur we use different types names for the handful of opaque types that are passed between the core and providers. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11758) ----------------------------------------------------------------------- Summary of changes: crypto/initthread.c | 2 +- crypto/provider_core.c | 52 +++++++--- crypto/serializer/serializer_pkey.c | 5 +- doc/man7/provider-base.pod | 55 ++++++---- doc/man7/provider-serializer.pod | 14 +-- doc/man7/provider.pod | 16 ++- include/internal/cryptlib.h | 3 +- include/openssl/bio.h | 1 + include/openssl/core.h | 9 +- include/openssl/core_numbers.h | 53 +++++----- providers/common/bio_prov.c | 114 +++++++++++++++++++-- providers/common/include/prov/bio.h | 18 ++-- providers/common/include/prov/provider_ctx.h | 22 ++-- providers/common/include/prov/providercommon.h | 2 +- providers/common/provider_ctx.c | 21 +++- providers/defltprov.c | 19 ++-- providers/fips/fipsprov.c | 27 +++-- providers/fips/self_test.c | 4 +- .../serializers/serializer_common.c | 32 +++--- .../implementations/serializers/serializer_dh.c | 2 +- .../serializers/serializer_dh_param.c | 48 +++++++-- .../serializers/serializer_dh_priv.c | 37 +++++-- .../serializers/serializer_dh_pub.c | 60 ++++++++--- .../implementations/serializers/serializer_dsa.c | 3 +- .../serializers/serializer_dsa_param.c | 49 +++++++-- .../serializers/serializer_dsa_priv.c | 58 ++++++++--- .../serializers/serializer_dsa_pub.c | 53 ++++++++-- .../implementations/serializers/serializer_ec.c | 10 +- .../serializers/serializer_ec_param.c | 55 +++++++--- .../serializers/serializer_ec_priv.c | 63 +++++++++--- .../serializers/serializer_ec_pub.c | 53 ++++++++-- .../implementations/serializers/serializer_ecx.c | 2 +- .../serializers/serializer_ecx_priv.c | 38 +++++-- .../serializers/serializer_ecx_pub.c | 59 ++++++++--- .../serializers/serializer_ffc_params.c | 8 +- .../implementations/serializers/serializer_rsa.c | 54 +++++----- .../serializers/serializer_rsa_priv.c | 36 +++++-- .../serializers/serializer_rsa_pub.c | 61 ++++++++--- providers/legacyprov.c | 4 +- providers/nullprov.c | 36 +------ test/p_test.c | 10 +- 41 files changed, 900 insertions(+), 368 deletions(-) diff --git a/crypto/initthread.c b/crypto/initthread.c index 8f0678970a..a97cf359af 100644 --- a/crypto/initthread.c +++ b/crypto/initthread.c @@ -360,7 +360,7 @@ int ossl_init_thread_start(const void *index, void *arg, * libcrypto to tell us about later thread stop events. c_thread_start * is a callback to libcrypto defined in fipsprov.c */ - if (!c_thread_start(FIPS_get_provider(ctx), ossl_ctx_thread_stop)) + if (!c_thread_start(FIPS_get_core_handle(ctx), ossl_ctx_thread_stop)) return 0; } #endif diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 1cbe369754..662576cd7b 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -488,8 +488,8 @@ static int provider_activate(OSSL_PROVIDER *prov) /* Call the initialise function for the provider. */ if (prov->init_function == NULL - || !prov->init_function(prov, core_dispatch, &provider_dispatch, - &tmp_provctx)) { + || !prov->init_function((OSSL_CORE_HANDLE *)prov, core_dispatch, + &provider_dispatch, &tmp_provctx)) { ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL, NULL, "name=%s", prov->name); #ifndef FIPS_MODULE @@ -818,15 +818,20 @@ static OSSL_core_clear_last_error_mark_fn core_clear_last_error_mark; static OSSL_core_pop_error_to_mark_fn core_pop_error_to_mark; #endif -static const OSSL_PARAM *core_gettable_params(const OSSL_PROVIDER *prov) +static const OSSL_PARAM *core_gettable_params(const OSSL_CORE_HANDLE *handle) { return param_types; } -static int core_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) +static int core_get_params(const OSSL_CORE_HANDLE *handle, OSSL_PARAM params[]) { int i; OSSL_PARAM *p; + /* + * We created this object originally and we know it is actually an + * OSSL_PROVIDER *, so the cast is safe + */ + OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle; if ((p = OSSL_PARAM_locate(params, "openssl-version")) != NULL) OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR); @@ -850,14 +855,26 @@ static int core_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) return 1; } -static OPENSSL_CTX *core_get_libctx(const OSSL_PROVIDER *prov) +static OPENSSL_CORE_CTX *core_get_libctx(const OSSL_CORE_HANDLE *handle) { - return ossl_provider_library_context(prov); + /* + * We created this object originally and we know it is actually an + * OSSL_PROVIDER *, so the cast is safe + */ + OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle; + + return (OPENSSL_CORE_CTX *)ossl_provider_library_context(prov); } -static int core_thread_start(const OSSL_PROVIDER *prov, +static int core_thread_start(const OSSL_CORE_HANDLE *handle, OSSL_thread_stop_handler_fn handfn) { + /* + * We created this object originally and we know it is actually an + * OSSL_PROVIDER *, so the cast is safe + */ + OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle; + return ossl_init_thread_start(prov, prov->provctx, handfn); } @@ -868,26 +885,32 @@ static int core_thread_start(const OSSL_PROVIDER *prov, */ #ifndef FIPS_MODULE /* - * TODO(3.0) These error functions should use |prov| to select the proper + * TODO(3.0) These error functions should use |handle| to select the proper * library context to report in the correct error stack, at least if error * stacks become tied to the library context. * We cannot currently do that since there's no support for it in the * ERR subsystem. */ -static void core_new_error(const OSSL_PROVIDER *prov) +static void core_new_error(const OSSL_CORE_HANDLE *handle) { ERR_new(); } -static void core_set_error_debug(const OSSL_PROVIDER *prov, +static void core_set_error_debug(const OSSL_CORE_HANDLE *handle, const char *file, int line, const char *func) { ERR_set_debug(file, line, func); } -static void core_vset_error(const OSSL_PROVIDER *prov, +static void core_vset_error(const OSSL_CORE_HANDLE *handle, uint32_t reason, const char *fmt, va_list args) { + /* + * We created this object originally and we know it is actually an + * OSSL_PROVIDER *, so the cast is safe + */ + OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle; + /* * If the uppermost 8 bits are non-zero, it's an OpenSSL library * error and will be treated as such. Otherwise, it's a new style @@ -900,17 +923,17 @@ static void core_vset_error(const OSSL_PROVIDER *prov, } } -static int core_set_error_mark(const OSSL_PROVIDER *prov) +static int core_set_error_mark(const OSSL_CORE_HANDLE *handle) { return ERR_set_mark(); } -static int core_clear_last_error_mark(const OSSL_PROVIDER *prov) +static int core_clear_last_error_mark(const OSSL_CORE_HANDLE *handle) { return ERR_clear_last_mark(); } -static int core_pop_error_to_mark(const OSSL_PROVIDER *prov) +static int core_pop_error_to_mark(const OSSL_CORE_HANDLE *handle) { return ERR_pop_to_mark(); } @@ -936,6 +959,7 @@ static const OSSL_DISPATCH core_dispatch_[] = { { OSSL_FUNC_BIO_NEW_FILE, (void (*)(void))BIO_new_file }, { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))BIO_new_mem_buf }, { OSSL_FUNC_BIO_READ_EX, (void (*)(void))BIO_read_ex }, + { OSSL_FUNC_BIO_WRITE_EX, (void (*)(void))BIO_write_ex }, { OSSL_FUNC_BIO_FREE, (void (*)(void))BIO_free }, { OSSL_FUNC_BIO_VPRINTF, (void (*)(void))BIO_vprintf }, { OSSL_FUNC_BIO_VSNPRINTF, (void (*)(void))BIO_vsnprintf }, diff --git a/crypto/serializer/serializer_pkey.c b/crypto/serializer/serializer_pkey.c index 3750ea3df1..a3b854e5da 100644 --- a/crypto/serializer/serializer_pkey.c +++ b/crypto/serializer/serializer_pkey.c @@ -255,7 +255,7 @@ static int serializer_write_cb(const OSSL_PARAM params[], void *arg) OSSL_SERIALIZER_CTX *ctx = write_data->ctx; BIO *out = write_data->out; - return ctx->ser->serialize_data(ctx->serctx, params, out, + return ctx->ser->serialize_data(ctx->serctx, params, (OSSL_CORE_BIO *)out, serializer_passphrase_out_cb, ctx); } @@ -291,7 +291,8 @@ static int serializer_EVP_PKEY_to_bio(OSSL_SERIALIZER_CTX *ctx, BIO *out) &serializer_write_cb, &write_data); } - return ctx->ser->serialize_object(ctx->serctx, keydata, out, + return ctx->ser->serialize_object(ctx->serctx, keydata, + (OSSL_CORE_BIO *)out, serializer_passphrase_out_cb, ctx); } diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod index a52c718e19..aefaa4082d 100644 --- a/doc/man7/provider-base.pod +++ b/doc/man7/provider-base.pod @@ -16,15 +16,15 @@ provider-base */ /* Functions offered by libcrypto to the providers */ - const OSSL_ITEM *core_gettable_params(const OSSL_PROVIDER *prov); - int core_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); - int core_thread_start(const OSSL_PROVIDER *prov, + const OSSL_ITEM *core_gettable_params(const OSSL_CORE_HANDLE *handle); + int core_get_params(const OSSL_CORE_HANDLE *handle, OSSL_PARAM params[]); + int core_thread_start(const OSSL_CORE_HANDLE *handle, OSSL_thread_stop_handler_fn handfn); - OPENSSL_CTX *core_get_library_context(const OSSL_PROVIDER *prov); - void core_new_error(const OSSL_PROVIDER *prov); - void core_set_error_debug(const OSSL_PROVIDER *prov, + OPENSSL_CORE_CTX *core_get_library_context(const OSSL_CORE_HANDLE *handle); + void core_new_error(const OSSL_CORE_HANDLE *handle); + void core_set_error_debug(const OSSL_CORE_HANDLE *handle, const char *file, int line, const char *func); - void core_vset_error(const OSSL_PROVIDER *prov, + void core_vset_error(const OSSL_CORE_HANDLE *handle, uint32_t reason, const char *fmt, va_list args); /* @@ -52,7 +52,19 @@ provider-base const char *file, int line); int CRYPTO_secure_allocated(const void *ptr); void OPENSSL_cleanse(void *ptr, size_t len); - unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); + + OSSL_CORE_BIO * BIO_new_file(const char *filename, const char *mode) + OSSL_CORE_BIO * BIO_new_membuf(const void *buf, int len) + int BIO_read_ex(OSSL_CORE_BIO *bio, void *data, size_t data_len, + size_t *bytes_read)) + int BIO_write_ex(OSSL_CORE_BIO *bio, const void *data, size_t data_len, + size_t *written) + int BIO_free(OSSL_CORE_BIO *bio)) + int BIO_vprintf(OSSL_CORE_BIO *bio, const char *format, va_list args) + int BIO_vsnprintf(char *buf, size_t n, const char *fmt, va_list args) + + void self_test_cb(OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg) + /* Functions offered by the provider to libcrypto */ void provider_teardown(void *provctx); @@ -76,8 +88,8 @@ function pointer from a B element named B. For example, the "function" core_gettable_params() has these: - typedef OSSL_ITEM * - (OSSL_core_gettable_params_fn)(const OSSL_PROVIDER *prov); + typedef OSSL_PARAM * + (OSSL_core_gettable_params_fn)(const OSSL_CORE_HANDLE *handle); static ossl_inline OSSL_NAME_core_gettable_params_fn OSSL_get_core_gettable_params(const OSSL_DISPATCH *opf); @@ -114,7 +126,6 @@ provider): BIO_free OSSL_FUNC_BIO_FREE BIO_vprintf OSSL_FUNC_BIO_VPRINTF OPENSSL_cleanse OSSL_FUNC_OPENSSL_CLEANSE - OPENSSL_hexstr2buf OSSL_FUNC_OPENSSL_HEXSTR2BUF OSSL_SELF_TEST_set_callback OSSL_FUNC_SELF_TEST_CB For I<*out> (the B array passed from the provider to @@ -131,20 +142,20 @@ F): core_gettable_params() returns a constant array of descriptor B, for parameters that core_get_params() can handle. -core_get_params() retrieves I parameters from the core. +core_get_params() retrieves parameters from the core for the given I. See L below for a description of currently known parameters. =for comment core_thread_start() TBA -core_get_library_context() retrieves the library context in which the -B object I is stored. +core_get_library_context() retrieves the library context in which the library +object for the current provider is stored, accessible through the I. This may sometimes be useful if the provider wishes to store a reference to its context in the same library context. core_new_error(), core_set_error_debug() and core_set_error() are building blocks for reporting an error back to the core, with -reference to the provider object I. +reference to the I. =over 4 @@ -188,7 +199,10 @@ BIO_new_file(), BIO_new_mem_buf(), BIO_read_ex(), BIO_free(), BIO_vprintf(), OPENSSL_cleanse(), and OPENSSL_hexstr2buf() correspond exactly to the public functions with the same name. As a matter of fact, the pointers in the B array are -direct pointers to those public functions. +direct pointers to those public functions. Note that the BIO functions take an +B type rather than the standard B type. This is to ensure +that a provider does not mix BIOs from the core with BIOs used on the provider +side (the two are not compatible). OSSL_SELF_TEST_set_callback() is used to set an optional callback that can be passed into a provider. This may be ignored by a provider. @@ -327,7 +341,7 @@ operation C. /* Provider context */ struct prov_ctx_st { - OSSL_PROVIDER *prov; + OSSL_CORE_HANDLE *handle; } /* operation context for the algorithm FOO */ @@ -343,7 +357,7 @@ operation C. if (fooctx != NULL) fooctx->provctx = provctx; else - c_put_error(provctx->prov, E_MALLOC, __FILE__, __LINE__); + c_put_error(provctx->handle, E_MALLOC, __FILE__, __LINE__); return fooctx; } @@ -419,7 +433,7 @@ operation C. { 0, NULL } }; - int OSSL_provider_init(const OSSL_PROVIDER *provider, + int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, void **provctx) @@ -440,9 +454,10 @@ operation C. * ALEA IACTA EST, if the core retrieves the reason table * regardless, that string will be displayed, otherwise not. */ - c_put_error(provider, E_MALLOC, __FILE__, __LINE__); + c_put_error(handle, E_MALLOC, __FILE__, __LINE__); return 0; } + pctx->handle = handle; return 1; } diff --git a/doc/man7/provider-serializer.pod b/doc/man7/provider-serializer.pod index dfc803128f..ad3b5fdd65 100644 --- a/doc/man7/provider-serializer.pod +++ b/doc/man7/provider-serializer.pod @@ -28,10 +28,10 @@ Future development will also include deserializing functions. /* Functions to serialize object data */ int OP_serializer_serialize_data(void *ctx, const OSSL_PARAM *data, - BIO *out, + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg); - int OP_serializer_serialize_object(void *ctx, void *obj, BIO *out, + int OP_serializer_serialize_object(void *ctx, void *obj, OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg); @@ -39,11 +39,11 @@ Future development will also include deserializing functions. The SERIALIZER is a generic method to serialize any set of object data in L array form, or any provider side object into -serialized form, and write it to the given BIO. If the caller wants +serialized form, and write it to the given OSSL_CORE_BIO. If the caller wants to get the serialized stream to memory, it should provide a L. -The serializer doesn't need to know more about the B pointer than +The serializer doesn't need to know more about the B pointer than being able to pass it to the appropriate BIO upcalls (see L). @@ -71,7 +71,7 @@ For example, the "function" OP_serializer_serialize_data() has these: typedef int (OSSL_OP_serializer_serialize_data_fn)(void *provctx, const OSSL_PARAM params[], - BIO *out); + OSSL_CORE_BIO *out); static ossl_inline OSSL_OP_serializer_serialize_data_fn OSSL_get_OP_serializer_serialize_data(const OSSL_DISPATCH *opf); @@ -180,11 +180,11 @@ by OP_serializer_set_ctx_params() and OP_serializer_settable_ctx_params(). OP_serializer_serialize_data() should take an array of B, I, and if it contains the data necessary for the object type that the implementation handles, it should output the object in -serialized form to the B. +serialized form to the B. OP_serializer_serialize_object() should take a pointer to an object that it knows intimately, and output that object in serialized form to -the B. The caller I ensure that this function is called +the B. The caller I ensure that this function is called with a pointer that the provider of this function is familiar with. It is not suitable to use with object pointers coming from other providers. diff --git a/doc/man7/provider.pod b/doc/man7/provider.pod index f7f6bbe9cd..581c33b9a4 100644 --- a/doc/man7/provider.pod +++ b/doc/man7/provider.pod @@ -42,16 +42,15 @@ If it's built-in, the initialization function may have any name. The initialization function must have the following signature: - int NAME(const OSSL_PROVIDER *provider, + int NAME(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, void **provctx); -I is the OpenSSL library object for the provider, and works +I is the OpenSSL library object for the provider, and works as a handle for everything the OpenSSL libraries need to know about the provider. -For the provider itself, it may hold some interesting information, -and is also passed to some of the functions given in the dispatch -array I. +For the provider itself, it is passed to some of the functions given in the +dispatch array I. I is a dispatch array of base functions offered by the OpenSSL libraries, and the available functions are further described in @@ -288,6 +287,13 @@ Should it be needed (if other providers are loaded and offer implementations of the same algorithms), the property "provider=legacy" can be used as a search criterion for these implementations. +=head2 Null provider + +The null provider is built in as part of the F library. It contains +no algorithms in it at all. When fetching algorithms the default provider will +be automatically loaded if no other provider has been explicitly loaded. To +prevent that from happening you can explicitly load the null provider. + =head1 EXAMPLES =head2 Fetching diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index 03f147888a..b479b58a84 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -157,7 +157,8 @@ typedef struct ossl_ex_data_global_st { # define OPENSSL_CTX_FIPS_PROV_INDEX 9 # define OPENSSL_CTX_SERIALIZER_STORE_INDEX 10 # define OPENSSL_CTX_SELF_TEST_CB_INDEX 11 -# define OPENSSL_CTX_MAX_INDEXES 12 +# define OPENSSL_CTX_BIO_PROV_INDEX 12 +# define OPENSSL_CTX_MAX_INDEXES 13 typedef struct openssl_ctx_method { void *(*new_func)(OPENSSL_CTX *ctx); diff --git a/include/openssl/bio.h b/include/openssl/bio.h index b4047d55b9..19f9311c68 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -61,6 +61,7 @@ extern "C" { # ifndef OPENSSL_NO_SCTP # define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) # endif +# define BIO_TYPE_CORE_TO_PROV (25|BIO_TYPE_FILTER) #define BIO_TYPE_START 128 diff --git a/include/openssl/core.h b/include/openssl/core.h index 2d653dd60f..5eb992a5c2 100644 --- a/include/openssl/core.h +++ b/include/openssl/core.h @@ -25,6 +25,11 @@ extern "C" { * to communicate data between them. */ +/* Opaque handles to be used with core upcall functions from providers */ +typedef struct ossl_core_handle_st OSSL_CORE_HANDLE; +typedef struct openssl_core_ctx_st OPENSSL_CORE_CTX; +typedef struct ossl_core_bio_st OSSL_CORE_BIO; + /* * Dispatch table element. function_id numbers are defined further down, * see macros with '_FUNC' in their names. @@ -171,7 +176,7 @@ typedef void (*OSSL_thread_stop_handler_fn)(void *arg); * module, that module is not an OpenSSL provider module. */ /*- - * |provider| pointer to opaque type OSSL_PROVIDER. This can be used + * |handle| pointer to opaque type OSSL_CORE_HANDLE. This can be used * together with some functions passed via |in| to query data. * |in| is the array of functions that the Core passes to the provider. * |out| will be the array of base functions that the provider passes @@ -180,7 +185,7 @@ typedef void (*OSSL_thread_stop_handler_fn)(void *arg); * provider needs it. This value is passed to other provider * functions, notably other context constructors. */ -typedef int (OSSL_provider_init_fn)(const OSSL_PROVIDER *provider, +typedef int (OSSL_provider_init_fn)(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, void **provctx); diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 3d91741601..f7025d1c1d 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -12,7 +12,6 @@ # include # include -# include # ifdef __cplusplus extern "C" { @@ -60,33 +59,33 @@ extern "C" { /* Functions provided by the Core to the provider, reserved numbers 1-1023 */ # define OSSL_FUNC_CORE_GETTABLE_PARAMS 1 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, - core_gettable_params,(const OSSL_PROVIDER *prov)) + core_gettable_params,(const OSSL_CORE_HANDLE *prov)) # define OSSL_FUNC_CORE_GET_PARAMS 2 -OSSL_CORE_MAKE_FUNC(int,core_get_params,(const OSSL_PROVIDER *prov, +OSSL_CORE_MAKE_FUNC(int,core_get_params,(const OSSL_CORE_HANDLE *prov, OSSL_PARAM params[])) # define OSSL_FUNC_CORE_THREAD_START 3 -OSSL_CORE_MAKE_FUNC(int,core_thread_start,(const OSSL_PROVIDER *prov, +OSSL_CORE_MAKE_FUNC(int,core_thread_start,(const OSSL_CORE_HANDLE *prov, OSSL_thread_stop_handler_fn handfn)) # define OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT 4 -OSSL_CORE_MAKE_FUNC(OPENSSL_CTX *,core_get_library_context, - (const OSSL_PROVIDER *prov)) +OSSL_CORE_MAKE_FUNC(OPENSSL_CORE_CTX *,core_get_library_context, + (const OSSL_CORE_HANDLE *prov)) # define OSSL_FUNC_CORE_NEW_ERROR 5 -OSSL_CORE_MAKE_FUNC(void,core_new_error,(const OSSL_PROVIDER *prov)) +OSSL_CORE_MAKE_FUNC(void,core_new_error,(const OSSL_CORE_HANDLE *prov)) # define OSSL_FUNC_CORE_SET_ERROR_DEBUG 6 OSSL_CORE_MAKE_FUNC(void,core_set_error_debug, - (const OSSL_PROVIDER *prov, + (const OSSL_CORE_HANDLE *prov, const char *file, int line, const char *func)) # define OSSL_FUNC_CORE_VSET_ERROR 7 OSSL_CORE_MAKE_FUNC(void,core_vset_error, - (const OSSL_PROVIDER *prov, + (const OSSL_CORE_HANDLE *prov, uint32_t reason, const char *fmt, va_list args)) # define OSSL_FUNC_CORE_SET_ERROR_MARK 8 -OSSL_CORE_MAKE_FUNC(int, core_set_error_mark, (const OSSL_PROVIDER *prov)) +OSSL_CORE_MAKE_FUNC(int, core_set_error_mark, (const OSSL_CORE_HANDLE *prov)) # define OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK 9 OSSL_CORE_MAKE_FUNC(int, core_clear_last_error_mark, - (const OSSL_PROVIDER *prov)) + (const OSSL_CORE_HANDLE *prov)) # define OSSL_FUNC_CORE_POP_ERROR_TO_MARK 10 -OSSL_CORE_MAKE_FUNC(int, core_pop_error_to_mark, (const OSSL_PROVIDER *prov)) +OSSL_CORE_MAKE_FUNC(int, core_pop_error_to_mark, (const OSSL_CORE_HANDLE *prov)) /* Memory allocation, freeing, clearing. */ #define OSSL_FUNC_CRYPTO_MALLOC 20 @@ -132,22 +131,26 @@ OSSL_CORE_MAKE_FUNC(void, #define OSSL_FUNC_BIO_NEW_FILE 40 #define OSSL_FUNC_BIO_NEW_MEMBUF 41 #define OSSL_FUNC_BIO_READ_EX 42 -#define OSSL_FUNC_BIO_FREE 43 -#define OSSL_FUNC_BIO_VPRINTF 44 -#define OSSL_FUNC_BIO_VSNPRINTF 45 - -OSSL_CORE_MAKE_FUNC(BIO *, BIO_new_file, (const char *filename, const char *mode)) -OSSL_CORE_MAKE_FUNC(BIO *, BIO_new_membuf, (const void *buf, int len)) -OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (BIO *bio, void *data, size_t data_len, - size_t *bytes_read)) -OSSL_CORE_MAKE_FUNC(int, BIO_free, (BIO *bio)) -OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (BIO *bio, const char *format, +#define OSSL_FUNC_BIO_WRITE_EX 43 +#define OSSL_FUNC_BIO_FREE 44 +#define OSSL_FUNC_BIO_VPRINTF 45 +#define OSSL_FUNC_BIO_VSNPRINTF 46 + +OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_file, (const char *filename, + const char *mode)) +OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_membuf, (const void *buf, int len)) +OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (OSSL_CORE_BIO *bio, void *data, + size_t data_len, size_t *bytes_read)) +OSSL_CORE_MAKE_FUNC(int, BIO_write_ex, (OSSL_CORE_BIO *bio, const void *data, + size_t data_len, size_t *written)) +OSSL_CORE_MAKE_FUNC(int, BIO_free, (OSSL_CORE_BIO *bio)) +OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO *bio, const char *format, va_list args)) OSSL_CORE_MAKE_FUNC(int, BIO_vsnprintf, (char *buf, size_t n, const char *fmt, va_list args)) #define OSSL_FUNC_SELF_TEST_CB 100 -OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CTX *ctx, OSSL_CALLBACK **cb, +OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg)) /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */ @@ -637,10 +640,10 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_serializer_settable_ctx_params, (void)) OSSL_CORE_MAKE_FUNC(int, OP_serializer_serialize_data, - (void *ctx, const OSSL_PARAM[], BIO *out, + (void *ctx, const OSSL_PARAM[], OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)) OSSL_CORE_MAKE_FUNC(int, OP_serializer_serialize_object, - (void *ctx, void *obj, BIO *out, + (void *ctx, void *obj, OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)) # ifdef __cplusplus diff --git a/providers/common/bio_prov.c b/providers/common/bio_prov.c index 7b44004399..2bfd14b512 100644 --- a/providers/common/bio_prov.c +++ b/providers/common/bio_prov.c @@ -7,12 +7,15 @@ * https://www.openssl.org/source/license.html */ +#include #include +#include "internal/cryptlib.h" #include "prov/bio.h" static OSSL_BIO_new_file_fn *c_bio_new_file = NULL; static OSSL_BIO_new_membuf_fn *c_bio_new_membuf = NULL; static OSSL_BIO_read_ex_fn *c_bio_read_ex = NULL; +static OSSL_BIO_write_ex_fn *c_bio_write_ex = NULL; static OSSL_BIO_free_fn *c_bio_free = NULL; static OSSL_BIO_vprintf_fn *c_bio_vprintf = NULL; @@ -32,6 +35,10 @@ int ossl_prov_bio_from_dispatch(const OSSL_DISPATCH *fns) if (c_bio_read_ex == NULL) c_bio_read_ex = OSSL_get_BIO_read_ex(fns); break; + case OSSL_FUNC_BIO_WRITE_EX: + if (c_bio_write_ex == NULL) + c_bio_write_ex = OSSL_get_BIO_write_ex(fns); + break; case OSSL_FUNC_BIO_FREE: if (c_bio_free == NULL) c_bio_free = OSSL_get_BIO_free(fns); @@ -46,21 +53,21 @@ int ossl_prov_bio_from_dispatch(const OSSL_DISPATCH *fns) return 1; } -BIO *ossl_prov_bio_new_file(const char *filename, const char *mode) +OSSL_CORE_BIO *ossl_prov_bio_new_file(const char *filename, const char *mode) { if (c_bio_new_file == NULL) return NULL; return c_bio_new_file(filename, mode); } -BIO *ossl_prov_bio_new_membuf(const char *filename, int len) +OSSL_CORE_BIO *ossl_prov_bio_new_membuf(const char *filename, int len) { if (c_bio_new_membuf == NULL) return NULL; return c_bio_new_membuf(filename, len); } -int ossl_prov_bio_read_ex(BIO *bio, void *data, size_t data_len, +int ossl_prov_bio_read_ex(OSSL_CORE_BIO *bio, void *data, size_t data_len, size_t *bytes_read) { if (c_bio_read_ex == NULL) @@ -68,21 +75,29 @@ int ossl_prov_bio_read_ex(BIO *bio, void *data, size_t data_len, return c_bio_read_ex(bio, data, data_len, bytes_read); } -int ossl_prov_bio_free(BIO *bio) +int ossl_prov_bio_write_ex(OSSL_CORE_BIO *bio, const void *data, size_t data_len, + size_t *written) +{ + if (c_bio_write_ex == NULL) + return 0; + return c_bio_write_ex(bio, data, data_len, written); +} + +int ossl_prov_bio_free(OSSL_CORE_BIO *bio) { if (c_bio_free == NULL) return 0; return c_bio_free(bio); } -int ossl_prov_bio_vprintf(BIO *bio, const char *format, va_list ap) +int ossl_prov_bio_vprintf(OSSL_CORE_BIO *bio, const char *format, va_list ap) { if (c_bio_vprintf == NULL) return -1; return c_bio_vprintf(bio, format, ap); } -int ossl_prov_bio_printf(BIO *bio, const char *format, ...) +int ossl_prov_bio_printf(OSSL_CORE_BIO *bio, const char *format, ...) { va_list ap; int ret; @@ -94,3 +109,90 @@ int ossl_prov_bio_printf(BIO *bio, const char *format, ...) return ret; } +#ifndef FIPS_MODULE + +/* No direct BIO support in the FIPS module */ + +static int bio_core_read_ex(BIO *bio, char *data, size_t data_len, + size_t *bytes_read) +{ + return ossl_prov_bio_read_ex(BIO_get_data(bio), data, data_len, bytes_read); +} + +static int bio_core_write_ex(BIO *bio, const char *data, size_t data_len, + size_t *written) +{ + return ossl_prov_bio_write_ex(BIO_get_data(bio), data, data_len, written); +} + +static long bio_core_ctrl(BIO *bio, int cmd, long num, void *ptr) +{ + /* We don't support this */ + assert(0); + return 0; +} + +static int bio_core_gets(BIO *bio, char *buf, int size) +{ + /* We don't support this */ + assert(0); + return -1; +} + +static int bio_core_puts(BIO *bio, const char *str) +{ + /* We don't support this */ + assert(0); + return -1; +} + +static int bio_core_new(BIO *bio) +{ + BIO_set_init(bio, 1); + + return 1; +} + +static int bio_core_free(BIO *bio) +{ + BIO_set_init(bio, 0); + + return 1; +} + +BIO_METHOD *bio_prov_init_bio_method(void) +{ + BIO_METHOD *corebiometh = NULL; + + corebiometh = BIO_meth_new(BIO_TYPE_CORE_TO_PROV, "BIO to Core filter"); + if (corebiometh == NULL + || !BIO_meth_set_write_ex(corebiometh, bio_core_write_ex) + || !BIO_meth_set_read_ex(corebiometh, bio_core_read_ex) + || !BIO_meth_set_puts(corebiometh, bio_core_puts) + || !BIO_meth_set_gets(corebiometh, bio_core_gets) + || !BIO_meth_set_ctrl(corebiometh, bio_core_ctrl) + || !BIO_meth_set_create(corebiometh, bio_core_new) + || !BIO_meth_set_destroy(corebiometh, bio_core_free)) { + BIO_meth_free(corebiometh); + return NULL; + } + + return corebiometh; +} + +BIO *bio_new_from_core_bio(PROV_CTX *provctx, OSSL_CORE_BIO *corebio) +{ + BIO *outbio; + BIO_METHOD *corebiometh = PROV_CTX_get0_core_bio_method(provctx); + + if (corebiometh == NULL) + return NULL; + + outbio = BIO_new(corebiometh); + if (outbio != NULL) + BIO_set_data(outbio, corebio); + + return outbio; +} + +#endif diff --git a/providers/common/include/prov/bio.h b/providers/common/include/prov/bio.h index 63f9d4ec3a..732dc06f03 100644 --- a/providers/common/include/prov/bio.h +++ b/providers/common/include/prov/bio.h @@ -10,13 +10,19 @@ #include #include #include +#include "prov/provider_ctx.h" int ossl_prov_bio_from_dispatch(const OSSL_DISPATCH *fns); -BIO *ossl_prov_bio_new_file(const char *filename, const char *mode); -BIO *ossl_prov_bio_new_membuf(const char *filename, int len); -int ossl_prov_bio_read_ex(BIO *bio, void *data, size_t data_len, +OSSL_CORE_BIO *ossl_prov_bio_new_file(const char *filename, const char *mode); +OSSL_CORE_BIO *ossl_prov_bio_new_membuf(const char *filename, int len); +int ossl_prov_bio_read_ex(OSSL_CORE_BIO *bio, void *data, size_t data_len, size_t *bytes_read); -int ossl_prov_bio_free(BIO *bio); -int ossl_prov_bio_vprintf(BIO *bio, const char *format, va_list ap); -int ossl_prov_bio_printf(BIO *bio, const char *format, ...); +int ossl_prov_bio_write_ex(OSSL_CORE_BIO *bio, const void *data, size_t data_len, + size_t *written); +int ossl_prov_bio_free(OSSL_CORE_BIO *bio); +int ossl_prov_bio_vprintf(OSSL_CORE_BIO *bio, const char *format, va_list ap); +int ossl_prov_bio_printf(OSSL_CORE_BIO *bio, const char *format, ...); + +BIO_METHOD *bio_prov_init_bio_method(void); +BIO *bio_new_from_core_bio(PROV_CTX *provctx, OSSL_CORE_BIO *corebio); diff --git a/providers/common/include/prov/provider_ctx.h b/providers/common/include/prov/provider_ctx.h index fc2df2ee67..a252143e81 100644 --- a/providers/common/include/prov/provider_ctx.h +++ b/providers/common/include/prov/provider_ctx.h @@ -7,24 +7,34 @@ * https://www.openssl.org/source/license.html */ -#include -#include +#ifndef OSSL_PROV_PROVIDER_CTX_H +# define OSSL_PROV_PROVIDER_CTX_H + +# include +# include +# include +# include typedef struct prov_ctx_st { - const OSSL_PROVIDER *provider; + const OSSL_CORE_HANDLE *handle; OPENSSL_CTX *libctx; /* For all provider modules */ + BIO_METHOD *corebiometh; } PROV_CTX; /* * To be used anywhere the library context needs to be passed, such as to * fetching functions. */ -#define PROV_LIBRARY_CONTEXT_OF(provctx) \ +# define PROV_LIBRARY_CONTEXT_OF(provctx) \ PROV_CTX_get0_library_context((provctx)) PROV_CTX *PROV_CTX_new(void); void PROV_CTX_free(PROV_CTX *ctx); void PROV_CTX_set0_library_context(PROV_CTX *ctx, OPENSSL_CTX *libctx); -void PROV_CTX_set0_provider(PROV_CTX *ctx, const OSSL_PROVIDER *libctx); +void PROV_CTX_set0_handle(PROV_CTX *ctx, const OSSL_CORE_HANDLE *handle); +void PROV_CTX_set0_core_bio_method(PROV_CTX *ctx, BIO_METHOD *corebiometh); OPENSSL_CTX *PROV_CTX_get0_library_context(PROV_CTX *ctx); -const OSSL_PROVIDER *PROV_CTX_get0_provider(PROV_CTX *ctx); +const OSSL_CORE_HANDLE *PROV_CTX_get0_handle(PROV_CTX *ctx); +BIO_METHOD *PROV_CTX_get0_core_bio_method(PROV_CTX *ctx); + +#endif diff --git a/providers/common/include/prov/providercommon.h b/providers/common/include/prov/providercommon.h index 5123f78ee1..07c5a67f38 100644 --- a/providers/common/include/prov/providercommon.h +++ b/providers/common/include/prov/providercommon.h @@ -9,7 +9,7 @@ #include -const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx); +const OSSL_CORE_HANDLE *FIPS_get_core_handle(OPENSSL_CTX *ctx); const char *ossl_prov_util_nid_to_name(int nid); diff --git a/providers/common/provider_ctx.c b/providers/common/provider_ctx.c index 66c7c74890..04cca1f23e 100644 --- a/providers/common/provider_ctx.c +++ b/providers/common/provider_ctx.c @@ -9,6 +9,7 @@ #include #include "prov/provider_ctx.h" +#include "prov/bio.h" PROV_CTX *PROV_CTX_new(void) { @@ -26,12 +27,17 @@ void PROV_CTX_set0_library_context(PROV_CTX *ctx, OPENSSL_CTX *libctx) ctx->libctx = libctx; } -void PROV_CTX_set0_provider(PROV_CTX *ctx, const OSSL_PROVIDER *provider) +void PROV_CTX_set0_handle(PROV_CTX *ctx, const OSSL_CORE_HANDLE *handle) { if (ctx != NULL) - ctx->provider = provider; + ctx->handle = handle; } +void PROV_CTX_set0_core_bio_method(PROV_CTX *ctx, BIO_METHOD *corebiometh) +{ + if (ctx != NULL) + ctx->corebiometh = corebiometh; +} OPENSSL_CTX *PROV_CTX_get0_library_context(PROV_CTX *ctx) { @@ -40,9 +46,16 @@ OPENSSL_CTX *PROV_CTX_get0_library_context(PROV_CTX *ctx) return ctx->libctx; } -const OSSL_PROVIDER *PROV_CTX_get0_provider(PROV_CTX *ctx) +const OSSL_CORE_HANDLE *PROV_CTX_get0_handle(PROV_CTX *ctx) +{ + if (ctx == NULL) + return NULL; + return ctx->handle; +} + +BIO_METHOD *PROV_CTX_get0_core_bio_method(PROV_CTX *ctx) { if (ctx == NULL) return NULL; - return ctx->provider; + return ctx->corebiometh; } diff --git a/providers/defltprov.c b/providers/defltprov.c index cedbddb80e..4b15a21c0b 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -552,6 +552,7 @@ static const OSSL_ALGORITHM *deflt_query(void *provctx, int operation_id, static void deflt_teardown(void *provctx) { + BIO_meth_free(PROV_CTX_get0_core_bio_method(provctx)); PROV_CTX_free(provctx); } @@ -566,12 +567,13 @@ static const OSSL_DISPATCH deflt_dispatch_table[] = { OSSL_provider_init_fn ossl_default_provider_init; -int ossl_default_provider_init(const OSSL_PROVIDER *provider, +int ossl_default_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, void **provctx) { OSSL_core_get_library_context_fn *c_get_libctx = NULL; + BIO_METHOD *corebiometh; if (!ossl_prov_bio_from_dispatch(in)) return 0; @@ -598,15 +600,20 @@ int ossl_default_provider_init(const OSSL_PROVIDER *provider, /* * We want to make sure that all calls from this provider that requires * a library context use the same context as the one used to call our - * functions. We do that by passing it along as the provider context. + * functions. We do that by passing it along in the provider context. * - * This is special for built-in providers. External providers should + * This only works for built-in providers. Most providers should * create their own library context. */ - if ((*provctx = PROV_CTX_new()) == NULL) + if ((*provctx = PROV_CTX_new()) == NULL + || (corebiometh = bio_prov_init_bio_method()) == NULL) { + PROV_CTX_free(*provctx); + *provctx = NULL; return 0; - PROV_CTX_set0_library_context(*provctx, c_get_libctx(provider)); - PROV_CTX_set0_provider(*provctx, provider); + } + PROV_CTX_set0_library_context(*provctx, (OPENSSL_CTX *)c_get_libctx(handle)); + PROV_CTX_set0_handle(*provctx, handle); + PROV_CTX_set0_core_bio_method(*provctx, corebiometh); *out = deflt_dispatch_table; diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 1d19c1b91a..1c4f3fdf50 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -81,7 +81,7 @@ static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated; static OSSL_BIO_vsnprintf_fn *c_BIO_vsnprintf; typedef struct fips_global_st { - const OSSL_PROVIDER *prov; + const OSSL_CORE_HANDLE *handle; } FIPS_GLOBAL; static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx) @@ -546,7 +546,7 @@ static const OSSL_DISPATCH intern_dispatch_table[] = { }; -int OSSL_provider_init(const OSSL_PROVIDER *provider, +int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, void **provctx) @@ -647,7 +647,7 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, } if (stcbfn != NULL && c_get_libctx != NULL) { - stcbfn(c_get_libctx(provider), &selftest_params.cb, + stcbfn(c_get_libctx(handle), &selftest_params.cb, &selftest_params.cb_arg); } else { @@ -655,7 +655,7 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, selftest_params.cb_arg = NULL; } - if (!c_get_params(provider, core_params)) + if (!c_get_params(handle, core_params)) return 0; /* Create a context. */ @@ -670,13 +670,13 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, goto err; } PROV_CTX_set0_library_context(*provctx, libctx); - PROV_CTX_set0_provider(*provctx, provider); + PROV_CTX_set0_handle(*provctx, handle); if ((fgbl = openssl_ctx_get_data(libctx, OPENSSL_CTX_FIPS_PROV_INDEX, &fips_prov_ossl_ctx_method)) == NULL) goto err; - fgbl->prov = provider; + fgbl->handle = handle; selftest_params.libctx = libctx; if (!SELF_TEST_post(&selftest_params, 0)) @@ -706,7 +706,7 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, * that was used in the EVP call that initiated this recursive call. */ OSSL_provider_init_fn fips_intern_provider_init; -int fips_intern_provider_init(const OSSL_PROVIDER *provider, +int fips_intern_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, void **provctx) @@ -728,8 +728,13 @@ int fips_intern_provider_init(const OSSL_PROVIDER *provider, if ((*provctx = PROV_CTX_new()) == NULL) return 0; - PROV_CTX_set0_library_context(*provctx, c_get_libctx(provider)); - PROV_CTX_set0_provider(*provctx, provider); + /* + * Using the parent library context only works because we are a built-in + * internal provider. This is not something that most providers would be + * able to do. + */ + PROV_CTX_set0_library_context(*provctx, (OPENSSL_CTX *)c_get_libctx(handle)); + PROV_CTX_set0_handle(*provctx, handle); *out = intern_dispatch_table; return 1; @@ -781,7 +786,7 @@ int ERR_pop_to_mark(void) * is also called from other parts of libcrypto, which all pass around a * OPENSSL_CTX pointer) */ -const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *libctx) +const OSSL_CORE_HANDLE *FIPS_get_core_handle(OPENSSL_CTX *libctx) { FIPS_GLOBAL *fgbl = openssl_ctx_get_data(libctx, OPENSSL_CTX_FIPS_PROV_INDEX, @@ -790,7 +795,7 @@ const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *libctx) if (fgbl == NULL) return NULL; - return fgbl->prov; + return fgbl->handle; } void *CRYPTO_malloc(size_t num, const char *file, int line) diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c index 5c69dfa691..b767e8f300 100644 --- a/providers/fips/self_test.c +++ b/providers/fips/self_test.c @@ -130,7 +130,7 @@ DEP_FINI_ATTRIBUTE void cleanup(void) * the result matches the expected value. * Return 1 if verified, or 0 if it fails. */ -static int verify_integrity(BIO *bio, OSSL_BIO_read_ex_fn read_ex_cb, +static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_BIO_read_ex_fn read_ex_cb, unsigned char *expected, size_t expected_len, OPENSSL_CTX *libctx, OSSL_SELF_TEST *ev, const char *event_type) @@ -188,7 +188,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) int ok = 0; int kats_already_passed = 0; long checksum_len; - BIO *bio_module = NULL, *bio_indicator = NULL; + OSSL_CORE_BIO *bio_module = NULL, *bio_indicator = NULL; unsigned char *module_checksum = NULL; unsigned char *indicator_checksum = NULL; int loclstate; diff --git a/providers/implementations/serializers/serializer_common.c b/providers/implementations/serializers/serializer_common.c index 2dbbe6b37c..75c1ddc245 100644 --- a/providers/implementations/serializers/serializer_common.c +++ b/providers/implementations/serializers/serializer_common.c @@ -178,7 +178,7 @@ int ossl_prov_print_labeled_bignum(BIO *out, const char *label, } if (BN_is_zero(bn)) - return ossl_prov_bio_printf(out, "%s%s0\n", label, post_label_spc); + return BIO_printf(out, "%s%s0\n", label, post_label_spc); if (BN_num_bytes(bn) <= BN_BYTES) { BN_ULONG *words = bn_get_words(bn); @@ -186,10 +186,8 @@ int ossl_prov_print_labeled_bignum(BIO *out, const char *label, if (BN_is_negative(bn)) neg = "-"; - return ossl_prov_bio_printf(out, - "%s%s%s" BN_FMTu " (%s0x" BN_FMTx ")\n", - label, post_label_spc, neg, words[0], - neg, words[0]); + return BIO_printf(out, "%s%s%s" BN_FMTu " (%s0x" BN_FMTx ")\n", + label, post_label_spc, neg, words[0], neg, words[0]); } hex_str = BN_bn2hex(bn); @@ -198,18 +196,18 @@ int ossl_prov_print_labeled_bignum(BIO *out, const char *label, ++p; neg = " (Negative)"; } - if (ossl_prov_bio_printf(out, "%s%s\n", label, neg) <= 0) + if (BIO_printf(out, "%s%s\n", label, neg) <= 0) goto err; /* Keep track of how many bytes we have printed out so far */ bytes = 0; - if (ossl_prov_bio_printf(out, "%s", spaces) <= 0) + if (BIO_printf(out, "%s", spaces) <= 0) goto err; /* Add a leading 00 if the top bit is set */ if (*p >= '8') { - if (ossl_prov_bio_printf(out, "%02x", 0) <= 0) + if (BIO_printf(out, "%02x", 0) <= 0) goto err; ++bytes; use_sep = 1; @@ -217,18 +215,18 @@ int ossl_prov_print_labeled_bignum(BIO *out, const char *label, while (*p != '\0') { /* Do a newline after every 15 hex bytes + add the space indent */ if ((bytes % 15) == 0 && bytes > 0) { - if (ossl_prov_bio_printf(out, ":\n%s", spaces) <= 0) + if (BIO_printf(out, ":\n%s", spaces) <= 0) goto err; use_sep = 0; /* The first byte on the next line doesnt have a : */ } - if (ossl_prov_bio_printf(out, "%s%c%c", use_sep ? ":" : "", - ossl_tolower(p[0]), ossl_tolower(p[1])) <= 0) + if (BIO_printf(out, "%s%c%c", use_sep ? ":" : "", + ossl_tolower(p[0]), ossl_tolower(p[1])) <= 0) goto err; ++bytes; p += 2; use_sep = 1; } - if (ossl_prov_bio_printf(out, "\n") <= 0) + if (BIO_printf(out, "\n") <= 0) goto err; ret = 1; err: @@ -244,22 +242,22 @@ int ossl_prov_print_labeled_buf(BIO *out, const char *label, { size_t i; - if (ossl_prov_bio_printf(out, "%s\n", label) <= 0) + if (BIO_printf(out, "%s\n", label) <= 0) return 0; for (i = 0; i < buflen; i++) { if ((i % LABELED_BUF_PRINT_WIDTH) == 0) { - if (i > 0 && ossl_prov_bio_printf(out, "\n") <= 0) + if (i > 0 && BIO_printf(out, "\n") <= 0) return 0; - if (ossl_prov_bio_printf(out, " ") <= 0) + if (BIO_printf(out, " ") <= 0) return 0; } - if (ossl_prov_bio_printf(out, "%02x%s", buf[i], + if (BIO_printf(out, "%02x%s", buf[i], (i == buflen - 1) ? "" : ":") <= 0) return 0; } - if (ossl_prov_bio_printf(out, "\n") <= 0) + if (BIO_printf(out, "\n") <= 0) return 0; return 1; diff --git a/providers/implementations/serializers/serializer_dh.c b/providers/implementations/serializers/serializer_dh.c index 2b616b2ef1..df92017ba3 100644 --- a/providers/implementations/serializers/serializer_dh.c +++ b/providers/implementations/serializers/serializer_dh.c @@ -70,7 +70,7 @@ int ossl_prov_print_dh(BIO *out, DH *dh, enum dh_print_type type) if (p == NULL) goto null_err; - if (ossl_prov_bio_printf(out, "%s: (%d bit)\n", type_label, BN_num_bits(p)) + if (BIO_printf(out, "%s: (%d bit)\n", type_label, BN_num_bits(p)) <= 0) goto err; if (priv_key != NULL diff --git a/providers/implementations/serializers/serializer_dh_param.c b/providers/implementations/serializers/serializer_dh_param.c index 5e06178590..4acf5caec6 100644 --- a/providers/implementations/serializers/serializer_dh_param.c +++ b/providers/implementations/serializers/serializer_dh_param.c @@ -21,6 +21,7 @@ #include "prov/bio.h" #include "prov/implementations.h" #include "prov/providercommonerr.h" +#include "prov/provider_ctx.h" #include "serializer_local.h" static OSSL_OP_serializer_newctx_fn dh_param_newctx; @@ -48,7 +49,8 @@ static void dh_param_freectx(void *ctx) } /* Public key : DER */ -static int dh_param_der_data(void *ctx, const OSSL_PARAM params[], BIO *out, +static int dh_param_der_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); @@ -69,14 +71,23 @@ static int dh_param_der_data(void *ctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dh_param_der(void *ctx, void *dh, BIO *out, +static int dh_param_der(void *ctx, void *dh, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return i2d_DHparams_bio(out, dh); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + ret = i2d_DHparams_bio(out, dh); + BIO_free(out); + + return ret; } /* Public key : PEM */ -static int dh_param_pem_data(void *ctx, const OSSL_PARAM params[], BIO *out, +static int dh_param_pem_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); @@ -97,13 +108,23 @@ static int dh_param_pem_data(void *ctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dh_param_pem(void *ctx, void *dh, BIO *out, +static int dh_param_pem(void *ctx, void *dh, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return PEM_write_bio_DHparams(out, dh); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = PEM_write_bio_DHparams(out, dh); + BIO_free(out); + + return ret; } -static int dh_param_print_data(void *ctx, const OSSL_PARAM params[], BIO *out, +static int dh_param_print_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); @@ -124,10 +145,19 @@ static int dh_param_print_data(void *ctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dh_param_print(void *ctx, void *dh, BIO *out, +static int dh_param_print(void *ctx, void *dh, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_print_dh(out, dh, dh_print_params); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_print_dh(out, dh, dh_print_params); + BIO_free(out); + + return ret; } const OSSL_DISPATCH dh_param_der_serializer_functions[] = { diff --git a/providers/implementations/serializers/serializer_dh_priv.c b/providers/implementations/serializers/serializer_dh_priv.c index 99d529b052..c37eb40297 100644 --- a/providers/implementations/serializers/serializer_dh_priv.c +++ b/providers/implementations/serializers/serializer_dh_priv.c @@ -22,6 +22,7 @@ #include #include "prov/bio.h" #include "prov/implementations.h" +#include "prov/provider_ctx.h" #include "serializer_local.h" static OSSL_OP_serializer_newctx_fn dh_priv_newctx; @@ -117,7 +118,8 @@ static int dh_priv_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } /* Private key : DER */ -static int dh_priv_der_data(void *vctx, const OSSL_PARAM params[], BIO *out, +static int dh_priv_der_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct dh_priv_ctx_st *ctx = vctx; @@ -138,11 +140,15 @@ static int dh_priv_der_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dh_priv_der(void *vctx, void *dh, BIO *out, +static int dh_priv_der(void *vctx, void *dh, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct dh_priv_ctx_st *ctx = vctx; int ret; + BIO *out = bio_new_from_core_bio(ctx->provctx, cout); + + if (out == NULL) + return 0; ctx->sc.cb = cb; ctx->sc.cbarg = cbarg; @@ -151,12 +157,14 @@ static int dh_priv_der(void *vctx, void *dh, BIO *out, ossl_prov_prepare_dh_params, ossl_prov_dh_priv_to_der, &ctx->sc); + BIO_free(out); return ret; } /* Private key : PEM */ -static int dh_pem_priv_data(void *vctx, const OSSL_PARAM params[], BIO *out, +static int dh_pem_priv_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct dh_priv_ctx_st *ctx = vctx; @@ -177,11 +185,15 @@ static int dh_pem_priv_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dh_pem_priv(void *vctx, void *dh, BIO *out, +static int dh_pem_priv(void *vctx, void *dh, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct dh_priv_ctx_st *ctx = vctx; int ret; + BIO *out = bio_new_from_core_bio(ctx->provctx, cout); + + if (out == NULL) + return 0; ctx->sc.cb = cb; ctx->sc.cbarg = cbarg; @@ -190,6 +202,7 @@ static int dh_pem_priv(void *vctx, void *dh, BIO *out, ossl_prov_prepare_dh_params, ossl_prov_dh_priv_to_der, &ctx->sc); + BIO_free(out); return ret; } @@ -206,7 +219,8 @@ static void dh_print_freectx(void *ctx) { } -static int dh_priv_print_data(void *vctx, const OSSL_PARAM params[], BIO *out, +static int dh_priv_print_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct dh_priv_ctx_st *ctx = vctx; @@ -227,10 +241,19 @@ static int dh_priv_print_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dh_priv_print(void *ctx, void *dh, BIO *out, +static int dh_priv_print(void *ctx, void *dh, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_print_dh(out, dh, dh_print_priv); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_print_dh(out, dh, dh_print_priv); + BIO_free(out); + + return ret; } const OSSL_DISPATCH dh_priv_der_serializer_functions[] = { diff --git a/providers/implementations/serializers/serializer_dh_pub.c b/providers/implementations/serializers/serializer_dh_pub.c index b787f7c08a..d1b60d87c5 100644 --- a/providers/implementations/serializers/serializer_dh_pub.c +++ b/providers/implementations/serializers/serializer_dh_pub.c @@ -21,6 +21,7 @@ #include #include "prov/bio.h" #include "prov/implementations.h" +#include "prov/provider_ctx.h" #include "serializer_local.h" static OSSL_OP_serializer_newctx_fn dh_pub_newctx; @@ -48,7 +49,8 @@ static void dh_pub_freectx(void *ctx) } /* Public key : DER */ -static int dh_pub_der_data(void *ctx, const OSSL_PARAM params[], BIO *out, +static int dh_pub_der_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); @@ -69,17 +71,27 @@ static int dh_pub_der_data(void *ctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dh_pub_der(void *ctx, void *dh, BIO *out, +static int dh_pub_der(void *ctx, void *dh, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_write_pub_der_from_obj(out, dh, EVP_PKEY_DH, - ossl_prov_prepare_dh_params, - ossl_prov_dh_pub_to_der); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_write_pub_der_from_obj(out, dh, EVP_PKEY_DH, + ossl_prov_prepare_dh_params, + ossl_prov_dh_pub_to_der); + BIO_free(out); + + return ret; } /* Public key : PEM */ -static int dh_pub_pem_data(void *ctx, const OSSL_PARAM params[], BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) +static int dh_pub_pem_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); OSSL_OP_keymgmt_free_fn *dh_free = ossl_prov_get_keymgmt_dh_free(); @@ -99,17 +111,26 @@ static int dh_pub_pem_data(void *ctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dh_pub_pem(void *ctx, void *dh, BIO *out, +static int dh_pub_pem(void *ctx, void *dh, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_write_pub_pem_from_obj(out, dh, EVP_PKEY_DH, - ossl_prov_prepare_dh_params, - ossl_prov_dh_pub_to_der); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + ret = ossl_prov_write_pub_pem_from_obj(out, dh, EVP_PKEY_DH, + ossl_prov_prepare_dh_params, + ossl_prov_dh_pub_to_der); + BIO_free(out); + + return ret; } -static int dh_pub_print_data(void *ctx, const OSSL_PARAM params[], BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) +static int dh_pub_print_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); OSSL_OP_keymgmt_free_fn *dh_free = ossl_prov_get_keymgmt_dh_free(); @@ -129,10 +150,19 @@ static int dh_pub_print_data(void *ctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dh_pub_print(void *ctx, void *dh, BIO *out, +static int dh_pub_print(void *ctx, void *dh, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_print_dh(out, dh, dh_print_pub); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_print_dh(out, dh, dh_print_pub); + BIO_free(out); + + return ret; } const OSSL_DISPATCH dh_pub_der_serializer_functions[] = { diff --git a/providers/implementations/serializers/serializer_dsa.c b/providers/implementations/serializers/serializer_dsa.c index 7ee0bc739b..dea7a18eda 100644 --- a/providers/implementations/serializers/serializer_dsa.c +++ b/providers/implementations/serializers/serializer_dsa.c @@ -73,8 +73,7 @@ int ossl_prov_print_dsa(BIO *out, DSA *dsa, enum dsa_print_type type) if (p == NULL) goto null_err; - if (ossl_prov_bio_printf(out, "%s: (%d bit)\n", type_label, - BN_num_bits(p)) <= 0) + if (BIO_printf(out, "%s: (%d bit)\n", type_label, BN_num_bits(p)) <= 0) goto err; if (priv_key != NULL && !ossl_prov_print_labeled_bignum(out, "priv:", priv_key)) diff --git a/providers/implementations/serializers/serializer_dsa_param.c b/providers/implementations/serializers/serializer_dsa_param.c index 720c390341..23a6d1d25d 100644 --- a/providers/implementations/serializers/serializer_dsa_param.c +++ b/providers/implementations/serializers/serializer_dsa_param.c @@ -21,6 +21,7 @@ #include "prov/bio.h" #include "prov/implementations.h" #include "prov/providercommonerr.h" +#include "prov/provider_ctx.h" #include "serializer_local.h" static OSSL_OP_serializer_newctx_fn dsa_param_newctx; @@ -48,7 +49,8 @@ static void dsa_param_freectx(void *ctx) } /* Public key : DER */ -static int dsa_param_der_data(void *ctx, const OSSL_PARAM params[], BIO *out, +static int dsa_param_der_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *dsa_new = ossl_prov_get_keymgmt_dsa_new(); @@ -69,14 +71,24 @@ static int dsa_param_der_data(void *ctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dsa_param_der(void *ctx, void *dsa, BIO *out, +static int dsa_param_der(void *ctx, void *dsa, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return i2d_DSAparams_bio(out, dsa); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = i2d_DSAparams_bio(out, dsa); + BIO_free(out); + + return ret; } /* Public key : PEM */ -static int dsa_param_pem_data(void *ctx, const OSSL_PARAM params[], BIO *out, +static int dsa_param_pem_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *dsa_new = ossl_prov_get_keymgmt_dsa_new(); @@ -97,13 +109,23 @@ static int dsa_param_pem_data(void *ctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dsa_param_pem(void *ctx, void *dsa, BIO *out, +static int dsa_param_pem(void *ctx, void *dsa, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return PEM_write_bio_DSAparams(out, dsa); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = PEM_write_bio_DSAparams(out, dsa); + BIO_free(out); + + return ret; } -static int dsa_param_print_data(void *ctx, const OSSL_PARAM params[], BIO *out, +static int dsa_param_print_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *dsa_new = ossl_prov_get_keymgmt_dsa_new(); @@ -124,10 +146,19 @@ static int dsa_param_print_data(void *ctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dsa_param_print(void *ctx, void *dsa, BIO *out, +static int dsa_param_print(void *ctx, void *dsa, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_print_dsa(out, dsa, dsa_print_params); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_print_dsa(out, dsa, dsa_print_params); + BIO_free(out); + + return ret; } const OSSL_DISPATCH dsa_param_der_serializer_functions[] = { diff --git a/providers/implementations/serializers/serializer_dsa_priv.c b/providers/implementations/serializers/serializer_dsa_priv.c index 7fdc1567ee..cb9136140d 100644 --- a/providers/implementations/serializers/serializer_dsa_priv.c +++ b/providers/implementations/serializers/serializer_dsa_priv.c @@ -22,6 +22,7 @@ #include #include "prov/bio.h" #include "prov/implementations.h" +#include "prov/provider_ctx.h" #include "serializer_local.h" static OSSL_OP_serializer_newctx_fn dsa_priv_newctx; @@ -117,7 +118,8 @@ static int dsa_priv_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } /* Private key : DER */ -static int dsa_priv_der_data(void *vctx, const OSSL_PARAM params[], BIO *out, +static int dsa_priv_der_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct dsa_priv_ctx_st *ctx = vctx; @@ -138,22 +140,31 @@ static int dsa_priv_der_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dsa_priv_der(void *vctx, void *dsa, BIO *out, +static int dsa_priv_der(void *vctx, void *dsa, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct dsa_priv_ctx_st *ctx = vctx; + BIO *out = bio_new_from_core_bio(ctx->provctx, cout); + int ret; + + if (out == NULL) + return 0; ctx->sc.cb = cb; ctx->sc.cbarg = cbarg; - return ossl_prov_write_priv_der_from_obj(out, dsa, EVP_PKEY_DSA, - ossl_prov_prepare_dsa_params, - ossl_prov_dsa_priv_to_der, - &ctx->sc); + ret = ossl_prov_write_priv_der_from_obj(out, dsa, EVP_PKEY_DSA, + ossl_prov_prepare_dsa_params, + ossl_prov_dsa_priv_to_der, + &ctx->sc); + BIO_free(out); + + return ret; } /* Private key : PEM */ -static int dsa_pem_priv_data(void *vctx, const OSSL_PARAM params[], BIO *out, +static int dsa_pem_priv_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct dsa_priv_ctx_st *ctx = vctx; @@ -174,18 +185,26 @@ static int dsa_pem_priv_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dsa_pem_priv(void *vctx, void *dsa, BIO *out, +static int dsa_pem_priv(void *vctx, void *dsa, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct dsa_priv_ctx_st *ctx = vctx; + BIO *out = bio_new_from_core_bio(ctx->provctx, cout); + int ret; + + if (out == NULL) + return 0; ctx->sc.cb = cb; ctx->sc.cbarg = cbarg; - return ossl_prov_write_priv_pem_from_obj(out, dsa, EVP_PKEY_DSA, - ossl_prov_prepare_dsa_params, - ossl_prov_dsa_priv_to_der, - &ctx->sc); + ret = ossl_prov_write_priv_pem_from_obj(out, dsa, EVP_PKEY_DSA, + ossl_prov_prepare_dsa_params, + ossl_prov_dsa_priv_to_der, + &ctx->sc); + BIO_free(out); + + return ret; } /* @@ -201,7 +220,7 @@ static void dsa_print_freectx(void *ctx) } static int dsa_priv_print_data(void *vctx, const OSSL_PARAM params[], - BIO *out, + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct dsa_priv_ctx_st *ctx = vctx; @@ -222,10 +241,19 @@ static int dsa_priv_print_data(void *vctx, const OSSL_PARAM params[], return ok; } -static int dsa_priv_print(void *ctx, void *dsa, BIO *out, +static int dsa_priv_print(void *ctx, void *dsa, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_print_dsa(out, dsa, dsa_print_priv); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_print_dsa(out, dsa, dsa_print_priv); + BIO_free(out); + + return ret; } const OSSL_DISPATCH dsa_priv_der_serializer_functions[] = { diff --git a/providers/implementations/serializers/serializer_dsa_pub.c b/providers/implementations/serializers/serializer_dsa_pub.c index 46e5c7167b..5c5e61f13d 100644 --- a/providers/implementations/serializers/serializer_dsa_pub.c +++ b/providers/implementations/serializers/serializer_dsa_pub.c @@ -21,6 +21,7 @@ #include #include "prov/bio.h" #include "prov/implementations.h" +#include "prov/provider_ctx.h" #include "serializer_local.h" static OSSL_OP_serializer_newctx_fn dsa_pub_newctx; @@ -48,7 +49,8 @@ static void dsa_pub_freectx(void *ctx) } /* Public key : DER */ -static int dsa_pub_der_data(void *ctx, const OSSL_PARAM params[], BIO *out, +static int dsa_pub_der_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *dsa_new = ossl_prov_get_keymgmt_dsa_new(); @@ -69,7 +71,7 @@ static int dsa_pub_der_data(void *ctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dsa_pub_der(void *ctx, void *dsa, BIO *out, +static int dsa_pub_der(void *ctx, void *dsa, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { /* @@ -77,8 +79,13 @@ static int dsa_pub_der(void *ctx, void *dsa, BIO *out, * in crypto/dsa/dsa_ameth.c */ int save_parameters = 1; + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; - return + if (out == NULL) + return 0; + + ret = save_parameters ? ossl_prov_write_pub_der_from_obj(out, dsa, EVP_PKEY_DSA, ossl_prov_prepare_all_dsa_params, @@ -87,10 +94,14 @@ static int dsa_pub_der(void *ctx, void *dsa, BIO *out, ossl_prov_prepare_dsa_params, ossl_prov_dsa_pub_to_der); + BIO_free(out); + + return ret; } /* Public key : PEM */ -static int dsa_pub_pem_data(void *ctx, const OSSL_PARAM params[], BIO *out, +static int dsa_pub_pem_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *dsa_new = ossl_prov_get_keymgmt_dsa_new(); @@ -111,15 +122,26 @@ static int dsa_pub_pem_data(void *ctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dsa_pub_pem(void *ctx, void *dsa, BIO *out, +static int dsa_pub_pem(void *ctx, void *dsa, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_write_pub_pem_from_obj(out, dsa, EVP_PKEY_DSA, - ossl_prov_prepare_dsa_params, - ossl_prov_dsa_pub_to_der); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_write_pub_pem_from_obj(out, dsa, EVP_PKEY_DSA, + ossl_prov_prepare_dsa_params, + ossl_prov_dsa_pub_to_der); + + BIO_free(out); + + return ret; } -static int dsa_pub_print_data(void *ctx, const OSSL_PARAM params[], BIO *out, +static int dsa_pub_print_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *dsa_new = ossl_prov_get_keymgmt_dsa_new(); @@ -140,10 +162,19 @@ static int dsa_pub_print_data(void *ctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dsa_pub_print(void *ctx, void *dsa, BIO *out, +static int dsa_pub_print(void *ctx, void *dsa, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_print_dsa(out, dsa, 0); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_print_dsa(out, dsa, 0); + BIO_free(out); + + return ret; } const OSSL_DISPATCH dsa_pub_der_serializer_functions[] = { diff --git a/providers/implementations/serializers/serializer_ec.c b/providers/implementations/serializers/serializer_ec.c index 3d455f1507..c4ca0c08be 100644 --- a/providers/implementations/serializers/serializer_ec.c +++ b/providers/implementations/serializers/serializer_ec.c @@ -31,15 +31,13 @@ static int ossl_prov_print_ec_param(BIO *out, const EC_GROUP *group) if (curve_nid == NID_undef) return 0; - if (ossl_prov_bio_printf(out, "%s: %s\n", "ASN1 OID", - OBJ_nid2sn(curve_nid)) <= 0) + if (BIO_printf(out, "%s: %s\n", "ASN1 OID", OBJ_nid2sn(curve_nid)) <= 0) return 0; /* TODO(3.0): Only named curves are currently supported */ curve_name = EC_curve_nid2nist(curve_nid); return (curve_name == NULL - || ossl_prov_bio_printf(out, "%s: %s\n", "NIST CURVE", - curve_name) > 0); + || BIO_printf(out, "%s: %s\n", "NIST CURVE", curve_name) > 0); } int ossl_prov_print_eckey(BIO *out, EC_KEY *eckey, enum ec_print_type type) @@ -86,8 +84,8 @@ int ossl_prov_print_eckey(BIO *out, EC_KEY *eckey, enum ec_print_type type) goto err; } - if (ossl_prov_bio_printf(out, "%s: (%d bit)\n", type_label, - EC_GROUP_order_bits(group)) <= 0) + if (BIO_printf(out, "%s: (%d bit)\n", type_label, + EC_GROUP_order_bits(group)) <= 0) goto err; if (priv != NULL && !ossl_prov_print_labeled_buf(out, "priv:", priv, priv_len)) diff --git a/providers/implementations/serializers/serializer_ec_param.c b/providers/implementations/serializers/serializer_ec_param.c index fdeedb5dff..a82971602f 100644 --- a/providers/implementations/serializers/serializer_ec_param.c +++ b/providers/implementations/serializers/serializer_ec_param.c @@ -15,6 +15,7 @@ #include "prov/bio.h" #include "prov/implementations.h" #include "prov/providercommonerr.h" +#include "prov/provider_ctx.h" #include "serializer_local.h" static OSSL_OP_serializer_newctx_fn ec_param_newctx; @@ -39,8 +40,9 @@ static void ec_param_freectx(void *vctx) } /* Public key : DER */ -static int ec_param_der_data(void *vctx, const OSSL_PARAM params[], BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) +static int ec_param_der_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *ec_new; OSSL_OP_keymgmt_free_fn *ec_free; @@ -62,15 +64,25 @@ static int ec_param_der_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int ec_param_der(void *vctx, void *eckey, BIO *out, +static int ec_param_der(void *vctx, void *eckey, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return i2d_ECPKParameters_bio(out, EC_KEY_get0_group(eckey)); + BIO *out = bio_new_from_core_bio(vctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = i2d_ECPKParameters_bio(out, EC_KEY_get0_group(eckey)); + BIO_free(out); + + return ret; } /* Public key : PEM */ -static int ec_param_pem_data(void *vctx, const OSSL_PARAM params[], BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) +static int ec_param_pem_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *ec_new; OSSL_OP_keymgmt_free_fn *ec_free; @@ -92,14 +104,24 @@ static int ec_param_pem_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int ec_param_pem(void *vctx, void *eckey, BIO *out, +static int ec_param_pem(void *vctx, void *eckey, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return PEM_write_bio_ECPKParameters(out, EC_KEY_get0_group(eckey)); + BIO *out = bio_new_from_core_bio(vctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = PEM_write_bio_ECPKParameters(out, EC_KEY_get0_group(eckey)); + BIO_free(out); + + return ret; } -static int ec_param_print_data(void *vctx, const OSSL_PARAM params[], BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) +static int ec_param_print_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *ec_new; OSSL_OP_keymgmt_free_fn *ec_free; @@ -121,10 +143,19 @@ static int ec_param_print_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int ec_param_print(void *vctx, void *eckey, BIO *out, +static int ec_param_print(void *vctx, void *eckey, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_print_eckey(out, eckey, ec_print_params); + BIO *out = bio_new_from_core_bio(vctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_print_eckey(out, eckey, ec_print_params); + BIO_free(out); + + return ret; } const OSSL_DISPATCH ec_param_der_serializer_functions[] = { diff --git a/providers/implementations/serializers/serializer_ec_priv.c b/providers/implementations/serializers/serializer_ec_priv.c index 14ff2ae60e..4a0e3d8be7 100644 --- a/providers/implementations/serializers/serializer_ec_priv.c +++ b/providers/implementations/serializers/serializer_ec_priv.c @@ -16,6 +16,7 @@ #include #include "prov/bio.h" #include "prov/implementations.h" +#include "prov/provider_ctx.h" #include "serializer_local.h" static OSSL_OP_serializer_newctx_fn ec_priv_newctx; @@ -111,8 +112,9 @@ static int ec_priv_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } /* Private key : DER */ -static int ec_priv_der_data(void *vctx, const OSSL_PARAM params[], BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) +static int ec_priv_der_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct ec_priv_ctx_st *ctx = vctx; OSSL_OP_keymgmt_new_fn *ec_new; @@ -134,23 +136,32 @@ static int ec_priv_der_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int ec_priv_der(void *vctx, void *eckey, BIO *out, +static int ec_priv_der(void *vctx, void *eckey, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct ec_priv_ctx_st *ctx = vctx; + BIO *out = bio_new_from_core_bio(ctx->provctx, cout); + int ret; + + if (out == NULL) + return 0; ctx->sc.cb = cb; ctx->sc.cbarg = cbarg; - return ossl_prov_write_priv_der_from_obj(out, eckey, EVP_PKEY_EC, - ossl_prov_prepare_ec_params, - ossl_prov_ec_priv_to_der, - &ctx->sc); + ret = ossl_prov_write_priv_der_from_obj(out, eckey, EVP_PKEY_EC, + ossl_prov_prepare_ec_params, + ossl_prov_ec_priv_to_der, + &ctx->sc); + BIO_free(out); + + return ret; } /* Private key : PEM */ -static int ec_pem_priv_data(void *vctx, const OSSL_PARAM params[], BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) +static int ec_pem_priv_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct ec_priv_ctx_st *ctx = vctx; OSSL_OP_keymgmt_new_fn *ec_new; @@ -172,18 +183,26 @@ static int ec_pem_priv_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int ec_pem_priv(void *vctx, void *eckey, BIO *out, +static int ec_pem_priv(void *vctx, void *eckey, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct ec_priv_ctx_st *ctx = vctx; + BIO *out = bio_new_from_core_bio(ctx->provctx, cout); + int ret; + + if (out == NULL) + return 0; ctx->sc.cb = cb; ctx->sc.cbarg = cbarg; - return ossl_prov_write_priv_pem_from_obj(out, eckey, EVP_PKEY_EC, - ossl_prov_prepare_ec_params, - ossl_prov_ec_priv_to_der, - &ctx->sc); + ret = ossl_prov_write_priv_pem_from_obj(out, eckey, EVP_PKEY_EC, + ossl_prov_prepare_ec_params, + ossl_prov_ec_priv_to_der, + &ctx->sc); + BIO_free(out); + + return ret; } /* @@ -198,7 +217,8 @@ static void ec_print_freectx(void *ctx) { } -static int ec_priv_print_data(void *vctx, const OSSL_PARAM params[], BIO *out, +static int ec_priv_print_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct ec_priv_ctx_st *ctx = vctx; @@ -221,10 +241,19 @@ static int ec_priv_print_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int ec_priv_print(void *vctx, void *eckey, BIO *out, +static int ec_priv_print(void *ctx, void *eckey, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_print_eckey(out, eckey, ec_print_priv); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_print_eckey(out, eckey, ec_print_priv); + BIO_free(out); + + return ret; } const OSSL_DISPATCH ec_priv_der_serializer_functions[] = { diff --git a/providers/implementations/serializers/serializer_ec_pub.c b/providers/implementations/serializers/serializer_ec_pub.c index e9d90f1d20..1c145cf3c0 100644 --- a/providers/implementations/serializers/serializer_ec_pub.c +++ b/providers/implementations/serializers/serializer_ec_pub.c @@ -14,6 +14,7 @@ #include #include "prov/bio.h" #include "prov/implementations.h" +#include "prov/provider_ctx.h" #include "serializer_local.h" static OSSL_OP_serializer_newctx_fn ec_pub_newctx; @@ -41,7 +42,8 @@ static void ec_pub_freectx(void *ctx) } /* Public key : DER */ -static int ec_pub_der_data(void *vctx, const OSSL_PARAM params[], BIO *out, +static int ec_pub_der_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *ec_new; @@ -64,16 +66,26 @@ static int ec_pub_der_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int ec_pub_der(void *ctx, void *eckey, BIO *out, +static int ec_pub_der(void *ctx, void *eckey, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_write_pub_der_from_obj(out, eckey, EVP_PKEY_EC, + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_write_pub_der_from_obj(out, eckey, EVP_PKEY_EC, ossl_prov_prepare_ec_params, ossl_prov_ec_pub_to_der); + BIO_free(out); + + return ret; } /* Public key : PEM */ -static int ec_pub_pem_data(void *vctx, const OSSL_PARAM params[], BIO *out, +static int ec_pub_pem_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *ec_new; @@ -96,15 +108,25 @@ static int ec_pub_pem_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int ec_pub_pem(void *vctx, void *eckey, BIO *out, +static int ec_pub_pem(void *vctx, void *eckey, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_write_pub_pem_from_obj(out, eckey, EVP_PKEY_EC, - ossl_prov_prepare_ec_params, - ossl_prov_ec_pub_to_der); + BIO *out = bio_new_from_core_bio(vctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_write_pub_pem_from_obj(out, eckey, EVP_PKEY_EC, + ossl_prov_prepare_ec_params, + ossl_prov_ec_pub_to_der); + BIO_free(out); + + return ret; } -static int ec_pub_print_data(void *vctx, const OSSL_PARAM params[], BIO *out, +static int ec_pub_print_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *ec_new; @@ -127,10 +149,19 @@ static int ec_pub_print_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int ec_pub_print(void *vctx, void *eckey, BIO *out, +static int ec_pub_print(void *vctx, void *eckey, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_print_eckey(out, eckey, ec_print_pub); + BIO *out = bio_new_from_core_bio(vctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_print_eckey(out, eckey, ec_print_pub); + BIO_free(out); + + return ret; } const OSSL_DISPATCH ec_pub_der_serializer_functions[] = { diff --git a/providers/implementations/serializers/serializer_ecx.c b/providers/implementations/serializers/serializer_ecx.c index 78b6ec9691..a768355a13 100644 --- a/providers/implementations/serializers/serializer_ecx.c +++ b/providers/implementations/serializers/serializer_ecx.c @@ -86,7 +86,7 @@ int ossl_prov_print_ecx(BIO *out, ECX_KEY *ecxkey, enum ecx_print_type type) return 0; } - if (ossl_prov_bio_printf(out, "%s:\n", type_label) <= 0) + if (BIO_printf(out, "%s:\n", type_label) <= 0) return 0; if (type == ecx_print_priv && !ossl_prov_print_labeled_buf(out, "priv:", ecxkey->privkey, diff --git a/providers/implementations/serializers/serializer_ecx_priv.c b/providers/implementations/serializers/serializer_ecx_priv.c index c746109424..ea46d6c5e4 100644 --- a/providers/implementations/serializers/serializer_ecx_priv.c +++ b/providers/implementations/serializers/serializer_ecx_priv.c @@ -16,6 +16,7 @@ #include "crypto/ecx.h" #include "prov/bio.h" #include "prov/implementations.h" +#include "prov/provider_ctx.h" #include "serializer_local.h" static OSSL_OP_serializer_newctx_fn x25519_priv_newctx; @@ -134,7 +135,8 @@ static int ecx_priv_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } /* Private key : DER */ -static int ecx_priv_der_data(void *vctx, const OSSL_PARAM params[], BIO *out, +static int ecx_priv_der_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct ecx_priv_ctx_st *ctx = vctx; @@ -157,13 +159,17 @@ static int ecx_priv_der_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int ecx_priv_der(void *vctx, void *vecxkey, BIO *out, +static int ecx_priv_der(void *vctx, void *vecxkey, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct ecx_priv_ctx_st *ctx = vctx; ECX_KEY *ecxkey = vecxkey; int ret; int nid = KEYTYPE2NID(ctx->type); + BIO *out = bio_new_from_core_bio(ctx->provctx, cout); + + if (out == NULL) + return 0; ctx->sc.cb = cb; ctx->sc.cbarg = cbarg; @@ -173,12 +179,14 @@ static int ecx_priv_der(void *vctx, void *vecxkey, BIO *out, NULL, ossl_prov_ecx_priv_to_der, &ctx->sc); + BIO_free(out); return ret; } /* Private key : PEM */ -static int ecx_priv_pem_data(void *vctx, const OSSL_PARAM params[], BIO *out, +static int ecx_priv_pem_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct ecx_priv_ctx_st *ctx = vctx; @@ -201,12 +209,16 @@ static int ecx_priv_pem_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int ecx_priv_pem(void *vctx, void *ecxkey, BIO *out, +static int ecx_priv_pem(void *vctx, void *ecxkey, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct ecx_priv_ctx_st *ctx = vctx; int ret; int nid = KEYTYPE2NID(ctx->type); + BIO *out = bio_new_from_core_bio(ctx->provctx, cout); + + if (out == NULL) + return 0; ctx->sc.cb = cb; ctx->sc.cbarg = cbarg; @@ -216,11 +228,13 @@ static int ecx_priv_pem(void *vctx, void *ecxkey, BIO *out, NULL, ossl_prov_ecx_priv_to_der, &ctx->sc); + BIO_free(out); return ret; } -static int ecx_priv_print_data(void *vctx, const OSSL_PARAM params[], BIO *out, +static int ecx_priv_print_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct ecx_priv_ctx_st *ctx = vctx; @@ -243,10 +257,20 @@ static int ecx_priv_print_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int ecx_priv_print(void *ctx, void *ecxkey, BIO *out, +static int ecx_priv_print(void *vctx, void *ecxkey, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_print_ecx(out, ecxkey, ecx_print_priv); + struct ecx_priv_ctx_st *ctx = vctx; + BIO *out = bio_new_from_core_bio(ctx->provctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_print_ecx(out, ecxkey, ecx_print_priv); + BIO_free(out); + + return ret; } #define MAKE_SERIALIZER_FUNCTIONS(alg, type) \ diff --git a/providers/implementations/serializers/serializer_ecx_pub.c b/providers/implementations/serializers/serializer_ecx_pub.c index cd09cd6abb..94483f10ed 100644 --- a/providers/implementations/serializers/serializer_ecx_pub.c +++ b/providers/implementations/serializers/serializer_ecx_pub.c @@ -15,6 +15,7 @@ #include "crypto/ecx.h" #include "prov/bio.h" #include "prov/implementations.h" +#include "prov/provider_ctx.h" #include "serializer_local.h" static OSSL_OP_serializer_newctx_fn x25519_pub_newctx; @@ -76,7 +77,8 @@ static void ecx_pub_freectx(void *ctx) } /* Public key : DER */ -static int ecx_pub_der_data(void *vctx, const OSSL_PARAM params[], BIO *out, +static int ecx_pub_der_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct ecx_pub_ctx_st *ctx = vctx; @@ -99,19 +101,28 @@ static int ecx_pub_der_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int ecx_pub_der(void *vctx, void *ecxkey, BIO *out, +static int ecx_pub_der(void *vctx, void *ecxkey, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct ecx_pub_ctx_st *ctx = vctx; + BIO *out = bio_new_from_core_bio(ctx->provctx, cout); + int ret; - return ossl_prov_write_pub_der_from_obj(out, ecxkey, - KEYTYPE2NID(ctx->type), - NULL, - ossl_prov_ecx_pub_to_der); + if (out == NULL) + return 0; + + ret = ossl_prov_write_pub_der_from_obj(out, ecxkey, + KEYTYPE2NID(ctx->type), + NULL, + ossl_prov_ecx_pub_to_der); + BIO_free(out); + + return ret; } /* Public key : PEM */ -static int ecx_pub_pem_data(void *vctx, const OSSL_PARAM params[], BIO *out, +static int ecx_pub_pem_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct ecx_pub_ctx_st *ctx = vctx; @@ -134,19 +145,27 @@ static int ecx_pub_pem_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int ecx_pub_pem(void *vctx, void *ecxkey, BIO *out, +static int ecx_pub_pem(void *vctx, void *ecxkey, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct ecx_pub_ctx_st *ctx = vctx; + BIO *out = bio_new_from_core_bio(ctx->provctx, cout); + int ret; - return ossl_prov_write_pub_pem_from_obj(out, ecxkey, - KEYTYPE2NID(ctx->type), - NULL, - ossl_prov_ecx_pub_to_der); + if (out == NULL) + return 0; + ret = ossl_prov_write_pub_pem_from_obj(out, ecxkey, + KEYTYPE2NID(ctx->type), + NULL, + ossl_prov_ecx_pub_to_der); + BIO_free(out); + + return ret; } -static int ecx_pub_print_data(void *vctx, const OSSL_PARAM params[], BIO *out, +static int ecx_pub_print_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct ecx_pub_ctx_st *ctx = vctx; @@ -169,10 +188,20 @@ static int ecx_pub_print_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int ecx_pub_print(void *ctx, void *ecxkey, BIO *out, +static int ecx_pub_print(void *vctx, void *ecxkey, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_print_ecx(out, ecxkey, ecx_print_pub); + struct ecx_pub_ctx_st *ctx = vctx; + BIO *out = bio_new_from_core_bio(ctx->provctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_print_ecx(out, ecxkey, ecx_print_pub); + BIO_free(out); + + return ret; } #define MAKE_SERIALIZER_FUNCTIONS(alg, type) \ diff --git a/providers/implementations/serializers/serializer_ffc_params.c b/providers/implementations/serializers/serializer_ffc_params.c index 98c9886ce9..ad96c4ddd0 100644 --- a/providers/implementations/serializers/serializer_ffc_params.c +++ b/providers/implementations/serializers/serializer_ffc_params.c @@ -20,7 +20,7 @@ int ffc_params_prov_print(BIO *out, const FFC_PARAMS *ffc) if (name == NULL) goto err; - if (ossl_prov_bio_printf(out, "GROUP: %s\n", name) <= 0) + if (BIO_printf(out, "GROUP: %s\n", name) <= 0) goto err; return 1; #else @@ -46,15 +46,15 @@ int ffc_params_prov_print(BIO *out, const FFC_PARAMS *ffc) goto err; } if (ffc->gindex != -1) { - if (ossl_prov_bio_printf(out, "gindex: %d\n", ffc->gindex) <= 0) + if (BIO_printf(out, "gindex: %d\n", ffc->gindex) <= 0) goto err; } if (ffc->pcounter != -1) { - if (ossl_prov_bio_printf(out, "pcounter: %d\n", ffc->pcounter) <= 0) + if (BIO_printf(out, "pcounter: %d\n", ffc->pcounter) <= 0) goto err; } if (ffc->h != 0) { - if (ossl_prov_bio_printf(out, "h: %d\n", ffc->h) <= 0) + if (BIO_printf(out, "h: %d\n", ffc->h) <= 0) goto err; } return 1; diff --git a/providers/implementations/serializers/serializer_rsa.c b/providers/implementations/serializers/serializer_rsa.c index 564210ede2..ac685a09f2 100644 --- a/providers/implementations/serializers/serializer_rsa.c +++ b/providers/implementations/serializers/serializer_rsa.c @@ -55,15 +55,14 @@ int ossl_prov_print_rsa(BIO *out, RSA *rsa, int priv) rsa_get0_all_params(rsa, factors, exps, coeffs); if (priv && rsa_d != NULL) { - if (ossl_prov_bio_printf(out, "Private-Key: (%d bit, %d primes)\n", - BN_num_bits(rsa_n), - sk_BIGNUM_const_num(factors)) <= 0) + if (BIO_printf(out, "Private-Key: (%d bit, %d primes)\n", + BN_num_bits(rsa_n), + sk_BIGNUM_const_num(factors)) <= 0) goto err; modulus_label = "modulus:"; exponent_label = "publicExponent:"; } else { - if (ossl_prov_bio_printf(out, "Public-Key: (%d bit)\n", - BN_num_bits(rsa_n)) <= 0) + if (BIO_printf(out, "Public-Key: (%d bit)\n", BN_num_bits(rsa_n)) <= 0) goto err; modulus_label = "Modulus:"; exponent_label = "Exponent:"; @@ -93,18 +92,18 @@ int ossl_prov_print_rsa(BIO *out, RSA *rsa, int priv) sk_BIGNUM_const_value(coeffs, 0))) goto err; for (i = 2; i < sk_BIGNUM_const_num(factors); i++) { - if (ossl_prov_bio_printf(out, "prime%d:", i + 1) <= 0) + if (BIO_printf(out, "prime%d:", i + 1) <= 0) goto err; if (!ossl_prov_print_labeled_bignum(out, NULL, sk_BIGNUM_const_value(factors, i))) goto err; - if (ossl_prov_bio_printf(out, "exponent%d:", i + 1) <= 0) + if (BIO_printf(out, "exponent%d:", i + 1) <= 0) goto err; if (!ossl_prov_print_labeled_bignum(out, NULL, sk_BIGNUM_const_value(exps, i))) goto err; - if (ossl_prov_bio_printf(out, "coefficient%d:", i + 1) <= 0) + if (BIO_printf(out, "coefficient%d:", i + 1) <= 0) goto err; if (!ossl_prov_print_labeled_bignum(out, NULL, sk_BIGNUM_const_value(coeffs, @@ -116,14 +115,13 @@ int ossl_prov_print_rsa(BIO *out, RSA *rsa, int priv) switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { case RSA_FLAG_TYPE_RSA: if (!rsa_pss_params_30_is_unrestricted(pss_params)) { - if (ossl_prov_bio_printf(out, "(INVALID PSS PARAMETERS)\n") <= 0) + if (BIO_printf(out, "(INVALID PSS PARAMETERS)\n") <= 0) goto err; } break; case RSA_FLAG_TYPE_RSASSAPSS: if (rsa_pss_params_30_is_unrestricted(pss_params)) { - if (ossl_prov_bio_printf(out, - "No PSS parameter restrictions\n") <= 0) + if (BIO_printf(out, "No PSS parameter restrictions\n") <= 0) goto err; } else { int hashalg_nid = rsa_pss_params_30_hashalg(pss_params); @@ -133,23 +131,23 @@ int ossl_prov_print_rsa(BIO *out, RSA *rsa, int priv) int saltlen = rsa_pss_params_30_saltlen(pss_params); int trailerfield = rsa_pss_params_30_trailerfield(pss_params); - if (ossl_prov_bio_printf(out, "PSS parameter restrictions:\n") <= 0) + if (BIO_printf(out, "PSS parameter restrictions:\n") <= 0) goto err; - if (ossl_prov_bio_printf(out, " Hash Algorithm: %s%s\n", - rsa_oaeppss_nid2name(hashalg_nid), - (hashalg_nid == NID_sha1 - ? " (default)" : "")) <= 0) + if (BIO_printf(out, " Hash Algorithm: %s%s\n", + rsa_oaeppss_nid2name(hashalg_nid), + (hashalg_nid == NID_sha1 + ? " (default)" : "")) <= 0) goto err; - if (ossl_prov_bio_printf(out, " Mask Algorithm: %s with %s%s\n", - rsa_mgf_nid2name(maskgenalg_nid), - rsa_oaeppss_nid2name(maskgenhashalg_nid), - (maskgenalg_nid == NID_mgf1 - && maskgenhashalg_nid == NID_sha1 - ? " (default)" : "")) <= 0) + if (BIO_printf(out, " Mask Algorithm: %s with %s%s\n", + rsa_mgf_nid2name(maskgenalg_nid), + rsa_oaeppss_nid2name(maskgenhashalg_nid), + (maskgenalg_nid == NID_mgf1 + && maskgenhashalg_nid == NID_sha1 + ? " (default)" : "")) <= 0) goto err; - if (ossl_prov_bio_printf(out, " Minimum Salt Length: %d%s\n", - saltlen, - (saltlen == 20 ? " (default)" : "")) <= 0) + if (BIO_printf(out, " Minimum Salt Length: %d%s\n", + saltlen, + (saltlen == 20 ? " (default)" : "")) <= 0) goto err; /* * TODO(3.0) Should we show the ASN.1 trailerField value, or @@ -158,9 +156,9 @@ int ossl_prov_print_rsa(BIO *out, RSA *rsa, int priv) * does display 0xBC when the default applies, but the ASN.1 * trailerField value otherwise... */ - if (ossl_prov_bio_printf(out, " Trailer Field: 0x%x%s\n", - trailerfield, - (trailerfield == 1 ? " (default)" : "")) + if (BIO_printf(out, " Trailer Field: 0x%x%s\n", + trailerfield, + (trailerfield == 1 ? " (default)" : "")) <= 0) goto err; } diff --git a/providers/implementations/serializers/serializer_rsa_priv.c b/providers/implementations/serializers/serializer_rsa_priv.c index 8c68f5de34..981ddcf2fc 100644 --- a/providers/implementations/serializers/serializer_rsa_priv.c +++ b/providers/implementations/serializers/serializer_rsa_priv.c @@ -25,6 +25,7 @@ #include "prov/bio.h" #include "prov/implementations.h" #include "prov/providercommonerr.h" +#include "prov/provider_ctx.h" #include "serializer_local.h" static OSSL_OP_serializer_newctx_fn rsa_priv_newctx; @@ -119,7 +120,8 @@ static int rsa_priv_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } /* Private key : DER */ -static int rsa_priv_der_data(void *vctx, const OSSL_PARAM params[], BIO *out, +static int rsa_priv_der_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct rsa_priv_ctx_st *ctx = vctx; @@ -140,11 +142,15 @@ static int rsa_priv_der_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int rsa_priv_der(void *vctx, void *rsa, BIO *out, +static int rsa_priv_der(void *vctx, void *rsa, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct rsa_priv_ctx_st *ctx = vctx; int ret; + BIO *out = bio_new_from_core_bio(ctx->provctx, cout); + + if (out == NULL) + return 0; ctx->sc.cb = cb; ctx->sc.cbarg = cbarg; @@ -154,12 +160,14 @@ static int rsa_priv_der(void *vctx, void *rsa, BIO *out, ossl_prov_prepare_rsa_params, (i2d_of_void *)i2d_RSAPrivateKey, &ctx->sc); + BIO_free(out); return ret; } /* Private key : PEM */ -static int rsa_pem_priv_data(void *vctx, const OSSL_PARAM params[], BIO *out, +static int rsa_pem_priv_data(void *vctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct rsa_priv_ctx_st *ctx = vctx; @@ -180,11 +188,15 @@ static int rsa_pem_priv_data(void *vctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int rsa_pem_priv(void *vctx, void *rsa, BIO *out, +static int rsa_pem_priv(void *vctx, void *rsa, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct rsa_priv_ctx_st *ctx = vctx; int ret; + BIO *out = bio_new_from_core_bio(ctx->provctx, cout); + + if (out == NULL) + return 0; ctx->sc.cb = cb; ctx->sc.cbarg = cbarg; @@ -194,6 +206,7 @@ static int rsa_pem_priv(void *vctx, void *rsa, BIO *out, ossl_prov_prepare_rsa_params, (i2d_of_void *)i2d_RSAPrivateKey, &ctx->sc); + BIO_free(out); return ret; } @@ -211,7 +224,7 @@ static void rsa_print_freectx(void *ctx) } static int rsa_priv_print_data(void *vctx, const OSSL_PARAM params[], - BIO *out, + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { struct rsa_priv_ctx_st *ctx = vctx; @@ -232,10 +245,19 @@ static int rsa_priv_print_data(void *vctx, const OSSL_PARAM params[], return ok; } -static int rsa_priv_print(void *ctx, void *rsa, BIO *out, +static int rsa_priv_print(void *ctx, void *rsa, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_print_rsa(out, rsa, 1); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_print_rsa(out, rsa, 1); + BIO_free(out); + + return ret; } const OSSL_DISPATCH rsa_priv_der_serializer_functions[] = { diff --git a/providers/implementations/serializers/serializer_rsa_pub.c b/providers/implementations/serializers/serializer_rsa_pub.c index 28df00877e..80e1504611 100644 --- a/providers/implementations/serializers/serializer_rsa_pub.c +++ b/providers/implementations/serializers/serializer_rsa_pub.c @@ -21,6 +21,7 @@ #include "prov/bio.h" #include "prov/implementations.h" #include "prov/providercommonerr.h" +#include "prov/provider_ctx.h" #include "serializer_local.h" static OSSL_OP_serializer_newctx_fn rsa_pub_newctx; @@ -48,7 +49,8 @@ static void rsa_pub_freectx(void *ctx) } /* Public key : DER */ -static int rsa_pub_der_data(void *ctx, const OSSL_PARAM params[], BIO *out, +static int rsa_pub_der_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new(); @@ -69,17 +71,27 @@ static int rsa_pub_der_data(void *ctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int rsa_pub_der(void *ctx, void *rsa, BIO *out, +static int rsa_pub_der(void *ctx, void *rsa, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_write_pub_der_from_obj(out, rsa, - ossl_prov_rsa_type_to_evp(rsa), - ossl_prov_prepare_rsa_params, - (i2d_of_void *)i2d_RSAPublicKey); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_write_pub_der_from_obj(out, rsa, + ossl_prov_rsa_type_to_evp(rsa), + ossl_prov_prepare_rsa_params, + (i2d_of_void *)i2d_RSAPublicKey); + BIO_free(out); + + return ret; } /* Public key : PEM */ -static int rsa_pub_pem_data(void *ctx, const OSSL_PARAM params[], BIO *out, +static int rsa_pub_pem_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new(); @@ -100,16 +112,26 @@ static int rsa_pub_pem_data(void *ctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int rsa_pub_pem(void *ctx, void *rsa, BIO *out, +static int rsa_pub_pem(void *ctx, void *rsa, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_write_pub_pem_from_obj(out, rsa, - ossl_prov_rsa_type_to_evp(rsa), - ossl_prov_prepare_rsa_params, - (i2d_of_void *)i2d_RSAPublicKey); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_write_pub_pem_from_obj(out, rsa, + ossl_prov_rsa_type_to_evp(rsa), + ossl_prov_prepare_rsa_params, + (i2d_of_void *)i2d_RSAPublicKey); + BIO_free(out); + + return ret; } -static int rsa_pub_print_data(void *ctx, const OSSL_PARAM params[], BIO *out, +static int rsa_pub_print_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new(); @@ -130,10 +152,19 @@ static int rsa_pub_print_data(void *ctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int rsa_pub_print(void *ctx, void *rsa, BIO *out, +static int rsa_pub_print(void *ctx, void *rsa, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return ossl_prov_print_rsa(out, rsa, 0); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = ossl_prov_print_rsa(out, rsa, 0); + BIO_free(out); + + return ret; } const OSSL_DISPATCH rsa_pub_der_serializer_functions[] = { diff --git a/providers/legacyprov.c b/providers/legacyprov.c index 9a6ed6d836..886037cff9 100644 --- a/providers/legacyprov.c +++ b/providers/legacyprov.c @@ -170,7 +170,7 @@ static const OSSL_DISPATCH legacy_dispatch_table[] = { { 0, NULL } }; -int OSSL_provider_init(const OSSL_PROVIDER *provider, +int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, void **provctx) @@ -206,7 +206,7 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, return 0; } PROV_CTX_set0_library_context(*provctx, libctx); - PROV_CTX_set0_provider(*provctx, provider); + PROV_CTX_set0_handle(*provctx, handle); *out = legacy_dispatch_table; diff --git a/providers/nullprov.c b/providers/nullprov.c index a1a2681173..945ec2fbb6 100644 --- a/providers/nullprov.c +++ b/providers/nullprov.c @@ -17,10 +17,6 @@ OSSL_provider_init_fn ossl_null_provider_init; -/* Functions provided by the core */ -static OSSL_core_gettable_params_fn *c_gettable_params = NULL; -static OSSL_core_get_params_fn *c_get_params = NULL; - /* Parameters we provide to the core */ static const OSSL_ITEM null_param_types[] = { { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_NAME }, @@ -67,40 +63,14 @@ static const OSSL_DISPATCH null_dispatch_table[] = { { 0, NULL } }; -int ossl_null_provider_init(const OSSL_PROVIDER *provider, +int ossl_null_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, void **provctx) { - OSSL_core_get_library_context_fn *c_get_libctx = NULL; - - for (; in->function_id != 0; in++) { - switch (in->function_id) { - case OSSL_FUNC_CORE_GETTABLE_PARAMS: - c_gettable_params = OSSL_get_core_gettable_params(in); - break; - case OSSL_FUNC_CORE_GET_PARAMS: - c_get_params = OSSL_get_core_get_params(in); - break; - case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT: - c_get_libctx = OSSL_get_core_get_library_context(in); - break; - /* Just ignore anything we don't understand */ - default: - break; - } - } - - if (c_get_libctx == NULL) - return 0; - *out = null_dispatch_table; - /* - * We want to make sure that all calls from this provider that requires - * a library context use the same context as the one used to call our - * functions. We do that by passing it along as the provider context. - */ - *provctx = c_get_libctx(provider); + /* Could be anything - we don't use it */ + *provctx = (void *)handle; return 1; } diff --git a/test/p_test.c b/test/p_test.c index cecb40ec96..5a491234a0 100644 --- a/test/p_test.c +++ b/test/p_test.c @@ -48,9 +48,9 @@ static const OSSL_PARAM *p_gettable_params(void *_) return p_param_types; } -static int p_get_params(void *vprov, OSSL_PARAM params[]) +static int p_get_params(void *vhand, OSSL_PARAM params[]) { - const OSSL_PROVIDER *prov = vprov; + const OSSL_CORE_HANDLE *hand = vhand; OSSL_PARAM *p = params; int ok = 1; @@ -77,7 +77,7 @@ static int p_get_params(void *vprov, OSSL_PARAM params[]) opensslv = provname = greeting = NULL; - if (c_get_params(prov, counter_request)) { + if (c_get_params(hand, counter_request)) { if (greeting) { strcpy(buf, greeting); } else { @@ -119,7 +119,7 @@ static const OSSL_DISPATCH p_test_table[] = { { 0, NULL } }; -int OSSL_provider_init(const OSSL_PROVIDER *provider, +int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, void **provctx) @@ -139,7 +139,7 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, } /* Because we use this in get_params, we need to pass it back */ - *provctx = (void *)provider; + *provctx = (void *)handle; *out = p_test_table; return 1; From matt at openssl.org Sat May 16 16:31:41 2020 From: matt at openssl.org (Matt Caswell) Date: Sat, 16 May 2020 16:31:41 +0000 Subject: [openssl] master update Message-ID: <1589646701.051433.9644.nullmailer@dev.openssl.org> The branch master has been updated via 4fcd15c18ad6b5523a389863d3e5628d44db6eb4 (commit) from 06a2027bd58bcd109cab88e3ce27726613eeab50 (commit) - Log ----------------------------------------------------------------- commit 4fcd15c18ad6b5523a389863d3e5628d44db6eb4 Author: Billy Brumley Date: Wed May 13 07:33:59 2020 +0300 deprecate EC_POINTs_mul function Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11807) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 5 +++++ crypto/ec/ec_lib.c | 42 ++++++++++++++++++++++++++++++++++-------- crypto/err/openssl.txt | 1 + doc/man3/EC_POINT_add.pod | 14 +++++++++++--- include/openssl/ec.h | 7 ++++--- include/openssl/ecerr.h | 1 + test/ectest.c | 36 ++++++++++++++++++++++++++---------- util/libcrypto.num | 2 +- 8 files changed, 83 insertions(+), 25 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 589cc5537e..bc4f524186 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,11 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Deprecated EC_POINTs_mul(). This function is not widely used and applications + should instead use the L function. + + *Billy Bob Brumley* + * Removed FIPS_mode() and FIPS_mode_set(). These functions are legacy API's that are not applicable to the new provider model. Applications should instead use EVP_default_properties_is_fips_enabled() and diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 589380d466..cdeffb4207 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1041,6 +1041,7 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, * methods. */ +#ifndef OPENSSL_NO_DEPRECATED_3_0 int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) @@ -1086,21 +1087,46 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, #endif return ret; } +#endif int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) { - /* just a convenient interface to EC_POINTs_mul() */ + int ret = 0; +#ifndef FIPS_MODULE + BN_CTX *new_ctx = NULL; +#endif - const EC_POINT *points[1]; - const BIGNUM *scalars[1]; + if (!ec_point_is_compat(r, group) + || (point != NULL && !ec_point_is_compat(point, group))) { + ECerr(EC_F_EC_POINT_MUL, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } - points[0] = point; - scalars[0] = p_scalar; + if (g_scalar == NULL && p_scalar == NULL) + return EC_POINT_set_to_infinity(group, r); - return EC_POINTs_mul(group, r, g_scalar, - (point != NULL - && p_scalar != NULL), points, scalars, ctx); +#ifndef FIPS_MODULE + if (ctx == NULL) + ctx = new_ctx = BN_CTX_secure_new(); +#endif + if (ctx == NULL) { + ECerr(EC_F_EC_POINT_MUL, ERR_R_INTERNAL_ERROR); + return 0; + } + + if (group->meth->mul != NULL) + ret = group->meth->mul(group, r, g_scalar, point != NULL + && p_scalar != NULL, &point, &p_scalar, ctx); + else + /* use default */ + ret = ec_wNAF_mul(group, r, g_scalar, point != NULL + && p_scalar != NULL, &point, &p_scalar, ctx); + +#ifndef FIPS_MODULE + BN_CTX_free(new_ctx); +#endif + return ret; } int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 7bf0611ec4..9d5e960841 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -696,6 +696,7 @@ EC_F_EC_POINT_INVERT:210:EC_POINT_invert EC_F_EC_POINT_IS_AT_INFINITY:118:EC_POINT_is_at_infinity EC_F_EC_POINT_IS_ON_CURVE:119:EC_POINT_is_on_curve EC_F_EC_POINT_MAKE_AFFINE:120:EC_POINT_make_affine +EC_F_EC_POINT_MUL:309: EC_F_EC_POINT_NEW:121:EC_POINT_new EC_F_EC_POINT_OCT2POINT:122:EC_POINT_oct2point EC_F_EC_POINT_POINT2BUF:281:EC_POINT_point2buf diff --git a/doc/man3/EC_POINT_add.pod b/doc/man3/EC_POINT_add.pod index 9b71d71f55..3ac567f815 100644 --- a/doc/man3/EC_POINT_add.pod +++ b/doc/man3/EC_POINT_add.pod @@ -18,13 +18,15 @@ EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_i int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx); - int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, - const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + Deprecated since OpenSSL 3.0: + + int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, + const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); =head1 DESCRIPTION @@ -43,12 +45,14 @@ The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal co-ordinate system. In the case of EC_POINTs_make_affine the value B provides the number of points in the array B to be forced. -EC_POINT_mul is a convenient interface to EC_POINTs_mul: it calculates the value generator * B + B * B and stores the result in B. +EC_POINT_mul calculates the value generator * B + B * B and stores the result in B. The value B may be NULL in which case the result is just B * B (variable point multiplication). Alternatively, both B and B may be NULL, and B non-NULL, in which case the result is just generator * B (fixed point multiplication). When performing a single fixed or variable point multiplication, the underlying implementation uses a constant time algorithm, when the input scalar (either B or B) is in the range [0, ec_group_order). +Although deprecated in OpenSSL 3.0 and should no longer be used, EC_POINTs_mul calculates the value generator * B + B * B + ... + B * B. As for EC_POINT_mul the value B may be NULL or B may be zero. When performing a fixed point multiplication (B is non-NULL and B is 0) or a variable point multiplication (B is NULL and B is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either B or B) is in the range [0, ec_group_order). +Modern versions should instead use EC_POINT_mul(), combined (if needed) with EC_POINT_add() in such rare circumstances. The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See L for information @@ -74,6 +78,10 @@ L, L, L, L, L, L, L +=head1 HISTORY + +EC_POINTs_mul() was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 09c3e2916f..703fc1cd40 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -775,9 +775,10 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, - size_t num, const EC_POINT *p[], const BIGNUM *m[], - BN_CTX *ctx); +DEPRECATEDIN_3_0(int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *n, size_t num, + const EC_POINT *p[], const BIGNUM *m[], + BN_CTX *ctx)) /** Computes r = generator * n + q * m * \param group underlying EC_GROUP object diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h index cf845fbb1a..49adc7c681 100644 --- a/include/openssl/ecerr.h +++ b/include/openssl/ecerr.h @@ -170,6 +170,7 @@ int ERR_load_EC_strings(void); # define EC_F_EC_POINT_IS_AT_INFINITY 0 # define EC_F_EC_POINT_IS_ON_CURVE 0 # define EC_F_EC_POINT_MAKE_AFFINE 0 +# define EC_F_EC_POINT_MUL 0 # define EC_F_EC_POINT_NEW 0 # define EC_F_EC_POINT_OCT2POINT 0 # define EC_F_EC_POINT_POINT2BUF 0 diff --git a/test/ectest.c b/test/ectest.c index 5c31efe1f3..bbcd9677d5 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -8,6 +8,14 @@ * https://www.openssl.org/source/license.html */ +/* + * We need access to the deprecated EC_POINTs_mul for testing purposes + * when the deprecated calls are not hidden + */ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +# define OPENSSL_SUPPRESS_DEPRECATED +#endif + #include #include "internal/nelem.h" #include "testutil.h" @@ -64,8 +72,10 @@ static int group_order_tests(EC_GROUP *group) goto err; for (i = 1; i <= 2; i++) { +# ifndef OPENSSL_NO_DEPRECATED_3_0 const BIGNUM *scalars[6]; const EC_POINT *points[6]; +# endif if (!TEST_true(BN_set_word(n1, i)) /* @@ -97,11 +107,11 @@ static int group_order_tests(EC_GROUP *group) /* Add P to verify the result. */ || !TEST_true(EC_POINT_add(group, Q, Q, P, ctx)) || !TEST_true(EC_POINT_is_at_infinity(group, Q)) - - /* Exercise EC_POINTs_mul, including corner cases. */ || !TEST_false(EC_POINT_is_at_infinity(group, P))) goto err; +# ifndef OPENSSL_NO_DEPRECATED_3_0 + /* Exercise EC_POINTs_mul, including corner cases. */ scalars[0] = scalars[1] = BN_value_one(); points[0] = points[1] = P; @@ -125,6 +135,7 @@ static int group_order_tests(EC_GROUP *group) if (!TEST_true(EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) || !TEST_true(EC_POINT_is_at_infinity(group, P))) goto err; +# endif } r = 1; @@ -152,8 +163,10 @@ static int prime_field_tests(void) *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; EC_POINT *P = NULL, *Q = NULL, *R = NULL; BIGNUM *x = NULL, *y = NULL, *z = NULL, *yplusone = NULL; +# ifndef OPENSSL_NO_DEPRECATED_3_0 const EC_POINT *points[4]; const BIGNUM *scalars[4]; +# endif unsigned char buf[100]; size_t len, r = 0; int k; @@ -548,6 +561,9 @@ static int prime_field_tests(void) || !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */ || !TEST_false(EC_POINT_is_at_infinity(group, Q))) goto err; + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + TEST_note("combined multiplication ..."); points[0] = Q; points[1] = Q; points[2] = Q; @@ -558,11 +574,10 @@ static int prime_field_tests(void) || !TEST_BN_even(y) || !TEST_true(BN_rshift1(y, y))) goto err; + scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ scalars[1] = y; - TEST_note("combined multiplication ..."); - /* z is still the group order */ if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) || !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) @@ -593,10 +608,8 @@ static int prime_field_tests(void) if (!TEST_true(EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) || !TEST_true(EC_POINT_is_at_infinity(group, P))) goto err; - +# endif TEST_note(" ok\n"); - - r = 1; err: BN_CTX_free(ctx); @@ -803,8 +816,10 @@ static int char2_curve_test(int n) BIGNUM *x = NULL, *y = NULL, *z = NULL, *cof = NULL, *yplusone = NULL; EC_GROUP *group = NULL, *variable = NULL; EC_POINT *P = NULL, *Q = NULL, *R = NULL; +# ifndef OPENSSL_NO_DEPRECATED_3_0 const EC_POINT *points[3]; const BIGNUM *scalars[3]; +# endif struct c2_curve_test *const test = char2_curve_tests + n; if (!TEST_ptr(ctx = BN_CTX_new()) @@ -888,6 +903,8 @@ static int char2_curve_test(int n) || !TEST_false(EC_POINT_is_at_infinity(group, Q))) goto err; +# ifndef OPENSSL_NO_DEPRECATED_3_0 + TEST_note("combined multiplication ..."); points[0] = Q; points[1] = Q; points[2] = Q; @@ -899,8 +916,6 @@ static int char2_curve_test(int n) scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ scalars[1] = y; - TEST_note("combined multiplication ..."); - /* z is still the group order */ if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) || !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) @@ -929,7 +944,8 @@ static int char2_curve_test(int n) if (!TEST_true(EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) || !TEST_true(EC_POINT_is_at_infinity(group, P))) - goto err;; + goto err; +# endif } r = 1; diff --git a/util/libcrypto.num b/util/libcrypto.num index 104e065bbd..ef0b76b1a9 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -144,7 +144,7 @@ IDEA_set_decrypt_key 146 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 X509_STORE_CTX_set_flags 147 3_0_0 EXIST::FUNCTION: BIO_ADDR_rawmake 148 3_0_0 EXIST::FUNCTION:SOCK EVP_PKEY_asn1_set_ctrl 149 3_0_0 EXIST::FUNCTION: -EC_POINTs_mul 150 3_0_0 EXIST::FUNCTION:EC +EC_POINTs_mul 150 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC ASN1_get_object 151 3_0_0 EXIST::FUNCTION: i2d_IPAddressFamily 152 3_0_0 EXIST::FUNCTION:RFC3779 ENGINE_get_ctrl_function 153 3_0_0 EXIST::FUNCTION:ENGINE From no-reply at appveyor.com Sat May 16 23:06:25 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 16 May 2020 23:06:25 +0000 Subject: Build failed: openssl master.34162 Message-ID: <20200516230625.1.970D1E4C47C459E4@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 16 23:57:35 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 16 May 2020 23:57:35 +0000 Subject: Build failed: openssl OpenSSL_1_1_1-stable.34163 Message-ID: <20200516235735.1.BF9F2CE771C02EA0@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun May 17 00:57:20 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 17 May 2020 00:57:20 +0000 Subject: Build failed: openssl master.34164 Message-ID: <20200517005720.1.CB95C0DA567F1F06@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun May 17 06:23:11 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 17 May 2020 06:23:11 +0000 Subject: Build completed: openssl master.34165 Message-ID: <20200517062311.1.524627753C61D66C@appveyor.com> An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun May 17 08:14:56 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 17 May 2020 08:14:56 +0000 (UTC) Subject: Coverity Scan: Analysis failed for openssl/openssl Message-ID: <5ec0f27fae587_f0822ad2abe4cf5c364f5@appnode-2.mail> Your request for analysis of openssl/openssl is failed. Analysis status: No action need The problem is on the Coverity server, and we will address it. Your request will be automatically submitted for analysis. If you do not see your build being analyzed, please email scan-admin at coverity.com. From scan-admin at coverity.com Sun May 17 15:57:24 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 17 May 2020 15:57:24 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5ec15ee490e42_1d87f2ad2abe4cf5c364c1@appnode-2.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDi0WH2X69cApo3pLD935e8Q-3D-3DvPYy_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeF46VipcIzekEg-2FzVlFYek7koEoRAqg0JAApUq5nSVwOJZ6-2Ba6ejAH-2B4aCLrLLShFlXMyBsfMVPd9TB5dht6S5e4wzj80evbz1ojHazSUg2WeHL2krBoGH1Ba3PRGsbvCmuGp3Ho0GVZjL1G7-2BZu-2Fhwq-2BmRoqezzX0jQTiPib5iusn4e5cR0sLMEnfrdXmKTif6DIgvzul7f7CF6oAtUTt3 Build ID: 314541 Analysis Summary: New defects found: 9 Defects eliminated: 2 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/ls/click?upn=QsMnDxMCOVVs7CDlyD2jouKTgNlKFinTRd3y-2BJC7sZryfVdWHH2BBU620aHLHGfhMXPTHYY5wQ5zOiTMnTlWDg-3D-3DB4c9_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeF46VipcIzekEg-2FzVlFYek7koEoRAqg0JAApUq5nSVwOKQlqidqVL15ln3n58B6i1j9nHBC9oXQmegZ4JoRIibKCY1KUivE84wPRhSgkfroNPFPqJhBG0SERPwmCEraq4Mv46a4iKyGZSZPcSkqC3TE7pT8W8nfUHlEbO106eZHcV0jcvqZPpQ-2BoxYxU32tOFRwyQS4B-2FsRc7iyAC-2FJUxYE From openssl at openssl.org Mon May 18 05:42:23 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 18 May 2020 05:42:23 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1589780543.464183.21362.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 4fcd15c18a deprecate EC_POINTs_mul function 06a2027bd5 Update documentation following changes of various types d40b42ab4c Maintain strict type discipline between the core and providers 827f04d510 CORE: Fix a couple of bugs in algorithm_do_this() 0b2b0be948 Test TLSv1.3 out-of-band PSK with all 5 ciphersuites 2e1a4f6aeb Fix crash in early data send with out-of-band PSK using AES CCM 43a70f0202 Fix all MD036 (emphasis used instead of heading) a51f225d0d Add "md-nits" make target 538404d218 Add 'methods' parameter to setup_engine() in apps.c for individual method defaults 8c10e1b660 Clean up macro definitions of openssl_fdset() in apps.h and sockets.h 6d382c74b3 Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c 60d5331350 Nit-fix: remove whitespace in doc/man3/EVP_PKEY_fromdata.pod causing warning db71d31547 Guard use of struct tms with #ifdef __TMS like done earlier in apps/lib/apps.c c6601bd2d7 Build: make apps/progs.c depend on configdata.pm 92dc275f95 SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys 8062724063 Ignore some auto-generated DER files 5d979e0484 Prepare for 3.0 alpha 3 9e8604b891 Prepare for release of 3.0 alpha 2 454afd9866 Update copyright year 11d7d90344 If SOURCE_DATE_EPOCH is defined, use it for copyright year d30ef63964 Correct alignment calculation in ssl3_setup_write 76899264cb Configure: Avoid SIXTY_FOUR_BIT for linux-mips64 64af3aecae dev/release.sh: Add --reviewer to set reviewers 6c3cbc9391 Pass "-z defs" to the linker via "-Wl,-z,defs" rather than with gcc's -z flag (which is not supported by older compilers). Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1989, 628 wallclock secs ( 7.96 usr 1.39 sys + 588.91 cusr 40.70 csys = 638.96 CPU) Result: FAIL Makefile:3051: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3049: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Mon May 18 08:35:31 2020 From: matt at openssl.org (Matt Caswell) Date: Mon, 18 May 2020 08:35:31 +0000 Subject: [openssl] master update Message-ID: <1589790931.315464.30165.nullmailer@dev.openssl.org> The branch master has been updated via d9321c09ea0b1231d9752935e15eb05231ae147a (commit) from 4fcd15c18ad6b5523a389863d3e5628d44db6eb4 (commit) - Log ----------------------------------------------------------------- commit d9321c09ea0b1231d9752935e15eb05231ae147a Author: Nikolay Morozov Date: Thu May 14 22:32:59 2020 +0300 Fix small documentation issues Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11835) ----------------------------------------------------------------------- Summary of changes: doc/man3/ASN1_STRING_TABLE_add.pod | 2 +- doc/man3/ASN1_STRING_length.pod | 6 ++--- doc/man3/ASN1_STRING_new.pod | 4 +-- doc/man3/ISSUER_SIGN_TOOL_new.pod | 51 -------------------------------------- doc/man3/X509_dup.pod | 5 ++++ doc/man3/d2i_X509.pod | 2 ++ util/missingcrypto.txt | 2 -- 7 files changed, 13 insertions(+), 59 deletions(-) delete mode 100644 doc/man3/ISSUER_SIGN_TOOL_new.pod diff --git a/doc/man3/ASN1_STRING_TABLE_add.pod b/doc/man3/ASN1_STRING_TABLE_add.pod index f7b65fc23e..340a99e683 100644 --- a/doc/man3/ASN1_STRING_TABLE_add.pod +++ b/doc/man3/ASN1_STRING_TABLE_add.pod @@ -13,7 +13,7 @@ ASN1_STRING_TABLE_cleanup - ASN1_STRING_TABLE manipulation functions int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, unsigned long mask, unsigned long flags); - ASN1_STRING_TABLE * ASN1_STRING_TABLE_get(int nid); + ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); void ASN1_STRING_TABLE_cleanup(void); =head1 DESCRIPTION diff --git a/doc/man3/ASN1_STRING_length.pod b/doc/man3/ASN1_STRING_length.pod index ae03dd9737..5d974fddd1 100644 --- a/doc/man3/ASN1_STRING_length.pod +++ b/doc/man3/ASN1_STRING_length.pod @@ -11,10 +11,10 @@ ASN1_STRING_to_UTF8 - ASN1_STRING utility functions #include int ASN1_STRING_length(ASN1_STRING *x); - const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x); - unsigned char * ASN1_STRING_data(ASN1_STRING *x); + const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); + unsigned char *ASN1_STRING_data(ASN1_STRING *x); - ASN1_STRING * ASN1_STRING_dup(const ASN1_STRING *a); + ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); diff --git a/doc/man3/ASN1_STRING_new.pod b/doc/man3/ASN1_STRING_new.pod index 581d3f6e36..83f6aaa6f8 100644 --- a/doc/man3/ASN1_STRING_new.pod +++ b/doc/man3/ASN1_STRING_new.pod @@ -9,8 +9,8 @@ ASN1_STRING allocation functions #include - ASN1_STRING * ASN1_STRING_new(void); - ASN1_STRING * ASN1_STRING_type_new(int type); + ASN1_STRING *ASN1_STRING_new(void); + ASN1_STRING *ASN1_STRING_type_new(int type); void ASN1_STRING_free(ASN1_STRING *a); =head1 DESCRIPTION diff --git a/doc/man3/ISSUER_SIGN_TOOL_new.pod b/doc/man3/ISSUER_SIGN_TOOL_new.pod deleted file mode 100644 index 4fb1f70f25..0000000000 --- a/doc/man3/ISSUER_SIGN_TOOL_new.pod +++ /dev/null @@ -1,51 +0,0 @@ -=pod - -=head1 NAME - -ISSUER_SIGN_TOOL_new, ISSUER_SIGN_TOOL_free,ISSUER_SIGN_TOOL_it, -d2i_ISSUER_SIGN_TOOL, i2d_ISSUER_SIGN_TOOL - -=head1 SYNOPSIS - -=for openssl generic - - #include - - extern const ISSUER_SIGN_TOOL_it; - - ISSUER_SIGN_TOOL *ISSUER_SIGN_TOOL_new(void); - void ISSUER_SIGN_TOOL_free(ISSUER_SIGN_TOOL *v); - - ISSUER_SIGN_TOOL *d2i_ISSUER_SIGN_TOOL(ISSUER_SIGN_TOOL **a, const unsigned char **pp, long length); - int i2d_ISSUER_SIGN_TOOL(const ISSUER_SIGN_TOOL *a, unsigned char **pp); - -=head1 DESCRIPTION - -The ISSUER_SIGN_TOOL_new() function returns a new ISSUER_SIGN_TOOL. - -ISSUER_SIGN_TOOL_free() frees up a single ISSUER_SIGN_TOOL object. - -=head1 RETURN VALUES - -ISSUER_SIGN_TOOL_new() returns a newly created ISSUER_SIGN_TOOL or NULL if the call fails. - -ISSUER_SIGN_TOOL_free() does not return values. - -d2i_ISSUER_SIGN_TOOL() and i2d_ISSUER_SIGN_TOOL() decode and encode an B -structure. They otherwise follow the conventions of other ASN.1 functions such as d2i_X509(). - -=head1 HISTORY - -The ISSUER_SIGN_TOOL_up_ref(), ISSUER_SIGN_TOOL_lock() and ISSUER_SIGN_TOOL_unlock() -functions were added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod index 16c9935741..a92d82098d 100644 --- a/doc/man3/X509_dup.pod +++ b/doc/man3/X509_dup.pod @@ -81,7 +81,11 @@ IPAddressOrRange_free, IPAddressOrRange_new, IPAddressRange_free, IPAddressRange_new, +ISSUER_SIGN_TOOL_free, +ISSUER_SIGN_TOOL_it, +ISSUER_SIGN_TOOL_new, ISSUING_DIST_POINT_free, +ISSUING_DIST_POINT_it, ISSUING_DIST_POINT_new, NAME_CONSTRAINTS_free, NAME_CONSTRAINTS_new, @@ -252,6 +256,7 @@ TS_TST_INFO_new, USERNOTICE_free, USERNOTICE_new, X509_ALGOR_free, +X509_ALGOR_it, X509_ALGOR_new, X509_ATTRIBUTE_dup, X509_ATTRIBUTE_free, diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index 03548b233c..4dea774fb6 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -75,6 +75,7 @@ d2i_IPAddressChoice, d2i_IPAddressFamily, d2i_IPAddressOrRange, d2i_IPAddressRange, +d2i_ISSUER_SIGN_TOOL, d2i_ISSUING_DIST_POINT, d2i_NAMING_AUTHORITY, d2i_NETSCAPE_CERT_SEQUENCE, @@ -267,6 +268,7 @@ i2d_IPAddressChoice, i2d_IPAddressFamily, i2d_IPAddressOrRange, i2d_IPAddressRange, +i2d_ISSUER_SIGN_TOOL, i2d_ISSUING_DIST_POINT, i2d_NAMING_AUTHORITY, i2d_NETSCAPE_CERT_SEQUENCE, diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index 3473a8694c..6fba94701a 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -738,7 +738,6 @@ IPAddressChoice_it(3) IPAddressFamily_it(3) IPAddressOrRange_it(3) IPAddressRange_it(3) -ISSUING_DIST_POINT_it(3) LONG_it(3) MD2_options(3) MD4_Transform(3) @@ -1315,7 +1314,6 @@ X509V3_set_ctx(3) X509V3_set_nconf(3) X509V3_string_free(3) X509_ALGORS_it(3) -X509_ALGOR_it(3) X509_ATTRIBUTE_count(3) X509_ATTRIBUTE_create(3) X509_ATTRIBUTE_create_by_NID(3) From matt at openssl.org Mon May 18 08:53:44 2020 From: matt at openssl.org (Matt Caswell) Date: Mon, 18 May 2020 08:53:44 +0000 Subject: [openssl] master update Message-ID: <1589792024.620897.18101.nullmailer@dev.openssl.org> The branch master has been updated via 88b15ed9a54c591c3962149560d4f851322a54c4 (commit) from d9321c09ea0b1231d9752935e15eb05231ae147a (commit) - Log ----------------------------------------------------------------- commit 88b15ed9a54c591c3962149560d4f851322a54c4 Author: Matt Caswell Date: Thu May 14 15:45:38 2020 +0100 Delete the sslprovider test This was added before the changes to the sslap/ssl_new/ssl_old tests which run those tests with a non-default library context. It no longer adds anything that those tests don't already do, so it can be deleted. This also fixes a number of run-checker build failures which were failing in this test if TLSv1.2 was disabled. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11832) ----------------------------------------------------------------------- Summary of changes: test/build.info | 6 +- test/recipes/90-test_sslprovider.t | 50 ------------- test/sslprovidertest.c | 143 ------------------------------------- 3 files changed, 1 insertion(+), 198 deletions(-) delete mode 100644 test/recipes/90-test_sslprovider.t delete mode 100644 test/sslprovidertest.c diff --git a/test/build.info b/test/build.info index 6d670ea175..112b68c22f 100644 --- a/test/build.info +++ b/test/build.info @@ -44,7 +44,7 @@ IF[{- !$disabled{tests} -}] dtlsv1listentest ct_test threadstest afalgtest d2i_test \ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ bio_callback_test bio_memleak_test param_build_test \ - bioprinttest sslapitest sslprovidertest dtlstest sslcorrupttest \ + bioprinttest sslapitest dtlstest sslcorrupttest \ bio_enc_test pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \ cipherbytes_test \ asn1_encode_test asn1_decode_test asn1_string_table_test \ @@ -294,10 +294,6 @@ IF[{- !$disabled{tests} -}] INCLUDE[sslapitest]=../include ../apps/include .. DEPEND[sslapitest]=../libcrypto ../libssl libtestutil.a - SOURCE[sslprovidertest]=sslprovidertest.c ssltestlib.c - INCLUDE[sslprovidertest]=../include ../apps/include .. - DEPEND[sslprovidertest]=../libcrypto ../libssl libtestutil.a - SOURCE[ocspapitest]=ocspapitest.c INCLUDE[ocspapitest]=../include ../apps/include DEPEND[ocspapitest]=../libcrypto libtestutil.a diff --git a/test/recipes/90-test_sslprovider.t b/test/recipes/90-test_sslprovider.t deleted file mode 100644 index 1a2a28557e..0000000000 --- a/test/recipes/90-test_sslprovider.t +++ /dev/null @@ -1,50 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -use OpenSSL::Test::Utils; -use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_file bldtop_dir/; - -BEGIN { -setup("test_sslprovider"); -} - -use lib srctop_dir('Configurations'); -use lib bldtop_dir('.'); -use platform; - -plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" - if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); - -plan tests => 3; - -SKIP: { - skip "Skipping FIPS installation", 1 - if disabled("fips"); - - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', bldtop_file('providers', platform->dso('fips')), - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', - '-section_name', 'fips_sect'])), - "fipsinstall"); -} - -ok(run(test(["sslprovidertest", srctop_dir("test", "certs"), "default", - srctop_file("test", "default.cnf")])), - "running sslprovidertest"); - -SKIP: { - skip "Skipping FIPS provider test", 1 - if disabled("fips"); - - ok(run(test(["sslprovidertest", srctop_dir("test", "certs"), "fips", - srctop_file("test", "fips.cnf")])), - "running sslprovidertest"); -} diff --git a/test/sslprovidertest.c b/test/sslprovidertest.c deleted file mode 100644 index 8bcfd5f94b..0000000000 --- a/test/sslprovidertest.c +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#include "ssltestlib.h" -#include "testutil.h" - -static char *cert = NULL; -static char *privkey = NULL; -static char *modulename = NULL; -static char *configfile = NULL; - -static OSSL_PROVIDER *defctxlegacy = NULL; - -static int test_different_libctx(void) -{ - SSL_CTX *cctx = NULL, *sctx = NULL; - SSL *clientssl = NULL, *serverssl = NULL; - int testresult = 0; - OPENSSL_CTX *libctx = OPENSSL_CTX_new(); - OSSL_PROVIDER *prov = NULL; - - /* - * Verify that the default and fips providers in the default libctx are not - * available - */ - if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")) - || !TEST_false(OSSL_PROVIDER_available(NULL, "fips"))) - goto end; - - if (!TEST_true(OPENSSL_CTX_load_config(libctx, configfile))) - goto end; - - prov = OSSL_PROVIDER_load(libctx, modulename); - if (!TEST_ptr(prov) - /* Check we have the provider available */ - || !TEST_true(OSSL_PROVIDER_available(libctx, modulename))) - goto end; - /* Check the default provider is not available */ - if (strcmp(modulename, "default") != 0 - && !TEST_false(OSSL_PROVIDER_available(libctx, "default"))) - goto end; - TEST_note("%s provider loaded", modulename); - - /* - * TODO(3.0): Make this work in TLSv1.3. Currently we can only do RSA key - * exchange, because we don't have key gen/param gen for EC yet - which - * implies TLSv1.2 only - */ - if (!TEST_true(create_ssl_ctx_pair(libctx, - TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, - TLS1_2_VERSION, - &sctx, &cctx, cert, privkey))) - goto end; - - /* Ensure we use a FIPS compatible ciphersuite and sigalg */ - if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA256")) - || !TEST_true(SSL_CTX_set1_sigalgs_list(cctx, "RSA+SHA256"))) - goto end; - - if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) - goto end; - - /* This time we expect success */ - if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) - goto end; - - /* - * Verify that the default and fips providers in the default libctx are - * still not available - */ - if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")) - || !TEST_false(OSSL_PROVIDER_available(NULL, "fips"))) - goto end; - - testresult = 1; - - end: - SSL_free(serverssl); - SSL_free(clientssl); - SSL_CTX_free(sctx); - SSL_CTX_free(cctx); - - OSSL_PROVIDER_unload(prov); - OPENSSL_CTX_free(libctx); - - return testresult; -} - -int setup_tests(void) -{ - char *certsdir = NULL; - - if (!test_skip_common_options()) { - TEST_error("Error parsing test options\n"); - return 0; - } - - if (!TEST_ptr(certsdir = test_get_argument(0)) - || !TEST_ptr(modulename = test_get_argument(1)) - || !TEST_ptr(configfile = test_get_argument(2))) - return 0; - - cert = test_mk_file_path(certsdir, "servercert.pem"); - if (cert == NULL) - return 0; - - privkey = test_mk_file_path(certsdir, "serverkey.pem"); - if (privkey == NULL) { - OPENSSL_free(cert); - return 0; - } - - /* - * For tests in this file we want to ensure the default ctx does not have - * the default provider loaded into the default ctx. So we load "legacy" to - * prevent default from being auto-loaded. This tests that there is no - * "leakage", i.e. when using SSL_CTX_new_with_libctx() we expect only the - * specific libctx to be used - nothing should fall back to the default - * libctx - */ - defctxlegacy = OSSL_PROVIDER_load(NULL, "legacy"); - - ADD_TEST(test_different_libctx); - - return 1; -} - -void cleanup_tests(void) -{ - OSSL_PROVIDER_unload(defctxlegacy); -} From matt at openssl.org Mon May 18 09:04:34 2020 From: matt at openssl.org (Matt Caswell) Date: Mon, 18 May 2020 09:04:34 +0000 Subject: [openssl] master update Message-ID: <1589792674.274027.4842.nullmailer@dev.openssl.org> The branch master has been updated via 082394839ea32386abc7ee33aaa9da864287064c (commit) from 88b15ed9a54c591c3962149560d4f851322a54c4 (commit) - Log ----------------------------------------------------------------- commit 082394839ea32386abc7ee33aaa9da864287064c Author: Maxim Zakharov <5158255+Maxime2 at users.noreply.github.com> Date: Fri May 8 14:58:10 2020 +1000 TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux) Signed-off-by: Maxim Zakharov <5158255+Maxime2 at users.noreply.github.com> Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11767) ----------------------------------------------------------------------- Summary of changes: crypto/ui/ui_openssl.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index cf873431f7..e41a719e65 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -435,6 +435,16 @@ static int open_console(UI *ui) is_a_tty = 0; else # endif +# ifdef EPERM + /* + * Linux can return EPERM (Operation not permitted), + * e.g. if a daemon executes openssl via fork()+execve() + * This should be ok + */ + if (errno == EPERM) + is_a_tty = 0; + else +# endif # ifdef ENODEV /* * MacOS X returns ENODEV (Operation not supported by device), From matt at openssl.org Mon May 18 09:09:32 2020 From: matt at openssl.org (Matt Caswell) Date: Mon, 18 May 2020 09:09:32 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1589792972.516105.13957.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via da96ffd2384144529a4236c892da07eb261d7089 (commit) from 6b4b92d7f212caf4c525af4bf0c35fbbf5f38a3b (commit) - Log ----------------------------------------------------------------- commit da96ffd2384144529a4236c892da07eb261d7089 Author: Maxim Zakharov <5158255+Maxime2 at users.noreply.github.com> Date: Fri May 8 14:58:10 2020 +1000 TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux) Signed-off-by: Maxim Zakharov <5158255+Maxime2 at users.noreply.github.com> Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11767) (cherry picked from commit 082394839ea32386abc7ee33aaa9da864287064c) ----------------------------------------------------------------------- Summary of changes: crypto/ui/ui_openssl.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 168de4630d..6830bd25c2 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -439,6 +439,16 @@ static int open_console(UI *ui) is_a_tty = 0; else # endif +# ifdef EPERM + /* + * Linux can return EPERM (Operation not permitted), + * e.g. if a daemon executes openssl via fork()+execve() + * This should be ok + */ + if (errno == EPERM) + is_a_tty = 0; + else +# endif # ifdef ENODEV /* * MacOS X returns ENODEV (Operation not supported by device), From bernd.edlinger at hotmail.de Mon May 18 15:17:50 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Mon, 18 May 2020 15:17:50 +0000 Subject: [openssl] master update Message-ID: <1589815070.814927.30124.nullmailer@dev.openssl.org> The branch master has been updated via e9e7b5df865c0bcd0a99d8146ec05378892a36e1 (commit) from 082394839ea32386abc7ee33aaa9da864287064c (commit) - Log ----------------------------------------------------------------- commit e9e7b5df865c0bcd0a99d8146ec05378892a36e1 Author: Bernd Edlinger Date: Sun May 17 14:45:28 2020 +0200 Fix some places where X509_up_ref is used without error handling. This takes up the ball from #11278 without trying to solve everything at once. [extended tests] Reviewed-by: Matt Caswell Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/11850) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 5 +++-- crypto/x509/x509_err.c | 4 ++-- crypto/x509/x509_vfy.c | 52 ++++++++++++++++++++++++++++++++++------------- crypto/x509/x_pubkey.c | 7 +++++-- include/openssl/x509err.h | 4 +++- 5 files changed, 51 insertions(+), 21 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 9d5e960841..4451ba95a1 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1001,17 +1001,17 @@ PEM_F_D2I_PKCS8PRIVATEKEY_BIO:120:d2i_PKCS8PrivateKey_bio PEM_F_D2I_PKCS8PRIVATEKEY_FP:121:d2i_PKCS8PrivateKey_fp PEM_F_DO_B2I:132:do_b2i PEM_F_DO_B2I_BIO:133:do_b2i_bio -PEM_F_OSSL_DO_BLOB_HEADER:134:ossl_do_blob_header PEM_F_DO_I2B:146:do_i2b PEM_F_DO_PK8PKEY:126:do_pk8pkey PEM_F_DO_PK8PKEY_FP:125:do_pk8pkey_fp PEM_F_DO_PVK_BODY:135:do_PVK_body -PEM_F_OSSL_DO_PVK_HEADER:136:ossl_do_PVK_header PEM_F_GET_HEADER_AND_DATA:143:get_header_and_data PEM_F_GET_NAME:144:get_name PEM_F_I2B_PVK:137:i2b_PVK PEM_F_I2B_PVK_BIO:138:i2b_PVK_bio PEM_F_LOAD_IV:101:load_iv +PEM_F_OSSL_DO_BLOB_HEADER:134:ossl_do_blob_header +PEM_F_OSSL_DO_PVK_HEADER:136:ossl_do_PVK_header PEM_F_PEM_ASN1_READ:102:PEM_ASN1_read PEM_F_PEM_ASN1_READ_BIO:103:PEM_ASN1_read_bio PEM_F_PEM_ASN1_WRITE:104:PEM_ASN1_write @@ -1874,6 +1874,7 @@ X509_F_X509_NAME_PRINT:117:X509_NAME_print X509_F_X509_OBJECT_NEW:150:X509_OBJECT_new X509_F_X509_PRINT_EX_FP:118:X509_print_ex_fp X509_F_X509_PUBKEY_DECODE:148:x509_pubkey_decode +X509_F_X509_PUBKEY_GET:166:X509_PUBKEY_get X509_F_X509_PUBKEY_GET0:119:X509_PUBKEY_get0 X509_F_X509_PUBKEY_SET:120:X509_PUBKEY_set X509_F_X509_REQ_CHECK_PRIVATE_KEY:144:X509_REQ_check_private_key diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index e37024b59f..450f2a7930 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -20,10 +20,10 @@ static const ERR_STRING_DATA X509_str_reasons[] = { {ERR_PACK(ERR_LIB_X509, 0, X509_R_BASE64_DECODE_ERROR), "base64 decode error"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_CANT_CHECK_DH_KEY), "cant check dh key"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_CERT_ALREADY_IN_HASH_TABLE), - "cert already in hash table"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_CERTIFICATE_VERIFICATION_FAILED), "certificate verification failed"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_CERT_ALREADY_IN_HASH_TABLE), + "cert already in hash table"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_ALREADY_DELTA), "crl already delta"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE), "crl verify failure"}, diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index fb0469183f..75c5c0e201 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -139,10 +139,9 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) xtmp = sk_X509_value(certs, i); if (!X509_cmp(xtmp, x)) break; + xtmp = NULL; } - if (i < sk_X509_num(certs)) - X509_up_ref(xtmp); - else + if (xtmp != NULL && !X509_up_ref(xtmp)) xtmp = NULL; sk_X509_pop_free(certs, X509_free); return xtmp; @@ -275,17 +274,24 @@ int X509_verify_cert(X509_STORE_CTX *ctx) return -1; } + if (!X509_up_ref(ctx->cert)) { + X509err(X509_F_X509_VERIFY_CERT, ERR_R_INTERNAL_ERROR); + ctx->error = X509_V_ERR_UNSPECIFIED; + return -1; + } + /* * first we make sure the chain we are going to build is present and that * the first entry is in place */ - if (((ctx->chain = sk_X509_new_null()) == NULL) || - (!sk_X509_push(ctx->chain, ctx->cert))) { + if ((ctx->chain = sk_X509_new_null()) == NULL + || !sk_X509_push(ctx->chain, ctx->cert)) { + X509_free(ctx->cert); X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); ctx->error = X509_V_ERR_OUT_OF_MEM; return -1; } - X509_up_ref(ctx->cert); + ctx->num_untrusted = 1; /* If the peer's public key is too weak, we can stop early. */ @@ -370,11 +376,15 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { *issuer = find_issuer(ctx, ctx->other_ctx, x); - if (*issuer) { - X509_up_ref(*issuer); - return 1; - } else - return 0; + + if (*issuer == NULL || !X509_up_ref(*issuer)) + goto err; + + return 1; + + err: + *issuer = NULL; + return 0; } static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, @@ -387,15 +397,20 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) { x = sk_X509_value(ctx->other_ctx, i); if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) { + if (!X509_up_ref(x)) { + X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_INTERNAL_ERROR); + ctx->error = X509_V_ERR_UNSPECIFIED; + return NULL; + } if (sk == NULL) sk = sk_X509_new_null(); - if (sk == NULL || sk_X509_push(sk, x) == 0) { + if (sk == NULL || !sk_X509_push(sk, x)) { + X509_free(x); sk_X509_pop_free(sk, X509_free); X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_MALLOC_FAILURE); ctx->error = X509_V_ERR_OUT_OF_MEM; return NULL; } - X509_up_ref(x); } } return sk; @@ -3244,7 +3259,16 @@ static int build_chain(X509_STORE_CTX *ctx) /* Drop this issuer from future consideration */ (void) sk_X509_delete_ptr(sktmp, xtmp); + if (!X509_up_ref(xtmp)) { + X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR); + trust = X509_TRUST_REJECTED; + ctx->error = X509_V_ERR_UNSPECIFIED; + search = 0; + continue; + } + if (!sk_X509_push(ctx->chain, xtmp)) { + X509_free(xtmp); X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); trust = X509_TRUST_REJECTED; ctx->error = X509_V_ERR_OUT_OF_MEM; @@ -3252,7 +3276,7 @@ static int build_chain(X509_STORE_CTX *ctx) continue; } - X509_up_ref(x = xtmp); + x = xtmp; ++ctx->num_untrusted; ss = cert_self_signed(ctx, xtmp); if (ss < 0) { diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 23e92f2b39..d3e6af2552 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -219,8 +219,11 @@ EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key) EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) { EVP_PKEY *ret = X509_PUBKEY_get0(key); - if (ret != NULL) - EVP_PKEY_up_ref(ret); + + if (ret != NULL && !EVP_PKEY_up_ref(ret)) { + X509err(X509_F_X509_PUBKEY_GET, ERR_R_INTERNAL_ERROR); + ret = NULL; + } return ret; } diff --git a/include/openssl/x509err.h b/include/openssl/x509err.h index 34cd706abb..19743b5987 100644 --- a/include/openssl/x509err.h +++ b/include/openssl/x509err.h @@ -28,6 +28,7 @@ int ERR_load_X509_strings(void); # define X509_F_ADD_CERT_DIR 0 # define X509_F_BUILD_CHAIN 0 # define X509_F_BY_FILE_CTRL 0 +# define X509_F_CACHE_OBJECTS 0 # define X509_F_CHECK_NAME_CONSTRAINTS 0 # define X509_F_CHECK_POLICY 0 # define X509_F_COMMON_VERIFY_SM2 0 @@ -68,6 +69,7 @@ int ERR_load_X509_strings(void); # define X509_F_X509_OBJECT_NEW 0 # define X509_F_X509_PRINT_EX_FP 0 # define X509_F_X509_PUBKEY_DECODE 0 +# define X509_F_X509_PUBKEY_GET 0 # define X509_F_X509_PUBKEY_GET0 0 # define X509_F_X509_PUBKEY_SET 0 # define X509_F_X509_REQ_CHECK_PRIVATE_KEY 0 @@ -101,8 +103,8 @@ int ERR_load_X509_strings(void); # define X509_R_BAD_X509_FILETYPE 100 # define X509_R_BASE64_DECODE_ERROR 118 # define X509_R_CANT_CHECK_DH_KEY 114 -# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 # define X509_R_CERTIFICATE_VERIFICATION_FAILED 139 +# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 # define X509_R_CRL_ALREADY_DELTA 127 # define X509_R_CRL_VERIFY_FAILURE 131 # define X509_R_IDP_MISMATCH 128 From scan-admin at coverity.com Mon May 18 17:48:02 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Mon, 18 May 2020 17:48:02 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5ec2ca524dd99_4f32b2acb47adaf609372f@appnode-2.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDi0WH2X69cApo3pLD935e8Q-3D-3DdDZG_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGCYx5ZvyTZTLBWpkEichnp-2BlyxLA-2BRh2920nj7FyR6X4F2DYKRSq-2FV1i7Zk-2Bn-2FsJd1y4EiGYs3-2BIioxXp5h-2B33nnTd8mBCQwA06zafjz91ieMfmRPqKqC559e7XZP0Jd6D8boTE3hTBlv6JG-2FayDCfeJiYc36g7vw9rZomlOxhSZFrFItZdXwPFAnzeKlaQE4897Stb-2BAjtb9qRahDmCqe Build ID: 314786 Analysis Summary: New defects found: 0 Defects eliminated: 0 From openssl at openssl.org Mon May 18 23:22:38 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 18 May 2020 23:22:38 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1589844158.628416.28305.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 4fcd15c18a deprecate EC_POINTs_mul function 06a2027bd5 Update documentation following changes of various types d40b42ab4c Maintain strict type discipline between the core and providers 827f04d510 CORE: Fix a couple of bugs in algorithm_do_this() 0b2b0be948 Test TLSv1.3 out-of-band PSK with all 5 ciphersuites 2e1a4f6aeb Fix crash in early data send with out-of-band PSK using AES CCM 43a70f0202 Fix all MD036 (emphasis used instead of heading) a51f225d0d Add "md-nits" make target 538404d218 Add 'methods' parameter to setup_engine() in apps.c for individual method defaults 8c10e1b660 Clean up macro definitions of openssl_fdset() in apps.h and sockets.h 6d382c74b3 Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c 60d5331350 Nit-fix: remove whitespace in doc/man3/EVP_PKEY_fromdata.pod causing warning db71d31547 Guard use of struct tms with #ifdef __TMS like done earlier in apps/lib/apps.c c6601bd2d7 Build: make apps/progs.c depend on configdata.pm 92dc275f95 SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys 8062724063 Ignore some auto-generated DER files 5d979e0484 Prepare for 3.0 alpha 3 9e8604b891 Prepare for release of 3.0 alpha 2 454afd9866 Update copyright year 11d7d90344 If SOURCE_DATE_EPOCH is defined, use it for copyright year d30ef63964 Correct alignment calculation in ssl3_setup_write 76899264cb Configure: Avoid SIXTY_FOUR_BIT for linux-mips64 64af3aecae dev/release.sh: Add --reviewer to set reviewers 6c3cbc9391 Pass "-z defs" to the linker via "-Wl,-z,defs" rather than with gcc's -z flag (which is not supported by older compilers). Build log ended with (last 100 lines): rm -f *.ld rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_cmp.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/ISSUER_SIGN_TOOL_new.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/Ed25519.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_cmp.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/ISSUER_SIGN_TOOL_new.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/Ed25519.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/sslprovidertest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests.c providers/common/der/der_dsa.c providers/common/der/der_ec.c providers/common/der/der_rsa.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha3-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4048: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3023: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Tue May 19 03:22:25 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 19 May 2020 03:22:25 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1589858545.365257.9636.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 4fcd15c18a deprecate EC_POINTs_mul function 06a2027bd5 Update documentation following changes of various types d40b42ab4c Maintain strict type discipline between the core and providers 827f04d510 CORE: Fix a couple of bugs in algorithm_do_this() 0b2b0be948 Test TLSv1.3 out-of-band PSK with all 5 ciphersuites 2e1a4f6aeb Fix crash in early data send with out-of-band PSK using AES CCM 43a70f0202 Fix all MD036 (emphasis used instead of heading) a51f225d0d Add "md-nits" make target 538404d218 Add 'methods' parameter to setup_engine() in apps.c for individual method defaults 8c10e1b660 Clean up macro definitions of openssl_fdset() in apps.h and sockets.h 6d382c74b3 Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c 60d5331350 Nit-fix: remove whitespace in doc/man3/EVP_PKEY_fromdata.pod causing warning db71d31547 Guard use of struct tms with #ifdef __TMS like done earlier in apps/lib/apps.c c6601bd2d7 Build: make apps/progs.c depend on configdata.pm 92dc275f95 SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys 8062724063 Ignore some auto-generated DER files 5d979e0484 Prepare for 3.0 alpha 3 9e8604b891 Prepare for release of 3.0 alpha 2 454afd9866 Update copyright year 11d7d90344 If SOURCE_DATE_EPOCH is defined, use it for copyright year d30ef63964 Correct alignment calculation in ssl3_setup_write 76899264cb Configure: Avoid SIXTY_FOUR_BIT for linux-mips64 64af3aecae dev/release.sh: Add --reviewer to set reviewers 6c3cbc9391 Pass "-z defs" to the linker via "-Wl,-z,defs" rather than with gcc's -z flag (which is not supported by older compilers). Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_cmp.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/ISSUER_SIGN_TOOL_new.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/Ed25519.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_cmp.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/ISSUER_SIGN_TOOL_new.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/Ed25519.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/sslprovidertest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests.c providers/common/der/der_dsa.c providers/common/der/der_ec.c providers/common/der/der_rsa.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha3-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4052: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3027: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Tue May 19 04:12:50 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 19 May 2020 04:12:50 +0000 Subject: Build failed: openssl master.34206 Message-ID: <20200519041250.1.A8BB7021BE5D6A9F@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue May 19 04:34:07 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 19 May 2020 04:34:07 +0000 Subject: Build failed: openssl master.34207 Message-ID: <20200519043407.1.7C5D5A0B8F1E036F@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue May 19 06:34:24 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 19 May 2020 06:34:24 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1589870064.209105.23186.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 4fcd15c18a deprecate EC_POINTs_mul function 06a2027bd5 Update documentation following changes of various types d40b42ab4c Maintain strict type discipline between the core and providers 827f04d510 CORE: Fix a couple of bugs in algorithm_do_this() 0b2b0be948 Test TLSv1.3 out-of-band PSK with all 5 ciphersuites 2e1a4f6aeb Fix crash in early data send with out-of-band PSK using AES CCM 43a70f0202 Fix all MD036 (emphasis used instead of heading) a51f225d0d Add "md-nits" make target 538404d218 Add 'methods' parameter to setup_engine() in apps.c for individual method defaults 8c10e1b660 Clean up macro definitions of openssl_fdset() in apps.h and sockets.h 6d382c74b3 Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c 60d5331350 Nit-fix: remove whitespace in doc/man3/EVP_PKEY_fromdata.pod causing warning db71d31547 Guard use of struct tms with #ifdef __TMS like done earlier in apps/lib/apps.c c6601bd2d7 Build: make apps/progs.c depend on configdata.pm 92dc275f95 SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys 8062724063 Ignore some auto-generated DER files 5d979e0484 Prepare for 3.0 alpha 3 9e8604b891 Prepare for release of 3.0 alpha 2 454afd9866 Update copyright year 11d7d90344 If SOURCE_DATE_EPOCH is defined, use it for copyright year d30ef63964 Correct alignment calculation in ssl3_setup_write 76899264cb Configure: Avoid SIXTY_FOUR_BIT for linux-mips64 64af3aecae dev/release.sh: Add --reviewer to set reviewers 6c3cbc9391 Pass "-z defs" to the linker via "-Wl,-z,defs" rather than with gcc's -z flag (which is not supported by older compilers). Build log ended with (last 100 lines): 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 15-test_dsa.t (Wstat: 1024 Tests: 7 Failed: 4) Failed tests: 4-7 Non-zero exit status: 4 25-test_crl.t (Wstat: 256 Tests: 7 Failed: 1) Failed test: 2 Non-zero exit status: 1 25-test_x509.t (Wstat: 512 Tests: 11 Failed: 2) Failed tests: 8-9 Non-zero exit status: 2 Files=197, Tests=1992, 1430 wallclock secs ( 9.26 usr 1.62 sys + 1367.63 cusr 58.50 csys = 1437.01 CPU) Result: FAIL Makefile:3063: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:3061: recipe for target 'tests' failed make: *** [tests] Error 2 From bernd.edlinger at hotmail.de Tue May 19 06:50:42 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Tue, 19 May 2020 06:50:42 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1589871042.285837.22839.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 5cea5841c70be0186c11ff79a9767d2e1376e80a (commit) from da96ffd2384144529a4236c892da07eb261d7089 (commit) - Log ----------------------------------------------------------------- commit 5cea5841c70be0186c11ff79a9767d2e1376e80a Author: Bernd Edlinger Date: Sun May 17 14:45:28 2020 +0200 Fix some places where X509_up_ref is used without error handling. This takes up the ball from #11278 without trying to solve everything at once. [extended tests] Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11852) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 1 + crypto/x509/x509_err.c | 3 ++- crypto/x509/x509_vfy.c | 52 ++++++++++++++++++++++++++++++++++------------- crypto/x509/x_pubkey.c | 7 +++++-- include/openssl/x509err.h | 7 +++---- 5 files changed, 49 insertions(+), 21 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 35512f9caf..c90df98c29 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1742,6 +1742,7 @@ X509_F_X509_NAME_PRINT:117:X509_NAME_print X509_F_X509_OBJECT_NEW:150:X509_OBJECT_new X509_F_X509_PRINT_EX_FP:118:X509_print_ex_fp X509_F_X509_PUBKEY_DECODE:148:x509_pubkey_decode +X509_F_X509_PUBKEY_GET:161:X509_PUBKEY_get X509_F_X509_PUBKEY_GET0:119:X509_PUBKEY_get0 X509_F_X509_PUBKEY_SET:120:X509_PUBKEY_set X509_F_X509_REQ_CHECK_PRIVATE_KEY:144:X509_REQ_check_private_key diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index c110d90809..bdd1e67cd3 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -79,6 +79,7 @@ static const ERR_STRING_DATA X509_str_functs[] = { {ERR_PACK(ERR_LIB_X509, X509_F_X509_PRINT_EX_FP, 0), "X509_print_ex_fp"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_DECODE, 0), "x509_pubkey_decode"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET, 0), "X509_PUBKEY_get"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET0, 0), "X509_PUBKEY_get0"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_SET, 0), "X509_PUBKEY_set"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_CHECK_PRIVATE_KEY, 0), diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 41625e75ad..39e0c53de0 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -131,10 +131,9 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) xtmp = sk_X509_value(certs, i); if (!X509_cmp(xtmp, x)) break; + xtmp = NULL; } - if (i < sk_X509_num(certs)) - X509_up_ref(xtmp); - else + if (xtmp != NULL && !X509_up_ref(xtmp)) xtmp = NULL; sk_X509_pop_free(certs, X509_free); return xtmp; @@ -267,17 +266,24 @@ int X509_verify_cert(X509_STORE_CTX *ctx) return -1; } + if (!X509_up_ref(ctx->cert)) { + X509err(X509_F_X509_VERIFY_CERT, ERR_R_INTERNAL_ERROR); + ctx->error = X509_V_ERR_UNSPECIFIED; + return -1; + } + /* * first we make sure the chain we are going to build is present and that * the first entry is in place */ - if (((ctx->chain = sk_X509_new_null()) == NULL) || - (!sk_X509_push(ctx->chain, ctx->cert))) { + if ((ctx->chain = sk_X509_new_null()) == NULL + || !sk_X509_push(ctx->chain, ctx->cert)) { + X509_free(ctx->cert); X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); ctx->error = X509_V_ERR_OUT_OF_MEM; return -1; } - X509_up_ref(ctx->cert); + ctx->num_untrusted = 1; /* If the peer's public key is too weak, we can stop early. */ @@ -350,11 +356,15 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { *issuer = find_issuer(ctx, ctx->other_ctx, x); - if (*issuer) { - X509_up_ref(*issuer); - return 1; - } else - return 0; + + if (*issuer == NULL || !X509_up_ref(*issuer)) + goto err; + + return 1; + + err: + *issuer = NULL; + return 0; } static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm) @@ -366,15 +376,20 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm) for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) { x = sk_X509_value(ctx->other_ctx, i); if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) { + if (!X509_up_ref(x)) { + X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_INTERNAL_ERROR); + ctx->error = X509_V_ERR_UNSPECIFIED; + return NULL; + } if (sk == NULL) sk = sk_X509_new_null(); - if (sk == NULL || sk_X509_push(sk, x) == 0) { + if (sk == NULL || !sk_X509_push(sk, x)) { + X509_free(x); sk_X509_pop_free(sk, X509_free); X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_MALLOC_FAILURE); ctx->error = X509_V_ERR_OUT_OF_MEM; return NULL; } - X509_up_ref(x); } } return sk; @@ -3158,7 +3173,16 @@ static int build_chain(X509_STORE_CTX *ctx) /* Drop this issuer from future consideration */ (void) sk_X509_delete_ptr(sktmp, xtmp); + if (!X509_up_ref(xtmp)) { + X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR); + trust = X509_TRUST_REJECTED; + ctx->error = X509_V_ERR_UNSPECIFIED; + search = 0; + continue; + } + if (!sk_X509_push(ctx->chain, xtmp)) { + X509_free(xtmp); X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); trust = X509_TRUST_REJECTED; ctx->error = X509_V_ERR_OUT_OF_MEM; @@ -3166,7 +3190,7 @@ static int build_chain(X509_STORE_CTX *ctx) continue; } - X509_up_ref(x = xtmp); + x = xtmp; ++ctx->num_untrusted; ss = cert_self_signed(xtmp); diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 4f694b93fb..f175097094 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -169,8 +169,11 @@ EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key) EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) { EVP_PKEY *ret = X509_PUBKEY_get0(key); - if (ret != NULL) - EVP_PKEY_up_ref(ret); + + if (ret != NULL && !EVP_PKEY_up_ref(ret)) { + X509err(X509_F_X509_PUBKEY_GET, ERR_R_INTERNAL_ERROR); + ret = NULL; + } return ret; } diff --git a/include/openssl/x509err.h b/include/openssl/x509err.h index 0273853172..cd08673f8f 100644 --- a/include/openssl/x509err.h +++ b/include/openssl/x509err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,9 +11,7 @@ #ifndef HEADER_X509ERR_H # define HEADER_X509ERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include # ifdef __cplusplus extern "C" @@ -65,6 +63,7 @@ int ERR_load_X509_strings(void); # define X509_F_X509_OBJECT_NEW 150 # define X509_F_X509_PRINT_EX_FP 118 # define X509_F_X509_PUBKEY_DECODE 148 +# define X509_F_X509_PUBKEY_GET 161 # define X509_F_X509_PUBKEY_GET0 119 # define X509_F_X509_PUBKEY_SET 120 # define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 From no-reply at appveyor.com Tue May 19 08:03:44 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 19 May 2020 08:03:44 +0000 Subject: Build completed: openssl OpenSSL_1_1_1-stable.34208 Message-ID: <20200519080344.1.CCBD2FFE828F0A23@appveyor.com> An HTML attachment was scrubbed... URL: From beldmit at gmail.com Tue May 19 08:39:14 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Tue, 19 May 2020 08:39:14 +0000 Subject: [openssl] master update Message-ID: <1589877554.914370.17513.nullmailer@dev.openssl.org> The branch master has been updated via c0ec5ce0bf97c358bea29c81d3d16047244a9a7e (commit) via 2f84d2a1f1653674f6885a42efd2f648f8372491 (commit) from e9e7b5df865c0bcd0a99d8146ec05378892a36e1 (commit) - Log ----------------------------------------------------------------- commit c0ec5ce0bf97c358bea29c81d3d16047244a9a7e Author: Marc <34656315+MarcT512 at users.noreply.github.com> Date: Sat May 16 19:31:03 2020 +0100 Use _get0_ functions instead of _get_. Fix build error on some platforms Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/10757) commit 2f84d2a1f1653674f6885a42efd2f648f8372491 Author: Marc <34656315+MarcT512 at users.noreply.github.com> Date: Sat Jan 4 15:27:17 2020 +0000 s_client: Show cert algorithms & validity period Add certificate validity period (v) and public key & signature algorithms (a) to the "Certificate Chain" output. Eg: Certificate chain 0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com i:C = US, O = Google Trust Services, CN = GTS CA 1O1 a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Dec 3 14:49:26 2019 GMT; NotAfter: Feb 25 14:49:26 2020 GMT 1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1 i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jun 15 00:00:42 2017 GMT; NotAfter: Dec 15 00:00:42 2021 GMT Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/10757) ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/apps/s_client.c b/apps/s_client.c index 8bab4e2827..a5f0fa0444 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -3151,6 +3151,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) X509 *peer = NULL; STACK_OF(X509) *sk; const SSL_CIPHER *c; + EVP_PKEY *public_key; int i, istls13 = (SSL_version(s) == TLS1_3_VERSION); long verify_result; #ifndef OPENSSL_NO_COMP @@ -3176,6 +3177,19 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_printf(bio, " i:"); X509_NAME_print_ex(bio, X509_get_issuer_name(sk_X509_value(sk, i)), 0, get_nameopt()); BIO_puts(bio, "\n"); + public_key = X509_get_pubkey(sk_X509_value(sk, i)); + if (public_key != NULL) { + BIO_printf(bio, " a:PKEY: %s, %d (bit); sigalg: %s\n", + OBJ_nid2sn(EVP_PKEY_base_id(public_key)), + EVP_PKEY_bits(public_key), + OBJ_nid2sn(X509_get_signature_nid(sk_X509_value(sk, i)))); + EVP_PKEY_free(public_key); + } + BIO_printf(bio, " v:NotBefore: "); + ASN1_TIME_print(bio, X509_get0_notBefore(sk_X509_value(sk, i))); + BIO_printf(bio, "; NotAfter: "); + ASN1_TIME_print(bio, X509_get0_notAfter(sk_X509_value(sk, i))); + BIO_puts(bio, "\n"); if (c_showcerts) PEM_write_bio_X509(bio, sk_X509_value(sk, i)); } From levitte at openssl.org Tue May 19 09:03:57 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 19 May 2020 09:03:57 +0000 Subject: [openssl] master update Message-ID: <1589879037.613514.21107.nullmailer@dev.openssl.org> The branch master has been updated via 5a29b6286f8ccafc2ed9a026b0e8d4bd6d0396e6 (commit) from c0ec5ce0bf97c358bea29c81d3d16047244a9a7e (commit) - Log ----------------------------------------------------------------- commit 5a29b6286f8ccafc2ed9a026b0e8d4bd6d0396e6 Author: Richard Levitte Date: Fri May 15 15:56:05 2020 +0200 CORE: query for operations only once per provider (unless no_store is true) When a desired algorithm wasn't available, we didn't register anywhere that an attempt had been made, with the result that next time the same attempt was made, the whole process would be done again. To avoid this churn, we register a bit for each operation that has been queried in the libcrypto provider object, and test it before trying the same query and method construction loop again. If course, if the provider has told us not to cache, we don't register this bit. Fixes #11814 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11842) ----------------------------------------------------------------------- Summary of changes: crypto/core_algorithm.c | 48 +++++++++++++++++++++++++++++---- crypto/core_fetch.c | 41 +++++++++++++++++++++++++++- crypto/evp/evp_fetch.c | 8 +++++- crypto/provider_core.c | 46 +++++++++++++++++++++++++++++++ crypto/serializer/serializer_meth.c | 9 +++++-- doc/internal/man3/ossl_provider_new.pod | 17 +++++++++++- include/internal/core.h | 4 +++ include/internal/provider.h | 5 ++++ 8 files changed, 168 insertions(+), 10 deletions(-) diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c index 79625fdea6..5c019f0405 100644 --- a/crypto/core_algorithm.c +++ b/crypto/core_algorithm.c @@ -16,8 +16,11 @@ struct algorithm_data_st { OPENSSL_CTX *libctx; int operation_id; /* May be zero for finding them all */ + int (*pre)(OSSL_PROVIDER *, int operation_id, void *data, int *result); void (*fn)(OSSL_PROVIDER *, const OSSL_ALGORITHM *, int no_store, void *data); + int (*post)(OSSL_PROVIDER *, int operation_id, int no_store, void *data, + int *result); void *data; }; @@ -36,19 +39,48 @@ static int algorithm_do_this(OSSL_PROVIDER *provider, void *cbdata) for (cur_operation = first_operation; cur_operation <= last_operation; cur_operation++) { - const OSSL_ALGORITHM *map = - ossl_provider_query_operation(provider, cur_operation, - &no_store); + const OSSL_ALGORITHM *map = NULL; + int ret; + /* Do we fulfill pre-conditions? */ + if (data->pre == NULL) { + /* If there is no pre-condition function, assume "yes" */ + ret = 1; + } else { + if (!data->pre(provider, cur_operation, data->data, &ret)) + /* Error, bail out! */ + return 0; + } + + /* If pre-condition not fulfilled, go to the next operation */ + if (!ret) + continue; + + map = ossl_provider_query_operation(provider, cur_operation, + &no_store); if (map == NULL) continue; - ok = 1; /* As long as we've found *something* */ while (map->algorithm_names != NULL) { const OSSL_ALGORITHM *thismap = map++; data->fn(provider, thismap, no_store, data->data); } + + /* Do we fulfill post-conditions? */ + if (data->post == NULL) { + /* If there is no post-condition function, assume "yes" */ + ret = 1; + } else { + if (!data->post(provider, cur_operation, no_store, data->data, + &ret)) + /* Error, bail out! */ + return 0; + } + + /* If post-condition fulfilled, set general success */ + if (ret) + ok = 1; } return ok; @@ -56,16 +88,22 @@ static int algorithm_do_this(OSSL_PROVIDER *provider, void *cbdata) void ossl_algorithm_do_all(OPENSSL_CTX *libctx, int operation_id, OSSL_PROVIDER *provider, + int (*pre)(OSSL_PROVIDER *, int operation_id, + void *data, int *result), void (*fn)(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *algo, int no_store, void *data), + int (*post)(OSSL_PROVIDER *, int operation_id, + int no_store, void *data, int *result), void *data) { - struct algorithm_data_st cbdata; + struct algorithm_data_st cbdata = { 0, }; cbdata.libctx = libctx; cbdata.operation_id = operation_id; + cbdata.pre = pre; cbdata.fn = fn; + cbdata.post = post; cbdata.data = data; if (provider == NULL) diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c index 7f815a50ac..51ae4011dc 100644 --- a/crypto/core_fetch.c +++ b/crypto/core_fetch.c @@ -24,6 +24,42 @@ struct construct_data_st { void *mcm_data; }; +static int ossl_method_construct_precondition(OSSL_PROVIDER *provider, + int operation_id, void *cbdata, + int *result) +{ + if (!ossl_assert(result != NULL)) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if (!ossl_provider_test_operation_bit(provider, operation_id, result)) + return 0; + + /* + * The result we get tells if methods have already been constructed. + * However, we want to tell whether construction should happen (true) + * or not (false), which is the opposite of what we got. + */ + *result = !*result; + + return 1; +} + +static int ossl_method_construct_postcondition(OSSL_PROVIDER *provider, + int operation_id, int no_store, + void *cbdata, int *result) +{ + if (!ossl_assert(result != NULL)) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + *result = 1; + return no_store != 0 + || ossl_provider_set_operation_bit(provider, operation_id); +} + static void ossl_method_construct_this(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *algo, int no_store, void *cbdata) @@ -86,7 +122,10 @@ void *ossl_method_construct(OPENSSL_CTX *libctx, int operation_id, cbdata.mcm = mcm; cbdata.mcm_data = mcm_data; ossl_algorithm_do_all(libctx, operation_id, NULL, - ossl_method_construct_this, &cbdata); + ossl_method_construct_precondition, + ossl_method_construct_this, + ossl_method_construct_postcondition, + &cbdata); method = mcm->get(libctx, cbdata.store, mcm_data); mcm->dealloc_tmp_store(cbdata.store); diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index be5ab111aa..596f592535 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -444,7 +444,13 @@ void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id, data.free_method = free_method; data.user_fn = user_fn; data.user_arg = user_arg; - ossl_algorithm_do_all(libctx, operation_id, NULL, do_one, &data); + + /* + * No pre- or post-condition for this call, as this only creates methods + * temporarly and then promptly destroys them. + */ + ossl_algorithm_do_all(libctx, operation_id, NULL, NULL, do_one, NULL, + &data); } const char *evp_first_name(const OSSL_PROVIDER *prov, int name_id) diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 662576cd7b..0c21660080 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -71,6 +71,13 @@ struct ossl_provider_st { OSSL_provider_get_params_fn *get_params; OSSL_provider_query_operation_fn *query_operation; + /* + * Cache of bit to indicate of query_operation() has been called on + * a specific operation or not. + */ + unsigned char *operation_bits; + size_t operation_bits_sz; + /* Provider side data */ void *provctx; }; @@ -317,6 +324,9 @@ void ossl_provider_free(OSSL_PROVIDER *prov) } # endif #endif + OPENSSL_free(prov->operation_bits); + prov->operation_bits = NULL; + prov->operation_bits_sz = 0; prov->flag_initialized = 0; } @@ -782,6 +792,42 @@ const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, return prov->query_operation(prov->provctx, operation_id, no_cache); } +int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum) +{ + size_t byte = bitnum / 8; + unsigned char bit = (1 << (bitnum % 8)) & 0xFF; + + if (provider->operation_bits_sz <= byte) { + provider->operation_bits = OPENSSL_realloc(provider->operation_bits, + byte + 1); + if (provider->operation_bits == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); + return 0; + } + memset(provider->operation_bits + provider->operation_bits_sz, + '\0', byte + 1 - provider->operation_bits_sz); + } + provider->operation_bits[byte] |= bit; + return 1; +} + +int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum, + int *result) +{ + size_t byte = bitnum / 8; + unsigned char bit = (1 << (bitnum % 8)) & 0xFF; + + if (!ossl_assert(result != NULL)) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + *result = 0; + if (provider->operation_bits_sz > byte) + *result = ((provider->operation_bits[byte] & bit) != 0); + return 1; +} + /*- * Core functions for the provider * =============================== diff --git a/crypto/serializer/serializer_meth.c b/crypto/serializer/serializer_meth.c index a098ffb07b..bc30c96bef 100644 --- a/crypto/serializer/serializer_meth.c +++ b/crypto/serializer/serializer_meth.c @@ -417,8 +417,13 @@ void OSSL_SERIALIZER_do_all_provided(OPENSSL_CTX *libctx, data.user_fn = (void (*)(void *, void *))fn; data.user_arg = arg; - ossl_algorithm_do_all(libctx, OSSL_OP_SERIALIZER, NULL, - serializer_do_one, &data); + + /* + * No pre- or post-condition for this call, as this only creates methods + * temporarly and then promptly destroys them. + */ + ossl_algorithm_do_all(libctx, OSSL_OP_SERIALIZER, NULL, NULL, + serializer_do_one, NULL, &data); } void OSSL_SERIALIZER_names_do_all(const OSSL_SERIALIZER *ser, diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod index 36fe6301bf..d5d732d415 100644 --- a/doc/internal/man3/ossl_provider_new.pod +++ b/doc/internal/man3/ossl_provider_new.pod @@ -13,7 +13,8 @@ ossl_provider_name, ossl_provider_dso, ossl_provider_module_name, ossl_provider_module_path, ossl_provider_library_context, ossl_provider_teardown, ossl_provider_gettable_params, -ossl_provider_get_params, ossl_provider_query_operation +ossl_provider_get_params, ossl_provider_query_operation, +ossl_provider_set_operation_bit, ossl_provider_test_operation_bit - internal provider routines =head1 SYNOPSIS @@ -63,6 +64,10 @@ ossl_provider_get_params, ossl_provider_query_operation int operation_id, int *no_cache); + int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum); + int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum, + int *result); + =head1 DESCRIPTION I is a type that holds all the necessary information @@ -208,6 +213,13 @@ I function, if the provider has one. It should return an array of I for the given I. +ossl_provider_set_operation_bit() registers a 1 for operation I +in a bitstring that's internal to I. + +ossl_provider_tests_operation_bit() checks if the bit operation I +is set (1) or not (0) in the internal I bitstring, and sets +I<*result> to 1 or 0 accorddingly. + =head1 NOTES Locating a provider module happens as follows: @@ -270,6 +282,9 @@ otherwise NULL. ossl_provider_get_params() returns 1 on success, or 0 on error. If this function isn't available in the provider, 0 is returned. +ossl_provider_set_operation_bit() and ossl_provider_test_operation_bit() +return 1 on success, or 0 on error. + =head1 SEE ALSO L, L, L diff --git a/include/internal/core.h b/include/internal/core.h index ca04333486..e2d2b28e8c 100644 --- a/include/internal/core.h +++ b/include/internal/core.h @@ -50,9 +50,13 @@ void *ossl_method_construct(OPENSSL_CTX *ctx, int operation_id, void ossl_algorithm_do_all(OPENSSL_CTX *libctx, int operation_id, OSSL_PROVIDER *provider, + int (*pre)(OSSL_PROVIDER *, int operation_id, + void *data, int *result), void (*fn)(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *algo, int no_store, void *data), + int (*post)(OSSL_PROVIDER *, int operation_id, + int no_store, void *data, int *result), void *data); #endif diff --git a/include/internal/provider.h b/include/internal/provider.h index e39a5eae82..135b660f49 100644 --- a/include/internal/provider.h +++ b/include/internal/provider.h @@ -74,6 +74,11 @@ const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, int operation_id, int *no_cache); +/* Cache of bits to see if we already queried an operation */ +int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum); +int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum, + int *result); + /* Configuration */ void ossl_provider_add_conf_module(void); From openssl at openssl.org Tue May 19 09:09:38 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 19 May 2020 09:09:38 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1589879378.802488.27911.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 4fcd15c18a deprecate EC_POINTs_mul function 06a2027bd5 Update documentation following changes of various types d40b42ab4c Maintain strict type discipline between the core and providers 827f04d510 CORE: Fix a couple of bugs in algorithm_do_this() 0b2b0be948 Test TLSv1.3 out-of-band PSK with all 5 ciphersuites 2e1a4f6aeb Fix crash in early data send with out-of-band PSK using AES CCM 43a70f0202 Fix all MD036 (emphasis used instead of heading) a51f225d0d Add "md-nits" make target 538404d218 Add 'methods' parameter to setup_engine() in apps.c for individual method defaults 8c10e1b660 Clean up macro definitions of openssl_fdset() in apps.h and sockets.h 6d382c74b3 Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c 60d5331350 Nit-fix: remove whitespace in doc/man3/EVP_PKEY_fromdata.pod causing warning db71d31547 Guard use of struct tms with #ifdef __TMS like done earlier in apps/lib/apps.c c6601bd2d7 Build: make apps/progs.c depend on configdata.pm 92dc275f95 SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys 8062724063 Ignore some auto-generated DER files 5d979e0484 Prepare for 3.0 alpha 3 9e8604b891 Prepare for release of 3.0 alpha 2 454afd9866 Update copyright year 11d7d90344 If SOURCE_DATE_EPOCH is defined, use it for copyright year d30ef63964 Correct alignment calculation in ssl3_setup_write 76899264cb Configure: Avoid SIXTY_FOUR_BIT for linux-mips64 64af3aecae dev/release.sh: Add --reviewer to set reviewers 6c3cbc9391 Pass "-z defs" to the linker via "-Wl,-z,defs" rather than with gcc's -z flag (which is not supported by older compilers). Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1989, 616 wallclock secs ( 7.86 usr 1.68 sys + 580.22 cusr 42.76 csys = 632.52 CPU) Result: FAIL Makefile:3070: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3068: recipe for target 'tests' failed make: *** [tests] Error 2 From beldmit at gmail.com Tue May 19 10:03:33 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Tue, 19 May 2020 10:03:33 +0000 Subject: [openssl] master update Message-ID: <1589882613.938243.2549.nullmailer@dev.openssl.org> The branch master has been updated via 5a5530a29abcf5d7ab7194d73b3807d568b06cbd (commit) via 0e139a02d59323e5d9c0ad87ea9c8c3914696b83 (commit) via 092a5c71f1cba1173f17c2cd4ff5607069b0d3bb (commit) from 5a29b6286f8ccafc2ed9a026b0e8d4bd6d0396e6 (commit) - Log ----------------------------------------------------------------- commit 5a5530a29abcf5d7ab7194d73b3807d568b06cbd Author: Dmitry Belyavskiy Date: Mon Mar 30 18:09:24 2020 +0300 New Russian TLS 1.2 implementation Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11442) commit 0e139a02d59323e5d9c0ad87ea9c8c3914696b83 Author: Dmitry Belyavskiy Date: Fri May 8 14:17:11 2020 +0300 GOST-related objects changes Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11442) commit 092a5c71f1cba1173f17c2cd4ff5607069b0d3bb Author: Dmitry Belyavskiy Date: Mon Mar 30 18:04:07 2020 +0300 Constants for new GOST TLS 1.2 ciphersuites Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11442) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 2 + crypto/objects/obj_dat.h | 9 ++- crypto/objects/obj_mac.num | 1 + crypto/objects/objects.txt | 1 + include/openssl/evp.h | 3 + include/openssl/obj_mac.h | 4 ++ include/openssl/ssl.h | 3 + include/openssl/sslerr.h | 4 +- ssl/record/ssl3_record.c | 34 +++++++++- ssl/s3_lib.c | 48 +++++++++++++-- ssl/ssl_ciph.c | 51 ++++++++++++--- ssl/ssl_err.c | 4 +- ssl/ssl_lib.c | 4 +- ssl/ssl_local.h | 19 +++++- ssl/statem/extensions_srvr.c | 4 +- ssl/statem/statem_clnt.c | 143 +++++++++++++++++++++++++++++++++++++++++++ ssl/statem/statem_local.h | 5 ++ ssl/statem/statem_srvr.c | 92 ++++++++++++++++++++++++++++ ssl/t1_enc.c | 18 +++++- ssl/t1_lib.c | 17 ++++- ssl/t1_trce.c | 17 ++++- 21 files changed, 451 insertions(+), 32 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 4451ba95a1..1b2c94b0a2 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1527,6 +1527,7 @@ SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC:427:tls_construct_change_cipher_spec SSL_F_TLS_CONSTRUCT_CKE_DHE:404:tls_construct_cke_dhe SSL_F_TLS_CONSTRUCT_CKE_ECDHE:405:tls_construct_cke_ecdhe SSL_F_TLS_CONSTRUCT_CKE_GOST:406:tls_construct_cke_gost +SSL_F_TLS_CONSTRUCT_CKE_GOST18:641: SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE:407:tls_construct_cke_psk_preamble SSL_F_TLS_CONSTRUCT_CKE_RSA:409:tls_construct_cke_rsa SSL_F_TLS_CONSTRUCT_CKE_SRP:410:tls_construct_cke_srp @@ -1658,6 +1659,7 @@ SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC:363:tls_process_change_cipher_spec SSL_F_TLS_PROCESS_CKE_DHE:411:tls_process_cke_dhe SSL_F_TLS_PROCESS_CKE_ECDHE:412:tls_process_cke_ecdhe SSL_F_TLS_PROCESS_CKE_GOST:413:tls_process_cke_gost +SSL_F_TLS_PROCESS_CKE_GOST18:642: SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE:414:tls_process_cke_psk_preamble SSL_F_TLS_PROCESS_CKE_RSA:415:tls_process_cke_rsa SSL_F_TLS_PROCESS_CKE_SRP:416:tls_process_cke_srp diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 6fa22174c0..decf33ef9b 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -1088,7 +1088,7 @@ static const unsigned char so[7845] = { 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x08, /* [ 7836] OBJ_NAIRealm */ }; -#define NUM_NID 1218 +#define NUM_NID 1219 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2308,9 +2308,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"modp_4096", "modp_4096", NID_modp_4096}, {"modp_6144", "modp_6144", NID_modp_6144}, {"modp_8192", "modp_8192", NID_modp_8192}, + {"KxGOST18", "kx-gost18", NID_kx_gost18}, }; -#define NUM_SN 1209 +#define NUM_SN 1210 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -2489,6 +2490,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1038, /* "KxECDHE" */ 1040, /* "KxECDHE-PSK" */ 1045, /* "KxGOST" */ + 1218, /* "KxGOST18" */ 1043, /* "KxPSK" */ 1037, /* "KxRSA" */ 1042, /* "KxRSA_PSK" */ @@ -3523,7 +3525,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1093, /* "x509ExtAdmission" */ }; -#define NUM_LN 1209 +#define NUM_LN 1210 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -4334,6 +4336,7 @@ static const unsigned int ln_objs[NUM_LN] = { 1038, /* "kx-ecdhe" */ 1040, /* "kx-ecdhe-psk" */ 1045, /* "kx-gost" */ + 1218, /* "kx-gost18" */ 1043, /* "kx-psk" */ 1037, /* "kx-rsa" */ 1042, /* "kx-rsa-psk" */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index aaf77099b3..6d2c0d74a8 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1215,3 +1215,4 @@ modp_3072 1214 modp_4096 1215 modp_6144 1216 modp_8192 1217 +kx_gost18 1218 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index a9ccf7eded..b19454209b 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1648,6 +1648,7 @@ id-pkinit 5 : pkInitKDC : Signing KDC Response : KxPSK : kx-psk : KxSRP : kx-srp : KxGOST : kx-gost + : KxGOST18 : kx-gost18 : KxANY : kx-any # NIDs for cipher authentication diff --git a/include/openssl/evp.h b/include/openssl/evp.h index fe2e440a8b..ea305c2cf0 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -153,6 +153,7 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, # define EVP_MD_CTRL_DIGALGID 0x1 # define EVP_MD_CTRL_MICALG 0x2 # define EVP_MD_CTRL_XOF_LEN 0x3 +# define EVP_MD_CTRL_TLSTREE 0x4 /* Minimum Algorithm specific ctrl value */ @@ -382,6 +383,8 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, # define EVP_CTRL_PROCESS_UNPROTECTED 0x28 /* Get the supplementary wrap cipher */ #define EVP_CTRL_GET_WRAP_CIPHER 0x29 +/* TLSTREE key diversification */ +#define EVP_CTRL_TLSTREE 0x2A /* Padding modes */ #define EVP_PADDING_PKCS7 1 diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 0f6741b590..0f9adc9b6a 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -5102,6 +5102,10 @@ #define LN_kx_gost "kx-gost" #define NID_kx_gost 1045 +#define SN_kx_gost18 "KxGOST18" +#define LN_kx_gost18 "kx-gost18" +#define NID_kx_gost18 1218 + #define SN_kx_any "KxANY" #define LN_kx_any "kx-any" #define NID_kx_any 1063 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 74d4e305e1..05755b014d 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -87,6 +87,7 @@ extern "C" { # define SSL_TXT_kECDHEPSK "kECDHEPSK" # define SSL_TXT_kDHEPSK "kDHEPSK" # define SSL_TXT_kGOST "kGOST" +# define SSL_TXT_kGOST18 "kGOST18" # define SSL_TXT_kSRP "kSRP" # define SSL_TXT_aRSA "aRSA" @@ -933,6 +934,8 @@ __owur int SSL_extension_supported(unsigned int ext_type); # define SSL_MAC_FLAG_READ_MAC_STREAM 1 # define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 +# define SSL_MAC_FLAG_READ_MAC_TLSTREE 4 +# define SSL_MAC_FLAG_WRITE_MAC_TLSTREE 8 /* * A callback for logging out TLS key material. This callback should log out diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index 47667f9a0a..bbce792c72 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -298,6 +298,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_CONSTRUCT_CKE_DHE 0 # define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 0 # define SSL_F_TLS_CONSTRUCT_CKE_GOST 0 +# define SSL_F_TLS_CONSTRUCT_CKE_GOST18 0 # define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 0 # define SSL_F_TLS_CONSTRUCT_CKE_RSA 0 # define SSL_F_TLS_CONSTRUCT_CKE_SRP 0 @@ -422,6 +423,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_PROCESS_CKE_DHE 0 # define SSL_F_TLS_PROCESS_CKE_ECDHE 0 # define SSL_F_TLS_PROCESS_CKE_GOST 0 +# define SSL_F_TLS_PROCESS_CKE_GOST18 0 # define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 0 # define SSL_F_TLS_PROCESS_CKE_RSA 0 # define SSL_F_TLS_PROCESS_CKE_SRP 0 @@ -457,6 +459,7 @@ int ERR_load_SSL_strings(void); /* * SSL reason codes. */ +# define SSL_R_ALGORITHM_FETCH_FAILED 295 # define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 291 # define SSL_R_APP_DATA_IN_HANDSHAKE 100 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 @@ -556,7 +559,6 @@ int ERR_load_SSL_strings(void); # define SSL_R_EXTRA_DATA_IN_MESSAGE 153 # define SSL_R_EXT_LENGTH_MISMATCH 163 # define SSL_R_FAILED_TO_INIT_ASYNC 405 -# define SSL_R_ALGORITHM_FETCH_FAILED 295 # define SSL_R_FRAGMENTED_CLIENT_HELLO 401 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 # define SSL_R_HTTPS_PROXY_REQUEST 155 diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 24b42098db..a2f7f848d1 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -977,6 +977,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) unsigned char padval; int imac_size; const EVP_CIPHER *enc; + int tlstree_enc = sending ? (s->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE) + : (s->mac_flags & SSL_MAC_FLAG_READ_MAC_TLSTREE); if (n_recs == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, @@ -1156,6 +1158,27 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) } } + if (!SSL_IS_DTLS(s) && tlstree_enc) { + unsigned char *seq; + int decrement_seq = 0; + + /* + * When sending, seq is incremented after MAC calculation. + * So if we are in ETM mode, we use seq 'as is' in the ctrl-function. + * Otherwise we have to decrease it in the implementation + */ + if (sending && !SSL_WRITE_ETM(s)) + decrement_seq = 1; + + seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer) + : RECORD_LAYER_get_read_sequence(&s->rlayer); + if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_TLSTREE, decrement_seq, seq) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, + ERR_R_INTERNAL_ERROR); + return -1; + } + } + /* TODO(size_t): Convert this call */ tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input, (unsigned int)reclen[0]); @@ -1319,8 +1342,10 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) int i; EVP_MD_CTX *hmac = NULL, *mac_ctx; unsigned char header[13]; - int stream_mac = (sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) - : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM)); + int stream_mac = sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) + : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM); + int tlstree_mac = sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE) + : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_TLSTREE); int t; if (sending) { @@ -1348,6 +1373,11 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) mac_ctx = hmac; } + if (!SSL_IS_DTLS(ssl) && tlstree_mac && EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_TLSTREE, 0, seq) <= 0) { + EVP_MD_CTX_free(hmac); + return 0; + } + if (SSL_IS_DTLS(ssl)) { unsigned char dtlsseq[8], *p = dtlsseq; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 2b49e7e51a..054fc468ed 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2687,6 +2687,38 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, + { + 1, + "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC", + NULL, + 0x0300C100, + SSL_kGOST18, + SSL_aGOST12, + SSL_KUZNYECHIK, + SSL_KUZNYECHIKOMAC, + TLS1_2_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE, + 256, + 256, + }, + { + 1, + "GOST2012-MAGMA-MAGMAOMAC", + NULL, + 0x0300C101, + SSL_kGOST18, + SSL_aGOST12, + SSL_MAGMA, + SSL_MAGMAOMAC, + TLS1_2_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE, + 256, + 256, + }, #endif /* OPENSSL_NO_GOST */ #ifndef OPENSSL_NO_IDEA @@ -4374,11 +4406,17 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) #ifndef OPENSSL_NO_GOST if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST)) - return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN) - && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN) - && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN) - && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN) - && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN); + if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN) + || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN) + || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN) + || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN) + || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN)) + return 0; + + if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18)) + if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN) + || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)) + return 0; #endif if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) { diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 7b3a5e7c89..ec2dabc89a 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -56,6 +56,8 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */ {SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */ {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */ + {SSL_MAGMA, NID_magma_ctr_acpkm}, /* SSL_ENC_MAGMA_IDX */ + {SSL_KUZNYECHIK, NID_kuznyechik_ctr_acpkm}, /* SSL_ENC_KUZNYECHIK_IDX */ }; #define SSL_COMP_NULL_IDX 0 @@ -81,7 +83,9 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = { {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */ {0, NID_md5_sha1}, /* SSL_MD_MD5_SHA1_IDX 9 */ {0, NID_sha224}, /* SSL_MD_SHA224_IDX 10 */ - {0, NID_sha512} /* SSL_MD_SHA512_IDX 11 */ + {0, NID_sha512}, /* SSL_MD_SHA512_IDX 11 */ + {SSL_MAGMAOMAC, NID_magma_mac}, /* sSL_MD_MAGMAOMAC_IDX */ + {SSL_KUZNYECHIKOMAC, NID_kuznyechik_mac} /* SSL_MD_KUZNYECHIKOMAC_IDX */ }; /* *INDENT-OFF* */ @@ -95,6 +99,7 @@ static const ssl_cipher_table ssl_cipher_table_kx[] = { {SSL_kPSK, NID_kx_psk}, {SSL_kSRP, NID_kx_srp}, {SSL_kGOST, NID_kx_gost}, + {SSL_kGOST18, NID_kx_gost18}, {SSL_kANY, NID_kx_any} }; @@ -138,8 +143,8 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef, /* GOST2012_512 */ EVP_PKEY_HMAC, - /* MD5/SHA1, SHA224, SHA512 */ - NID_undef, NID_undef, NID_undef + /* MD5/SHA1, SHA224, SHA512, MAGMAOMAC, KUZNYECHIKOMAC */ + NID_undef, NID_undef, NID_undef, NID_undef, NID_undef }; #define CIPHER_ADD 1 @@ -193,6 +198,7 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_kDHEPSK, NULL, 0, SSL_kDHEPSK}, {0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP}, {0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST}, + {0, SSL_TXT_kGOST18, NULL, 0, SSL_kGOST18}, /* server authentication aliases */ {0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA}, @@ -226,7 +232,8 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_IDEA, NULL, 0, 0, 0, SSL_IDEA}, {0, SSL_TXT_SEED, NULL, 0, 0, 0, SSL_SEED}, {0, SSL_TXT_eNULL, NULL, 0, 0, 0, SSL_eNULL}, - {0, SSL_TXT_GOST, NULL, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12}, + {0, SSL_TXT_GOST, NULL, 0, 0, 0, + SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12 | SSL_MAGMA | SSL_KUZNYECHIK}, {0, SSL_TXT_AES128, NULL, 0, 0, 0, SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8}, {0, SSL_TXT_AES256, NULL, 0, 0, 0, @@ -381,24 +388,38 @@ int ssl_load_ciphers(SSL_CTX *ctx) * Check for presence of GOST 34.10 algorithms, and if they are not * present, disable appropriate auth and key exchange */ - ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); + ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id(SN_id_Gost28147_89_MAC); if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) ctx->ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; else disabled_mac_mask |= SSL_GOST89MAC; ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] = - get_optional_pkey_id("gost-mac-12"); + get_optional_pkey_id(SN_gost_mac_12); if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX]) ctx->ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32; else disabled_mac_mask |= SSL_GOST89MAC12; - if (!get_optional_pkey_id("gost2001")) + ssl_mac_pkey_id[SSL_MD_MAGMAOMAC_IDX] = + get_optional_pkey_id(SN_magma_mac); + if (ssl_mac_pkey_id[SSL_MD_MAGMAOMAC_IDX]) + ctx->ssl_mac_secret_size[SSL_MD_MAGMAOMAC_IDX] = 32; + else + disabled_mac_mask |= SSL_MAGMAOMAC; + + ssl_mac_pkey_id[SSL_MD_KUZNYECHIKOMAC_IDX] = + get_optional_pkey_id(SN_kuznyechik_mac); + if (ssl_mac_pkey_id[SSL_MD_KUZNYECHIKOMAC_IDX]) + ctx->ssl_mac_secret_size[SSL_MD_KUZNYECHIKOMAC_IDX] = 32; + else + disabled_mac_mask |= SSL_KUZNYECHIKOMAC; + + if (!get_optional_pkey_id(SN_id_GostR3410_2001)) disabled_auth_mask |= SSL_aGOST01 | SSL_aGOST12; - if (!get_optional_pkey_id("gost2012_256")) + if (!get_optional_pkey_id(SN_id_GostR3410_2012_256)) disabled_auth_mask |= SSL_aGOST12; - if (!get_optional_pkey_id("gost2012_512")) + if (!get_optional_pkey_id(SN_id_GostR3410_2012_512)) disabled_auth_mask |= SSL_aGOST12; /* * Disable GOST key exchange if no GOST signature algs are available * @@ -407,6 +428,9 @@ int ssl_load_ciphers(SSL_CTX *ctx) (SSL_aGOST01 | SSL_aGOST12)) disabled_mkey_mask |= SSL_kGOST; + if ((disabled_auth_mask & SSL_aGOST12) == SSL_aGOST12) + disabled_mkey_mask |= SSL_kGOST18; + return 1; } @@ -1695,6 +1719,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kGOST: kx = "GOST"; break; + case SSL_kGOST18: + kx = "GOST18"; + break; case SSL_kANY: kx = "any"; break; @@ -1798,6 +1825,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_eGOST2814789CNT12: enc = "GOST89(256)"; break; + case SSL_MAGMA: + enc = "MAGMA"; + break; + case SSL_KUZNYECHIK: + enc = "KUZNYECHIK"; + break; case SSL_CHACHA20POLY1305: enc = "CHACHA20/POLY1305(256)"; break; diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 85d9dd8448..30643c33b4 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -14,6 +14,8 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA SSL_str_reasons[] = { + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ALGORITHM_FETCH_FAILED), + "algorithm fetch failed"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY), "application data after close notify"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APP_DATA_IN_HANDSHAKE), @@ -171,8 +173,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "ext length mismatch"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FAILED_TO_INIT_ASYNC), "failed to init async"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ALGORITHM_FETCH_FAILED), - "algorithm fetch failed"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FRAGMENTED_CLIENT_HELLO), "fragmented client hello"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_A_FIN_BEFORE_A_CCS), diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index fef50eea7f..dafec3d5c7 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3495,11 +3495,11 @@ void ssl_set_masks(SSL *s) #ifndef OPENSSL_NO_GOST if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) { - mask_k |= SSL_kGOST; + mask_k |= SSL_kGOST | SSL_kGOST18; mask_a |= SSL_aGOST12; } if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) { - mask_k |= SSL_kGOST; + mask_k |= SSL_kGOST | SSL_kGOST18; mask_a |= SSL_aGOST12; } if (ssl_has_cert(s, SSL_PKEY_GOST01)) { diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index e938504d3e..083141931c 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -180,6 +180,8 @@ # define SSL_kRSAPSK 0x00000040U # define SSL_kECDHEPSK 0x00000080U # define SSL_kDHEPSK 0x00000100U +/* GOST KDF key exchange, draft-smyshlyaev-tls12-gost-suites */ +# define SSL_kGOST18 0x00000200U /* all PSK */ @@ -234,6 +236,8 @@ # define SSL_CHACHA20POLY1305 0x00080000U # define SSL_ARIA128GCM 0x00100000U # define SSL_ARIA256GCM 0x00200000U +# define SSL_MAGMA 0x00400000U +# define SSL_KUZNYECHIK 0x00800000U # define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM) # define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8) @@ -256,6 +260,8 @@ # define SSL_GOST12_256 0x00000080U # define SSL_GOST89MAC12 0x00000100U # define SSL_GOST12_512 0x00000200U +# define SSL_MAGMAOMAC 0x00000400U +# define SSL_KUZNYECHIKOMAC 0x00000800U /* * When adding new digest in the ssl_ciph.c and increment SSL_MD_NUM_IDX make @@ -274,7 +280,9 @@ # define SSL_MD_MD5_SHA1_IDX 9 # define SSL_MD_SHA224_IDX 10 # define SSL_MD_SHA512_IDX 11 -# define SSL_MAX_DIGEST 12 +# define SSL_MD_MAGMAOMAC_IDX 12 +# define SSL_MD_KUZNYECHIKOMAC_IDX 13 +# define SSL_MAX_DIGEST 14 #define SSL_MD_NUM_IDX SSL_MAX_DIGEST @@ -305,6 +313,11 @@ * goes into algorithm2) */ # define TLS1_STREAM_MAC 0x10000 +/* + * TLSTREE cipher/mac key derivation from draft-smyshlyaev-tls12-gost-suites + * (currently this also goes into algorithm2) + */ +# define TLS1_TLSTREE 0x20000 # define SSL_STRONG_MASK 0x0000001FU # define SSL_DEFAULT_MASK 0X00000020U @@ -413,7 +426,9 @@ # define SSL_ENC_CHACHA_IDX 19 # define SSL_ENC_ARIA128GCM_IDX 20 # define SSL_ENC_ARIA256GCM_IDX 21 -# define SSL_ENC_NUM_IDX 22 +# define SSL_ENC_MAGMA_IDX 22 +# define SSL_ENC_KUZNYECHIK_IDX 23 +# define SSL_ENC_NUM_IDX 24 /*- * SSL_kRSA <- RSA_ENC diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index e33b671a05..aa71cec7e9 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1648,7 +1648,9 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, if (s->s3.tmp.new_cipher->algorithm_mac == SSL_AEAD || s->s3.tmp.new_cipher->algorithm_enc == SSL_RC4 || s->s3.tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT - || s->s3.tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12) { + || s->s3.tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12 + || s->s3.tmp.new_cipher->algorithm_enc == SSL_MAGMA + || s->s3.tmp.new_cipher->algorithm_enc == SSL_KUZNYECHIK) { s->ext.use_etm = 0; return EXT_RETURN_NOT_SENT; } diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 4e43117ca2..67d8ae8ce6 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -3314,6 +3314,146 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) #endif } +#ifndef OPENSSL_NO_GOST +int gost18_cke_cipher_nid(const SSL *s) +{ + if ((s->s3.tmp.new_cipher->algorithm_enc & SSL_MAGMA) != 0) + return NID_magma_ctr; + else if ((s->s3.tmp.new_cipher->algorithm_enc & SSL_KUZNYECHIK) != 0) + return NID_kuznyechik_ctr; + + return NID_undef; +} + +int gost_ukm(const SSL *s, unsigned char *dgst_buf) +{ + EVP_MD_CTX * hash = NULL; + unsigned int md_len; + const EVP_MD *md = ssl_evp_md_fetch(s->ctx->libctx, NID_id_GostR3411_2012_256, s->ctx->propq); + + if (md == NULL) + return 0; + + if ((hash = EVP_MD_CTX_new()) == NULL + || EVP_DigestInit(hash, md) <= 0 + || EVP_DigestUpdate(hash, s->s3.client_random, SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestUpdate(hash, s->s3.server_random, SSL3_RANDOM_SIZE) <= 0 + || EVP_DigestFinal_ex(hash, dgst_buf, &md_len) <= 0) { + EVP_MD_CTX_free(hash); + ssl_evp_md_free(md); + return 0; + } + + EVP_MD_CTX_free(hash); + ssl_evp_md_free(md); + return 1; +} +#endif + +static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt) +{ +#ifndef OPENSSL_NO_GOST + /* GOST 2018 key exchange message creation */ + unsigned char rnd_dgst[32], tmp[255]; + EVP_PKEY_CTX *pkey_ctx = NULL; + X509 *peer_cert; + unsigned char *pms = NULL; + size_t pmslen = 0; + size_t msglen; + int cipher_nid = gost18_cke_cipher_nid(s); + + if (cipher_nid == NID_undef) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST18, + ERR_R_INTERNAL_ERROR); + return 0; + } + + if (gost_ukm(s, rnd_dgst) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST18, + ERR_R_INTERNAL_ERROR); + goto err; + } + + /* Pre-master secret - random bytes */ + pmslen = 32; + pms = OPENSSL_malloc(pmslen); + if (pms == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST18, + ERR_R_MALLOC_FAILURE); + goto err; + } + + if (RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST18, + ERR_R_INTERNAL_ERROR); + goto err; + } + + /* Get server certificate PKEY and create ctx from it */ + peer_cert = s->session->peer; + if (peer_cert == NULL) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CONSTRUCT_CKE_GOST18, + SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); + return 0; + } + + pkey_ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, X509_get0_pubkey(peer_cert), s->ctx->propq); + if (pkey_ctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST18, + ERR_R_MALLOC_FAILURE); + return 0; + } + + if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0 ) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST18, + ERR_R_INTERNAL_ERROR); + goto err; + }; + + /* Reuse EVP_PKEY_CTRL_SET_IV, make choice in engine code */ + if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, + EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST18, + SSL_R_LIBRARY_BUG); + goto err; + } + + if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, + EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST18, + SSL_R_LIBRARY_BUG); + goto err; + } + + msglen = 255; + if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST18, + SSL_R_LIBRARY_BUG); + goto err; + } + + if (!WPACKET_memcpy(pkt, tmp, msglen)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST18, + ERR_R_INTERNAL_ERROR); + goto err; + } + + EVP_PKEY_CTX_free(pkey_ctx); + s->s3.tmp.pms = pms; + s->s3.tmp.pmslen = pmslen; + + return 1; + err: + EVP_PKEY_CTX_free(pkey_ctx); + OPENSSL_clear_free(pms, pmslen); + return 0; +#else + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST18, + ERR_R_INTERNAL_ERROR); + return 0; +#endif +} + static int tls_construct_cke_srp(SSL *s, WPACKET *pkt) { #ifndef OPENSSL_NO_SRP @@ -3370,6 +3510,9 @@ int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt) } else if (alg_k & SSL_kGOST) { if (!tls_construct_cke_gost(s, pkt)) goto err; + } else if (alg_k & SSL_kGOST18) { + if (!tls_construct_cke_gost18(s, pkt)) + goto err; } else if (alg_k & SSL_kSRP) { if (!tls_construct_cke_srp(s, pkt)) goto err; diff --git a/ssl/statem/statem_local.h b/ssl/statem/statem_local.h index f4242fa2a4..6a4708cee9 100644 --- a/ssl/statem/statem_local.h +++ b/ssl/statem/statem_local.h @@ -153,6 +153,11 @@ __owur MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt); __owur int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt); MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt); +#ifndef OPENSSL_NO_GOST +/* These functions are used in GOST18 CKE, both for client and server */ +int gost18_cke_cipher_nid(const SSL *s); +int gost_ukm(const SSL *s, unsigned char *dgst_buf); +#endif /* Extension processing */ diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index d1d86ea5e6..e5340b4e7f 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3430,6 +3430,93 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt) #endif } +static int tls_process_cke_gost18(SSL *s, PACKET *pkt) +{ +#ifndef OPENSSL_NO_GOST + unsigned char rnd_dgst[32]; + EVP_PKEY_CTX *pkey_ctx = NULL; + EVP_PKEY *pk = NULL; + unsigned char premaster_secret[32]; + const unsigned char *start = NULL; + size_t outlen = 32, inlen = 0; + int ret = 0; + int cipher_nid = gost18_cke_cipher_nid(s); + + if (cipher_nid == NID_undef) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST18, + ERR_R_INTERNAL_ERROR); + return 0; + } + + if (gost_ukm(s, rnd_dgst) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST18, + ERR_R_INTERNAL_ERROR); + goto err; + } + + /* Get our certificate private key */ + pk = s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey != NULL ? + s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey : + s->cert->pkeys[SSL_PKEY_GOST12_256].privatekey; + if (pk == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST18, + SSL_R_BAD_HANDSHAKE_STATE); + goto err; + } + + pkey_ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pk, s->ctx->propq); + if (pkey_ctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST18, + ERR_R_MALLOC_FAILURE); + goto err; + } + if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST18, + ERR_R_INTERNAL_ERROR); + goto err; + } + + /* Reuse EVP_PKEY_CTRL_SET_IV, make choice in engine code depending on size */ + if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_DECRYPT, + EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST18, + SSL_R_LIBRARY_BUG); + goto err; + } + + if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_DECRYPT, + EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST18, + SSL_R_LIBRARY_BUG); + goto err; + } + inlen = PACKET_remaining(pkt); + start = PACKET_data(pkt); + + if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start, inlen) <= 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST18, + SSL_R_DECRYPTION_FAILED); + goto err; + } + /* Generate master secret */ + if (!ssl_generate_master_secret(s, premaster_secret, + sizeof(premaster_secret), 0)) { + /* SSLfatal() already called */ + goto err; + } + ret = 1; + + err: + EVP_PKEY_CTX_free(pkey_ctx); + return ret; +#else + /* Should never happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST18, + ERR_R_INTERNAL_ERROR); + return 0; +#endif +} + MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) { unsigned long alg_k; @@ -3480,6 +3567,11 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) /* SSLfatal() already called */ goto err; } + } else if (alg_k & SSL_kGOST18) { + if (!tls_process_cke_gost18(s, pkt)) { + /* SSLfatal() already called */ + goto err; + } } else { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 03eb050963..7f908f3b4c 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -180,6 +180,11 @@ int tls1_change_cipher_state(SSL *s, int which) else s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; + if (s->s3.tmp.new_cipher->algorithm2 & TLS1_TLSTREE) + s->mac_flags |= SSL_MAC_FLAG_READ_MAC_TLSTREE; + else + s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_TLSTREE; + if (s->enc_read_ctx != NULL) { reuse_dd = 1; } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) { @@ -230,6 +235,11 @@ int tls1_change_cipher_state(SSL *s, int which) s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; else s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; + + if (s->s3.tmp.new_cipher->algorithm2 & TLS1_TLSTREE) + s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_TLSTREE; + else + s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_TLSTREE; if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) { reuse_dd = 1; } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) { @@ -617,6 +627,10 @@ size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, { size_t hashlen; unsigned char hash[EVP_MAX_MD_SIZE]; + size_t finished_size = TLS1_FINISH_MAC_LENGTH; + + if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kGOST18) + finished_size = 32; if (!ssl3_digest_cached_records(s, 0)) { /* SSLfatal() already called */ @@ -630,12 +644,12 @@ size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, if (!tls1_PRF(s, str, slen, hash, hashlen, NULL, 0, NULL, 0, NULL, 0, s->session->master_key, s->session->master_key_length, - out, TLS1_FINISH_MAC_LENGTH, 1)) { + out, finished_size, 1)) { /* SSLfatal() already called */ return 0; } OPENSSL_cleanse(hash, hashlen); - return TLS1_FINISH_MAC_LENGTH; + return finished_size; } int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 416ba28fb6..f3373dc6d5 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1001,6 +1001,21 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) } } } + /* + * As both SSL_PKEY_GOST12_512 and SSL_PKEY_GOST12_256 indices can be used + * with new (aGOST12-only) ciphersuites, we should find out which one is available really. + */ + else if (idx == SSL_PKEY_GOST12_256) { + int real_idx; + + for (real_idx = SSL_PKEY_GOST12_512; real_idx >= SSL_PKEY_GOST12_256; + real_idx--) { + if (s->cert->pkeys[real_idx].privatekey != NULL) { + idx = real_idx; + break; + } + } + } } else { idx = s->cert->key - s->cert->pkeys; } @@ -1794,7 +1809,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) continue; - if ((c->algorithm_mkey & SSL_kGOST) != 0) + if ((c->algorithm_mkey & (SSL_kGOST | SSL_kGOST18)) != 0) break; } if (i == num) diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 9f018ce1ad..72e7b376c0 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -444,6 +444,9 @@ static const ssl_trace_tbl ssl_ciphers_tbl[] = { {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, {0xFF85, "LEGACY-GOST2012-GOST8912-GOST8912"}, {0xFF87, "GOST2012-NULL-GOST12"}, + {0xC100, "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC"}, + {0xC101, "GOST2012-MAGMA-MAGMAOMAC"}, + {0xC102, "GOST2012-GOST8912-IANA"}, }; /* Compression methods */ @@ -593,7 +596,9 @@ static const ssl_trace_tbl ssl_ctype_tbl[] = { {20, "fortezza_dms"}, {64, "ecdsa_sign"}, {65, "rsa_fixed_ecdh"}, - {66, "ecdsa_fixed_ecdh"} + {66, "ecdsa_fixed_ecdh"}, + {67, "gost_sign256"}, + {68, "gost_sign512"}, }; static const ssl_trace_tbl ssl_psk_kex_modes_tbl[] = { @@ -1078,6 +1083,10 @@ static int ssl_get_keyex(const char **pname, const SSL *ssl) *pname = "GOST"; return SSL_kGOST; } + if (alg_k & SSL_kGOST18) { + *pname = "GOST18"; + return SSL_kGOST18; + } *pname = "UNKNOWN"; return 0; } @@ -1124,7 +1133,11 @@ static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl, ssl_print_hex(bio, indent + 2, "GostKeyTransportBlob", msg, msglen); msglen = 0; break; - + case SSL_kGOST18: + ssl_print_hex(bio, indent + 2, + "GOST-wrapped PreMasterSecret", msg, msglen); + msglen = 0; + break; } return !msglen; From openssl at openssl.org Tue May 19 10:39:00 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 19 May 2020 10:39:00 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1589884740.548307.11543.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 4fcd15c18a deprecate EC_POINTs_mul function 06a2027bd5 Update documentation following changes of various types d40b42ab4c Maintain strict type discipline between the core and providers 827f04d510 CORE: Fix a couple of bugs in algorithm_do_this() 0b2b0be948 Test TLSv1.3 out-of-band PSK with all 5 ciphersuites 2e1a4f6aeb Fix crash in early data send with out-of-band PSK using AES CCM 43a70f0202 Fix all MD036 (emphasis used instead of heading) a51f225d0d Add "md-nits" make target 538404d218 Add 'methods' parameter to setup_engine() in apps.c for individual method defaults 8c10e1b660 Clean up macro definitions of openssl_fdset() in apps.h and sockets.h 6d382c74b3 Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c 60d5331350 Nit-fix: remove whitespace in doc/man3/EVP_PKEY_fromdata.pod causing warning db71d31547 Guard use of struct tms with #ifdef __TMS like done earlier in apps/lib/apps.c c6601bd2d7 Build: make apps/progs.c depend on configdata.pm 92dc275f95 SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys 8062724063 Ignore some auto-generated DER files 5d979e0484 Prepare for 3.0 alpha 3 9e8604b891 Prepare for release of 3.0 alpha 2 454afd9866 Update copyright year 11d7d90344 If SOURCE_DATE_EPOCH is defined, use it for copyright year d30ef63964 Correct alignment calculation in ssl3_setup_write 76899264cb Configure: Avoid SIXTY_FOUR_BIT for linux-mips64 64af3aecae dev/release.sh: Add --reviewer to set reviewers 6c3cbc9391 Pass "-z defs" to the linker via "-Wl,-z,defs" rather than with gcc's -z flag (which is not supported by older compilers). Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslprovider.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=197, Tests=1906, 550 wallclock secs ( 6.86 usr 1.65 sys + 521.68 cusr 38.29 csys = 568.48 CPU) Result: FAIL Makefile:3061: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:3059: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue May 19 11:17:16 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 19 May 2020 11:17:16 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1589887036.544579.22733.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 4fcd15c18a deprecate EC_POINTs_mul function 06a2027bd5 Update documentation following changes of various types d40b42ab4c Maintain strict type discipline between the core and providers 827f04d510 CORE: Fix a couple of bugs in algorithm_do_this() 0b2b0be948 Test TLSv1.3 out-of-band PSK with all 5 ciphersuites 2e1a4f6aeb Fix crash in early data send with out-of-band PSK using AES CCM 43a70f0202 Fix all MD036 (emphasis used instead of heading) a51f225d0d Add "md-nits" make target 538404d218 Add 'methods' parameter to setup_engine() in apps.c for individual method defaults 8c10e1b660 Clean up macro definitions of openssl_fdset() in apps.h and sockets.h 6d382c74b3 Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c 60d5331350 Nit-fix: remove whitespace in doc/man3/EVP_PKEY_fromdata.pod causing warning db71d31547 Guard use of struct tms with #ifdef __TMS like done earlier in apps/lib/apps.c c6601bd2d7 Build: make apps/progs.c depend on configdata.pm 92dc275f95 SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys 8062724063 Ignore some auto-generated DER files 5d979e0484 Prepare for 3.0 alpha 3 9e8604b891 Prepare for release of 3.0 alpha 2 454afd9866 Update copyright year 11d7d90344 If SOURCE_DATE_EPOCH is defined, use it for copyright year d30ef63964 Correct alignment calculation in ssl3_setup_write 76899264cb Configure: Avoid SIXTY_FOUR_BIT for linux-mips64 64af3aecae dev/release.sh: Add --reviewer to set reviewers 6c3cbc9391 Pass "-z defs" to the linker via "-Wl,-z,defs" rather than with gcc's -z flag (which is not supported by older compilers). Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1991, 627 wallclock secs ( 7.86 usr 1.35 sys + 590.66 cusr 41.03 csys = 640.90 CPU) Result: FAIL Makefile:3062: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3060: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue May 19 12:32:25 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 19 May 2020 12:32:25 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1589891545.538114.5970.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 4fcd15c18a deprecate EC_POINTs_mul function 06a2027bd5 Update documentation following changes of various types d40b42ab4c Maintain strict type discipline between the core and providers 827f04d510 CORE: Fix a couple of bugs in algorithm_do_this() 0b2b0be948 Test TLSv1.3 out-of-band PSK with all 5 ciphersuites 2e1a4f6aeb Fix crash in early data send with out-of-band PSK using AES CCM 43a70f0202 Fix all MD036 (emphasis used instead of heading) a51f225d0d Add "md-nits" make target 538404d218 Add 'methods' parameter to setup_engine() in apps.c for individual method defaults 8c10e1b660 Clean up macro definitions of openssl_fdset() in apps.h and sockets.h 6d382c74b3 Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c 60d5331350 Nit-fix: remove whitespace in doc/man3/EVP_PKEY_fromdata.pod causing warning db71d31547 Guard use of struct tms with #ifdef __TMS like done earlier in apps/lib/apps.c c6601bd2d7 Build: make apps/progs.c depend on configdata.pm 92dc275f95 SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys 8062724063 Ignore some auto-generated DER files 5d979e0484 Prepare for 3.0 alpha 3 9e8604b891 Prepare for release of 3.0 alpha 2 454afd9866 Update copyright year 11d7d90344 If SOURCE_DATE_EPOCH is defined, use it for copyright year d30ef63964 Correct alignment calculation in ssl3_setup_write 76899264cb Configure: Avoid SIXTY_FOUR_BIT for linux-mips64 64af3aecae dev/release.sh: Add --reviewer to set reviewers 6c3cbc9391 Pass "-z defs" to the linker via "-Wl,-z,defs" rather than with gcc's -z flag (which is not supported by older compilers). Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslprovider.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=197, Tests=1906, 552 wallclock secs ( 6.62 usr 1.59 sys + 523.89 cusr 37.95 csys = 570.05 CPU) Result: FAIL Makefile:3053: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:3051: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue May 19 13:10:39 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 19 May 2020 13:10:39 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1589893839.847789.15364.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 4fcd15c18a deprecate EC_POINTs_mul function 06a2027bd5 Update documentation following changes of various types d40b42ab4c Maintain strict type discipline between the core and providers 827f04d510 CORE: Fix a couple of bugs in algorithm_do_this() 0b2b0be948 Test TLSv1.3 out-of-band PSK with all 5 ciphersuites 2e1a4f6aeb Fix crash in early data send with out-of-band PSK using AES CCM 43a70f0202 Fix all MD036 (emphasis used instead of heading) a51f225d0d Add "md-nits" make target 538404d218 Add 'methods' parameter to setup_engine() in apps.c for individual method defaults 8c10e1b660 Clean up macro definitions of openssl_fdset() in apps.h and sockets.h 6d382c74b3 Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c 60d5331350 Nit-fix: remove whitespace in doc/man3/EVP_PKEY_fromdata.pod causing warning db71d31547 Guard use of struct tms with #ifdef __TMS like done earlier in apps/lib/apps.c c6601bd2d7 Build: make apps/progs.c depend on configdata.pm 92dc275f95 SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys 8062724063 Ignore some auto-generated DER files 5d979e0484 Prepare for 3.0 alpha 3 9e8604b891 Prepare for release of 3.0 alpha 2 454afd9866 Update copyright year 11d7d90344 If SOURCE_DATE_EPOCH is defined, use it for copyright year d30ef63964 Correct alignment calculation in ssl3_setup_write 76899264cb Configure: Avoid SIXTY_FOUR_BIT for linux-mips64 64af3aecae dev/release.sh: Add --reviewer to set reviewers 6c3cbc9391 Pass "-z defs" to the linker via "-Wl,-z,defs" rather than with gcc's -z flag (which is not supported by older compilers). Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_sslprovider.t .............. ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1991, 626 wallclock secs ( 7.86 usr 1.34 sys + 592.86 cusr 40.96 csys = 643.02 CPU) Result: FAIL Makefile:3053: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3051: recipe for target 'tests' failed make: *** [tests] Error 2 From beldmit at gmail.com Tue May 19 13:30:42 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Tue, 19 May 2020 13:30:42 +0000 Subject: [openssl] master update Message-ID: <1589895042.508054.8727.nullmailer@dev.openssl.org> The branch master has been updated via 6b4eb933623ed1d1997732b7e6e081b788cfdd22 (commit) from 5a5530a29abcf5d7ab7194d73b3807d568b06cbd (commit) - Log ----------------------------------------------------------------- commit 6b4eb933623ed1d1997732b7e6e081b788cfdd22 Author: Billy Brumley Date: Sun May 17 16:09:00 2020 +0300 deprecate EC precomputation functionality Reviewed-by: Nicola Tuveri Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/11851) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 7 +++++++ apps/speed.c | 1 - crypto/ec/ec_key.c | 2 ++ crypto/ec/ec_lib.c | 2 ++ doc/man3/EC_KEY_new.pod | 12 +++++++++++- doc/man3/EC_POINT_add.pod | 14 ++++++++------ include/openssl/ec.h | 6 +++--- test/ectest.c | 19 ++++++++++--------- util/libcrypto.num | 6 +++--- 9 files changed, 46 insertions(+), 23 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index bc4f524186..e5731d0e61 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,13 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] +* Deprecated EC_GROUP_precompute_mult(), EC_GROUP_have_precompute_mult(), and + EC_KEY_precompute_mult() These functions are not widely used and applications + should instead switch to named curves which OpenSSL has hardcoded lookup + tables for. + + *Billy Bob Brumley* + * Deprecated EC_POINTs_mul(). This function is not widely used and applications should instead use the L function. diff --git a/apps/speed.c b/apps/speed.c index 89251fd2b5..bd05631f30 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -3049,7 +3049,6 @@ int speed_main(int argc, char **argv) rsa_count = 1; } else { for (i = 0; i < loopargs_len; i++) { - EC_KEY_precompute_mult(loopargs[i].ecdsa[testnum], NULL); /* Perform ECDSA signature test */ EC_KEY_generate_key(loopargs[i].ecdsa[testnum]); st = ECDSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2, diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 421e87d9ee..aae3171907 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -781,12 +781,14 @@ void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) EC_GROUP_set_asn1_flag(key->group, flag); } +#ifndef OPENSSL_NO_DEPRECATED_3_0 int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx) { if (key->group == NULL) return 0; return EC_GROUP_precompute_mult(key->group, ctx); } +#endif int EC_KEY_get_flags(const EC_KEY *key) { diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index cdeffb4207..40cd9a43ee 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1129,6 +1129,7 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, return ret; } +#ifndef OPENSSL_NO_DEPRECATED_3_0 int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { if (group->meth->mul == 0) @@ -1153,6 +1154,7 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *group) return 0; /* cannot tell whether precomputation has * been performed */ } +#endif /* * ec_precompute_mont_data sets |group->mont_data| from |group->order| and diff --git a/doc/man3/EC_KEY_new.pod b/doc/man3/EC_KEY_new.pod index ff4373ea35..e18a3023de 100644 --- a/doc/man3/EC_KEY_new.pod +++ b/doc/man3/EC_KEY_new.pod @@ -40,7 +40,6 @@ EC_KEY objects point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); - int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); int EC_KEY_generate_key(EC_KEY *key); int EC_KEY_check_key(const EC_KEY *key); int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); @@ -56,6 +55,10 @@ EC_KEY objects size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); +Deprecated since OpenSSL 3.0: + + int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + =head1 DESCRIPTION An EC_KEY represents a public key and, optionally, the associated private @@ -136,8 +139,11 @@ EC_KEY_set_asn1_flag() sets the asn1_flag on the underlying EC_GROUP object (if set). Refer to L for further information on the asn1_flag. +Although deprecated in OpenSSL 3.0 and should no longer be used, EC_KEY_precompute_mult() stores multiples of the underlying EC_GROUP generator for faster point multiplication. See also L. +Modern versions should instead switch to named curves which OpenSSL has +hardcoded lookup tables for. EC_KEY_oct2key() and EC_KEY_key2buf() are identical to the functions EC_POINT_oct2point() and EC_KEY_point2buf() except they use the public key @@ -195,6 +201,10 @@ L, L, L +=head1 HISTORY + +EC_KEY_precompute_mult() was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/EC_POINT_add.pod b/doc/man3/EC_POINT_add.pod index 3ac567f815..2423671bab 100644 --- a/doc/man3/EC_POINT_add.pod +++ b/doc/man3/EC_POINT_add.pod @@ -20,13 +20,13 @@ EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_i EC_POINT *points[], BN_CTX *ctx); int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); - int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); - int EC_GROUP_have_precompute_mult(const EC_GROUP *group); - Deprecated since OpenSSL 3.0: +Deprecated since OpenSSL 3.0: int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); + int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + int EC_GROUP_have_precompute_mult(const EC_GROUP *group); =head1 DESCRIPTION @@ -56,8 +56,9 @@ Modern versions should instead use EC_POINT_mul(), combined (if needed) with EC_ The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See L for information -about the generator. - +about the generator. Precomputation functionality was deprecated in OpenSSL 3.0. +Users of EC_GROUP_precompute_mult() and EC_GROUP_have_precompute_mult() should +switch to named curves which OpenSSL has hardcoded lookup tables for. =head1 RETURN VALUES @@ -80,7 +81,8 @@ L, L =head1 HISTORY -EC_POINTs_mul() was deprecated in OpenSSL 3.0. +EC_POINTs_mul(), EC_GROUP_precompute_mult(), and EC_GROUP_have_precompute_mult() +were deprecated in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 703fc1cd40..f05122b374 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -797,13 +797,13 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +DEPRECATEDIN_3_0(int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)) /** Reports whether a precomputation has been done * \param group EC_GROUP object * \return 1 if a pre-computation has been done and 0 otherwise */ -int EC_GROUP_have_precompute_mult(const EC_GROUP *group); +DEPRECATEDIN_3_0(int EC_GROUP_have_precompute_mult(const EC_GROUP *group)) /********************************************************************/ /* ASN1 stuff */ @@ -991,7 +991,7 @@ void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred. */ -int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); +DEPRECATEDIN_3_0(int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx)) /** Creates a new ec private (and optional a new public) key. * \param key EC_KEY object diff --git a/test/ectest.c b/test/ectest.c index bbcd9677d5..f4ccdfb4c1 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -9,7 +9,8 @@ */ /* - * We need access to the deprecated EC_POINTs_mul for testing purposes + * We need access to the deprecated EC_POINTs_mul, EC_GROUP_precompute_mult, + * and EC_GROUP_have_precompute_mult for testing purposes * when the deprecated calls are not hidden */ #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -58,7 +59,9 @@ static int group_order_tests(EC_GROUP *group) if (!TEST_true(EC_GROUP_get_order(group, order, ctx)) || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) || !TEST_true(EC_POINT_is_at_infinity(group, Q)) +# ifndef OPENSSL_NO_DEPRECATED_3_0 || !TEST_true(EC_GROUP_precompute_mult(group, ctx)) +# endif || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) || !TEST_true(EC_POINT_is_at_infinity(group, Q)) || !TEST_true(EC_POINT_copy(P, G)) @@ -1388,16 +1391,14 @@ static int nistp_single_test(int idx) /* random point multiplication */ EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - - /* - * We have not performed precomputation so have_precompute mult should be - * false - */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 + /* We have not performed precomp so this should be false */ || !TEST_false(EC_GROUP_have_precompute_mult(NISTP)) - - /* now repeat all tests with precomputation */ + /* now repeat all tests with precomputation */ || !TEST_true(EC_GROUP_precompute_mult(NISTP, ctx)) - || !TEST_true(EC_GROUP_have_precompute_mult(NISTP))) + || !TEST_true(EC_GROUP_have_precompute_mult(NISTP)) +# endif + ) goto err; /* fixed point multiplication */ diff --git a/util/libcrypto.num b/util/libcrypto.num index ef0b76b1a9..8882f0480d 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -1106,7 +1106,7 @@ EXTENDED_KEY_USAGE_it 1132 3_0_0 EXIST::FUNCTION: EVP_CipherInit 1133 3_0_0 EXIST::FUNCTION: PKCS12_add_safe 1134 3_0_0 EXIST::FUNCTION: ENGINE_get_digest 1135 3_0_0 EXIST::FUNCTION:ENGINE -EC_GROUP_have_precompute_mult 1136 3_0_0 EXIST::FUNCTION:EC +EC_GROUP_have_precompute_mult 1136 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC OPENSSL_gmtime 1137 3_0_0 EXIST::FUNCTION: X509_set_issuer_name 1138 3_0_0 EXIST::FUNCTION: RSA_new 1139 3_0_0 EXIST::FUNCTION:RSA @@ -1232,7 +1232,7 @@ OPENSSL_sk_shift 1259 3_0_0 EXIST::FUNCTION: i2d_X509_REVOKED 1260 3_0_0 EXIST::FUNCTION: CMS_sign 1261 3_0_0 EXIST::FUNCTION:CMS X509_STORE_add_cert 1262 3_0_0 EXIST::FUNCTION: -EC_GROUP_precompute_mult 1263 3_0_0 EXIST::FUNCTION:EC +EC_GROUP_precompute_mult 1263 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC d2i_DISPLAYTEXT 1265 3_0_0 EXIST::FUNCTION: HMAC_CTX_copy 1266 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 CRYPTO_gcm128_init 1267 3_0_0 EXIST::FUNCTION: @@ -2786,7 +2786,7 @@ ASN1_TYPE_set1 2846 3_0_0 EXIST::FUNCTION: d2i_X509_CRL_bio 2847 3_0_0 EXIST::FUNCTION: PKCS12_SAFEBAG_get1_cert 2848 3_0_0 EXIST::FUNCTION: ASN1_UNIVERSALSTRING_free 2849 3_0_0 EXIST::FUNCTION: -EC_KEY_precompute_mult 2850 3_0_0 EXIST::FUNCTION:EC +EC_KEY_precompute_mult 2850 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC CRYPTO_mem_debug_realloc 2851 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0 PKCS7_new 2852 3_0_0 EXIST::FUNCTION: BASIC_CONSTRAINTS_it 2853 3_0_0 EXIST::FUNCTION: From tmraz at fedoraproject.org Tue May 19 13:31:46 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Tue, 19 May 2020 13:31:46 +0000 Subject: [openssl] master update Message-ID: <1589895106.711259.11639.nullmailer@dev.openssl.org> The branch master has been updated via fe92150d69fe475e94d0adbcbf77a07d21af3dae (commit) from 6b4eb933623ed1d1997732b7e6e081b788cfdd22 (commit) - Log ----------------------------------------------------------------- commit fe92150d69fe475e94d0adbcbf77a07d21af3dae Author: Norm Green Date: Mon May 11 17:22:47 2020 -0700 Add missing pragma weak declaration to lhash.h The missing symbol caused a linker failure on solaris x86_64. Fixes #11796 Reviewed-by: Matthias St. Pierre Reviewed-by: Nicola Tuveri Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11798) ----------------------------------------------------------------------- Summary of changes: include/openssl/lhash.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h index d3f064a8d0..5ad9b16ab2 100644 --- a/include/openssl/lhash.h +++ b/include/openssl/lhash.h @@ -230,6 +230,7 @@ DEFINE_LHASH_OF(OPENSSL_CSTRING); */ # ifdef __SUNPRO_C # pragma weak OPENSSL_LH_new +# pragma weak OPENSSL_LH_flush # pragma weak OPENSSL_LH_free # pragma weak OPENSSL_LH_insert # pragma weak OPENSSL_LH_delete From tmraz at fedoraproject.org Tue May 19 14:06:56 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Tue, 19 May 2020 14:06:56 +0000 Subject: [openssl] master update Message-ID: <1589897216.518956.18065.nullmailer@dev.openssl.org> The branch master has been updated via fb420afc878fa38a5d8cf22e25cf7d438d39987a (commit) via d03b3158c532bcb3fcde83c66ee9b4858d42621c (commit) via eaf8ec1a03c5a034f43208d055b72d771ad134c3 (commit) via ca17a6ec5632dcae63f408c4bd9acb6d92d03936 (commit) from fe92150d69fe475e94d0adbcbf77a07d21af3dae (commit) - Log ----------------------------------------------------------------- commit fb420afc878fa38a5d8cf22e25cf7d438d39987a Author: Rich Salz Date: Fri Apr 24 10:48:51 2020 -0400 Use {module,install}-mac, not -checksum As the documentation points out, these fipsmodule.cnf fields are a MAC, not a digest or checksum. Rename them to be correct. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11369) commit d03b3158c532bcb3fcde83c66ee9b4858d42621c Author: Rich Salz Date: Fri Mar 20 11:10:15 2020 -0400 Revise fips_install.pod Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11369) commit eaf8ec1a03c5a034f43208d055b72d771ad134c3 Author: Rich Salz Date: Thu Mar 19 21:53:11 2020 -0400 Revise x509v3_config.pod Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11369) commit ca17a6ec5632dcae63f408c4bd9acb6d92d03936 Author: Rich Salz Date: Thu Mar 19 10:19:41 2020 -0400 Revise fips_config.pod Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11369) ----------------------------------------------------------------------- Summary of changes: doc/man1/openssl-fipsinstall.pod.in | 48 ++-- doc/man5/fips_config.pod | 48 ++-- doc/man5/x509v3_config.pod | 523 +++++++++++++++++++----------------- include/openssl/fips_names.h | 4 +- 4 files changed, 326 insertions(+), 297 deletions(-) diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in index 1d1cdea715..7675e5e397 100644 --- a/doc/man1/openssl-fipsinstall.pod.in +++ b/doc/man1/openssl-fipsinstall.pod.in @@ -25,20 +25,26 @@ B =head1 DESCRIPTION This command is used to generate a FIPS module configuration file. +This configuration file can be used each time a FIPS module is loaded +in order to pass data to the FIPS module self tests. The FIPS module always +verifies its MAC, but only needs to run the KAT's once, +at installation. + The generated configuration file consists of: =over 4 -=item - A mac of the FIPS module file. +=item - A MAC of the FIPS module file. + +=item - A test status indicator. -=item - A status indicator that indicates if the known answer Self Tests (KAT's) -have successfully run. +This indicates if the Known Answer Self Tests (KAT's) have successfully run. + +=item - A MAC of the status indicator. =back -This configuration file can be used each time a FIPS module is loaded -in order to pass data to the FIPS modules self tests. The FIPS module always -verifies the modules MAC, but only needs to run the KATS once during install. +This file is described in L. =head1 OPTIONS @@ -50,32 +56,36 @@ Print a usage message. =item B<-module> I -Filename of a fips module to perform an integrity check on. +Filename of the FIPS module to perform an integrity check on. =item B<-out> I -Filename to output the configuration data to, or standard output by default. +Filename to output the configuration data to; the default is standard output. =item B<-in> I -Input filename to load configuration data from. Used with the '-verify' option. -Standard input is used if the filename is '-'. +Input filename to load configuration data from. Used with the B<-verify> option. +Standard input is used if the filename is C<->. =item B<-verify> -Verify that the input configuration file contains the correct information +Verify that the input configuration file contains the correct information. =item B<-provider_name> I Name of the provider inside the configuration file. +This must be specified. =item B<-section_name> I Name of the section inside the configuration file. +This must be specified. =item B<-mac_name> I Specifies the name of a supported MAC algorithm which will be used. +The MAC mechanisms that are available will depend on the options +used when building OpenSSL. To see the list of supported MAC's use the command C. The default is B. @@ -122,10 +132,10 @@ Do not output pass/fail messages. Implies B<-noout>. =item B<-corrupt_desc> I, B<-corrupt_type> I -The corrupt options can be used to test failure of one or more self test(s) by +The corrupt options can be used to test failure of one or more self tests by name. -Either option or both may be used to select the self test(s) to corrupt. -Refer to the entries for "st-desc" and "st-type" in L for +Either option or both may be used to select the tests to corrupt. +Refer to the entries for B and B in L for values that can be used. =back @@ -145,18 +155,12 @@ Verify that the configuration file F contains the correct info: -section_name fips_install -mac_name HMAC -macopt digest:SHA256 \ -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 -verify -Corrupt any self tests which have the description 'SHA1': +Corrupt any self tests which have the description C: openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \ -section_name fipsinstall -mac_name HMAC -macopt digest:SHA256 \ -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \ - -corrupt_desc', 'SHA1' - -=head1 NOTES - -The MAC mechanisms that are available will depend on the options -used when building OpenSSL. -The command C command can be used to list them. + -corrupt_desc 'SHA1' =head1 SEE ALSO diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod index 0fb7e3ef1e..e589aa3d95 100644 --- a/doc/man5/fips_config.pod +++ b/doc/man5/fips_config.pod @@ -6,26 +6,36 @@ fips_config - OpenSSL FIPS configuration =head1 DESCRIPTION -A separate configuration file containing data related to FIPS 'self tests' is -written to during installation time. -This data is used for 2 purposes when the fips module is loaded: +A separate configuration file, using the OpenSSL L syntax, +is used to hold information about the FIPS module. This includes a digest +of the shared library file, and status about the self-testing. +This data is used automatically by the module itself for two +purposes: =over 4 -=item - Verify the module's checksum each time the fips module loads. +=item - Run the startup FIPS self-test known answer tests (KATS). -=item - Run the startup FIPS self test KATS (known answer tests). -This only needs to be run once during installation. +This is done once, at installation time. + +=item - Verify the module's checksum. + +This is done each time the module is used. =back -The supported options are: +This file is generated by the L program, and +used internally by the FIPS module during its initialization. + +The following options are supported. They should all appear in a section +whose name is identified by the B option in the B +section, as desribed in L. =over 4 -=item B +=item B -The calculated MAC of the module file +The calculated MAC of the FIPS provider file. =item B @@ -33,26 +43,26 @@ A version number for the fips install process. Should be 1. =item B -The install status indicator description that will be verified. -If this field is not present the FIPS self tests will run when the fips module -loads. -This value should only be written to after the FIPS module has +An indicator that the self-tests were run. +This should only be written after the module has successfully passed its self tests during installation. +If this field is not present, then the self tests will run when the module +loads. -=item B +=item B -The calculated MAC of the install status indicator. -It is initially empty and is written to at the same time as the install_status. +A MAC of the value of the B option, to prevent accidental +changes to that value. +It is written-to at the same time as B is updated. =back For example: [fips_install] - install-version = 1 - module-checksum = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC - install-checksum = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C + module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC + install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C install-status = INSTALL_SELF_TEST_KATS_RUN =head1 SEE ALSO diff --git a/doc/man5/x509v3_config.pod b/doc/man5/x509v3_config.pod index 2d37573504..88a336c3b4 100644 --- a/doc/man5/x509v3_config.pod +++ b/doc/man5/x509v3_config.pod @@ -6,112 +6,148 @@ x509v3_config - X509 V3 certificate extension configuration format =head1 DESCRIPTION -Several of the OpenSSL utilities can add extensions to a certificate or +Several OpenSSL commands can add extensions to a certificate or certificate request based on the contents of a configuration file. +The syntax of this file is described in L. +The commands typically have an option to specify the name of the configuration +file, and a section within that file; see the documentation of the +individual command for details. -Typically the application will contain an option to point to an extension -section. Each line of the extension section takes the form: +This page uses B as the name of the section, when needed +in examples. - extension_name=[critical,] extension_options +Each entry in the extension section takes the form: -If B is present then the extension will be critical. + name = [critical, ]value(s) -The format of B depends on the value of B. +If B is present then the extension will be marked as critical. -There are four main types of extension: I extensions, I -extensions, I and I extensions. +The format of B depends on the value of B, many have a +type-value pairing where the type and value are separated by a colon. +There are four main types of extension: -String extensions simply have a string which contains either the value itself -or how it is obtained. + string + multi-valued + raw + arbitrary -For example: +Each is described in the following paragraphs. - nsComment="This is a Comment" +String extensions simply have a string which contains either the value itself +or how it is obtained. Multi-valued extensions have a short form and a long form. The short form -is a list of names and values: +is a commma-separated list of names and values: - basicConstraints=critical,CA:true,pathlen:1 + basicConstraints = critical, CA:true, pathlen:1 The long form allows the values to be placed in a separate section: - basicConstraints=critical, at bs_section - - [bs_section] + [extensions] + basicConstraints = critical, @basic_constraints - CA=true - pathlen=1 + [basic_constraints] + CA = true + pathlen = 1 Both forms are equivalent. -The syntax of raw extensions is governed by the extension code: it can -for example contain data in multiple sections. The correct syntax to -use is defined by the extension code itself: check out the certificate -policies extension for an example. +If an extension is multi-value and a field value must contain a comma the long +form must be used otherwise the comma would be misinterpreted as a field +separator. For example: + + subjectAltName = URI:ldap://somehost.com/CN=foo,OU=bar + +will produce an error but the equivalent form: + + [extensions] + subjectAltName = @subject_alt_section + + [subject_alt_section] + subjectAltName = URI:ldap://somehost.com/CN=foo,OU=bar + +is valid. + +OpenSSL does not support multiple occurences of the same field within a +section. In this example: + + [extensions] + subjectAltName = @alt_section + + [alt_section] + email = steve at here + email = steve at there + +will only recognize the last value. To specify multiple values append a +numeric identifier, as shown here: + + [extensions] + subjectAltName = @alt_section + + [alt_section] + email.1 = steve at here + email.2 = steve at there + +The syntax of raw extensions is defined by the source code that parses +the extension but should be documened. +See L for an example of a raw extension. -If an extension type is unsupported then the I extension syntax +If an extension type is unsupported, then the I extension syntax must be used, see the L section for more details. =head1 STANDARD EXTENSIONS -The following sections describe each supported extension in detail. +The following sections describe the syntax of each supported extension. +They do not define the semantics of the extension. =head2 Basic Constraints -This is a multi valued extension which indicates whether a certificate is -a CA certificate. The first (mandatory) name is B followed by B or +This is a multi-valued extension which indicates whether a certificate is +a CA certificate. The first value is B followed by B or B. If B is B then an optional B name followed by a non-negative value can be included. For example: - basicConstraints=CA:TRUE + basicConstraints = CA:TRUE - basicConstraints=CA:FALSE + basicConstraints = CA:FALSE - basicConstraints=critical,CA:TRUE, pathlen:0 - -A CA certificate B include the basicConstraints value with the CA field -set to TRUE. An end user certificate must either set CA to FALSE or exclude the -extension entirely. Some software may require the inclusion of basicConstraints -with CA set to FALSE for end entity certificates. - -The pathlen parameter indicates the maximum number of CAs that can appear -below this one in a chain. So if you have a CA with a pathlen of zero it can -only be used to sign end user certificates and not further CAs. + basicConstraints = critical, CA:TRUE, pathlen:1 +A CA certificate I include the B name with the B +parameter set to B. An end-user certificate must either have B +or omit the extension entirely. +The B parameter specifies the maximum number of CAs that can appear +below this one in a chain. A B of zero means the CA cannot sign +any sub-CA's, and can only sign end-entity certificates. =head2 Key Usage -Key usage is a multi valued extension consisting of a list of names of the -permitted key usages. - -The supported names are: digitalSignature, nonRepudiation, keyEncipherment, -dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly -and decipherOnly. +Key usage is a multi-valued extension consisting of a list of names of +the permitted key usages. The defined values are: C, +C, C, C, C, +C, C, C, and C. Examples: - keyUsage=digitalSignature, nonRepudiation - - keyUsage=critical, keyCertSign + keyUsage = digitalSignature, nonRepudiation + keyUsage = critical, keyCertSign =head2 Extended Key Usage -This extensions consists of a list of usages indicating purposes for which -the certificate public key can be used for, - -These can either be object short names or the dotted numerical form of OIDs. -While any OID can be used only certain values make sense. In particular the -following PKIX, NS and MS values are meaningful: +This extension consists of a list of values indicating purposes for which +the certificate public key can be used for, Each value can be either a +short text name or an OID. +The following text names, and their intended meaning, are known: Value Meaning ----- ------- - serverAuth SSL/TLS Web Server Authentication. - clientAuth SSL/TLS Web Client Authentication. - codeSigning Code signing. - emailProtection E-mail Protection (S/MIME). + serverAuth SSL/TLS Web Server Authentication + clientAuth SSL/TLS Web Client Authentication + codeSigning Code signing + emailProtection E-mail Protection (S/MIME) timeStamping Trusted Timestamping OCSPSigning OCSP Signing ipsecIKE ipsec Internet Key Exchange @@ -122,242 +158,267 @@ following PKIX, NS and MS values are meaningful: Examples: - extendedKeyUsage=critical,codeSigning,1.2.3.4 - extendedKeyUsage=serverAuth,clientAuth + extendedKeyUsage = critical, codeSigning, 1.2.3.4 + extendedKeyUsage = serverAuth, clientAuth =head2 Subject Key Identifier -This is really a string extension and can take two possible values. Either -the word B which will automatically follow the guidelines in RFC3280 -or a hex string giving the extension value to include. The use of the hex -string is strongly discouraged. +This is a string extension with one of two legal values. If it is the word +B, then OpenSSL will follow the process in RFC 5280 to calculate the +hash value. +Otherwise, the value should be a hex string to output directly, however this +is strongly discouraged. Example: - subjectKeyIdentifier=hash - + subjectKeyIdentifier = hash =head2 Authority Key Identifier -The authority key identifier extension permits two options. keyid and issuer: -both can take the optional value "always". - -If the keyid option is present an attempt is made to copy the subject key -identifier from the parent certificate. If the value "always" is present -then an error is returned if the option fails. +This extension has two options, B and B. Either or both +can have the value B, indicated by putting a colon between +the option and its value. -The issuer option copies the issuer and serial number from the issuer -certificate. This will only be done if the keyid option fails or -is not included unless the "always" flag will always include the value. +If B is present, than an attempt is made to copy the subject key +identifier from the parent certificate. If the value B is present, +then an error can be returned if the option fails. If B is present, +an attempt is made to copy the issuer and serial number from the parent +certificate. This is done if the B option fails, or if B +has B specified. -Example: +Examples: - authorityKeyIdentifier=keyid,issuer + authorityKeyIdentifier = keyid, issuer + authorityKeyIdentifier = keyid, issuer:always =head2 Subject Alternative Name -The subject alternative name extension allows various literal values to be -included in the configuration file. These include B (an email address) -B a uniform resource indicator, B (a DNS domain name), B (a -registered ID: OBJECT IDENTIFIER), B (an IP address), B -(a distinguished name) and otherName. - -The email option include a special 'copy' value. This will automatically +This is a multi-valued extension that supports several types of name +identifier, including +B (an email address), +B (a uniform resource indicator), +B (a DNS domain name), +B (a registered ID: OBJECT IDENTIFIER), +B (an IP address), +B (a distinguished name), +and B. +The syntax of each is described in the following paragraphs. + +The B option has a special C value, which will automatically include any email addresses contained in the certificate subject name in the extension. -The IP address used in the B options can be in either IPv4 or IPv6 format. +The IP address used in the B option can be in either IPv4 or IPv6 format. -The value of B should point to a section containing the distinguished -name to use as a set of name value pairs. Multi values AVAs can be formed by -prefacing the name with a B<+> character. +The value of B is specifies the configuration section containing +the distinguished name to use, as a set of name-value pairs. +Multi-valued AVAs can be formed by prefacing the name with a B<+> character. -otherName can include arbitrary data associated with an OID: the value -should be the OID followed by a semicolon and the content in standard -L format. +The value of B can include arbitrary data associated with an OID; +the value should be the OID followed by a semicolon and the content in specified +using the syntax in L. Examples: - subjectAltName=email:copy,email:my at other.address,URI:http://my.url.here/ - subjectAltName=IP:192.168.7.1 - subjectAltName=IP:13::17 - subjectAltName=email:my at other.address,RID:1.2.3.4 - subjectAltName=otherName:1.2.3.4;UTF8:some other identifier + subjectAltName = email:copy, email:my at other.address, URI:http://my.url.here/ - subjectAltName=dirName:dir_sect + subjectAltName = IP:192.168.7.1 - [dir_sect] - C=UK - O=My Organization - OU=My Unit - CN=My Name + subjectAltName = IP:13::17 + + subjectAltName = email:my at other.address, RID:1.2.3.4 + + subjectAltName = otherName:1.2.3.4;UTF8:some other identifier + [extensions] + subjectAltName = dirName:dir_sect + + [dir_sect] + C = UK + O = My Organization + OU = My Unit + CN = My Name =head2 Issuer Alternative Name -The issuer alternative name option supports all the literal options of -subject alternative name. It does B support the email:copy option because -that would not make sense. It does support an additional issuer:copy option -that will copy all the subject alternative name values from the issuer -certificate (if possible). +This extension supports most of the options of subject alternative name; +it does not support B. +It also adds B as an allowed value, which copies any subject +alternative names from the issuer certificate, if possible. Example: issuerAltName = issuer:copy - =head2 Authority Info Access -The authority information access extension gives details about how to access -certain information relating to the CA. Its syntax is accessOID;location -where I has the same syntax as subject alternative name (except -that email:copy is not supported). accessOID can be any valid OID but only -certain values are meaningful, for example OCSP and caIssuers. +This extension gives details about how to retrieve information that +related to the certificate that the CA makes available. The syntax is +B, where B is an object identifier +(although only a few values are well-known) and B has the same +syntax as subject alternative name (except that B is not supported). -Example: +Examples: authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ - authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html - =head2 CRL distribution points -This is a multi-valued extension whose options can be either in name:value pair -using the same form as subject alternative name or a single value representing -a section name containing all the distribution point fields. +This is a multi-valued extension whose values can be either a name-value +pair using the same form as subject alternative name or a single value +specifying the section name containing all the distribution point values. + +When a name-value pair is used, a DistributionPoint extension will +be set with the given value as the fullName field as the distributionPoint +value, and the reasons and cRLIssuer fields will be omitted. + +When a single option is used, the value specifies the section, and that +section can have the following items: + +=over 4 + +=item fullname + +The full name of the distribution point, in the same format as the subject +alternative name. + +=item relativename -For a name:value pair a new DistributionPoint with the fullName field set to -the given value both the cRLissuer and reasons fields are omitted in this case. +The value is taken as a distinguished name fragment that is set as the +value of the nameRelativeToCRLIssuer field. -In the single option case the section indicated contains values for each -field. In this section: +=item CRLIssuer -If the name is "fullname" the value field should contain the full name -of the distribution point in the same format as subject alternative name. +The value must in the same format as the subject alternative name. -If the name is "relativename" then the value field should contain a section -name whose contents represent a DN fragment to be placed in this field. +=item reasons -The name "CRLIssuer" if present should contain a value for this field in -subject alternative name format. +A multi-value field that contains the reasons for revocation. The recognized +values are: C, C, C, +C, C, C, +C, and C. -If the name is "reasons" the value field should consist of a comma -separated field containing the reasons. Valid reasons are: "keyCompromise", -"CACompromise", "affiliationChanged", "superseded", "cessationOfOperation", -"certificateHold", "privilegeWithdrawn" and "AACompromise". +=back +Only one of B or B should be specified. Simple examples: - crlDistributionPoints=URI:http://myhost.com/myca.crl - crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl + crlDistributionPoints = URI:http://myhost.com/myca.crl + + crlDistributionPoints = URI:http://my.com/my.crl, URI:http://oth.com/my.crl Full distribution point example: - crlDistributionPoints=crldp1_section + [extensions] + crlDistributionPoints = crldp1_section [crldp1_section] - - fullname=URI:http://myhost.com/myca.crl - CRLissuer=dirName:issuer_sect - reasons=keyCompromise, CACompromise + fullname = URI:http://myhost.com/myca.crl + CRLissuer = dirName:issuer_sect + reasons = keyCompromise, CACompromise [issuer_sect] - C=UK - O=Organisation - CN=Some Name + C = UK + O = Organisation + CN = Some Name =head2 Issuing Distribution Point -This extension should only appear in CRLs. It is a multi valued extension +This extension should only appear in CRLs. It is a multi-valued extension whose syntax is similar to the "section" pointed to by the CRL distribution -points extension with a few differences. +points extension. The following names have meaning: -The names "reasons" and "CRLissuer" are not recognized. +=over 4 -The name "onlysomereasons" is accepted which sets this field. The value is -in the same format as the CRL distribution point "reasons" field. +=item fullname -The names "onlyuser", "onlyCA", "onlyAA" and "indirectCRL" are also accepted -the values should be a boolean value (TRUE or FALSE) to indicate the value of -the corresponding field. +The full name of the distribution point, in the same format as the subject +alternative name. -Example: +=item relativename - issuingDistributionPoint=critical, @idp_section +The value is taken as a distinguished name fragment that is set as the +value of the nameRelativeToCRLIssuer field. - [idp_section] +=item onlysomereasons - fullname=URI:http://myhost.com/myca.crl - indirectCRL=TRUE - onlysomereasons=keyCompromise, CACompromise +A multi-value field that contains the reasons for revocation. The recognized +values are: C, C, C, +C, C, C, +C, and C. - [issuer_sect] - C=UK - O=Organisation - CN=Some Name +=item onlyuser, onlyCA, onlyAA, indirectCRL + +The value for each of these names is a boolean. +=back + +Example: + + [extensions] + issuingDistributionPoint = critical, @idp_section + + [idp_section] + fullname = URI:http://myhost.com/myca.crl + indirectCRL = TRUE + onlysomereasons = keyCompromise, CACompromise =head2 Certificate Policies -This is a I extension. All the fields of this extension can be set by -using the appropriate syntax. +This is a I extension that supports all of the defined fields of the +certificate extension. -If you follow the PKIX recommendations and just using one OID then you just -include the value of that OID. Multiple OIDs can be set separated by commas, -for example: +Policies without qualifiers are specified by giving the OID. +Multiple policies are comma-separated. For example: - certificatePolicies= 1.2.4.5, 1.1.3.4 + certificatePolicies = 1.2.4.5, 1.1.3.4 -If you wish to include qualifiers then the policy OID and qualifiers need to -be specified in a separate section: this is done by using the @section syntax -instead of a literal OID value. +To include policy qualifiers, use the "@section" syntax to point to a +section that specifies all the information. The section referred to must include the policy OID using the name -policyIdentifier, cPSuri qualifiers can be included using the syntax: +B. cPSuri qualifiers can be included using the syntax: + + CPS.nnn = value - CPS.nnn=value +where C is a number. userNotice qualifiers can be set using the syntax: - userNotice.nnn=@notice + userNotice.nnn = @notice The value of the userNotice qualifier is specified in the relevant section. -This section can include explicitText, organization and noticeNumbers +This section can include B, B, and B options. explicitText and organization are text strings, noticeNumbers is a comma separated list of numbers. The organization and noticeNumbers options -(if included) must BOTH be present. If you use the userNotice option with IE5 -then you need the 'ia5org' option at the top level to modify the encoding: -otherwise it will not be interpreted properly. +(if included) must BOTH be present. Some software might require +the B option at the top level; this changes the encoding from +Displaytext to IA5String. Example: - certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8, at polsect + [extensions] + certificatePolicies = ia5org, 1.2.3.4, 1.5.6.7.8, @polsect [polsect] - policyIdentifier = 1.3.5.8 - CPS.1="http://my.host.name/" - CPS.2="http://my.your.name/" - userNotice.1=@notice + CPS.1 = "http://my.host.name/" + CPS.2 = "http://my.your.name/" + userNotice.1 = @notice [notice] + explicitText = "Explicit Text Here" + organization = "Organisation Name" + noticeNumbers = 1, 2, 3, 4 - explicitText="Explicit Text Here" - organization="Organisation Name" - noticeNumbers=1,2,3,4 - -The B option changes the type of the I field. In RFC2459 -it can only be of type DisplayText. In RFC3280 IA5String is also permissible. -Some software (for example some versions of MSIE) may require ia5org. - -ASN1 type of explicitText can be specified by prepending B, -B or B prefix followed by colon. For example: +The character encoding of explicitText can be specified by prefixing the +value with B, B, or B followed by colon. For example: [notice] - explicitText="UTF8:Explicit Text Here" + explicitText = "UTF8:Explicit Text Here" =head2 Policy Constraints @@ -369,7 +430,6 @@ Example: policyConstraints = requireExplicitPolicy:3 - =head2 Inhibit Any Policy This is a string extension whose value must be a non negative integer. @@ -378,33 +438,31 @@ Example: inhibitAnyPolicy = 2 - =head2 Name Constraints -The name constraints extension is a multi-valued extension. The name should +This is a multi-valued extension. The name should begin with the word B or B followed by a B<;>. The rest of -the name and the value follows the syntax of subjectAltName except email:copy +the name and the value follows the syntax of subjectAltName except +B is not supported and the B form should consist of an IP addresses and subnet mask separated by a B. Examples: - nameConstraints=permitted;IP:192.168.0.0/255.255.0.0 - - nameConstraints=permitted;email:.somedomain.com + nameConstraints = permitted;IP:192.168.0.0/255.255.0.0 - nameConstraints=excluded;email:.com + nameConstraints = permitted;email:.somedomain.com + nameConstraints = excluded;email:.com =head2 OCSP No Check -The OCSP No Check extension is a string extension but its value is ignored. +This is a string extension. It is parsed, but ignored. Example: noCheck = ignored - =head2 TLS Feature (aka Must Staple) This is a multi-valued extension consisting of a list of TLS extension @@ -418,7 +476,6 @@ Example: tlsfeature = status_request - =head1 DEPRECATED EXTENSIONS The following extensions are non standard, Netscape specific and largely @@ -428,16 +485,10 @@ obsolete. Their use in new applications is discouraged. Netscape Comment (B) is a string extension containing a comment which will be displayed when the certificate is viewed in some browsers. - -Example: - - nsComment = "Some Random Comment" - -Other supported extensions in this category are: B, +Other extensions of this type are: B, B, B, B, B and B. - =head2 Netscape Certificate Type This is a multi-valued extensions which consists of a list of flags to be @@ -448,7 +499,6 @@ now used instead. Acceptable values for nsCertType are: B, B, B, B, B, B, B, B. - =head1 ARBITRARY EXTENSIONS If an extension is not supported by the OpenSSL code then it must be encoded @@ -462,26 +512,25 @@ The first way is to use the word ASN1 followed by the extension content using the same syntax as L. For example: - 1.2.3.4=critical,ASN1:UTF8String:Some random data - - 1.2.3.4=ASN1:SEQUENCE:seq_sect + [extensions] + 1.2.3.4 = critical, ASN1:UTF8String:Some random data + 1.2.3.4.1 = ASN1:SEQUENCE:seq_sect [seq_sect] - field1 = UTF8:field1 field2 = UTF8:field2 It is also possible to use the word DER to include the raw encoded data in any extension. - 1.2.3.4=critical,DER:01:02:03:04 - 1.2.3.4=DER:01020304 + 1.2.3.4 = critical, DER:01:02:03:04 + 1.2.3.4.1 = DER:01020304 The value following DER is a hex dump of the DER encoding of the extension Any extension can be placed in this form to override the default behaviour. For example: - basicConstraints=critical,DER:00:01:02:03 + basicConstraints = critical, DER:00:01:02:03 =head1 WARNINGS @@ -491,41 +540,7 @@ purposes prohibited by their extensions because a specific application does not recognize or honour the values of the relevant extensions. The DER and ASN1 options should be used with caution. It is possible to create -totally invalid extensions if they are not used carefully. - -=head1 NOTES - -If an extension is multi-value and a field value must contain a comma the long -form must be used otherwise the comma would be misinterpreted as a field -separator. For example: - - subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar - -will produce an error but the equivalent form: - - subjectAltName=@subject_alt_section - - [subject_alt_section] - subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar - -is valid. - -Due to the behaviour of the OpenSSL B library the same field name -can only occur once in a section. This means that: - - subjectAltName=@alt_section - - [alt_section] - - email=steve at here - email=steve at there - -will only recognize the last value. This can be worked around by using the form: - - [alt_section] - - email.1=steve at here - email.2=steve at there +invalid extensions if they are not used carefully. =head1 SEE ALSO diff --git a/include/openssl/fips_names.h b/include/openssl/fips_names.h index aeb9670d15..1546b11ff7 100644 --- a/include/openssl/fips_names.h +++ b/include/openssl/fips_names.h @@ -22,7 +22,7 @@ extern "C" { * The calculated MAC of the module file (Used for FIPS Self Testing) * Type: OSSL_PARAM_UTF8_STRING */ -# define OSSL_PROV_FIPS_PARAM_MODULE_MAC "module-checksum" +# define OSSL_PROV_FIPS_PARAM_MODULE_MAC "module-mac" /* * A version number for the fips install process (Used for FIPS Self Testing) * Type: OSSL_PARAM_UTF8_STRING @@ -32,7 +32,7 @@ extern "C" { * The calculated MAC of the install status indicator (Used for FIPS Self Testing) * Type: OSSL_PARAM_UTF8_STRING */ -# define OSSL_PROV_FIPS_PARAM_INSTALL_MAC "install-checksum" +# define OSSL_PROV_FIPS_PARAM_INSTALL_MAC "install-mac" /* * The install status indicator (Used for FIPS Self Testing) * Type: OSSL_PARAM_UTF8_STRING From beldmit at gmail.com Tue May 19 16:05:53 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Tue, 19 May 2020 16:05:53 +0000 Subject: [openssl] master update Message-ID: <1589904353.700740.7622.nullmailer@dev.openssl.org> The branch master has been updated via e638112e15c63bfb4ab9bf5af66aa439e5983f23 (commit) via 09b90e0ed7915809fcd4ee1e250d881b77d06d45 (commit) from fb420afc878fa38a5d8cf22e25cf7d438d39987a (commit) - Log ----------------------------------------------------------------- commit e638112e15c63bfb4ab9bf5af66aa439e5983f23 Author: Dmitry Belyavskiy Date: Fri May 15 23:03:41 2020 +0300 Test for the SSL_OP_IGNORE_UNEXPECTED_EOF option Reviewed-by: Matt Caswell Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11735) commit 09b90e0ed7915809fcd4ee1e250d881b77d06d45 Author: Dmitry Belyavskiy Date: Tue May 5 16:20:42 2020 +0300 Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF Partially fixes #11209. Before OpenSSL 3.0 in case when peer does not send close_notify, the behaviour was to set SSL_ERROR_SYSCALL error with errno 0. This behaviour has changed. The SSL_OP_IGNORE_UNEXPECTED_EOF restores the old behaviour for compatibility's sake. Reviewed-by: Matt Caswell Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11735) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 6 +++++ apps/s_client.c | 11 +++++++- apps/s_server.c | 12 +++++++-- doc/man1/openssl-s_client.pod.in | 10 +++++++ doc/man1/openssl-s_server.pod.in | 10 +++++++ doc/man3/SSL_CTX_set_options.pod | 19 ++++++++++++-- doc/man3/SSL_get_error.pod | 12 +++++++++ doc/man3/SSL_shutdown.pod | 8 +++--- include/openssl/ssl.h | 7 +---- ssl/record/rec_layer_s3.c | 9 +++++-- test/sslapitest.c | 56 ++++++++++++++++++++++++++++++++++++++++ 11 files changed, 144 insertions(+), 16 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index e5731d0e61..8afcb07b50 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -42,6 +42,12 @@ OpenSSL 3.0 *Shane Lontis* + * The SSL option SSL_OP_IGNORE_UNEXPECTED_EOF is introduced. If that option + is set, an unexpected EOF is ignored, it pretends a close notify was received + instead and so the returned error becomes SSL_ERROR_ZERO_RETURN. + + *Dmitry Belyavskiy* + * Deprecated EC_POINT_set_Jprojective_coordinates_GFp() and EC_POINT_get_Jprojective_coordinates_GFp(). These functions are not widely used and applications should instead use the diff --git a/apps/s_client.c b/apps/s_client.c index a5f0fa0444..e21a23da75 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -576,7 +576,7 @@ typedef enum OPTION_choice { OPT_READ_BUF, OPT_KEYLOG_FILE, OPT_EARLY_DATA, OPT_REQCAFILE, OPT_V_ENUM, OPT_X_ENUM, - OPT_S_ENUM, + OPT_S_ENUM, OPT_IGNORE_UNEXPECTED_EOF, OPT_FALLBACKSCSV, OPT_NOCMDS, OPT_PROXY, OPT_PROXY_USER, OPT_PROXY_PASS, OPT_DANE_TLSA_DOMAIN, #ifndef OPENSSL_NO_CT @@ -718,6 +718,8 @@ const OPTIONS s_client_options[] = { "Do not send the server name (SNI) extension in the ClientHello"}, {"tlsextdebug", OPT_TLSEXTDEBUG, '-', "Hex dump of all TLS extensions received"}, + {"ignore_unexpected_eof", OPT_IGNORE_UNEXPECTED_EOF, '-', + "Do not treat lack of close_notify from a peer as an error"}, #ifndef OPENSSL_NO_OCSP {"status", OPT_STATUS, '-', "Request certificate status from server"}, #endif @@ -1001,6 +1003,7 @@ int s_client_main(int argc, char **argv) #ifndef OPENSSL_NO_SCTP int sctp_label_bug = 0; #endif + int ignore_unexpected_eof = 0; FD_ZERO(&readfds); FD_ZERO(&writefds); @@ -1180,6 +1183,9 @@ int s_client_main(int argc, char **argv) if (!args_excert(o, &exc)) goto end; break; + case OPT_IGNORE_UNEXPECTED_EOF: + ignore_unexpected_eof = 1; + break; case OPT_PREXIT: prexit = 1; break; @@ -1776,6 +1782,9 @@ int s_client_main(int argc, char **argv) && SSL_CTX_set_max_proto_version(ctx, max_version) == 0) goto end; + if (ignore_unexpected_eof) + SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF); + if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) { BIO_printf(bio_err, "Error setting verify params\n"); ERR_print_errors(bio_err); diff --git a/apps/s_server.c b/apps/s_server.c index 09bcc0cfb8..9995953526 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -761,7 +761,7 @@ typedef enum OPTION_choice { OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG, - OPT_HTTP_SERVER_BINMODE, OPT_NOCANAMES, + OPT_HTTP_SERVER_BINMODE, OPT_NOCANAMES, OPT_IGNORE_UNEXPECTED_EOF, OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, @@ -850,6 +850,8 @@ const OPTIONS s_server_options[] = { "Disable caching and tickets if ephemeral (EC)DH is used"}, {"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"}, {"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"}, + {"ignore_unexpected_eof", OPT_IGNORE_UNEXPECTED_EOF, '-', + "Do not treat lack of close_notify from a peer as an error"}, {"tlsextdebug", OPT_TLSEXTDEBUG, '-', "Hex dump of all TLS extensions received"}, {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers"}, @@ -1094,6 +1096,7 @@ int s_server_main(int argc, char *argv[]) #ifndef OPENSSL_NO_SCTP int sctp_label_bug = 0; #endif + int ignore_unexpected_eof = 0; /* Init of few remaining global variables */ local_argc = argc; @@ -1667,6 +1670,9 @@ int s_server_main(int argc, char *argv[]) use_sendfile = 1; #endif break; + case OPT_IGNORE_UNEXPECTED_EOF: + ignore_unexpected_eof = 1; + break; } } argc = opt_num_rest(); @@ -1867,7 +1873,6 @@ int s_server_main(int argc, char *argv[]) goto end; } } - #ifndef OPENSSL_NO_SCTP if (protocol == IPPROTO_SCTP && sctp_label_bug == 1) SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG); @@ -1911,6 +1916,9 @@ int s_server_main(int argc, char *argv[]) SSL_CTX_set_options(ctx, SSL_OP_DISABLE_TLSEXT_CA_NAMES); } + if (ignore_unexpected_eof) + SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF); + if (max_send_fragment > 0 && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) { BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n", diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index 4d6b54a5e3..367e59e925 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -78,6 +78,7 @@ B B [B<-split_send_frag>] [B<-max_pipelines>] [B<-read_buf>] +[B<-ignore_unexpected_eof>] [B<-bugs>] [B<-comp>] [B<-no_comp>] @@ -578,6 +579,15 @@ effect if the buffer size is larger than the size that would otherwise be used and pipelining is in use (see L for further information). +=item B<-ignore_unexpected_eof> + +Some TLS implementations do not send the mandatory close_notify alert on +shutdown. If the application tries to wait for the close_notify alert but the +peer closes the connection without sending it, an error is generated. When this +option is enabled the peer does not need to send the close_notify alert and a +closed connection will be treated as if the close_notify alert was received. +For more information on shutting down a connection, see L. + =item B<-bugs> There are several known bugs in SSL and TLS implementations. Adding this diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index 8e5da51c40..28ef15ea56 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -47,6 +47,7 @@ B B [B<-WWW>] [B<-http_server_binmode>] [B<-no_ca_names>] +[B<-ignore_unexpected_eof>] [B<-servername>] [B<-servername_fatal>] [B<-tlsextdebug>] @@ -420,6 +421,15 @@ Disable TLS Extension CA Names. You may want to disable it for security reasons or for compatibility with some Windows TLS implementations crashing when this extension is larger than 1024 bytes. +=item B<-ignore_unexpected_eof> + +Some TLS implementations do not send the mandatory close_notify alert on +shutdown. If the application tries to wait for the close_notify alert but the +peer closes the connection without sending it, an error is generated. When this +option is enabled the peer does not need to send the close_notify alert and a +closed connection will be treated as if the close_notify alert was received. +For more information on shutting down a connection, see L. + =item B<-id_prefix> I Generate SSL/TLS session IDs prefixed by I. This is mostly useful diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index 39cb2ec30e..24bf66ad85 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -217,6 +217,20 @@ not propose, and servers will not accept the extension. Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest messages, and ignore renegotiation requests via ClientHello. +=item SSL_OP_IGNORE_UNEXPECTED_EOF + +Some TLS implementations do not send the mandatory close_notify alert on +shutdown. If the application tries to wait for the close_notify alert but the +peer closes the connection without sending it, an error is generated. When this +option is enabled the peer does not need to send the close_notify alert and a +closed connection will be treated as if the close_notify alert was received. + +You should only enable this option if the protocol running over TLS +can detect a truncation attack itself, and that the application is checking for +that truncation attack. + +For more information on shutting down a connection, see L. + =item SSL_OP_ALLOW_NO_DHE_KEX In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means @@ -367,7 +381,7 @@ secure renegotiation and 0 if it does not. =head1 SEE ALSO -L, L, L, +L, L, L, L L, L, L @@ -380,7 +394,8 @@ OpenSSL 0.9.8m. The B and B options were added in OpenSSL 1.1.1. -The B option was added in OpenSSL 3.0. +The B and B +options were added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod index 8d081a5e0d..f13f3ea468 100644 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -25,6 +25,15 @@ other OpenSSL function calls should appear in between. The current thread's error queue must be empty before the TLS/SSL I/O operation is attempted, or SSL_get_error() will not work reliably. +=head1 NOTES + +Some TLS implementations do not send a close_notify alert on shutdown. + +On an unexpected EOF, versions before OpenSSL 3.0 returned +B, nothing was added to the error stack, and errno was 0. +Since OpenSSL 3.0 the returned error is B with a meaningful +error on the error stack. + =head1 RETURN VALUES The following return values can currently occur: @@ -44,6 +53,9 @@ No more data can be read. Note that B does not necessarily indicate that the underlying transport has been closed. +This error can also appear when the option B +is set. See L for more details. + =item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE The operation did not complete and can be retried later. diff --git a/doc/man3/SSL_shutdown.pod b/doc/man3/SSL_shutdown.pod index 25191130ae..34469bae37 100644 --- a/doc/man3/SSL_shutdown.pod +++ b/doc/man3/SSL_shutdown.pod @@ -83,8 +83,10 @@ message, otherwise an unexpected EOF will be reported. There are implementations that do not send the required close_notify alert. If there is a need to communicate with such an implementation, and it's clear that all data has been received, do not wait for the peer's close_notify alert. -Waiting for the close_notify alert when the peer just closes the connection will -result in an error being generated. +Waiting for the close_notify alert when the peer just closes the connection +will result in an error being generated. +The error can be ignored using the B. +For more information see L. =head2 First to close the connection @@ -159,7 +161,7 @@ It can also occur when not all data was read using SSL_read(). L, L, L, L, -L, +L, L L, L, L, L diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 05755b014d..d1e9f7957d 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -325,14 +325,9 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); /* Allow initial connection to servers that don't support RI */ # define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U -/* Reserved value (until OpenSSL 3.0.0) 0x00000008U */ # define SSL_OP_TLSEXT_PADDING 0x00000010U -/* Reserved value (until OpenSSL 3.0.0) 0x00000020U */ # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U -/* - * Reserved value (until OpenSSL 3.0.0) 0x00000080U - * Reserved value (until OpenSSL 3.0.0) 0x00000100U - */ +# define SSL_OP_IGNORE_UNEXPECTED_EOF 0x00000080U # define SSL_OP_DISABLE_TLSEXT_CA_NAMES 0x00000200U diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index bceac72051..b1dcd517e2 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -303,8 +303,13 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, if (ret <= 0 && !BIO_should_retry(s->rbio) && BIO_eof(s->rbio)) { - SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_READ_N, - SSL_R_UNEXPECTED_EOF_WHILE_READING); + if (s->options & SSL_OP_IGNORE_UNEXPECTED_EOF) { + SSL_set_shutdown(s, SSL_RECEIVED_SHUTDOWN); + s->s3.warn_alert = SSL_AD_CLOSE_NOTIFY; + } else { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_READ_N, + SSL_R_UNEXPECTED_EOF_WHILE_READING); + } } } else { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N, diff --git a/test/sslapitest.c b/test/sslapitest.c index c1c288e50a..423da560ae 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -6782,6 +6782,61 @@ static int test_ticket_callbacks(int tst) return testresult; } +/* + * Test incorrect shutdown. + * Test 0: client does not shutdown properly, + * server does not set SSL_OP_IGNORE_UNEXPECTED_EOF, + * server should get SSL_ERROR_SSL + * Test 1: client does not shutdown properly, + * server sets SSL_OP_IGNORE_UNEXPECTED_EOF, + * server should get SSL_ERROR_ZERO_RETURN + */ +static int test_incorrect_shutdown(int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + char buf[80]; + BIO *c2s; + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), 0, 0, + &sctx, &cctx, cert, privkey))) + goto end; + + if (tst == 1) + SSL_CTX_set_options(sctx, SSL_OP_IGNORE_UNEXPECTED_EOF); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + c2s = SSL_get_rbio(serverssl); + BIO_set_mem_eof_return(c2s, 0); + + if (!TEST_false(SSL_read(serverssl, buf, sizeof(buf)))) + goto end; + + if (tst == 0 && !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_SSL) ) + goto end; + if (tst == 1 && !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_ZERO_RETURN) ) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + /* * Test bi-directional shutdown. * Test 0: TLSv1.2 @@ -7796,6 +7851,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data)); ADD_ALL_TESTS(test_ticket_callbacks, 16); ADD_ALL_TESTS(test_shutdown, 7); + ADD_ALL_TESTS(test_incorrect_shutdown, 2); ADD_ALL_TESTS(test_cert_cb, 6); ADD_ALL_TESTS(test_client_cert_cb, 2); ADD_ALL_TESTS(test_ca_names, 3); From kaduk at mit.edu Tue May 19 17:25:17 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Tue, 19 May 2020 17:25:17 +0000 Subject: [openssl] master update Message-ID: <1589909117.218011.20441.nullmailer@dev.openssl.org> The branch master has been updated via b2a5001d954e81e2a582f2a935212ab554a3cbbe (commit) via e0bcb4f97f7496af032013ead15b7472b60e85fa (commit) from e638112e15c63bfb4ab9bf5af66aa439e5983f23 (commit) - Log ----------------------------------------------------------------- commit b2a5001d954e81e2a582f2a935212ab554a3cbbe Author: raja-ashok Date: Wed May 13 23:37:14 2020 +0530 Update early data exchange scenarios in doc Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11816) commit e0bcb4f97f7496af032013ead15b7472b60e85fa Author: raja-ashok Date: Wed May 13 23:32:44 2020 +0530 Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3 Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11816) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_psk_client_callback.pod | 4 +++- doc/man3/SSL_CTX_use_psk_identity_hint.pod | 4 +++- doc/man3/SSL_read_early_data.pod | 9 +++++---- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/doc/man3/SSL_CTX_set_psk_client_callback.pod b/doc/man3/SSL_CTX_set_psk_client_callback.pod index 55ffb31c49..70eefa0265 100644 --- a/doc/man3/SSL_CTX_set_psk_client_callback.pod +++ b/doc/man3/SSL_CTX_set_psk_client_callback.pod @@ -123,7 +123,9 @@ and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via SSL_CTX_set_psk_client_callback() or SSL_set_psk_client_callback() and use that. In this case the B value will always be NULL and the handshake digest will default to SHA-256 for any returned -PSK. +PSK. TLSv1.3 early data exchanges are possible in PSK connections only with the +B callback, and are not possible with the +B callback. =head1 NOTES diff --git a/doc/man3/SSL_CTX_use_psk_identity_hint.pod b/doc/man3/SSL_CTX_use_psk_identity_hint.pod index 937c91a3c8..0e70d4d531 100644 --- a/doc/man3/SSL_CTX_use_psk_identity_hint.pod +++ b/doc/man3/SSL_CTX_use_psk_identity_hint.pod @@ -83,7 +83,9 @@ via SSL_CTX_set_psk_find_session_callback() or SSL_set_psk_find_session_callback and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via SSL_CTX_set_psk_server_callback() or SSL_set_psk_server_callback() and use that. In this case the handshake digest -will default to SHA-256 for any returned PSK. +will default to SHA-256 for any returned PSK. TLSv1.3 early data exchanges are +possible in PSK connections only with the B +callback, and are not possible with the B callback. A connection established via a TLSv1.3 PSK will appear as if session resumption has occurred so that L will return true. diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod index 4f1593638c..dd86831767 100644 --- a/doc/man3/SSL_read_early_data.pod +++ b/doc/man3/SSL_read_early_data.pod @@ -58,10 +58,11 @@ SSL_set_allow_early_data_cb These functions are used to send and receive early data where TLSv1.3 has been negotiated. Early data can be sent by the client immediately after its initial ClientHello without having to wait for the server to complete the handshake. -Early data can only be sent if a session has previously been established with -the server, and the server is known to support it. Additionally these functions -can be used to send data from the server to the client when the client has not -yet completed the authentication stage of the handshake. +Early data can be sent if a session has previously been established with the +server or when establishing a new session using an out-of-band PSK, and only +when the server is known to support it. Additionally these functions can be used +to send data from the server to the client when the client has not yet completed +the authentication stage of the handshake. Early data has weaker security properties than other data sent over an SSL/TLS connection. In particular the data does not have forward secrecy. There are also From kaduk at mit.edu Tue May 19 17:25:56 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Tue, 19 May 2020 17:25:56 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1589909156.496045.22562.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via de5e2cb541699e11a2b82de1d7f98f62bc207a1d (commit) via 76b0d1f0dbdab628e2c5b2a7d45e3e93ecf5ee09 (commit) from 5cea5841c70be0186c11ff79a9767d2e1376e80a (commit) - Log ----------------------------------------------------------------- commit de5e2cb541699e11a2b82de1d7f98f62bc207a1d Author: raja-ashok Date: Wed May 13 23:37:14 2020 +0530 Update early data exchange scenarios in doc Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11816) (cherry picked from commit b2a5001d954e81e2a582f2a935212ab554a3cbbe) commit 76b0d1f0dbdab628e2c5b2a7d45e3e93ecf5ee09 Author: raja-ashok Date: Wed May 13 23:32:44 2020 +0530 Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3 Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11816) (cherry picked from commit e0bcb4f97f7496af032013ead15b7472b60e85fa) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_psk_client_callback.pod | 4 +++- doc/man3/SSL_CTX_use_psk_identity_hint.pod | 4 +++- doc/man3/SSL_read_early_data.pod | 9 +++++---- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/doc/man3/SSL_CTX_set_psk_client_callback.pod b/doc/man3/SSL_CTX_set_psk_client_callback.pod index eb4e4f5fa4..293ddcbead 100644 --- a/doc/man3/SSL_CTX_set_psk_client_callback.pod +++ b/doc/man3/SSL_CTX_set_psk_client_callback.pod @@ -123,7 +123,9 @@ and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via SSL_CTX_set_psk_client_callback() or SSL_set_psk_client_callback() and use that. In this case the B value will always be NULL and the handshake digest will default to SHA-256 for any returned -PSK. +PSK. TLSv1.3 early data exchanges are possible in PSK connections only with the +B callback, and are not possible with the +B callback. =head1 NOTES diff --git a/doc/man3/SSL_CTX_use_psk_identity_hint.pod b/doc/man3/SSL_CTX_use_psk_identity_hint.pod index 0957ade5e1..6403da3d6b 100644 --- a/doc/man3/SSL_CTX_use_psk_identity_hint.pod +++ b/doc/man3/SSL_CTX_use_psk_identity_hint.pod @@ -83,7 +83,9 @@ via SSL_CTX_set_psk_find_session_callback() or SSL_set_psk_find_session_callback and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via SSL_CTX_set_psk_server_callback() or SSL_set_psk_server_callback() and use that. In this case the handshake digest -will default to SHA-256 for any returned PSK. +will default to SHA-256 for any returned PSK. TLSv1.3 early data exchanges are +possible in PSK connections only with the B +callback, and are not possible with the B callback. =head1 NOTES diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod index c51fe1359d..d3552c928b 100644 --- a/doc/man3/SSL_read_early_data.pod +++ b/doc/man3/SSL_read_early_data.pod @@ -58,10 +58,11 @@ SSL_set_allow_early_data_cb These functions are used to send and receive early data where TLSv1.3 has been negotiated. Early data can be sent by the client immediately after its initial ClientHello without having to wait for the server to complete the handshake. -Early data can only be sent if a session has previously been established with -the server, and the server is known to support it. Additionally these functions -can be used to send data from the server to the client when the client has not -yet completed the authentication stage of the handshake. +Early data can be sent if a session has previously been established with the +server or when establishing a new session using an out-of-band PSK, and only +when the server is known to support it. Additionally these functions can be used +to send data from the server to the client when the client has not yet completed +the authentication stage of the handshake. Early data has weaker security properties than other data sent over an SSL/TLS connection. In particular the data does not have forward secrecy. There are also From no-reply at appveyor.com Tue May 19 23:24:08 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 19 May 2020 23:24:08 +0000 Subject: Build failed: openssl master.34234 Message-ID: <20200519232408.1.52C6D54A2588B4B5@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed May 20 01:42:01 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 20 May 2020 01:42:01 +0000 Subject: Build completed: openssl master.34235 Message-ID: <20200520014201.1.1AE241561CED99FE@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed May 20 06:19:01 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 20 May 2020 06:19:01 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1589955541.334611.24188.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: b2a5001d95 Update early data exchange scenarios in doc e0bcb4f97f Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3 e638112e15 Test for the SSL_OP_IGNORE_UNEXPECTED_EOF option 09b90e0ed7 Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF fb420afc87 Use {module,install}-mac, not -checksum d03b3158c5 Revise fips_install.pod eaf8ec1a03 Revise x509v3_config.pod ca17a6ec56 Revise fips_config.pod fe92150d69 Add missing pragma weak declaration to lhash.h 6b4eb93362 deprecate EC precomputation functionality 5a5530a29a New Russian TLS 1.2 implementation 0e139a02d5 GOST-related objects changes 092a5c71f1 Constants for new GOST TLS 1.2 ciphersuites 5a29b6286f CORE: query for operations only once per provider (unless no_store is true) c0ec5ce0bf Use _get0_ functions instead of _get_. 2f84d2a1f1 s_client: Show cert algorithms & validity period e9e7b5df86 Fix some places where X509_up_ref is used without error handling. 082394839e TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux) 88b15ed9a5 Delete the sslprovider test d9321c09ea Fix small documentation issues Build log ended with (last 100 lines): 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=196, Tests=1986, 757 wallclock secs ( 9.32 usr 1.62 sys + 708.73 cusr 45.92 csys = 765.59 CPU) Result: FAIL Makefile:3052: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3050: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Wed May 20 06:56:01 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 20 May 2020 06:56:01 +0000 Subject: Build failed: openssl master.34244 Message-ID: <20200520065601.1.AEF8E2DD7D03F60A@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed May 20 09:27:38 2020 From: levitte at openssl.org (Richard Levitte) Date: Wed, 20 May 2020 09:27:38 +0000 Subject: [openssl] master update Message-ID: <1589966858.542358.23562.nullmailer@dev.openssl.org> The branch master has been updated via a7ad40c502d3484e0a574e121cfba70631f224bf (commit) from b2a5001d954e81e2a582f2a935212ab554a3cbbe (commit) - Log ----------------------------------------------------------------- commit a7ad40c502d3484e0a574e121cfba70631f224bf Author: Richard Levitte Date: Mon May 18 12:43:12 2020 +0200 Add OSSL_PROVIDER_do_all() This allows applications to iterate over all loaded providers. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11858) ----------------------------------------------------------------------- Summary of changes: crypto/provider.c | 8 ++++++++ doc/man3/OSSL_PROVIDER.pod | 9 ++++++++- include/openssl/provider.h | 3 +++ util/libcrypto.num | 1 + 4 files changed, 20 insertions(+), 1 deletion(-) diff --git a/crypto/provider.c b/crypto/provider.c index fe46d31877..09a5e53907 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -85,3 +85,11 @@ const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov) { return ossl_provider_name(prov); } + +int OSSL_PROVIDER_do_all(OPENSSL_CTX *ctx, + int (*cb)(OSSL_PROVIDER *provider, + void *cbdata), + void *cbdata) +{ + return ossl_provider_forall_loaded(ctx, cb, cbdata); +} diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod index 3f1a946653..93d6e1421c 100644 --- a/doc/man3/OSSL_PROVIDER.pod +++ b/doc/man3/OSSL_PROVIDER.pod @@ -4,7 +4,7 @@ OSSL_PROVIDER_set_default_search_path, OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_unload, -OSSL_PROVIDER_available, +OSSL_PROVIDER_available, OSSL_PROVIDER_do_all, OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params, OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name - provider routines @@ -20,6 +20,9 @@ OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name - provider routines OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name); int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); int OSSL_PROVIDER_available(OPENSSL_CTX *libctx, const char *name); + int OSSL_PROVIDER_do_all(OPENSSL_CTX *ctx, + int (*cb)(OSSL_PROVIDER *provider, void *cbdata), + void *cbdata); const OSSL_PARAM *OSSL_PROVIDER_gettable_params(OSSL_PROVIDER *prov); int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]); @@ -66,6 +69,10 @@ runs its teardown function. OSSL_PROVIDER_available() checks if a named provider is available for use. +OSSL_PROVIDER_do_all() iterates over all loaded providers, calling +I for each one, with the current provider in I and the +I that comes from the caller. + OSSL_PROVIDER_gettable_params() is used to get a provider parameter descriptor set as a constant B array. See L for more information. diff --git a/include/openssl/provider.h b/include/openssl/provider.h index f297ea2499..6ce68b16e7 100644 --- a/include/openssl/provider.h +++ b/include/openssl/provider.h @@ -23,6 +23,9 @@ int OSSL_PROVIDER_set_default_search_path(OPENSSL_CTX *, const char *path); OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *, const char *name); int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); int OSSL_PROVIDER_available(OPENSSL_CTX *, const char *name); +int OSSL_PROVIDER_do_all(OPENSSL_CTX *ctx, + int (*cb)(OSSL_PROVIDER *provider, void *cbdata), + void *cbdata); const OSSL_PARAM *OSSL_PROVIDER_gettable_params(const OSSL_PROVIDER *prov); int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); diff --git a/util/libcrypto.num b/util/libcrypto.num index 8882f0480d..12c9f4f9d3 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5092,3 +5092,4 @@ OSSL_STORE_LOADER_set_attach ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen ? 3_0_0 EXIST::FUNCTION:RSA EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md ? 3_0_0 EXIST::FUNCTION:RSA EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name ? 3_0_0 EXIST::FUNCTION:RSA +OSSL_PROVIDER_do_all ? 3_0_0 EXIST::FUNCTION: From bernd.edlinger at hotmail.de Wed May 20 12:48:52 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Wed, 20 May 2020 12:48:52 +0000 Subject: [openssl] master update Message-ID: <1589978932.256365.24728.nullmailer@dev.openssl.org> The branch master has been updated via ddec332f329a432a45c0131d83f3bfb46114532b (commit) from a7ad40c502d3484e0a574e121cfba70631f224bf (commit) - Log ----------------------------------------------------------------- commit ddec332f329a432a45c0131d83f3bfb46114532b Author: Bernd Edlinger Date: Sun May 17 02:08:56 2020 +0200 Fix egd and devrandom source configs ./config --with-rand-seed=egd need to defines OPENSSL_RAND_SEED_EGD and OPENSSL_NO_EGD so get rid of OPENSSL_NO_EGD (compiles but I did not really test EGD) ./config --with-rand-seed=devrandom does not work since wait_random_seeded works under the assumption that OPENSSL_RAND_SEED_GETRANDOM is supposed to be enabled as well, that is usually the case, but not when only devrandom is enabled. Skip the wait code in this special case. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11848) ----------------------------------------------------------------------- Summary of changes: Configure | 3 +++ crypto/rand/rand_unix.c | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 7738073455..1a22f47822 100755 --- a/Configure +++ b/Configure @@ -1124,6 +1124,9 @@ if (scalar(@seed_sources) == 0) { print "Using os-specific seed configuration\n"; push @seed_sources, 'os'; } +if (scalar(grep { $_ eq 'egd' } @seed_sources) > 0) { + delete $disabled{'egd'}; +} if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) { die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1; warn <<_____ if scalar(@seed_sources) == 1; diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 081ffca908..869c2d04dd 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -391,7 +391,8 @@ static struct random_device { } random_devices[OSSL_NELEM(random_device_paths)]; static int keep_random_devices_open = 1; -# if defined(__linux) && defined(DEVRANDOM_WAIT) +# if defined(__linux) && defined(DEVRANDOM_WAIT) \ + && defined(OPENSSL_RAND_SEED_GETRANDOM) static void *shm_addr; # if !defined(FIPS_MODULE) @@ -474,7 +475,7 @@ static int wait_random_seeded(void) } return seeded; } -# else /* defined __linux */ +# else /* defined __linux && DEVRANDOM_WAIT && OPENSSL_RAND_SEED_GETRANDOM */ static int wait_random_seeded(void) { return 1; From bernd.edlinger at hotmail.de Wed May 20 12:49:16 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Wed, 20 May 2020 12:49:16 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1589978956.677060.26088.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 5f10fce37b234807c39d6b1b6440585b84b68b65 (commit) from de5e2cb541699e11a2b82de1d7f98f62bc207a1d (commit) - Log ----------------------------------------------------------------- commit 5f10fce37b234807c39d6b1b6440585b84b68b65 Author: Bernd Edlinger Date: Sun May 17 02:08:56 2020 +0200 Fix egd and devrandom source configs ./config --with-rand-seed=egd need to defines OPENSSL_RAND_SEED_EGD and OPENSSL_NO_EGD so get rid of OPENSSL_NO_EGD (compiles but I did not really test EGD) ./config --with-rand-seed=devrandom does not work since wait_random_seeded works under the assumption that OPENSSL_RAND_SEED_GETRANDOM is supposed to be enabled as well, that is usually the case, but not when only devrandom is enabled. Skip the wait code in this special case. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11848) (cherry picked from commit ddec332f329a432a45c0131d83f3bfb46114532b) ----------------------------------------------------------------------- Summary of changes: Configure | 3 +++ crypto/rand/rand_unix.c | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 2e9efaa5f3..29f8b4dd4b 100755 --- a/Configure +++ b/Configure @@ -1049,6 +1049,9 @@ if (scalar(@seed_sources) == 0) { print "Using os-specific seed configuration\n"; push @seed_sources, 'os'; } +if (scalar(grep { $_ eq 'egd' } @seed_sources) > 0) { + delete $disabled{'egd'}; +} if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) { die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1; warn <<_____ if scalar(@seed_sources) == 1; diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 19b6138a1f..da66773e4a 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -411,7 +411,8 @@ static struct random_device { } random_devices[OSSL_NELEM(random_device_paths)]; static int keep_random_devices_open = 1; -# if defined(__linux) && defined(DEVRANDOM_WAIT) +# if defined(__linux) && defined(DEVRANDOM_WAIT) \ + && defined(OPENSSL_RAND_SEED_GETRANDOM) static void *shm_addr; static void cleanup_shm(void) @@ -489,7 +490,7 @@ static int wait_random_seeded(void) } return seeded; } -# else /* defined __linux */ +# else /* defined __linux && DEVRANDOM_WAIT && OPENSSL_RAND_SEED_GETRANDOM */ static int wait_random_seeded(void) { return 1; From tmraz at fedoraproject.org Wed May 20 15:32:50 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Wed, 20 May 2020 15:32:50 +0000 Subject: [openssl] master update Message-ID: <1589988770.934821.18309.nullmailer@dev.openssl.org> The branch master has been updated via 7486c718e54cc762edc5f1c7c526ab83d0f97ef7 (commit) via 1d05eb55caa8965a151360c2469c463ecd990987 (commit) via cbeb0bfa961412eebfbdf1e72900f05527e81e15 (commit) from ddec332f329a432a45c0131d83f3bfb46114532b (commit) - Log ----------------------------------------------------------------- commit 7486c718e54cc762edc5f1c7c526ab83d0f97ef7 Author: Tomas Mraz Date: Tue May 19 10:52:53 2020 +0200 t1_trce: Fix remaining places where the 24 bit shift overflow happens [extended tests] Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11857) commit 1d05eb55caa8965a151360c2469c463ecd990987 Author: Tomas Mraz Date: Tue May 19 10:51:53 2020 +0200 Avoid potential overflow to the sign bit when shifting left 24 places Although there are platforms where int is 64 bit, 2GiB large BIGNUMs instead of 4GiB should be "big enough for everybody". Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11857) commit cbeb0bfa961412eebfbdf1e72900f05527e81e15 Author: Tomas Mraz Date: Tue May 19 10:51:19 2020 +0200 Cast the unsigned char to unsigned int before shifting left This is needed to avoid automatic promotion to signed int. Fixes #11853 [extended tests] Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11857) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_mpi.c | 2 +- crypto/pem/pvkfmt.c | 8 ++++---- ssl/t1_trce.c | 21 ++++++++++++++++----- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c index 504cddffec..d2be44e2bd 100644 --- a/crypto/bn/bn_mpi.c +++ b/crypto/bn/bn_mpi.c @@ -45,7 +45,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain) int neg = 0; BIGNUM *a = NULL; - if (n < 4) { + if (n < 4 || (d[0] & 0x80) != 0) { BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH); return NULL; } diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index e2f5702880..6d85a8a4e1 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -36,10 +36,10 @@ static unsigned int read_ledword(const unsigned char **in) { const unsigned char *p = *in; unsigned int ret; - ret = *p++; - ret |= (*p++ << 8); - ret |= (*p++ << 16); - ret |= (*p++ << 24); + ret = (unsigned int)*p++; + ret |= (unsigned int)*p++ << 8; + ret |= (unsigned int)*p++ << 16; + ret |= (unsigned int)*p++ << 24; *in = p; return ret; } diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 72e7b376c0..58695a0b69 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -670,7 +670,10 @@ static int ssl_print_random(BIO *bio, int indent, if (*pmsglen < 32) return 0; - tm = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + tm = ((unsigned int)p[0] << 24) + | ((unsigned int)p[1] << 16) + | ((unsigned int)p[2] << 8) + | (unsigned int)p[3]; p += 4; BIO_indent(bio, indent, 80); BIO_puts(bio, "Random:\n"); @@ -875,8 +878,10 @@ static int ssl_print_extension(BIO *bio, int indent, int server, break; if (extlen != 4) return 0; - max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8) - | ext[3]; + max_early_data = ((unsigned int)ext[0] << 24) + | ((unsigned int)ext[1] << 16) + | ((unsigned int)ext[2] << 8) + | (unsigned int)ext[3]; BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "max_early_data=%u\n", max_early_data); break; @@ -1379,7 +1384,10 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, } if (msglen < 4) return 0; - tick_life = (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3]; + tick_life = ((unsigned int)msg[0] << 24) + | ((unsigned int)msg[1] << 16) + | ((unsigned int)msg[2] << 8) + | (unsigned int)msg[3]; msglen -= 4; msg += 4; BIO_indent(bio, indent + 2, 80); @@ -1390,7 +1398,10 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, if (msglen < 4) return 0; ticket_age_add = - (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3]; + ((unsigned int)msg[0] << 24) + | ((unsigned int)msg[1] << 16) + | ((unsigned int)msg[2] << 8) + | (unsigned int)msg[3]; msglen -= 4; msg += 4; BIO_indent(bio, indent + 2, 80); From tmraz at fedoraproject.org Wed May 20 15:57:45 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Wed, 20 May 2020 15:57:45 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1589990265.311047.32471.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via e11072908742e96a1067bb1b9609bfc27ab05835 (commit) from 5f10fce37b234807c39d6b1b6440585b84b68b65 (commit) - Log ----------------------------------------------------------------- commit e11072908742e96a1067bb1b9609bfc27ab05835 Author: Tomas Mraz Date: Tue May 19 10:51:19 2020 +0200 Cast the unsigned char to unsigned int before shifting left This is needed to avoid automatic promotion to signed int. Fixes #11853 [extended tests] Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11857) (cherry picked from commit cbeb0bfa961412eebfbdf1e72900f05527e81e15) ----------------------------------------------------------------------- Summary of changes: crypto/pem/pvkfmt.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 46ed2ecdbc..e6156df533 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -29,10 +29,10 @@ static unsigned int read_ledword(const unsigned char **in) { const unsigned char *p = *in; unsigned int ret; - ret = *p++; - ret |= (*p++ << 8); - ret |= (*p++ << 16); - ret |= (*p++ << 24); + ret = (unsigned int)*p++; + ret |= (unsigned int)*p++ << 8; + ret |= (unsigned int)*p++ << 16; + ret |= (unsigned int)*p++ << 24; *in = p; return ret; } From tmraz at fedoraproject.org Wed May 20 15:58:16 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Wed, 20 May 2020 15:58:16 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1589990296.107453.1313.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 5156ecbe691c964ae528c74f94d5b515aeb25542 (commit) from e11072908742e96a1067bb1b9609bfc27ab05835 (commit) - Log ----------------------------------------------------------------- commit 5156ecbe691c964ae528c74f94d5b515aeb25542 Author: Tomas Mraz Date: Tue May 19 10:51:53 2020 +0200 Avoid potential overflow to the sign bit when shifting left 24 places Although there are platforms where int is 64 bit, 2GiB large BIGNUMs instead of 4GiB should be "big enough for everybody". Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11857) (cherry picked from commit 1d05eb55caa8965a151360c2469c463ecd990987) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_mpi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c index bdbe822415..b6e35a8ed9 100644 --- a/crypto/bn/bn_mpi.c +++ b/crypto/bn/bn_mpi.c @@ -45,7 +45,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain) int neg = 0; BIGNUM *a = NULL; - if (n < 4) { + if (n < 4 || (d[0] & 0x80) != 0) { BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH); return NULL; } From tmraz at fedoraproject.org Wed May 20 15:58:37 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Wed, 20 May 2020 15:58:37 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1589990317.932372.2642.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via cf94e8430f3cd7c17f62b74443d16347b4b97ac8 (commit) from 5156ecbe691c964ae528c74f94d5b515aeb25542 (commit) - Log ----------------------------------------------------------------- commit cf94e8430f3cd7c17f62b74443d16347b4b97ac8 Author: Tomas Mraz Date: Tue May 19 10:52:53 2020 +0200 t1_trce: Fix remaining places where the 24 bit shift overflow happens [extended tests] Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11857) (cherry picked from commit 7486c718e54cc762edc5f1c7c526ab83d0f97ef7) ----------------------------------------------------------------------- Summary of changes: ssl/t1_trce.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 5c84339314..edd839a3a7 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -656,7 +656,10 @@ static int ssl_print_random(BIO *bio, int indent, if (*pmsglen < 32) return 0; - tm = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + tm = ((unsigned int)p[0] << 24) + | ((unsigned int)p[1] << 16) + | ((unsigned int)p[2] << 8) + | (unsigned int)p[3]; p += 4; BIO_indent(bio, indent, 80); BIO_puts(bio, "Random:\n"); @@ -864,8 +867,10 @@ static int ssl_print_extension(BIO *bio, int indent, int server, break; if (extlen != 4) return 0; - max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8) - | ext[3]; + max_early_data = ((unsigned int)ext[0] << 24) + | ((unsigned int)ext[1] << 16) + | ((unsigned int)ext[2] << 8) + | (unsigned int)ext[3]; BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "max_early_data=%u\n", max_early_data); break; @@ -1356,7 +1361,10 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, } if (msglen < 4) return 0; - tick_life = (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3]; + tick_life = ((unsigned int)msg[0] << 24) + | ((unsigned int)msg[1] << 16) + | ((unsigned int)msg[2] << 8) + | (unsigned int)msg[3]; msglen -= 4; msg += 4; BIO_indent(bio, indent + 2, 80); @@ -1367,7 +1375,10 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, if (msglen < 4) return 0; ticket_age_add = - (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3]; + ((unsigned int)msg[0] << 24) + | ((unsigned int)msg[1] << 16) + | ((unsigned int)msg[2] << 8) + | (unsigned int)msg[3]; msglen -= 4; msg += 4; BIO_indent(bio, indent + 2, 80); From tmraz at fedoraproject.org Wed May 20 18:11:17 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Wed, 20 May 2020 18:11:17 +0000 Subject: [openssl] master update Message-ID: <1589998277.204545.7580.nullmailer@dev.openssl.org> The branch master has been updated via c2f2db9b6fb75ca2d672bb50f4f1f5a23991a6c3 (commit) from 7486c718e54cc762edc5f1c7c526ab83d0f97ef7 (commit) - Log ----------------------------------------------------------------- commit c2f2db9b6fb75ca2d672bb50f4f1f5a23991a6c3 Author: Billy Brumley Date: Tue May 19 17:48:36 2020 +0300 deprecate EC_POINT_make_affine and EC_POINTs_make_affine Reviewed-by: Nicola Tuveri Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11874) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 16 +++++++++++----- crypto/ec/ec2_smpl.c | 3 ++- crypto/ec/ec_lib.c | 2 ++ crypto/ec/ec_mult.c | 9 ++++++--- crypto/ec/ecp_nistz256.c | 3 ++- doc/man3/EC_POINT_add.pod | 12 +++++++----- include/openssl/ec.h | 7 ++++--- util/libcrypto.num | 4 ++-- 8 files changed, 36 insertions(+), 20 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 8afcb07b50..eb8659e9cf 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,12 +23,18 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] -* Deprecated EC_GROUP_precompute_mult(), EC_GROUP_have_precompute_mult(), and - EC_KEY_precompute_mult() These functions are not widely used and applications - should instead switch to named curves which OpenSSL has hardcoded lookup - tables for. + * Deprecated EC_POINT_make_affine() and EC_POINTs_make_affine(). These + functions are not widely used and now OpenSSL automatically perform this + conversion when needed. - *Billy Bob Brumley* + *Billy Bob Brumley* + + * Deprecated EC_GROUP_precompute_mult(), EC_GROUP_have_precompute_mult(), and + EC_KEY_precompute_mult(). These functions are not widely used and + applications should instead switch to named curves which OpenSSL has + hardcoded lookup tables for. + + *Billy Bob Brumley* * Deprecated EC_POINTs_mul(). This function is not widely used and applications should instead use the L function. diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 98d128927d..95097c67ec 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -489,7 +489,8 @@ int ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) /* point is its own inverse */ return 1; - if (!EC_POINT_make_affine(group, point, ctx)) + if (group->meth->make_affine == NULL + || !group->meth->make_affine(group, point, ctx)) return 0; return BN_GF2m_add(point->Y, point->X, point->Y); } diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 40cd9a43ee..4d88b28a98 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1004,6 +1004,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, return group->meth->point_cmp(group, a, b, ctx); } +#ifndef OPENSSL_NO_DEPRECATED_3_0 int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) { if (group->meth->make_affine == 0) { @@ -1034,6 +1035,7 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, } return group->meth->points_make_affine(group, num, points, ctx); } +#endif /* * Functions for point multiplication. If group->meth->mul is 0, we use the diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 3372184560..aea2afd580 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -267,7 +267,8 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, } /* ensure input point is in affine coords for ladder step efficiency */ - if (!p->Z_is_one && !EC_POINT_make_affine(group, p, ctx)) { + if (!p->Z_is_one && (group->meth->make_affine == NULL + || !group->meth->make_affine(group, p, ctx))) { ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB); goto err; } @@ -711,7 +712,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } } - if (!EC_POINTs_make_affine(group, num_val, val, ctx)) + if (group->meth->points_make_affine == NULL + || !group->meth->points_make_affine(group, num_val, val, ctx)) goto err; r_is_at_infinity = 1; @@ -949,7 +951,8 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) } } - if (!EC_POINTs_make_affine(group, num, points, ctx)) + if (group->meth->points_make_affine == NULL + || !group->meth->points_make_affine(group, num, points, ctx)) goto err; pre_comp->group = group; diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 4577707e15..50b6d43b7c 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -897,7 +897,8 @@ __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) * It would be faster to use EC_POINTs_make_affine and * make multiple points affine at the same time. */ - if (!EC_POINT_make_affine(group, P, ctx)) + if (group->meth->make_affine == NULL + || !group->meth->make_affine(group, P, ctx)) goto err; if (!ecp_nistz256_bignum_to_field_elem(temp.X, P->X) || !ecp_nistz256_bignum_to_field_elem(temp.Y, P->Y)) { diff --git a/doc/man3/EC_POINT_add.pod b/doc/man3/EC_POINT_add.pod index 2423671bab..70205486f7 100644 --- a/doc/man3/EC_POINT_add.pod +++ b/doc/man3/EC_POINT_add.pod @@ -15,14 +15,14 @@ EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_i int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); - int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); - int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, - EC_POINT *points[], BN_CTX *ctx); int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); Deprecated since OpenSSL 3.0: + int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); + int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, + EC_POINT *points[], BN_CTX *ctx); int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); @@ -43,7 +43,8 @@ EC_POINT_cmp compares the two supplied points and tests whether or not they are The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the EC_POINT(s) into the affine co-ordinate system. In the case of EC_POINTs_make_affine the value B provides the number of points in the array B to be -forced. +forced. These functions were deprecated in OpenSSL 3.0 and should no longer be used. +Modern versions automatically perform this conversion when needed. EC_POINT_mul calculates the value generator * B + B * B and stores the result in B. The value B may be NULL in which case the result is just B * B (variable point multiplication). Alternatively, both B and B may be NULL, and B non-NULL, in which case the result is just generator * B (fixed point multiplication). @@ -81,7 +82,8 @@ L, L =head1 HISTORY -EC_POINTs_mul(), EC_GROUP_precompute_mult(), and EC_GROUP_have_precompute_mult() +EC_POINT_make_affine(), EC_POINTs_make_affine(), EC_POINTs_mul(), +EC_GROUP_precompute_mult(), and EC_GROUP_have_precompute_mult() were deprecated in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/include/openssl/ec.h b/include/openssl/ec.h index f05122b374..d684e7ca09 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -761,9 +761,10 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); -int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); -int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, - EC_POINT *points[], BN_CTX *ctx); +DEPRECATEDIN_3_0(int EC_POINT_make_affine(const EC_GROUP *group, + EC_POINT *point, BN_CTX *ctx)) +DEPRECATEDIN_3_0(int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, + EC_POINT *points[], BN_CTX *ctx)) /** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i] * \param group underlying EC_GROUP object diff --git a/util/libcrypto.num b/util/libcrypto.num index 12c9f4f9d3..b131f81273 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -837,7 +837,7 @@ EVP_PKEY_CTX_get_cb 857 3_0_0 EXIST::FUNCTION: X509_STORE_free 858 3_0_0 EXIST::FUNCTION: ECDSA_sign_ex 859 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC TXT_DB_insert 860 3_0_0 EXIST::FUNCTION: -EC_POINTs_make_affine 861 3_0_0 EXIST::FUNCTION:EC +EC_POINTs_make_affine 861 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC RSA_padding_add_PKCS1_PSS 862 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA BF_options 863 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0 OCSP_BASICRESP_it 864 3_0_0 EXIST::FUNCTION:OCSP @@ -3318,7 +3318,7 @@ EVP_camellia_256_cfb1 3385 3_0_0 EXIST::FUNCTION:CAMELLIA CRYPTO_secure_actual_size 3387 3_0_0 EXIST::FUNCTION: COMP_CTX_free 3388 3_0_0 EXIST::FUNCTION:COMP i2d_PBE2PARAM 3389 3_0_0 EXIST::FUNCTION: -EC_POINT_make_affine 3390 3_0_0 EXIST::FUNCTION:EC +EC_POINT_make_affine 3390 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC DSA_generate_parameters 3391 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8,DSA ASN1_BIT_STRING_num_asc 3392 3_0_0 EXIST::FUNCTION: X509_INFO_free 3394 3_0_0 EXIST::FUNCTION: From levitte at openssl.org Wed May 20 19:08:26 2020 From: levitte at openssl.org (Richard Levitte) Date: Wed, 20 May 2020 19:08:26 +0000 Subject: [openssl] master update Message-ID: <1590001706.634236.30740.nullmailer@dev.openssl.org> The branch master has been updated via a30027b680c4ccf69f0600b3a5406821b2d7fe0b (commit) from c2f2db9b6fb75ca2d672bb50f4f1f5a23991a6c3 (commit) - Log ----------------------------------------------------------------- commit a30027b680c4ccf69f0600b3a5406821b2d7fe0b Author: Richard Levitte Date: Tue May 19 10:43:49 2020 +0200 Refactor the provider side DER constants and writers This splits up all the providers/common/der/*.c.in so the generated portion is on its own and all related DER writing routines are in their own files. This also ensures that the DIGEST consstants aren't reproduced in several files (resulting in symbol clashes). Finally, the production of OID macros is moved to the generated header files, allowing other similar macros, or DER constant arrays, to be built on top of them. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11868) ----------------------------------------------------------------------- Summary of changes: providers/common/der/DIGESTS.asn1 | 19 ++++++- providers/common/der/RSA.asn1 | 19 ------- providers/common/der/build.info | 30 +++++----- .../der/{der_digests.c.in => der_digests_gen.c.in} | 0 providers/common/der/der_dsa.h.in | 6 +- .../der/{der_digests.c.in => der_dsa_gen.c.in} | 5 +- providers/common/der/der_dsa_key.c | 20 +++++++ .../common/der/{der_dsa.c.in => der_dsa_sig.c} | 21 +------ providers/common/der/der_ec.h.in | 6 +- .../der/{der_digests.c.in => der_ec_gen.c.in} | 5 +- providers/common/der/der_ec_key.c | 21 +++++++ providers/common/der/{der_ec.c.in => der_ec_sig.c} | 22 +------- providers/common/der/der_rsa.h.in | 8 ++- .../der/{der_digests.c.in => der_rsa_gen.c.in} | 4 +- .../common/der/{der_rsa.c.in => der_rsa_key.c} | 61 --------------------- providers/common/der/der_rsa_sig.c | 64 ++++++++++++++++++++++ providers/common/der/oids_to_c.pm | 12 ++-- providers/implementations/signature/dsa.c | 3 +- providers/implementations/signature/ecdsa.c | 2 +- providers/implementations/signature/rsa.c | 3 +- 20 files changed, 178 insertions(+), 153 deletions(-) copy providers/common/der/{der_digests.c.in => der_digests_gen.c.in} (100%) copy providers/common/der/{der_digests.c.in => der_dsa_gen.c.in} (74%) create mode 100644 providers/common/der/der_dsa_key.c rename providers/common/der/{der_dsa.c.in => der_dsa_sig.c} (65%) copy providers/common/der/{der_digests.c.in => der_ec_gen.c.in} (74%) create mode 100644 providers/common/der/der_ec_key.c rename providers/common/der/{der_ec.c.in => der_ec_sig.c} (69%) rename providers/common/der/{der_digests.c.in => der_rsa_gen.c.in} (84%) rename providers/common/der/{der_rsa.c.in => der_rsa_key.c} (86%) create mode 100644 providers/common/der/der_rsa_sig.c diff --git a/providers/common/der/DIGESTS.asn1 b/providers/common/der/DIGESTS.asn1 index afed372186..bd955df8f2 100644 --- a/providers/common/der/DIGESTS.asn1 +++ b/providers/common/der/DIGESTS.asn1 @@ -1,5 +1,22 @@ -- ------------------------------------------------------------------- --- Taken from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration +-- From https://tools.ietf.org/html/rfc4055#section-2.1 + +id-sha1 OBJECT IDENTIFIER ::= { iso(1) + identified-organization(3) oiw(14) + secsig(3) algorithms(2) 26 } + +-- ------------------------------------------------------------------- +-- From https://tools.ietf.org/html/rfc5480#appendix-A +-- (OIDs for MD2 and MD5 are allowed only in EMSA-PKCS1-v1_5) + +id-md2 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } + +id-md5 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } + +-- ------------------------------------------------------------------- +-- From https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 } id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 } diff --git a/providers/common/der/RSA.asn1 b/providers/common/der/RSA.asn1 index d0c54d71ef..6ba99daa7c 100644 --- a/providers/common/der/RSA.asn1 +++ b/providers/common/der/RSA.asn1 @@ -52,25 +52,6 @@ sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 } sha512-224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 15 } sha512-256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 16 } --- --- This OID really belongs in a module with the secsig OIDs. --- -id-sha1 OBJECT IDENTIFIER ::= { - iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) - 26 -} - --- --- OIDs for MD2 and MD5, allowed only in EMSA-PKCS1-v1_5. --- -id-md2 OBJECT IDENTIFIER ::= { - iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 -} - -id-md5 OBJECT IDENTIFIER ::= { - iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 -} - -- -- When id-mgf1 is used in an AlgorithmIdentifier, the parameters -- MUST be present and MUST be a HashAlgorithm, for example, sha1. diff --git a/providers/common/der/build.info b/providers/common/der/build.info index 837fe73fed..43fe9038fe 100644 --- a/providers/common/der/build.info +++ b/providers/common/der/build.info @@ -1,32 +1,36 @@ -$FIPSABLE=der_rsa.c der_dsa.c der_ec.c der_digests.c +$FIPSABLE=\ + der_rsa_gen.c der_rsa_key.c der_rsa_sig.c \ + der_dsa_gen.c der_dsa_key.c der_dsa_sig.c \ + der_ec_gen.c der_ec_key.c der_ec_sig.c \ + der_digests_gen.c SOURCE[../../libfips.a]=$FIPSABLE SOURCE[../../libnonfips.a]=$FIPSABLE -GENERATE[der_rsa.c]=der_rsa.c.in -DEPEND[der_rsa.c]=oids_to_c.pm +GENERATE[der_rsa_gen.c]=der_rsa_gen.c.in +DEPEND[der_rsa_gen.c]=oids_to_c.pm -DEPEND[der_rsa.o]=../include/prov/der_rsa.h ../include/prov/der_digests.h +DEPEND[der_rsa_gen.o]=../include/prov/der_rsa.h ../include/prov/der_digests.h GENERATE[../include/prov/der_rsa.h]=der_rsa.h.in DEPEND[../include/prov/der_rsa.h]=oids_to_c.pm -GENERATE[der_dsa.c]=der_dsa.c.in -DEPEND[der_dsa.c]=oids_to_c.pm +GENERATE[der_dsa_gen.c]=der_dsa_gen.c.in +DEPEND[der_dsa_gen.c]=oids_to_c.pm -DEPEND[der_dsa.o]=../include/prov/der_dsa.h +DEPEND[der_dsa_gen.o]=../include/prov/der_dsa.h GENERATE[../include/prov/der_dsa.h]=der_dsa.h.in DEPEND[../include/prov/der_dsa.h]=oids_to_c.pm -GENERATE[der_ec.c]=der_ec.c.in -DEPEND[der_ec.c]=oids_to_c.pm +GENERATE[der_ec_gen.c]=der_ec_gen.c.in +DEPEND[der_ec_gen.c]=oids_to_c.pm -DEPEND[der_ec.o]=../include/prov/der_ec.h +DEPEND[der_ec_gen.o]=../include/prov/der_ec.h GENERATE[../include/prov/der_ec.h]=der_ec.h.in DEPEND[../include/prov/der_ec.h]=oids_to_c.pm -GENERATE[der_digests.c]=der_digests.c.in -DEPEND[der_digests.c]=oids_to_c.pm +GENERATE[der_digests_gen.c]=der_digests_gen.c.in +DEPEND[der_digests_gen.c]=oids_to_c.pm -DEPEND[der_digests.o]=../include/prov/der_digests.h +DEPEND[der_digests_gen.o]=../include/prov/der_digests.h GENERATE[../include/prov/der_digests.h]=der_digests.h.in DEPEND[../include/prov/der_digests.h]=oids_to_c.pm diff --git a/providers/common/der/der_digests.c.in b/providers/common/der/der_digests_gen.c.in similarity index 100% copy from providers/common/der/der_digests.c.in copy to providers/common/der/der_digests_gen.c.in diff --git a/providers/common/der/der_dsa.h.in b/providers/common/der/der_dsa.h.in index d9e7bf205a..e9a8718fc6 100644 --- a/providers/common/der/der_dsa.h.in +++ b/providers/common/der/der_dsa.h.in @@ -16,6 +16,8 @@ filter => \&oids_to_c::filter_to_H }); -} +/* Subject Public Key Info */ int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa); -int DER_w_algorithmIdentifier_DSA_with(WPACKET *pkt, int tag, - DSA *dsa, int mdnid); +/* Signature */ +int DER_w_algorithmIdentifier_DSA_with_MD(WPACKET *pkt, int tag, + DSA *dsa, int mdnid); diff --git a/providers/common/der/der_digests.c.in b/providers/common/der/der_dsa_gen.c.in similarity index 74% copy from providers/common/der/der_digests.c.in copy to providers/common/der/der_dsa_gen.c.in index 433c107420..95f1f5cdd1 100644 --- a/providers/common/der/der_digests.c.in +++ b/providers/common/der/der_dsa_gen.c.in @@ -7,12 +7,11 @@ * https://www.openssl.org/source/license.html */ -#include "prov/der_digests.h" +#include "prov/der_dsa.h" /* Well known OIDs precompiled */ {- - $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', - 'providers/common/der/DIGESTS.asn1', + $OUT = oids_to_c::process_leaves('providers/common/der/DSA.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_C }); -} diff --git a/providers/common/der/der_dsa_key.c b/providers/common/der/der_dsa_key.c new file mode 100644 index 0000000000..6118b275fb --- /dev/null +++ b/providers/common/der/der_dsa_key.c @@ -0,0 +1,20 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/packet.h" +#include "prov/der_dsa.h" + +int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa) +{ + return DER_w_begin_sequence(pkt, tag) + /* No parameters (yet?) */ + && DER_w_precompiled(pkt, -1, der_oid_id_dsa, sizeof(der_oid_id_dsa)) + && DER_w_end_sequence(pkt, tag); +} diff --git a/providers/common/der/der_dsa.c.in b/providers/common/der/der_dsa_sig.c similarity index 65% rename from providers/common/der/der_dsa.c.in rename to providers/common/der/der_dsa_sig.c index 28c0ba8c6c..c96a617dad 100644 --- a/providers/common/der/der_dsa.c.in +++ b/providers/common/der/der_dsa_sig.c @@ -7,33 +7,18 @@ * https://www.openssl.org/source/license.html */ -#include #include +#include "internal/packet.h" #include "prov/der_dsa.h" -/* Well known OIDs precompiled */ -{- - $OUT = oids_to_c::process_leaves('providers/common/der/DSA.asn1', - { dir => $config{sourcedir}, - filter => \&oids_to_c::filter_to_C }); --} - -int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa) -{ - return DER_w_begin_sequence(pkt, tag) - /* No parameters (yet?) */ - && DER_w_precompiled(pkt, -1, der_oid_id_dsa, sizeof(der_oid_id_dsa)) - && DER_w_end_sequence(pkt, tag); -} - #define MD_CASE(name) \ case NID_##name: \ precompiled = der_oid_id_dsa_with_##name; \ precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \ break; -int DER_w_algorithmIdentifier_DSA_with(WPACKET *pkt, int tag, - DSA *dsa, int mdnid) +int DER_w_algorithmIdentifier_DSA_with_MD(WPACKET *pkt, int tag, + DSA *dsa, int mdnid) { const unsigned char *precompiled = NULL; size_t precompiled_sz = 0; diff --git a/providers/common/der/der_ec.h.in b/providers/common/der/der_ec.h.in index 24f153cd8f..86a754e4ff 100644 --- a/providers/common/der/der_ec.h.in +++ b/providers/common/der/der_ec.h.in @@ -16,6 +16,8 @@ filter => \&oids_to_c::filter_to_H }); -} +/* Subject Public Key Info */ int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec); -int DER_w_algorithmIdentifier_ECDSA_with(WPACKET *pkt, int cont, - EC_KEY *ec, int mdnid); +/* Signature */ +int DER_w_algorithmIdentifier_ECDSA_with_MD(WPACKET *pkt, int cont, + EC_KEY *ec, int mdnid); diff --git a/providers/common/der/der_digests.c.in b/providers/common/der/der_ec_gen.c.in similarity index 74% copy from providers/common/der/der_digests.c.in copy to providers/common/der/der_ec_gen.c.in index 433c107420..40acf9a31c 100644 --- a/providers/common/der/der_digests.c.in +++ b/providers/common/der/der_ec_gen.c.in @@ -7,12 +7,11 @@ * https://www.openssl.org/source/license.html */ -#include "prov/der_digests.h" +#include "prov/der_ec.h" /* Well known OIDs precompiled */ {- - $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', - 'providers/common/der/DIGESTS.asn1', + $OUT = oids_to_c::process_leaves('providers/common/der/EC.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_C }); -} diff --git a/providers/common/der/der_ec_key.c b/providers/common/der/der_ec_key.c new file mode 100644 index 0000000000..058596a96e --- /dev/null +++ b/providers/common/der/der_ec_key.c @@ -0,0 +1,21 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/packet.h" +#include "prov/der_ec.h" + +int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec) +{ + return DER_w_begin_sequence(pkt, cont) + /* No parameters (yet?) */ + && DER_w_precompiled(pkt, -1, der_oid_id_ecPublicKey, + sizeof(der_oid_id_ecPublicKey)) + && DER_w_end_sequence(pkt, cont); +} diff --git a/providers/common/der/der_ec.c.in b/providers/common/der/der_ec_sig.c similarity index 69% rename from providers/common/der/der_ec.c.in rename to providers/common/der/der_ec_sig.c index a617651e4e..687ec49c1f 100644 --- a/providers/common/der/der_ec.c.in +++ b/providers/common/der/der_ec_sig.c @@ -7,26 +7,10 @@ * https://www.openssl.org/source/license.html */ -#include #include +#include "internal/packet.h" #include "prov/der_ec.h" -/* Well known OIDs precompiled */ -{- - $OUT = oids_to_c::process_leaves('providers/common/der/EC.asn1', - { dir => $config{sourcedir}, - filter => \&oids_to_c::filter_to_C }); --} - -int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec) -{ - return DER_w_begin_sequence(pkt, cont) - /* No parameters (yet?) */ - && DER_w_precompiled(pkt, -1, der_oid_id_ecPublicKey, - sizeof(der_oid_id_ecPublicKey)) - && DER_w_end_sequence(pkt, cont); -} - /* Aliases so we can have a uniform MD_CASE */ #define der_oid_id_ecdsa_with_sha1 der_oid_ecdsa_with_SHA1 #define der_oid_id_ecdsa_with_sha224 der_oid_ecdsa_with_SHA224 @@ -40,8 +24,8 @@ int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec) precompiled_sz = sizeof(der_oid_id_ecdsa_with_##name); \ break; -int DER_w_algorithmIdentifier_ECDSA_with(WPACKET *pkt, int cont, - EC_KEY *ec, int mdnid) +int DER_w_algorithmIdentifier_ECDSA_with_MD(WPACKET *pkt, int cont, + EC_KEY *ec, int mdnid) { const unsigned char *precompiled = NULL; size_t precompiled_sz = 0; diff --git a/providers/common/der/der_rsa.h.in b/providers/common/der/der_rsa.h.in index 53f6227825..c744fc25c5 100644 --- a/providers/common/der/der_rsa.h.in +++ b/providers/common/der/der_rsa.h.in @@ -13,14 +13,16 @@ /* Well known OIDs precompiled */ {- $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', - 'providers/common/der/DIGESTS.asn1', 'providers/common/der/RSA.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_H }); -} +/* PSS parameters */ int DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag, const RSA_PSS_PARAMS_30 *pss); +/* Subject Public Key Info */ int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa); -int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, - RSA *rsa, int mdnid); +/* Signature */ +int DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag, + RSA *rsa, int mdnid); diff --git a/providers/common/der/der_digests.c.in b/providers/common/der/der_rsa_gen.c.in similarity index 84% rename from providers/common/der/der_digests.c.in rename to providers/common/der/der_rsa_gen.c.in index 433c107420..0d1ca0b10b 100644 --- a/providers/common/der/der_digests.c.in +++ b/providers/common/der/der_rsa_gen.c.in @@ -7,12 +7,12 @@ * https://www.openssl.org/source/license.html */ -#include "prov/der_digests.h" +#include "prov/der_rsa.h" /* Well known OIDs precompiled */ {- $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', - 'providers/common/der/DIGESTS.asn1', + 'providers/common/der/RSA.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_C }); -} diff --git a/providers/common/der/der_rsa.c.in b/providers/common/der/der_rsa_key.c similarity index 86% rename from providers/common/der/der_rsa.c.in rename to providers/common/der/der_rsa_key.c index 30e945cf58..bd2de4a6c3 100644 --- a/providers/common/der/der_rsa.c.in +++ b/providers/common/der/der_rsa_key.c @@ -7,21 +7,11 @@ * https://www.openssl.org/source/license.html */ -#include #include #include "internal/cryptlib.h" #include "prov/der_rsa.h" #include "prov/der_digests.h" -/* Well known OIDs precompiled */ -{- - $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', - 'providers/common/der/DIGESTS.asn1', - 'providers/common/der/RSA.asn1', - { dir => $config{sourcedir}, - filter => \&oids_to_c::filter_to_C }); --} - /* More complex pre-compiled sequences. TODO(3.0) refactor? */ /*- * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1 @@ -382,54 +372,3 @@ int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa) && DER_w_precompiled(pkt, -1, rsa_oid, rsa_oid_sz) && DER_w_end_sequence(pkt, tag); } - -/* Aliases so we can have a uniform MD_with_RSA_CASE */ -#define der_oid_sha3_224WithRSAEncryption \ - der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224 -#define der_oid_sha3_256WithRSAEncryption \ - der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256 -#define der_oid_sha3_384WithRSAEncryption \ - der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384 -#define der_oid_sha3_512WithRSAEncryption \ - der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512 - -#define MD_with_RSA_CASE(name, var) \ - case NID_##name: \ - var = der_oid_##name##WithRSAEncryption; \ - var##_sz = sizeof(der_oid_##name##WithRSAEncryption); \ - break; - -int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, - RSA *rsa, int mdnid) -{ - const unsigned char *precompiled = NULL; - size_t precompiled_sz = 0; - - switch (mdnid) { -#ifndef FIPS_MODULE - MD_with_RSA_CASE(md2, precompiled); - MD_with_RSA_CASE(md5, precompiled); - MD_with_RSA_CASE(md4, precompiled); - MD_with_RSA_CASE(ripemd160, precompiled); -/* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */ -#endif - MD_with_RSA_CASE(sha1, precompiled); - MD_with_RSA_CASE(sha224, precompiled); - MD_with_RSA_CASE(sha256, precompiled); - MD_with_RSA_CASE(sha384, precompiled); - MD_with_RSA_CASE(sha512, precompiled); - MD_with_RSA_CASE(sha512_224, precompiled); - MD_with_RSA_CASE(sha512_256, precompiled); - MD_with_RSA_CASE(sha3_224, precompiled); - MD_with_RSA_CASE(sha3_256, precompiled); - MD_with_RSA_CASE(sha3_384, precompiled); - MD_with_RSA_CASE(sha3_512, precompiled); - default: - return 0; - } - - return DER_w_begin_sequence(pkt, tag) - /* No parameters (yet?) */ - && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz) - && DER_w_end_sequence(pkt, tag); -} diff --git a/providers/common/der/der_rsa_sig.c b/providers/common/der/der_rsa_sig.c new file mode 100644 index 0000000000..a1ab263dc1 --- /dev/null +++ b/providers/common/der/der_rsa_sig.c @@ -0,0 +1,64 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/packet.h" +#include "prov/der_rsa.h" +#include "prov/der_digests.h" + +/* Aliases so we can have a uniform MD_with_RSA_CASE */ +#define der_oid_sha3_224WithRSAEncryption \ + der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224 +#define der_oid_sha3_256WithRSAEncryption \ + der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256 +#define der_oid_sha3_384WithRSAEncryption \ + der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384 +#define der_oid_sha3_512WithRSAEncryption \ + der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512 + +#define MD_with_RSA_CASE(name, var) \ + case NID_##name: \ + var = der_oid_##name##WithRSAEncryption; \ + var##_sz = sizeof(der_oid_##name##WithRSAEncryption); \ + break; + +int DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag, + RSA *rsa, int mdnid) +{ + const unsigned char *precompiled = NULL; + size_t precompiled_sz = 0; + + switch (mdnid) { +#ifndef FIPS_MODULE + MD_with_RSA_CASE(md2, precompiled); + MD_with_RSA_CASE(md5, precompiled); + MD_with_RSA_CASE(md4, precompiled); + MD_with_RSA_CASE(ripemd160, precompiled); +/* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */ +#endif + MD_with_RSA_CASE(sha1, precompiled); + MD_with_RSA_CASE(sha224, precompiled); + MD_with_RSA_CASE(sha256, precompiled); + MD_with_RSA_CASE(sha384, precompiled); + MD_with_RSA_CASE(sha512, precompiled); + MD_with_RSA_CASE(sha512_224, precompiled); + MD_with_RSA_CASE(sha512_256, precompiled); + MD_with_RSA_CASE(sha3_224, precompiled); + MD_with_RSA_CASE(sha3_256, precompiled); + MD_with_RSA_CASE(sha3_384, precompiled); + MD_with_RSA_CASE(sha3_512, precompiled); + default: + return 0; + } + + return DER_w_begin_sequence(pkt, tag) + /* No parameters (yet?) */ + && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz) + && DER_w_end_sequence(pkt, tag); +} diff --git a/providers/common/der/oids_to_c.pm b/providers/common/der/oids_to_c.pm index 64e6c07df3..dee326316b 100644 --- a/providers/common/der/oids_to_c.pm +++ b/providers/common/der/oids_to_c.pm @@ -28,12 +28,19 @@ use Data::Dumper; sub filter_to_H { my ($name, $comment) = @{ shift() }; my @oid_nums = @_; + my $oid_size = scalar @oid_nums; + (my $C_comment = $comment) =~ s|^| * |msg; + $C_comment = "\n/*\n${C_comment}\n */" if $C_comment ne ''; (my $C_name = $name) =~ s|-|_|g; my $C_bytes_size = 2 + scalar @_; + my $C_bytes = join(', ', map { sprintf("0x%02X", $_) } @oid_nums ); return <<"_____"; -extern const unsigned char der_oid_${C_name}[$C_bytes_size]; +$C_comment +#define DER_OID_V_${C_name} DER_P_OBJECT, $oid_size, ${C_bytes} +#define DER_OID_SZ_${C_name} ${C_bytes_size} +extern const unsigned char der_oid_${C_name}[DER_OID_SZ_${C_name}]; _____ } @@ -48,12 +55,9 @@ sub filter_to_C { $C_comment = "\n/*\n${C_comment}\n */" if $C_comment ne ''; (my $C_name = $name) =~ s|-|_|g; my $C_bytes_size = 2 + $oid_size; - my $C_bytes = join(', ', map { sprintf("0x%02X", $_) } @oid_nums ); return <<"_____"; $C_comment -#define DER_OID_V_${C_name} DER_P_OBJECT, $oid_size, ${C_bytes} -#define DER_OID_SZ_${C_name} ${C_bytes_size} const unsigned char der_oid_${C_name}[DER_OID_SZ_${C_name}] = { DER_OID_V_${C_name} }; diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c index bfab22488f..9227cb181c 100644 --- a/providers/implementations/signature/dsa.c +++ b/providers/implementations/signature/dsa.c @@ -177,7 +177,8 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, */ ctx->aid_len = 0; if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf)) - && DER_w_algorithmIdentifier_DSA_with(&pkt, -1, ctx->dsa, md_nid) + && DER_w_algorithmIdentifier_DSA_with_MD(&pkt, -1, ctx->dsa, + md_nid) && WPACKET_finish(&pkt)) { WPACKET_get_total_written(&pkt, &ctx->aid_len); ctx->aid = WPACKET_get_curr(&pkt); diff --git a/providers/implementations/signature/ecdsa.c b/providers/implementations/signature/ecdsa.c index 267950d537..d96f597a92 100644 --- a/providers/implementations/signature/ecdsa.c +++ b/providers/implementations/signature/ecdsa.c @@ -238,7 +238,7 @@ static int ecdsa_digest_signverify_init(void *vctx, const char *mdname, */ ctx->aid_len = 0; if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf)) - && DER_w_algorithmIdentifier_ECDSA_with(&pkt, -1, ctx->ec, md_nid) + && DER_w_algorithmIdentifier_ECDSA_with_MD(&pkt, -1, ctx->ec, md_nid) && WPACKET_finish(&pkt)) { WPACKET_get_total_written(&pkt, &ctx->aid_len); ctx->aid = WPACKET_get_curr(&pkt); diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index 4dc3a89878..6f62c2b648 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -254,7 +254,8 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, */ ctx->aid_len = 0; if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf)) - && DER_w_algorithmIdentifier_RSA_with(&pkt, -1, ctx->rsa, md_nid) + && DER_w_algorithmIdentifier_MDWithRSAEncryption(&pkt, -1, ctx->rsa, + md_nid) && WPACKET_finish(&pkt)) { WPACKET_get_total_written(&pkt, &ctx->aid_len); ctx->aid = WPACKET_get_curr(&pkt); From levitte at openssl.org Wed May 20 19:11:33 2020 From: levitte at openssl.org (Richard Levitte) Date: Wed, 20 May 2020 19:11:33 +0000 Subject: [openssl] master update Message-ID: <1590001893.229062.1143.nullmailer@dev.openssl.org> The branch master has been updated via e637d47c9122d74d4f3a40a8cbe867de29468ba3 (commit) from a30027b680c4ccf69f0600b3a5406821b2d7fe0b (commit) - Log ----------------------------------------------------------------- commit e637d47c9122d74d4f3a40a8cbe867de29468ba3 Author: Richard Levitte Date: Tue May 19 12:52:07 2020 +0200 rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md| In the FIPS module, the code as written generate an unconditional error. Fixes #11865 Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11869) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_oaep.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 8ffde9ff18..ce98802070 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -67,13 +67,14 @@ int rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(OPENSSL_CTX *libctx, unsigned char seedmask[EVP_MAX_MD_SIZE]; int mdlen, dbmask_len = 0; + if (md == NULL) { #ifndef FIPS_MODULE - if (md == NULL) md = EVP_sha1(); #else RSAerr(0, ERR_R_PASSED_NULL_PARAMETER); return 0; #endif + } if (mgf1md == NULL) mgf1md = md; From levitte at openssl.org Wed May 20 19:14:58 2020 From: levitte at openssl.org (Richard Levitte) Date: Wed, 20 May 2020 19:14:58 +0000 Subject: [openssl] master update Message-ID: <1590002098.149841.3698.nullmailer@dev.openssl.org> The branch master has been updated via b84439b06a1b9a7bfb47e230b70a6d3ee46e8a19 (commit) from e637d47c9122d74d4f3a40a8cbe867de29468ba3 (commit) - Log ----------------------------------------------------------------- commit b84439b06a1b9a7bfb47e230b70a6d3ee46e8a19 Author: Richard Levitte Date: Tue May 19 15:42:07 2020 +0200 STORE: Make try_decode_PrivateKey() ENGINE aware This function only considered the built-in and application EVP_PKEY_ASN1_METHODs, and is now amended with a loop that goes through all loaded engines, using whatever table of methods they each have. Fixes #11861 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11872) ----------------------------------------------------------------------- Summary of changes: crypto/store/loader_file.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index 320c527a65..6b5cebc835 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -450,6 +450,43 @@ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name, } } else { int i; +#ifndef OPENSSL_NO_ENGINE + ENGINE *curengine = ENGINE_get_first(); + + while (curengine != NULL) { + ENGINE_PKEY_ASN1_METHS_PTR asn1meths = + ENGINE_get_pkey_asn1_meths(curengine); + + if (asn1meths != NULL) { + const int *nids = NULL; + int nids_n = asn1meths(curengine, NULL, &nids, 0); + + for (i = 0; i < nids_n; i++) { + EVP_PKEY_ASN1_METHOD *ameth2 = NULL; + EVP_PKEY *tmp_pkey = NULL; + const unsigned char *tmp_blob = blob; + + if (!asn1meths(curengine, &ameth2, NULL, nids[i])) + continue; + if (ameth2 == NULL + || ameth2->pkey_flags & ASN1_PKEY_ALIAS) + continue; + + tmp_pkey = + d2i_PrivateKey_ex(ameth2->pkey_id, NULL, + &tmp_blob, len, libctx, propq); + if (tmp_pkey != NULL) { + if (pkey != NULL) + EVP_PKEY_free(tmp_pkey); + else + pkey = tmp_pkey; + (*matchcount)++; + } + } + } + curengine = ENGINE_get_next(curengine); + } +#endif for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { EVP_PKEY *tmp_pkey = NULL; From openssl at openssl.org Thu May 21 01:28:14 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 21 May 2020 01:28:14 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1590024494.764957.32052.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: b2a5001d95 Update early data exchange scenarios in doc e0bcb4f97f Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3 e638112e15 Test for the SSL_OP_IGNORE_UNEXPECTED_EOF option 09b90e0ed7 Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF fb420afc87 Use {module,install}-mac, not -checksum d03b3158c5 Revise fips_install.pod eaf8ec1a03 Revise x509v3_config.pod ca17a6ec56 Revise fips_config.pod fe92150d69 Add missing pragma weak declaration to lhash.h 6b4eb93362 deprecate EC precomputation functionality 5a5530a29a New Russian TLS 1.2 implementation 0e139a02d5 GOST-related objects changes 092a5c71f1 Constants for new GOST TLS 1.2 ciphersuites 5a29b6286f CORE: query for operations only once per provider (unless no_store is true) c0ec5ce0bf Use _get0_ functions instead of _get_. 2f84d2a1f1 s_client: Show cert algorithms & validity period e9e7b5df86 Fix some places where X509_up_ref is used without error handling. 082394839e TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux) 88b15ed9a5 Delete the sslprovider test d9321c09ea Fix small documentation issues Build log ended with (last 100 lines): rm -f *.ld rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_cmp.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/Ed25519.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_cmp.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/Ed25519.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests.c providers/common/der/der_dsa.c providers/common/der/der_ec.c providers/common/der/der_rsa.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha3-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4053: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3028: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Thu May 21 01:44:00 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 21 May 2020 01:44:00 +0000 Subject: Build failed: openssl master.34267 Message-ID: <20200521014400.1.CDA0C69637D502DC@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu May 21 03:34:41 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 21 May 2020 03:34:41 +0000 Subject: Build failed: openssl master.34268 Message-ID: <20200521033441.1.CE6325A4C50A0F08@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu May 21 04:40:36 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 21 May 2020 04:40:36 +0000 Subject: Build completed: openssl master.34269 Message-ID: <20200521044036.1.D8768C3A3A006DF0@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu May 21 05:54:24 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 21 May 2020 05:54:24 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1590040464.476337.13588.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: b2a5001d95 Update early data exchange scenarios in doc e0bcb4f97f Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3 e638112e15 Test for the SSL_OP_IGNORE_UNEXPECTED_EOF option 09b90e0ed7 Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF fb420afc87 Use {module,install}-mac, not -checksum d03b3158c5 Revise fips_install.pod eaf8ec1a03 Revise x509v3_config.pod ca17a6ec56 Revise fips_config.pod fe92150d69 Add missing pragma weak declaration to lhash.h 6b4eb93362 deprecate EC precomputation functionality 5a5530a29a New Russian TLS 1.2 implementation 0e139a02d5 GOST-related objects changes 092a5c71f1 Constants for new GOST TLS 1.2 ciphersuites 5a29b6286f CORE: query for operations only once per provider (unless no_store is true) c0ec5ce0bf Use _get0_ functions instead of _get_. 2f84d2a1f1 s_client: Show cert algorithms & validity period e9e7b5df86 Fix some places where X509_up_ref is used without error handling. 082394839e TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux) 88b15ed9a5 Delete the sslprovider test d9321c09ea Fix small documentation issues Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_cmp.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/Ed25519.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests.c providers/common/der/der_dsa.c providers/common/der/der_ec.c providers/common/der/der_rsa.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha3-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_socket.d.tmp -MT apps/lib/libapps-lib-s_socket.o -c -o apps/lib/libapps-lib-s_socket.o ../openssl/apps/lib/s_socket.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4045: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3020: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Thu May 21 09:18:16 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 21 May 2020 09:18:16 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1590052696.127129.28178.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: b2a5001d95 Update early data exchange scenarios in doc e0bcb4f97f Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3 e638112e15 Test for the SSL_OP_IGNORE_UNEXPECTED_EOF option 09b90e0ed7 Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF fb420afc87 Use {module,install}-mac, not -checksum d03b3158c5 Revise fips_install.pod eaf8ec1a03 Revise x509v3_config.pod ca17a6ec56 Revise fips_config.pod fe92150d69 Add missing pragma weak declaration to lhash.h 6b4eb93362 deprecate EC precomputation functionality 5a5530a29a New Russian TLS 1.2 implementation 0e139a02d5 GOST-related objects changes 092a5c71f1 Constants for new GOST TLS 1.2 ciphersuites 5a29b6286f CORE: query for operations only once per provider (unless no_store is true) c0ec5ce0bf Use _get0_ functions instead of _get_. 2f84d2a1f1 s_client: Show cert algorithms & validity period e9e7b5df86 Fix some places where X509_up_ref is used without error handling. 082394839e TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux) 88b15ed9a5 Delete the sslprovider test d9321c09ea Fix small documentation issues Build log ended with (last 100 lines): 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 15-test_dsa.t (Wstat: 1024 Tests: 7 Failed: 4) Failed tests: 4-7 Non-zero exit status: 4 25-test_crl.t (Wstat: 256 Tests: 7 Failed: 1) Failed test: 2 Non-zero exit status: 1 25-test_x509.t (Wstat: 512 Tests: 11 Failed: 2) Failed tests: 8-9 Non-zero exit status: 2 Files=196, Tests=1989, 1347 wallclock secs ( 8.48 usr 1.67 sys + 1294.33 cusr 56.96 csys = 1361.44 CPU) Result: FAIL Makefile:3055: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:3053: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Thu May 21 10:47:55 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 21 May 2020 10:47:55 +0000 Subject: Build failed: openssl master.34273 Message-ID: <20200521104755.1.98392C112E540B17@appveyor.com> An HTML attachment was scrubbed... URL: From tmraz at fedoraproject.org Thu May 21 11:28:45 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Thu, 21 May 2020 11:28:45 +0000 Subject: [openssl] master update Message-ID: <1590060525.557017.23409.nullmailer@dev.openssl.org> The branch master has been updated via e1c6f76281473b8fe66954187e793108a0e8568c (commit) from b84439b06a1b9a7bfb47e230b70a6d3ee46e8a19 (commit) - Log ----------------------------------------------------------------- commit e1c6f76281473b8fe66954187e793108a0e8568c Author: mettacrawler Date: Tue May 19 11:53:24 2020 -0400 There is no -signreq option in CA.pl CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11876) ----------------------------------------------------------------------- Summary of changes: doc/man1/CA.pl.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man1/CA.pl.pod b/doc/man1/CA.pl.pod index 85e02b9ed2..aa2e0058cc 100644 --- a/doc/man1/CA.pl.pod +++ b/doc/man1/CA.pl.pod @@ -113,7 +113,7 @@ written to standard output. =item B<-signCA> -This option is the same as the B<-signreq> option except it uses the +This option is the same as the B<-sign> option except it uses the configuration file section B and so makes the signed request a valid CA certificate. This is useful when creating intermediate CA from a root CA. Extra params are passed to L. @@ -165,7 +165,7 @@ the request and finally create a PKCS#12 file containing it. CA.pl -newca CA.pl -newreq - CA.pl -signreq + CA.pl -sign CA.pl -pkcs12 "My Test Certificate" =head1 ENVIRONMENT From no-reply at appveyor.com Thu May 21 11:47:08 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 21 May 2020 11:47:08 +0000 Subject: Build completed: openssl master.34274 Message-ID: <20200521114708.1.93D3ED75FB946C8E@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu May 21 12:05:31 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 21 May 2020 12:05:31 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1590062731.395664.2306.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: b2a5001d95 Update early data exchange scenarios in doc e0bcb4f97f Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3 e638112e15 Test for the SSL_OP_IGNORE_UNEXPECTED_EOF option 09b90e0ed7 Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF fb420afc87 Use {module,install}-mac, not -checksum d03b3158c5 Revise fips_install.pod eaf8ec1a03 Revise x509v3_config.pod ca17a6ec56 Revise fips_config.pod fe92150d69 Add missing pragma weak declaration to lhash.h 6b4eb93362 deprecate EC precomputation functionality 5a5530a29a New Russian TLS 1.2 implementation 0e139a02d5 GOST-related objects changes 092a5c71f1 Constants for new GOST TLS 1.2 ciphersuites 5a29b6286f CORE: query for operations only once per provider (unless no_store is true) c0ec5ce0bf Use _get0_ functions instead of _get_. 2f84d2a1f1 s_client: Show cert algorithms & validity period e9e7b5df86 Fix some places where X509_up_ref is used without error handling. 082394839e TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux) 88b15ed9a5 Delete the sslprovider test d9321c09ea Fix small documentation issues Build log ended with (last 100 lines): 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=196, Tests=1986, 724 wallclock secs ( 8.00 usr 1.36 sys + 688.12 cusr 44.72 csys = 742.20 CPU) Result: FAIL Makefile:3074: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3072: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu May 21 13:46:27 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 21 May 2020 13:46:27 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1590068787.788898.18402.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: b2a5001d95 Update early data exchange scenarios in doc e0bcb4f97f Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3 e638112e15 Test for the SSL_OP_IGNORE_UNEXPECTED_EOF option 09b90e0ed7 Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF fb420afc87 Use {module,install}-mac, not -checksum d03b3158c5 Revise fips_install.pod eaf8ec1a03 Revise x509v3_config.pod ca17a6ec56 Revise fips_config.pod fe92150d69 Add missing pragma weak declaration to lhash.h 6b4eb93362 deprecate EC precomputation functionality 5a5530a29a New Russian TLS 1.2 implementation 0e139a02d5 GOST-related objects changes 092a5c71f1 Constants for new GOST TLS 1.2 ciphersuites 5a29b6286f CORE: query for operations only once per provider (unless no_store is true) c0ec5ce0bf Use _get0_ functions instead of _get_. 2f84d2a1f1 s_client: Show cert algorithms & validity period e9e7b5df86 Fix some places where X509_up_ref is used without error handling. 082394839e TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux) 88b15ed9a5 Delete the sslprovider test d9321c09ea Fix small documentation issues From openssl at openssl.org Thu May 21 14:29:26 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 21 May 2020 14:29:26 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1590071366.260471.27950.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: b2a5001d95 Update early data exchange scenarios in doc e0bcb4f97f Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3 e638112e15 Test for the SSL_OP_IGNORE_UNEXPECTED_EOF option 09b90e0ed7 Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF fb420afc87 Use {module,install}-mac, not -checksum d03b3158c5 Revise fips_install.pod eaf8ec1a03 Revise x509v3_config.pod ca17a6ec56 Revise fips_config.pod fe92150d69 Add missing pragma weak declaration to lhash.h 6b4eb93362 deprecate EC precomputation functionality 5a5530a29a New Russian TLS 1.2 implementation 0e139a02d5 GOST-related objects changes 092a5c71f1 Constants for new GOST TLS 1.2 ciphersuites 5a29b6286f CORE: query for operations only once per provider (unless no_store is true) c0ec5ce0bf Use _get0_ functions instead of _get_. 2f84d2a1f1 s_client: Show cert algorithms & validity period e9e7b5df86 Fix some places where X509_up_ref is used without error handling. 082394839e TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux) 88b15ed9a5 Delete the sslprovider test d9321c09ea Fix small documentation issues Build log ended with (last 100 lines): 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=196, Tests=1988, 733 wallclock secs ( 8.19 usr 1.43 sys + 693.54 cusr 44.45 csys = 747.61 CPU) Result: FAIL Makefile:3068: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3066: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu May 21 15:52:48 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 21 May 2020 15:52:48 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1590076368.236654.11706.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: b2a5001d95 Update early data exchange scenarios in doc e0bcb4f97f Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3 e638112e15 Test for the SSL_OP_IGNORE_UNEXPECTED_EOF option 09b90e0ed7 Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF fb420afc87 Use {module,install}-mac, not -checksum d03b3158c5 Revise fips_install.pod eaf8ec1a03 Revise x509v3_config.pod ca17a6ec56 Revise fips_config.pod fe92150d69 Add missing pragma weak declaration to lhash.h 6b4eb93362 deprecate EC precomputation functionality 5a5530a29a New Russian TLS 1.2 implementation 0e139a02d5 GOST-related objects changes 092a5c71f1 Constants for new GOST TLS 1.2 ciphersuites 5a29b6286f CORE: query for operations only once per provider (unless no_store is true) c0ec5ce0bf Use _get0_ functions instead of _get_. 2f84d2a1f1 s_client: Show cert algorithms & validity period e9e7b5df86 Fix some places where X509_up_ref is used without error handling. 082394839e TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux) 88b15ed9a5 Delete the sslprovider test d9321c09ea Fix small documentation issues From openssl at openssl.org Thu May 21 16:33:36 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 21 May 2020 16:33:36 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1590078816.674073.21149.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: b2a5001d95 Update early data exchange scenarios in doc e0bcb4f97f Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3 e638112e15 Test for the SSL_OP_IGNORE_UNEXPECTED_EOF option 09b90e0ed7 Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF fb420afc87 Use {module,install}-mac, not -checksum d03b3158c5 Revise fips_install.pod eaf8ec1a03 Revise x509v3_config.pod ca17a6ec56 Revise fips_config.pod fe92150d69 Add missing pragma weak declaration to lhash.h 6b4eb93362 deprecate EC precomputation functionality 5a5530a29a New Russian TLS 1.2 implementation 0e139a02d5 GOST-related objects changes 092a5c71f1 Constants for new GOST TLS 1.2 ciphersuites 5a29b6286f CORE: query for operations only once per provider (unless no_store is true) c0ec5ce0bf Use _get0_ functions instead of _get_. 2f84d2a1f1 s_client: Show cert algorithms & validity period e9e7b5df86 Fix some places where X509_up_ref is used without error handling. 082394839e TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux) 88b15ed9a5 Delete the sslprovider test d9321c09ea Fix small documentation issues Build log ended with (last 100 lines): 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=196, Tests=1988, 712 wallclock secs ( 7.86 usr 1.67 sys + 674.09 cusr 44.40 csys = 728.02 CPU) Result: FAIL Makefile:3052: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3050: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri May 22 06:24:58 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 22 May 2020 06:24:58 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1590128698.685294.23989.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: e1c6f76281 There is no -signreq option in CA.pl b84439b06a STORE: Make try_decode_PrivateKey() ENGINE aware e637d47c91 rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md| a30027b680 Refactor the provider side DER constants and writers c2f2db9b6f deprecate EC_POINT_make_affine and EC_POINTs_make_affine 7486c718e5 t1_trce: Fix remaining places where the 24 bit shift overflow happens 1d05eb55ca Avoid potential overflow to the sign bit when shifting left 24 places cbeb0bfa96 Cast the unsigned char to unsigned int before shifting left ddec332f32 Fix egd and devrandom source configs a7ad40c502 Add OSSL_PROVIDER_do_all() Build log ended with (last 100 lines): 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=196, Tests=1986, 717 wallclock secs ( 8.82 usr 1.51 sys + 669.93 cusr 44.19 csys = 724.45 CPU) Result: FAIL Makefile:3101: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3099: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri May 22 06:47:06 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 22 May 2020 06:47:06 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1590130026.288645.2114.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: e1c6f76281 There is no -signreq option in CA.pl b84439b06a STORE: Make try_decode_PrivateKey() ENGINE aware e637d47c91 rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md| a30027b680 Refactor the provider side DER constants and writers c2f2db9b6f deprecate EC_POINT_make_affine and EC_POINTs_make_affine 7486c718e5 t1_trce: Fix remaining places where the 24 bit shift overflow happens 1d05eb55ca Avoid potential overflow to the sign bit when shifting left 24 places cbeb0bfa96 Cast the unsigned char to unsigned int before shifting left ddec332f32 Fix egd and devrandom source configs a7ad40c502 Add OSSL_PROVIDER_do_all() Build log ended with (last 100 lines): :198:1: note: expanded from here der_oid_id_dsa_with_sha384 ^ ../openssl/providers/common/der/der_dsa_sig.c:30:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha384' ../openssl/providers/common/der/der_dsa_sig.c:17:33: note: expanded from macro 'MD_CASE' precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \ ^ :199:1: note: expanded from here der_oid_id_dsa_with_sha384 ^ ../openssl/providers/common/der/der_dsa_sig.c:31:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha512' MD_CASE(sha512); ^ ../openssl/providers/common/der/der_dsa_sig.c:16:23: note: expanded from macro 'MD_CASE' precompiled = der_oid_id_dsa_with_##name; \ ^ :201:1: note: expanded from here der_oid_id_dsa_with_sha512 ^ ../openssl/providers/common/der/der_dsa_sig.c:31:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha512' ../openssl/providers/common/der/der_dsa_sig.c:17:33: note: expanded from macro 'MD_CASE' precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \ ^ :202:1: note: expanded from here der_oid_id_dsa_with_sha512 ^ ../openssl/providers/common/der/der_dsa_sig.c:32:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha3_224' MD_CASE(sha3_224); ^ ../openssl/providers/common/der/der_dsa_sig.c:16:23: note: expanded from macro 'MD_CASE' precompiled = der_oid_id_dsa_with_##name; \ ^ :204:1: note: expanded from here der_oid_id_dsa_with_sha3_224 ^ ../openssl/providers/common/der/der_dsa_sig.c:32:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha3_224' ../openssl/providers/common/der/der_dsa_sig.c:17:33: note: expanded from macro 'MD_CASE' precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \ ^ :205:1: note: expanded from here der_oid_id_dsa_with_sha3_224 ^ ../openssl/providers/common/der/der_dsa_sig.c:33:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha3_256' MD_CASE(sha3_256); ^ ../openssl/providers/common/der/der_dsa_sig.c:16:23: note: expanded from macro 'MD_CASE' precompiled = der_oid_id_dsa_with_##name; \ ^ :3:1: note: expanded from here der_oid_id_dsa_with_sha3_256 ^ ../openssl/providers/common/der/der_dsa_sig.c:33:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha3_256' ../openssl/providers/common/der/der_dsa_sig.c:17:33: note: expanded from macro 'MD_CASE' precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \ ^ :4:1: note: expanded from here der_oid_id_dsa_with_sha3_256 ^ ../openssl/providers/common/der/der_dsa_sig.c:34:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha3_384' MD_CASE(sha3_384); ^ ../openssl/providers/common/der/der_dsa_sig.c:16:23: note: expanded from macro 'MD_CASE' precompiled = der_oid_id_dsa_with_##name; \ ^ :6:1: note: expanded from here der_oid_id_dsa_with_sha3_384 ^ ../openssl/providers/common/der/der_dsa_sig.c:34:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha3_384' ../openssl/providers/common/der/der_dsa_sig.c:17:33: note: expanded from macro 'MD_CASE' precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \ ^ :7:1: note: expanded from here der_oid_id_dsa_with_sha3_384 ^ ../openssl/providers/common/der/der_dsa_sig.c:35:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha3_512' MD_CASE(sha3_512); ^ ../openssl/providers/common/der/der_dsa_sig.c:16:23: note: expanded from macro 'MD_CASE' precompiled = der_oid_id_dsa_with_##name; \ ^ :9:1: note: expanded from here der_oid_id_dsa_with_sha3_512 ^ ../openssl/providers/common/der/der_dsa_sig.c:35:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha3_512' ../openssl/providers/common/der/der_dsa_sig.c:17:33: note: expanded from macro 'MD_CASE' precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \ ^ :10:1: note: expanded from here der_oid_id_dsa_with_sha3_512 ^ ../openssl/providers/common/der/der_dsa_sig.c:40:12: error: implicit declaration of function 'DER_w_begin_sequence' is invalid in C99 [-Werror,-Wimplicit-function-declaration] return DER_w_begin_sequence(pkt, tag) ^ fatal error: too many errors emitted, stopping now [-ferror-limit=] 20 errors generated. Makefile:21568: recipe for target 'providers/common/der/libnonfips-lib-der_dsa_sig.o' failed make[1]: *** [providers/common/der/libnonfips-lib-der_dsa_sig.o] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dsa' Makefile:3002: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From builds at travis-ci.org Fri May 22 06:45:40 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 22 May 2020 06:45:40 +0000 Subject: Errored: openssl/openssl#34834 (master - e1c6f76) In-Reply-To: Message-ID: <5ec67721e7112_13faa956d192c748ab@travis-tasks-fdf76dd4c-7mmjx.mail> Build Update for openssl/openssl ------------------------------------- Build: #34834 Status: Errored Duration: 30 mins and 30 secs Commit: e1c6f76 (master) Author: mettacrawler Message: There is no -signreq option in CA.pl CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11876) View the changeset: https://github.com/openssl/openssl/compare/b84439b06a1b...e1c6f7628147 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/689606818?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri May 22 06:46:03 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 22 May 2020 06:46:03 +0000 Subject: Errored: openssl/openssl#34805 (master - ddec332) In-Reply-To: Message-ID: <5ec5355477625_13fb601999f482332a@travis-tasks-5897779bd6-8fklj.mail> Build Update for openssl/openssl ------------------------------------- Build: #34805 Status: Errored Duration: 53 mins and 20 secs Commit: ddec332 (master) Author: Bernd Edlinger Message: Fix egd and devrandom source configs ./config --with-rand-seed=egd need to defines OPENSSL_RAND_SEED_EGD and OPENSSL_NO_EGD so get rid of OPENSSL_NO_EGD (compiles but I did not really test EGD) ./config --with-rand-seed=devrandom does not work since wait_random_seeded works under the assumption that OPENSSL_RAND_SEED_GETRANDOM is supposed to be enabled as well, that is usually the case, but not when only devrandom is enabled. Skip the wait code in this special case. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11848) View the changeset: https://github.com/openssl/openssl/compare/a7ad40c502d3...ddec332f329a View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/689225810?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Fri May 22 07:03:21 2020 From: levitte at openssl.org (Richard Levitte) Date: Fri, 22 May 2020 07:03:21 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1590131001.307475.16965.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 176eb406691f14d560cf7619365830a4d033ee28 (commit) from cf94e8430f3cd7c17f62b74443d16347b4b97ac8 (commit) - Log ----------------------------------------------------------------- commit 176eb406691f14d560cf7619365830a4d033ee28 Author: Richard Levitte Date: Mon May 11 09:14:11 2020 +0200 Fix d2i_PrivateKey() to work as documented d2i_PrivateKey() is documented to return keys of the type given as first argument |type|, unconditionally. Most specifically, the manual says this: > An error occurs if the decoded key does not match type. However, when faced of a PKCS#8 wrapped key, |type| was ignored, which may lead to unexpected results. (cherry picked from commit b2952366dd0248bf35c83e1736cd203033a22378) Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/11888) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/d2i_pr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index 6ec0107380..ac1a8c429a 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -56,6 +56,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, goto err; EVP_PKEY_free(ret); ret = tmp; + if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret)) + goto err; } else { ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); goto err; From builds at travis-ci.org Fri May 22 06:47:00 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 22 May 2020 06:47:00 +0000 Subject: Still Failing: openssl/openssl#34801 (master - a7ad40c) In-Reply-To: Message-ID: <5ec50313ba575_13f83798dd7b8150965@travis-tasks-77c94bc7b7-gr5kp.mail> Build Update for openssl/openssl ------------------------------------- Build: #34801 Status: Still Failing Duration: 45 mins and 1 sec Commit: a7ad40c (master) Author: Richard Levitte Message: Add OSSL_PROVIDER_do_all() This allows applications to iterate over all loaded providers. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11858) View the changeset: https://github.com/openssl/openssl/compare/b2a5001d954e...a7ad40c502d3 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/689170485?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri May 22 06:47:18 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 22 May 2020 06:47:18 +0000 Subject: Passed: openssl/openssl#34808 (master - 7486c71) In-Reply-To: Message-ID: <5ec55852af074_13fa6298dcc7820269a@travis-tasks-5897779bd6-fxdsm.mail> Build Update for openssl/openssl ------------------------------------- Build: #34808 Status: Passed Duration: 45 mins and 14 secs Commit: 7486c71 (master) Author: Tomas Mraz Message: t1_trce: Fix remaining places where the 24 bit shift overflow happens [extended tests] Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11857) View the changeset: https://github.com/openssl/openssl/compare/ddec332f329a...7486c718e54c View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/689299430?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Fri May 22 07:25:25 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 22 May 2020 07:25:25 +0000 Subject: [openssl] master update Message-ID: <1590132325.642472.28505.nullmailer@dev.openssl.org> The branch master has been updated via 4d55122ee782ebd306ef492f50c9b41e41a56244 (commit) via 3f17066f5d3bf48d33a8481bd7a7cfdcc00ace97 (commit) via e5cb3453fba01c264636d54440ca0eb81d1fcd6e (commit) via 084b7bec0f615f70c108dfba988ed43d544e00ed (commit) from e1c6f76281473b8fe66954187e793108a0e8568c (commit) - Log ----------------------------------------------------------------- commit 4d55122ee782ebd306ef492f50c9b41e41a56244 Author: Pauli Date: Thu May 21 13:44:01 2020 +1000 Coverity 1463571: Null pointer dereferences (FORWARD_NULL) Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/11892) commit 3f17066f5d3bf48d33a8481bd7a7cfdcc00ace97 Author: Pauli Date: Thu May 21 13:40:01 2020 +1000 Coverity 1463574: Null pointer dereferences (REVERSE_INULL) Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/11892) commit e5cb3453fba01c264636d54440ca0eb81d1fcd6e Author: Pauli Date: Thu May 21 13:38:35 2020 +1000 Coverity 1463576: Error handling issues (CHECKED_RETURN) Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/11892) commit 084b7bec0f615f70c108dfba988ed43d544e00ed Author: Pauli Date: Thu May 21 13:18:42 2020 +1000 Coverity 1463258: Incorrect expression (EVALUATION_ORDER) Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/11892) ----------------------------------------------------------------------- Summary of changes: crypto/x509/v3_ncons.c | 2 +- providers/implementations/keymgmt/rsa_kmgmt.c | 8 +++++--- providers/implementations/serializers/serializer_rsa.c | 4 ++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c index d7b82b775e..4543ec2e11 100644 --- a/crypto/x509/v3_ncons.c +++ b/crypto/x509/v3_ncons.c @@ -197,7 +197,7 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) int len2 = ip->length - len1; char *ip1 = ipaddr_to_asc(ip->data, len1); char *ip2 = ipaddr_to_asc(ip->data + len1, len2); - int ret = ret = ip1 != NULL && ip2 != NULL + int ret = ip1 != NULL && ip2 != NULL && BIO_printf(bp, "IP:%s/%s", ip1, ip2) > 0; OPENSSL_free(ip1); diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index 295cdf61a4..3091c1dee0 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -411,8 +411,8 @@ static void *gen_init(void *provctx, int selection, int rsa_type) } else { gctx->nbits = 2048; gctx->primes = RSA_DEFAULT_PRIME_NUM; + gctx->rsa_type = rsa_type; } - gctx->rsa_type = rsa_type; } return gctx; } @@ -496,6 +496,9 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) RSA *rsa = NULL, *rsa_tmp = NULL; BN_GENCB *gencb = NULL; + if (gctx == NULL) + return NULL; + switch (gctx->rsa_type) { case RSA_FLAG_TYPE_RSA: /* For plain RSA keys, PSS parameters must not be set */ @@ -513,8 +516,7 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) return NULL; } - if (gctx == NULL - || (rsa_tmp = rsa_new_with_ctx(gctx->libctx)) == NULL) + if ((rsa_tmp = rsa_new_with_ctx(gctx->libctx)) == NULL) return NULL; gctx->cb = osslcb; diff --git a/providers/implementations/serializers/serializer_rsa.c b/providers/implementations/serializers/serializer_rsa.c index ac685a09f2..7cc6027636 100644 --- a/providers/implementations/serializers/serializer_rsa.c +++ b/providers/implementations/serializers/serializer_rsa.c @@ -215,9 +215,9 @@ int ossl_prov_prepare_rsa_params(const void *rsa, int nid, break; } if (!DER_w_RSASSA_PSS_params(&pkt, -1, pss) - || !WPACKET_finish(&pkt)) + || !WPACKET_finish(&pkt) + || !WPACKET_get_total_written(&pkt, &str_sz)) goto err; - WPACKET_get_total_written(&pkt, &str_sz); WPACKET_cleanup(&pkt); /* From builds at travis-ci.org Fri May 22 06:46:48 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 22 May 2020 06:46:48 +0000 Subject: Passed: openssl/openssl#34806 (OpenSSL_1_1_1-stable - 5f10fce) In-Reply-To: Message-ID: <5ec533c3d610a_13fb6019994f82104f8@travis-tasks-5897779bd6-8fklj.mail> Build Update for openssl/openssl ------------------------------------- Build: #34806 Status: Passed Duration: 5 mins and 49 secs Commit: 5f10fce (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Fix egd and devrandom source configs ./config --with-rand-seed=egd need to defines OPENSSL_RAND_SEED_EGD and OPENSSL_NO_EGD so get rid of OPENSSL_NO_EGD (compiles but I did not really test EGD) ./config --with-rand-seed=devrandom does not work since wait_random_seeded works under the assumption that OPENSSL_RAND_SEED_GETRANDOM is supposed to be enabled as well, that is usually the case, but not when only devrandom is enabled. Skip the wait code in this special case. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11848) (cherry picked from commit ddec332f329a432a45c0131d83f3bfb46114532b) View the changeset: https://github.com/openssl/openssl/compare/de5e2cb54169...5f10fce37b23 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/689225945?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri May 22 08:14:11 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 22 May 2020 08:14:11 +0000 Subject: Errored: openssl/openssl#34850 (master - 4d55122) In-Reply-To: Message-ID: <5ec789d38d0a8_13fc49a1caa68280186@travis-tasks-5454dbc5bf-rbsxr.mail> Build Update for openssl/openssl ------------------------------------- Build: #34850 Status: Errored Duration: 48 mins and 26 secs Commit: 4d55122 (master) Author: Pauli Message: Coverity 1463571: Null pointer dereferences (FORWARD_NULL) Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/11892) View the changeset: https://github.com/openssl/openssl/compare/e1c6f7628147...4d55122ee782 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/689937107?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Fri May 22 09:30:48 2020 From: levitte at openssl.org (Richard Levitte) Date: Fri, 22 May 2020 09:30:48 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1590139848.935493.27053.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 2f4023e88962d3375ff30ad5011a310dacf0ad3f (commit) from 176eb406691f14d560cf7619365830a4d033ee28 (commit) - Log ----------------------------------------------------------------- commit 2f4023e88962d3375ff30ad5011a310dacf0ad3f Author: Richard Levitte Date: Tue May 19 15:42:07 2020 +0200 STORE: Make try_decode_PrivateKey() ENGINE aware This function only considered the built-in and application EVP_PKEY_ASN1_METHODs, and is now amended with a loop that goes through all loaded engines, using whatever table of methods they each have. Fixes #11861 (cherry picked from commit b84439b06a1b9a7bfb47e230b70a6d3ee46e8a19) Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11887) ----------------------------------------------------------------------- Summary of changes: crypto/store/loader_file.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index 8f1d20e74a..e473751539 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -429,6 +429,42 @@ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name, } } else { int i; +#ifndef OPENSSL_NO_ENGINE + ENGINE *curengine = ENGINE_get_first(); + + while (curengine != NULL) { + ENGINE_PKEY_ASN1_METHS_PTR asn1meths = + ENGINE_get_pkey_asn1_meths(curengine); + + if (asn1meths != NULL) { + const int *nids = NULL; + int nids_n = asn1meths(curengine, NULL, &nids, 0); + + for (i = 0; i < nids_n; i++) { + EVP_PKEY_ASN1_METHOD *ameth2 = NULL; + EVP_PKEY *tmp_pkey = NULL; + const unsigned char *tmp_blob = blob; + + if (!asn1meths(curengine, &ameth2, NULL, nids[i])) + continue; + if (ameth2 == NULL + || ameth2->pkey_flags & ASN1_PKEY_ALIAS) + continue; + + tmp_pkey = d2i_PrivateKey(ameth2->pkey_id, NULL, + &tmp_blob, len); + if (tmp_pkey != NULL) { + if (pkey != NULL) + EVP_PKEY_free(tmp_pkey); + else + pkey = tmp_pkey; + (*matchcount)++; + } + } + } + curengine = ENGINE_get_next(curengine); + } +#endif for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { EVP_PKEY *tmp_pkey = NULL; From tmraz at fedoraproject.org Fri May 22 12:50:26 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Fri, 22 May 2020 12:50:26 +0000 Subject: [openssl] master update Message-ID: <1590151826.009596.28298.nullmailer@dev.openssl.org> The branch master has been updated via e12813d0d31f4f7be2ccc592d382ef3e94bdb842 (commit) from 4d55122ee782ebd306ef492f50c9b41e41a56244 (commit) - Log ----------------------------------------------------------------- commit e12813d0d31f4f7be2ccc592d382ef3e94bdb842 Author: Tomas Mraz Date: Thu May 21 13:16:57 2020 +0200 Prevent use after free of global_engine_lock If buggy application calls engine functions after cleanup of engines already happened the global_engine_lock will be used although already freed. See for example: https://bugzilla.redhat.com/show_bug.cgi?id=1831086 Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/11896) ----------------------------------------------------------------------- Summary of changes: crypto/engine/eng_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 4ba235ca75..0cdb3fde42 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -171,6 +171,7 @@ void engine_cleanup_int(void) cleanup_stack = NULL; } CRYPTO_THREAD_lock_free(global_engine_lock); + global_engine_lock = NULL; } /* Now the "ex_data" support */ From tmraz at fedoraproject.org Fri May 22 12:50:45 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Fri, 22 May 2020 12:50:45 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1590151845.882456.29313.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via e512efe0894481679a5d3c57d10bf4ea97046c2a (commit) from 2f4023e88962d3375ff30ad5011a310dacf0ad3f (commit) - Log ----------------------------------------------------------------- commit e512efe0894481679a5d3c57d10bf4ea97046c2a Author: Tomas Mraz Date: Thu May 21 13:16:57 2020 +0200 Prevent use after free of global_engine_lock If buggy application calls engine functions after cleanup of engines already happened the global_engine_lock will be used although already freed. See for example: https://bugzilla.redhat.com/show_bug.cgi?id=1831086 Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/11896) (cherry picked from commit e12813d0d31f4f7be2ccc592d382ef3e94bdb842) ----------------------------------------------------------------------- Summary of changes: crypto/engine/eng_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index b851ff6957..dd87ebaca7 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -171,6 +171,7 @@ void engine_cleanup_int(void) cleanup_stack = NULL; } CRYPTO_THREAD_lock_free(global_engine_lock); + global_engine_lock = NULL; } /* Now the "ex_data" support */ From nic.tuv at gmail.com Fri May 22 13:37:18 2020 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Fri, 22 May 2020 13:37:18 +0000 Subject: [openssl] master update Message-ID: <1590154638.312144.23627.nullmailer@dev.openssl.org> The branch master has been updated via 2de64666a07cccf8477e6483de62ae31f463df64 (commit) from e12813d0d31f4f7be2ccc592d382ef3e94bdb842 (commit) - Log ----------------------------------------------------------------- commit 2de64666a07cccf8477e6483de62ae31f463df64 Author: Nicola Tuveri Date: Tue May 19 19:36:44 2020 +0200 Adjust length of some strncpy() calls This fixes warnings detected by -Wstringop-truncation. Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/11878) ----------------------------------------------------------------------- Summary of changes: crypto/x509/v3_alt.c | 2 +- providers/implementations/signature/rsa.c | 34 ++++++++++++++++++++++++++----- 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/crypto/x509/v3_alt.c b/crypto/x509/v3_alt.c index 5fece4f985..dd45546f6c 100644 --- a/crypto/x509/v3_alt.c +++ b/crypto/x509/v3_alt.c @@ -128,7 +128,7 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, BIO_snprintf(othername, sizeof(othername), "othername: %s:", oline); else - strncpy(othername, "othername:", sizeof(othername)); + OPENSSL_strlcpy(othername, "othername:", sizeof(othername)); /* check if the value is something printable */ if (gen->d.otherName->value->type == V_ASN1_IA5STRING) { diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index 6f62c2b648..0e3885ec1d 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -227,17 +227,22 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); int md_nid = rsa_get_md_nid(md); WPACKET pkt; + size_t mdname_len = strlen(mdname); if (md == NULL || md_nid == NID_undef || !rsa_check_padding(md_nid, ctx->pad_mode) - || !rsa_check_parameters(md, ctx)) { + || !rsa_check_parameters(md, ctx) + || mdname_len >= sizeof(ctx->mdname)) { if (md == NULL) ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, "%s could not be fetched", mdname); if (md_nid == NID_undef) ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, "digest=%s", mdname); + if (mdname_len >= sizeof(ctx->mdname)) + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, + "%s exceeds name buffer length", mdname); EVP_MD_free(md); return 0; } @@ -274,6 +279,8 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname, const char *mdprops) { + size_t len; + if (mdprops == NULL) mdprops = ctx->propq; @@ -285,7 +292,12 @@ static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname, "%s could not be fetched", mdname); return 0; } - OPENSSL_strlcpy(ctx->mgf1_mdname, mdname, sizeof(ctx->mgf1_mdname)); + len = OPENSSL_strlcpy(ctx->mgf1_mdname, mdname, sizeof(ctx->mgf1_mdname)); + if (len >= sizeof(ctx->mgf1_mdname)) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, + "%s exceeds name buffer length", mdname); + return 0; + } return 1; } @@ -321,6 +333,7 @@ static int rsa_signature_init(void *vprsactx, void *vrsa, int operation) int mgf1md_nid = rsa_pss_params_30_maskgenhashalg(pss); int min_saltlen = rsa_pss_params_30_saltlen(pss); const char *mdname, *mgf1mdname; + size_t len; mdname = rsa_oaeppss_nid2name(md_nid); mgf1mdname = rsa_oaeppss_nid2name(mgf1md_nid); @@ -337,9 +350,20 @@ static int rsa_signature_init(void *vprsactx, void *vrsa, int operation) return 0; } - strncpy(prsactx->mdname, mdname, sizeof(prsactx->mdname)); - strncpy(prsactx->mgf1_mdname, mgf1mdname, - sizeof(prsactx->mgf1_mdname)); + len = OPENSSL_strlcpy(prsactx->mdname, mdname, + sizeof(prsactx->mdname)); + if (len >= sizeof(prsactx->mdname)) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, + "hash algorithm name too long"); + return 0; + } + len = OPENSSL_strlcpy(prsactx->mgf1_mdname, mgf1mdname, + sizeof(prsactx->mgf1_mdname)); + if (len >= sizeof(prsactx->mgf1_mdname)) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, + "MGF1 hash algorithm name too long"); + return 0; + } prsactx->saltlen = min_saltlen; return rsa_setup_md(prsactx, mdname, prsactx->propq) From builds at travis-ci.org Fri May 22 14:04:35 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 22 May 2020 14:04:35 +0000 Subject: Passed: openssl/openssl#34867 (master - e12813d) In-Reply-To: Message-ID: <5ec7dbf273650_13ff0b7ccd19c203434@travis-tasks-5df676ff5d-fshmd.mail> Build Update for openssl/openssl ------------------------------------- Build: #34867 Status: Passed Duration: 56 mins and 57 secs Commit: e12813d (master) Author: Tomas Mraz Message: Prevent use after free of global_engine_lock If buggy application calls engine functions after cleanup of engines already happened the global_engine_lock will be used although already freed. See for example: https://bugzilla.redhat.com/show_bug.cgi?id=1831086 Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/11896) View the changeset: https://github.com/openssl/openssl/compare/4d55122ee782...e12813d0d31f View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/690017717?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri May 22 15:02:33 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 22 May 2020 15:02:33 +0000 Subject: Passed: openssl/openssl#34871 (master - 2de6466) In-Reply-To: Message-ID: <5ec7e986bd1a7_13ff0b7ccd55c279082@travis-tasks-5df676ff5d-fshmd.mail> Build Update for openssl/openssl ------------------------------------- Build: #34871 Status: Passed Duration: 39 mins and 54 secs Commit: 2de6466 (master) Author: Nicola Tuveri Message: Adjust length of some strncpy() calls This fixes warnings detected by -Wstringop-truncation. Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/11878) View the changeset: https://github.com/openssl/openssl/compare/e12813d0d31f...2de64666a07c View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/690033582?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri May 22 16:13:05 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 22 May 2020 16:13:05 +0000 Subject: Build failed: openssl master.34304 Message-ID: <20200522161305.1.C138C35CFA6A42A8@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Sat May 23 01:03:18 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 23 May 2020 01:03:18 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1590195798.646461.6166.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: e1c6f76281 There is no -signreq option in CA.pl b84439b06a STORE: Make try_decode_PrivateKey() ENGINE aware e637d47c91 rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md| a30027b680 Refactor the provider side DER constants and writers c2f2db9b6f deprecate EC_POINT_make_affine and EC_POINTs_make_affine 7486c718e5 t1_trce: Fix remaining places where the 24 bit shift overflow happens 1d05eb55ca Avoid potential overflow to the sign bit when shifting left 24 places cbeb0bfa96 Cast the unsigned char to unsigned int before shifting left ddec332f32 Fix egd and devrandom source configs a7ad40c502 Add OSSL_PROVIDER_do_all() Build log ended with (last 100 lines): rm -f *.ld rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_cmp.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/Ed25519.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_cmp.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/Ed25519.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha3-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4055: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3030: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Sat May 23 04:12:02 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 23 May 2020 04:12:02 +0000 Subject: Build failed: openssl master.34321 Message-ID: <20200523041202.1.704E4ACD1324A257@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 23 05:07:08 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 23 May 2020 05:07:08 +0000 Subject: Build completed: openssl master.34322 Message-ID: <20200523050708.1.59A5635748A60F29@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Sat May 23 05:30:32 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 23 May 2020 05:30:32 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1590211832.477672.21650.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: e1c6f76281 There is no -signreq option in CA.pl b84439b06a STORE: Make try_decode_PrivateKey() ENGINE aware e637d47c91 rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md| a30027b680 Refactor the provider side DER constants and writers c2f2db9b6f deprecate EC_POINT_make_affine and EC_POINTs_make_affine 7486c718e5 t1_trce: Fix remaining places where the 24 bit shift overflow happens 1d05eb55ca Avoid potential overflow to the sign bit when shifting left 24 places cbeb0bfa96 Cast the unsigned char to unsigned int before shifting left ddec332f32 Fix egd and devrandom source configs a7ad40c502 Add OSSL_PROVIDER_do_all() Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_cmp.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/Ed25519.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha3-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_socket.d.tmp -MT apps/lib/libapps-lib-s_socket.o -c -o apps/lib/libapps-lib-s_socket.o ../openssl/apps/lib/s_socket.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4061: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3036: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Sat May 23 06:33:41 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 23 May 2020 06:33:41 +0000 Subject: Build failed: openssl master.34325 Message-ID: <20200523063341.1.EBCB7B955F2B9500@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 23 07:27:27 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 23 May 2020 07:27:27 +0000 Subject: Build completed: openssl master.34326 Message-ID: <20200523072727.1.B6DB5420A02B501B@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 23 07:58:48 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 23 May 2020 07:58:48 +0000 Subject: Build failed: openssl master.34327 Message-ID: <20200523075848.1.7DFEBB9C14BC6AFE@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Sat May 23 08:54:31 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 23 May 2020 08:54:31 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1590224071.171803.3535.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: e1c6f76281 There is no -signreq option in CA.pl b84439b06a STORE: Make try_decode_PrivateKey() ENGINE aware e637d47c91 rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md| a30027b680 Refactor the provider side DER constants and writers c2f2db9b6f deprecate EC_POINT_make_affine and EC_POINTs_make_affine 7486c718e5 t1_trce: Fix remaining places where the 24 bit shift overflow happens 1d05eb55ca Avoid potential overflow to the sign bit when shifting left 24 places cbeb0bfa96 Cast the unsigned char to unsigned int before shifting left ddec332f32 Fix egd and devrandom source configs a7ad40c502 Add OSSL_PROVIDER_do_all() From openssl at openssl.org Sat May 23 11:36:29 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 23 May 2020 11:36:29 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1590233789.714802.10872.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: e1c6f76281 There is no -signreq option in CA.pl b84439b06a STORE: Make try_decode_PrivateKey() ENGINE aware e637d47c91 rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md| a30027b680 Refactor the provider side DER constants and writers c2f2db9b6f deprecate EC_POINT_make_affine and EC_POINTs_make_affine 7486c718e5 t1_trce: Fix remaining places where the 24 bit shift overflow happens 1d05eb55ca Avoid potential overflow to the sign bit when shifting left 24 places cbeb0bfa96 Cast the unsigned char to unsigned int before shifting left ddec332f32 Fix egd and devrandom source configs a7ad40c502 Add OSSL_PROVIDER_do_all() Build log ended with (last 100 lines): 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=196, Tests=1986, 706 wallclock secs ( 7.87 usr 1.63 sys + 668.58 cusr 43.70 csys = 721.78 CPU) Result: FAIL Makefile:3066: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3064: recipe for target 'tests' failed make: *** [tests] Error 2 From bernd.edlinger at hotmail.de Sat May 23 13:31:53 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sat, 23 May 2020 13:31:53 +0000 Subject: [openssl] master update Message-ID: <1590240713.492164.18277.nullmailer@dev.openssl.org> The branch master has been updated via 712e8debb5b2238450b303acb5f24298382c63a5 (commit) from 2de64666a07cccf8477e6483de62ae31f463df64 (commit) - Log ----------------------------------------------------------------- commit 712e8debb5b2238450b303acb5f24298382c63a5 Author: Bernd Edlinger Date: Mon Mar 20 17:29:28 2017 +0100 Fix the parameter types of the CRYPTO_EX_dup function type. This fixes a strict aliasing issue in ui_dup_method_data. The parameter type of CRYPTO_EX_dup's from_d parameter is in fact void **, since it points to a pointer. This function is rarely used, therefore fix the param type although that may be considered an API breaking change. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2986) ----------------------------------------------------------------------- Summary of changes: crypto/ex_data.c | 2 +- crypto/ui/ui_util.c | 3 +-- doc/man3/CRYPTO_get_ex_new_index.pod | 10 +++++----- include/openssl/crypto.h | 2 +- test/exdatatest.c | 4 ++-- 5 files changed, 10 insertions(+), 11 deletions(-) diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 6200d05529..80a136164a 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -96,7 +96,7 @@ static void dummy_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, } static int dummy_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void *from_d, int idx, + void **from_d, int idx, long argl, void *argp) { return 1; diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c index f64780a6a2..6ca5706ea5 100644 --- a/crypto/ui/ui_util.c +++ b/crypto/ui/ui_util.c @@ -71,9 +71,8 @@ static void ui_new_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad, } static int ui_dup_method_data(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void *from_d, int idx, long argl, void *argp) + void **pptr, int idx, long argl, void *argp) { - void **pptr = (void **)from_d; if (*pptr != NULL) *pptr = OPENSSL_memdup(*pptr, sizeof(struct pem_password_cb_data)); return 1; diff --git a/doc/man3/CRYPTO_get_ex_new_index.pod b/doc/man3/CRYPTO_get_ex_new_index.pod index e569a3d500..fcedd0ec88 100644 --- a/doc/man3/CRYPTO_get_ex_new_index.pod +++ b/doc/man3/CRYPTO_get_ex_new_index.pod @@ -23,7 +23,7 @@ CRYPTO_free_ex_data, CRYPTO_new_ex_data typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp); typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void *from_d, int idx, long argl, void *argp); + void **from_d, int idx, long argl, void *argp); int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) @@ -140,10 +140,8 @@ dup_func() is called when a structure is being copied. This is only done for B, B, B objects and B chains via BIO_dup_chain(). The B and B parameters are pointers to the destination and source B structures, -respectively. The B parameter needs to be cast to a B -as the API has currently the wrong signature; that will be changed in a -future version. The B<*pptr> is a pointer to the source exdata. -When the dup_func() returns, the value in B<*pptr> is copied to the +respectively. The B<*from_d> parameter is a pointer to the source exdata. +When the dup_func() returns, the value in B<*from_d> is copied to the destination ex_data. If the pointer contained in B<*pptr> is not modified by the dup_func(), then both B and B will point to the same data. The B, B and B parameters are as described for the other @@ -165,6 +163,8 @@ dup_func() should return 0 for failure and 1 for success. =head1 HISTORY CRYPTO_alloc_ex_data() was added in OpenSSL 3.0. +The signature of the dup_func() callback was changed in OpenSSL 3.0 to use the +type B for B. Previously this parameter was of type B. =head1 COPYRIGHT diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 3cca316cd4..58965de0e8 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -201,7 +201,7 @@ typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp); typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void *from_d, int idx, long argl, void *argp); + void **from_d, int idx, long argl, void *argp); __owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, diff --git a/test/exdatatest.c b/test/exdatatest.c index 3ce6d33c1c..2e92c328fd 100644 --- a/test/exdatatest.c +++ b/test/exdatatest.c @@ -37,7 +37,7 @@ static void exnew(void *parent, void *ptr, CRYPTO_EX_DATA *ad, } static int exdup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void *from_d, int idx, long argl, void *argp) + void **from_d, int idx, long argl, void *argp) { if (!TEST_int_eq(idx, saved_idx) || !TEST_long_eq(argl, saved_argl) @@ -87,7 +87,7 @@ static void exnew2(void *parent, void *ptr, CRYPTO_EX_DATA *ad, } static int exdup2(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void *from_d, int idx, long argl, void *argp) + void **from_d, int idx, long argl, void *argp) { MYOBJ_EX_DATA **update_ex_data = (MYOBJ_EX_DATA**)from_d; MYOBJ_EX_DATA *ex_data = NULL; From openssl at openssl.org Sat May 23 13:55:53 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 23 May 2020 13:55:53 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1590242153.451211.4949.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: e1c6f76281 There is no -signreq option in CA.pl b84439b06a STORE: Make try_decode_PrivateKey() ENGINE aware e637d47c91 rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md| a30027b680 Refactor the provider side DER constants and writers c2f2db9b6f deprecate EC_POINT_make_affine and EC_POINTs_make_affine 7486c718e5 t1_trce: Fix remaining places where the 24 bit shift overflow happens 1d05eb55ca Avoid potential overflow to the sign bit when shifting left 24 places cbeb0bfa96 Cast the unsigned char to unsigned int before shifting left ddec332f32 Fix egd and devrandom source configs a7ad40c502 Add OSSL_PROVIDER_do_all() Build log ended with (last 100 lines): 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=196, Tests=1988, 713 wallclock secs ( 8.09 usr 1.63 sys + 675.48 cusr 43.87 csys = 729.07 CPU) Result: FAIL Makefile:3064: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3062: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat May 23 15:59:41 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 23 May 2020 15:59:41 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1590249581.791365.30545.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: e1c6f76281 There is no -signreq option in CA.pl b84439b06a STORE: Make try_decode_PrivateKey() ENGINE aware e637d47c91 rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md| a30027b680 Refactor the provider side DER constants and writers c2f2db9b6f deprecate EC_POINT_make_affine and EC_POINTs_make_affine 7486c718e5 t1_trce: Fix remaining places where the 24 bit shift overflow happens 1d05eb55ca Avoid potential overflow to the sign bit when shifting left 24 places cbeb0bfa96 Cast the unsigned char to unsigned int before shifting left ddec332f32 Fix egd and devrandom source configs a7ad40c502 Add OSSL_PROVIDER_do_all() Build log ended with (last 100 lines): 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=196, Tests=1988, 713 wallclock secs ( 8.21 usr 1.72 sys + 674.13 cusr 44.02 csys = 728.08 CPU) Result: FAIL Makefile:3080: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3078: recipe for target 'tests' failed make: *** [tests] Error 2 From beldmit at gmail.com Sat May 23 19:05:13 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Sat, 23 May 2020 19:05:13 +0000 Subject: [openssl] master update Message-ID: <1590260713.344284.14261.nullmailer@dev.openssl.org> The branch master has been updated via aa2cb51da03bc8fc40d785042b35fe0c253846bf (commit) from 712e8debb5b2238450b303acb5f24298382c63a5 (commit) - Log ----------------------------------------------------------------- commit aa2cb51da03bc8fc40d785042b35fe0c253846bf Author: Dmitry Belyavskiy Date: Mon May 11 17:08:48 2020 +0300 GOST external tests [extended tests] Reviewed-by: Nicola Tuveri Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11792) ----------------------------------------------------------------------- Summary of changes: .gitmodules | 5 +++ .travis.yml | 4 +- gost-engine | 1 + test/README.external | 22 +++++++++++ ...ernal_pyca.t => 95-test_external_gost_engine.t} | 10 ++--- .../gost_engine.sh | 45 ++++++++++++++++++++++ 6 files changed, 80 insertions(+), 7 deletions(-) create mode 160000 gost-engine copy test/recipes/{95-test_external_pyca.t => 95-test_external_gost_engine.t} (67%) create mode 100755 test/recipes/95-test_external_gost_engine_data/gost_engine.sh diff --git a/.gitmodules b/.gitmodules index af32ea618c..637e7ade7e 100644 --- a/.gitmodules +++ b/.gitmodules @@ -9,3 +9,8 @@ [submodule "krb5"] path = krb5 url = https://github.com/krb5/krb5 + +[submodule "gost-engine"] + path = gost-engine + url = https://github.com/gost-engine/engine + update = rebase diff --git a/.travis.yml b/.travis.yml index 413d87475f..65cf6b10a9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -93,9 +93,11 @@ jobs: apt: packages: - golang-1.10 + - cmake + - libtest2-suite-perl compiler: gcc # External test pyca-cryptography temporarily disabled due to long term travis failures - env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-external-tests enable-buildtest-c++" BORINGSSL_TESTS="yes" CXX="g++" TESTS="test_external_boringssl test_external_krb5" + env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-external-tests enable-buildtest-c++" BORINGSSL_TESTS="yes" CXX="g++" TESTS="test_external_boringssl test_external_krb5 test_external_gost_engine" - os: linux compiler: clang env: EXTENDED_TEST="yes" CONFIG_OPTS="enable-msan disable-afalgeng -Wno-unused-command-line-argument" diff --git a/gost-engine b/gost-engine new file mode 160000 index 0000000000..7f055baddc --- /dev/null +++ b/gost-engine @@ -0,0 +1 @@ +Subproject commit 7f055baddc3aa79fc1c2cf22bf5d5750843f5920 diff --git a/test/README.external b/test/README.external index 2f5423cbc8..8069ce8d00 100644 --- a/test/README.external +++ b/test/README.external @@ -134,6 +134,28 @@ of your system. Certain tests may require more installed packages to run. No tests are expected to fail. +GOST engine test suite +=============== + +Much like the PYCA/Cryptography test suite, this builds and runs the GOST engine +tests against the local OpenSSL build. + +You will need a git checkout of gost-engine at the top level: + +$ git submodule update --init + +Then configure/build OpenSSL enabling external tests: + +$ ./config shared enable-external-tests +$ make + +GOST engine requires CMake for the build process. + +GOST engine tests will then be run as part of the rest of the suite, or can be +explicitly run (with more debugging): + +$ make test VERBOSE=1 TESTS=test_external_gost_engine + Updating test suites ==================== diff --git a/test/recipes/95-test_external_pyca.t b/test/recipes/95-test_external_gost_engine.t similarity index 67% copy from test/recipes/95-test_external_pyca.t copy to test/recipes/95-test_external_gost_engine.t index 1eae23557f..e7522e7032 100644 --- a/test/recipes/95-test_external_pyca.t +++ b/test/recipes/95-test_external_gost_engine.t @@ -15,14 +15,12 @@ setup("test_external"); plan skip_all => "No external tests in this configuration" if disabled("external-tests"); -plan skip_all => "PYCA tests not available on Windows or VMS" +plan skip_all => "GOST engine tests not available on Windows or VMS" if $^O =~ /^(VMS|MSWin32)$/; -plan skip_all => "PYCA Cryptography not available" - if ! -f srctop_file("pyca-cryptography", "setup.py"); -plan skip_all => "PYCA tests only available in a shared build" +plan skip_all => "GOST engine tests only available in a shared build" if disabled("shared"); plan tests => 1; -ok(run(cmd(["sh", data_file("cryptography.sh")])), - "running Python Cryptography tests"); +ok(run(cmd(["sh", data_file("gost_engine.sh")])), + "running GOST engine tests"); diff --git a/test/recipes/95-test_external_gost_engine_data/gost_engine.sh b/test/recipes/95-test_external_gost_engine_data/gost_engine.sh new file mode 100755 index 0000000000..498825bad7 --- /dev/null +++ b/test/recipes/95-test_external_gost_engine_data/gost_engine.sh @@ -0,0 +1,45 @@ +#!/bin/sh +# +# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# +# OpenSSL external testing using the GOST engine +# +set -e + +O_EXE=`pwd`/$BLDTOP/apps +O_BINC=`pwd`/$BLDTOP/include +O_SINC=`pwd`/$SRCTOP/include +O_LIB=`pwd`/$BLDTOP + +export PATH=$O_EXE:$PATH +export LD_LIBRARY_PATH=$O_LIB:$LD_LIBRARY_PATH +export OPENSSL_ROOT_DIR=$O_LIB + +# Check/Set openssl version +OPENSSL_VERSION=`openssl version | cut -f 2 -d ' '` + +echo "------------------------------------------------------------------" +echo "Testing OpenSSL using GOST engine:" +echo " CWD: $PWD" +echo " SRCTOP: $SRCTOP" +echo " BLDTOP: $BLDTOP" +echo " OPENSSL_ROOT_DIR: $OPENSSL_ROOT_DIR" +echo " OpenSSL version: $OPENSSL_VERSION" +echo "------------------------------------------------------------------" + +cd $SRCTOP/gost-engine +rm -rf build +mkdir -p build +cd build +cmake .. +make +CTEST_OUTPUT_ON_FAILURE=1 HARNESS_OSSL_PREFIX='' OPENSSL_ENGINES=$OPENSSL_ROOT_DIR/gost-engine/build/bin make test + +exit 0 + From levitte at openssl.org Sat May 23 19:12:12 2020 From: levitte at openssl.org (Richard Levitte) Date: Sat, 23 May 2020 19:12:12 +0000 Subject: [openssl] master update Message-ID: <1590261132.750391.19036.nullmailer@dev.openssl.org> The branch master has been updated via 5e5bc836fbc5b1c0af428864f5286bbb225f7baf (commit) from aa2cb51da03bc8fc40d785042b35fe0c253846bf (commit) - Log ----------------------------------------------------------------- commit 5e5bc836fbc5b1c0af428864f5286bbb225f7baf Author: Richard Levitte Date: Fri May 22 15:41:28 2020 +0200 Re-introduce legacy EVP_PKEY types for provided keys EVP_PKEYs with provider side internal keys got the key type EVP_PKEY_NONE. This turned out to be too disruptive, so we try instead to find a matching EVP_PKEY_ASN1_METHOD and use whatever EVP_PKEY type it uses. To make internal coding easier, we introduce a few internal macros to distinguish what can be expected from a EVP_PKEY: - evp_pkey_is_blank(), to detect an unassigned EVP_PKEY. - evp_pkey_is_typed(), to detect that an EVP_PKEY has been assigned a type, which may be an old style type number or a EVP_KEYMGMT method. - evp_pkey_is_assigned(), to detect that an EVP_PKEY has been assigned an key value. - evp_pkey_is_legacy(), to detect that the internal EVP_PKEY key is a legacy one, i.e. will be handled via an EVP_PKEY_ASN1_METHOD and an EVP_PKEY_METHOD. - evp_pkey_is_provided(), to detect that the internal EVP_PKEY key is a provider side one, i.e. will be handdled via an EVP_KEYMGMT and other provider methods. This also introduces EVP_PKEY_KEYMGMT, to indicate that this EVP_PKEY contains a provider side key for which there are no known EVP_PKEY_ASN1_METHODs or EVP_PKEY_METHODs, i.e. these can only be handled via EVP_KEYMGMT and other provider methods. Fixes #11823 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11913) ----------------------------------------------------------------------- Summary of changes: crypto/evp/p_lib.c | 61 +++++++++++++++++++++++++------------------------- crypto/evp/pmeth_lib.c | 6 ++--- include/crypto/evp.h | 20 +++++++++++++++-- include/openssl/evp.h | 2 ++ 4 files changed, 53 insertions(+), 36 deletions(-) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 9eb9f4937b..d05f0f2cba 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -119,7 +119,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) * If |to| is a legacy key and |from| isn't, we must downgrade |from|. * If that fails, this function fails. */ - if (to->type != EVP_PKEY_NONE && from->keymgmt != NULL) + if (evp_pkey_is_legacy(to) && evp_pkey_is_provided(from)) if (!evp_pkey_downgrade((EVP_PKEY *)from)) return 0; @@ -135,15 +135,15 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) * like evp_keymgmt_util_copy() and evp_pkey_export_to_provider() called * further down help us find out if they are the same or not. */ - if (to->type == EVP_PKEY_NONE && to->keymgmt == NULL) { - if (from->type != EVP_PKEY_NONE) { + if (evp_pkey_is_blank(to)) { + if (evp_pkey_is_legacy(from)) { if (EVP_PKEY_set_type(to, from->type) == 0) return 0; } else { if (EVP_PKEY_set_type_by_keymgmt(to, from->keymgmt) == 0) return 0; } - } else if (to->type != EVP_PKEY_NONE) { + } else if (evp_pkey_is_legacy(to)) { if (to->type != from->type) { EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_KEY_TYPES); goto err; @@ -1357,19 +1357,17 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, pkey->engine = e; /* - * The EVP_PKEY_ASN1_METHOD |pkey_id| serves different purposes, - * depending on if we're setting this key to contain a legacy or - * a provider side "origin" key. For a legacy key, we assign it - * to the |type| field, but for a provider side key, we assign it - * to the |save_type| field, because |type| is supposed to be set - * to EVP_PKEY_NONE in that case. + * The EVP_PKEY_ASN1_METHOD |pkey_id| retains its legacy key purpose + * for any key type that has a legacy implementation, regardless of + * if the internal key is a legacy or a provider side one. When + * there is no legacy implementation for the key, the type becomes + * EVP_PKEY_KEYMGMT, which indicates that one should be cautious + * with functions that expect legacy internal keys. */ - if (ameth != NULL) { - if (keymgmt != NULL) - pkey->save_type = ameth->pkey_id; - else if (pkey->ameth != NULL) - pkey->type = ameth->pkey_id; - } + if (ameth != NULL) + pkey->type = ameth->pkey_id; + else + pkey->type = EVP_PKEY_KEYMGMT; #endif } return 1; @@ -1453,7 +1451,6 @@ void evp_pkey_free_legacy(EVP_PKEY *x) ENGINE_finish(x->pmeth_engine); x->pmeth_engine = NULL; # endif - x->type = EVP_PKEY_NONE; } #endif /* FIPS_MODULE */ @@ -1472,6 +1469,7 @@ static void evp_pkey_free_it(EVP_PKEY *x) x->keymgmt = NULL; x->keydata = NULL; } + x->type = EVP_PKEY_NONE; } void EVP_PKEY_free(EVP_PKEY *x) @@ -1661,32 +1659,33 @@ int evp_pkey_downgrade(EVP_PKEY *pk) { EVP_KEYMGMT *keymgmt = pk->keymgmt; void *keydata = pk->keydata; - int type = pk->save_type; + int type = pk->type; const char *keytype = NULL; /* If this isn't a provider side key, we're done */ if (keymgmt == NULL) return 1; - /* Get the key type name for error reporting */ - if (type != EVP_PKEY_NONE) - keytype = OBJ_nid2sn(type); - else - keytype = - evp_first_name(EVP_KEYMGMT_provider(keymgmt), keymgmt->name_id); + keytype = evp_first_name(EVP_KEYMGMT_provider(keymgmt), keymgmt->name_id); /* - * |save_type| was set when any of the EVP_PKEY_set_type functions - * was called. It was set to EVP_PKEY_NONE if the key type wasn't - * recognised to be any of the legacy key types, and the downgrade - * isn't possible. + * If the type is EVP_PKEY_NONE, then we have a problem somewhere else + * in our code. If it's not one of the well known EVP_PKEY_xxx values, + * it should at least be EVP_PKEY_KEYMGMT at this point. + * TODO(3.0) remove this check when we're confident that the rest of the + * code treats this correctly. */ - if (type == EVP_PKEY_NONE) { - ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_KEY_TYPE, - "key type = %s, can't downgrade", keytype); + if (!ossl_assert(type != EVP_PKEY_NONE)) { + ERR_raise_data(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR, + "keymgmt key type = %s but legacy type = EVP_PKEY_NONE", + keytype); return 0; } + /* Prefer the legacy key type name for error reporting */ + if (type != EVP_PKEY_KEYMGMT) + keytype = OBJ_nid2sn(type); + /* * To be able to downgrade, we steal the provider side "origin" keymgmt * and keydata. We've already grabbed the pointers, so all we need to diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index eca5178129..e4327b3a94 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -155,10 +155,10 @@ static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx, goto common; /* - * If the key doesn't contain anything legacy, then it must be provided, - * so we extract the necessary information and use that. + * If the internal key is provided, we extract the keytype from its + * keymgmt and skip over the legacy code. */ - if (pkey != NULL && pkey->type == EVP_PKEY_NONE) { + if (pkey != NULL && evp_pkey_is_provided(pkey)) { /* If we have an engine, something went wrong somewhere... */ if (!ossl_assert(e == NULL)) return NULL; diff --git a/include/crypto/evp.h b/include/crypto/evp.h index ee4b6221e6..d1756cf183 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -518,9 +518,25 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } * (type != EVP_PKEY_NONE && pkey.ptr != NULL) ## legacy (libcrypto only) * || (keymgmt != NULL && keydata != NULL) ## provider side * - * The easiest way to detect a legacy key is: type != EVP_PKEY_NONE - * The easiest way to detect a provider side key is: keymgmt != NULL + * The easiest way to detect a legacy key is: + * + * keymgmt == NULL && type != EVP_PKEY_NONE + * + * The easiest way to detect a provider side key is: + * + * keymgmt != NULL */ +#define evp_pkey_is_blank(pk) \ + ((pk)->type == EVP_PKEY_NONE && (pk)->keymgmt == NULL) +#define evp_pkey_is_typed(pk) \ + ((pk)->type != EVP_PKEY_NONE || (pk)->keymgmt != NULL) +#define evp_pkey_is_assigned(pk) \ + ((pk)->pkey.ptr != NULL || (pk)->keydata != NULL) +#define evp_pkey_is_legacy(pk) \ + ((pk)->type != EVP_PKEY_NONE && (pk)->keymgmt == NULL) +#define evp_pkey_is_provided(pk) \ + ((pk)->keymgmt != NULL) + struct evp_pkey_st { /* == Legacy attributes == */ int type; diff --git a/include/openssl/evp.h b/include/openssl/evp.h index ea305c2cf0..0d5ce07f31 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -72,6 +72,8 @@ # define EVP_PKEY_ED25519 NID_ED25519 # define EVP_PKEY_X448 NID_X448 # define EVP_PKEY_ED448 NID_ED448 +/* Special indicator that the object is uniquely provider side */ +# define EVP_PKEY_KEYMGMT -1 #ifdef __cplusplus extern "C" { From builds at travis-ci.org Sat May 23 20:09:26 2020 From: builds at travis-ci.org (Travis CI) Date: Sat, 23 May 2020 20:09:26 +0000 Subject: Broken: openssl/openssl#34904 (master - aa2cb51) In-Reply-To: Message-ID: <5ec982f624c80_13fae757db0283314ac@travis-tasks-8447dbf57-9jrrh.mail> Build Update for openssl/openssl ------------------------------------- Build: #34904 Status: Broken Duration: 17 mins and 4 secs Commit: aa2cb51 (master) Author: Dmitry Belyavskiy Message: GOST external tests [extended tests] Reviewed-by: Nicola Tuveri Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11792) View the changeset: https://github.com/openssl/openssl/compare/712e8debb5b2...aa2cb51da03b View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/690441246?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Sat May 23 20:42:03 2020 From: builds at travis-ci.org (Travis CI) Date: Sat, 23 May 2020 20:42:03 +0000 Subject: Broken: openssl/openssl#34905 (master - 5e5bc83) In-Reply-To: Message-ID: <5ec98a9b7dc80_13fa9f54d95d488913@travis-tasks-568846847c-hd6l2.mail> Build Update for openssl/openssl ------------------------------------- Build: #34905 Status: Broken Duration: 34 mins and 5 secs Commit: 5e5bc83 (master) Author: Richard Levitte Message: Re-introduce legacy EVP_PKEY types for provided keys EVP_PKEYs with provider side internal keys got the key type EVP_PKEY_NONE. This turned out to be too disruptive, so we try instead to find a matching EVP_PKEY_ASN1_METHOD and use whatever EVP_PKEY type it uses. To make internal coding easier, we introduce a few internal macros to distinguish what can be expected from a EVP_PKEY: - evp_pkey_is_blank(), to detect an unassigned EVP_PKEY. - evp_pkey_is_typed(), to detect that an EVP_PKEY has been assigned a type, which may be an old style type number or a EVP_KEYMGMT method. - evp_pkey_is_assigned(), to detect that an EVP_PKEY has been assigned an key value. - evp_pkey_is_legacy(), to detect that the internal EVP_PKEY key is a legacy one, i.e. will be handled via an EVP_PKEY_ASN1_METHOD and an EVP_PKEY_METHOD. - evp_pkey_is_provided(), to detect that the internal EVP_PKEY key is a provider side one, i.e. will be handdled via an EVP_KEYMGMT and other provider methods. This also introduces EVP_PKEY_KEYMGMT, to indicate that this EVP_PKEY contains a provider side key for which there are no known EVP_PKEY_ASN1_METHODs or EVP_PKEY_METHODs, i.e. these can only be handled via EVP_KEYMGMT and other provider methods. Fixes #11823 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11913) View the changeset: https://github.com/openssl/openssl/compare/aa2cb51da03b...5e5bc836fbc5 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/690442709?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 23 22:16:41 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 23 May 2020 22:16:41 +0000 Subject: Build failed: openssl master.34349 Message-ID: <20200523221641.1.92643B8C41905E33@appveyor.com> An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun May 24 07:55:03 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 24 May 2020 07:55:03 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5eca28576bda5_68e7d2af4d0022f5c784b8@appnode-2.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDoN19TFJwpfzx7faM2hcaNQ-3D-3DekFF_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHDgkccJoY6PJjLrGgr7-2F-2Bm29-2BgaacBbQiNG-2B-2BJGtXJklClGArjOOYQ-2Bvnov-2BzGy8rnYytChn9u8HhksyJr2YqvjjRMjwvBarF5qw61Or9cMMEzS8j-2F6aGez6MwB1Qctsqg2Kd14U1Ny36NknyvzvWMgeQ7QwQoNhe-2FyIreduhn5mbRJ5VnXVeIVT5-2FFclw8Mk-3D Build ID: 315969 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sun May 24 07:55:24 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 24 May 2020 07:55:24 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5eca286c6fa02_68ed32af4d0022f5c784f@appnode-2.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDi0WH2X69cApo3pLD935e8Q-3D-3DBTop_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGhsBnNhUXnKPowqEhQXeqSAYDredcELap65UTFfLdap-2Bqs4Ms9fEwLdH1q7ZKKiOC8ErF4E5HGfuLAi6Cflj6a1Gp8ePKxNUm7-2F2Yy4wNKbQUYfns1pHVW6zysprEm5-2FeClkT6uj-2Bza7StQfE2XiIz72-2Fz2bAGdqGsRKgcXDUjYG6M-2Fc-2BC-2BJVIZvme-2FJQeAOw-3D Build ID: 315968 Analysis Summary: New defects found: 1 Defects eliminated: 5 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/ls/click?upn=QsMnDxMCOVVs7CDlyD2jouKTgNlKFinTRd3y-2BJC7sZryfVdWHH2BBU620aHLHGfhMXPTHYY5wQ5zOiTMnTlWDg-3D-3D2zKl_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGhsBnNhUXnKPowqEhQXeqSAYDredcELap65UTFfLdapzIKGLkJMXBlid-2Bj0nwMZ2LNZidDVgWuGGQiKCWA3JuhHM1noXYGZ1ih6KQWxEuKDXZJksnVX4lJrkiT3AoXco49ao7-2FFrUjs27Ef0LB7mAe4jHXSPRr-2FDJgzxP793EEJCN3W1TrfJ1jRtOxVOZSkfQ-3D From no-reply at appveyor.com Sun May 24 11:32:09 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 24 May 2020 11:32:09 +0000 Subject: Build failed: openssl master.34357 Message-ID: <20200524113209.1.3C14859D702669ED@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun May 24 12:37:30 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 24 May 2020 12:37:30 +0000 Subject: Build failed: openssl OpenSSL_1_1_1-stable.34358 Message-ID: <20200524123730.1.C0D3156BE91A1B8B@appveyor.com> An HTML attachment was scrubbed... URL: From dev at ddvo.net Sun May 24 15:40:11 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Sun, 24 May 2020 15:40:11 +0000 Subject: [openssl] master update Message-ID: <1590334811.559882.30717.nullmailer@dev.openssl.org> The branch master has been updated via 6e15b81c340e8124e45a92a2dbcd923c2ba4e79f (commit) from 5e5bc836fbc5b1c0af428864f5286bbb225f7baf (commit) - Log ----------------------------------------------------------------- commit 6e15b81c340e8124e45a92a2dbcd923c2ba4e79f Author: Dr. David von Oheimb Date: Fri May 22 14:42:21 2020 +0200 Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h fixes #11818 Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11911) ----------------------------------------------------------------------- Summary of changes: crypto/cmp/cmp_local.h | 1 - crypto/crmf/crmf_local.h | 1 - include/openssl/crmf.h | 1 + util/libcrypto.num | 1 + 4 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 04abcf5084..0c0ca3466a 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -283,7 +283,6 @@ struct ossl_cmp_pkisi_st { OSSL_CMP_PKIFREETEXT *statusString; OSSL_CMP_PKIFAILUREINFO *failInfo; } /* OSSL_CMP_PKISI */; -DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID) /*- * RevReqContent ::= SEQUENCE OF RevDetails diff --git a/crypto/crmf/crmf_local.h b/crypto/crmf/crmf_local.h index a367d77727..b4d669875c 100644 --- a/crypto/crmf/crmf_local.h +++ b/crypto/crmf/crmf_local.h @@ -108,7 +108,6 @@ struct ossl_crmf_certid_st { GENERAL_NAME *issuer; ASN1_INTEGER *serialNumber; } /* OSSL_CRMF_CERTID */; -DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID) /*- * SinglePubInfo ::= SEQUENCE { diff --git a/include/openssl/crmf.h b/include/openssl/crmf.h index 28eb68258f..d262a9b759 100644 --- a/include/openssl/crmf.h +++ b/include/openssl/crmf.h @@ -51,6 +51,7 @@ typedef struct ossl_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY; typedef struct ossl_crmf_certrequest_st OSSL_CRMF_CERTREQUEST; typedef struct ossl_crmf_certid_st OSSL_CRMF_CERTID; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID) +DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID) DEFINE_OR_DECLARE_STACK_OF(OSSL_CRMF_CERTID) typedef struct ossl_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO; diff --git a/util/libcrypto.num b/util/libcrypto.num index b131f81273..aea01e55fa 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4509,6 +4509,7 @@ OSSL_CRMF_PBMPARAMETER_new ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_PBMPARAMETER_it ? 3_0_0 EXIST::FUNCTION:CRMF d2i_OSSL_CRMF_CERTID ? 3_0_0 EXIST::FUNCTION:CRMF i2d_OSSL_CRMF_CERTID ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTID_dup ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_CERTID_free ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_CERTID_new ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_CERTID_it ? 3_0_0 EXIST::FUNCTION:CRMF From builds at travis-ci.org Sun May 24 16:36:07 2020 From: builds at travis-ci.org (Travis CI) Date: Sun, 24 May 2020 16:36:07 +0000 Subject: Errored: openssl/openssl#34920 (master - 6e15b81) In-Reply-To: Message-ID: <5ecaa27780e98_13f7f40895f7c80821@travis-tasks-97b7ccbd4-fdsm4.mail> Build Update for openssl/openssl ------------------------------------- Build: #34920 Status: Errored Duration: 24 mins and 3 secs Commit: 6e15b81 (master) Author: Dr. David von Oheimb Message: Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h fixes #11818 Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11911) View the changeset: https://github.com/openssl/openssl/compare/5e5bc836fbc5...6e15b81c340e View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/690647798?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun May 24 17:19:30 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 24 May 2020 17:19:30 +0000 Subject: Build failed: openssl master.34363 Message-ID: <20200524171930.1.8D9A00C339A6F552@appveyor.com> An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Sun May 24 17:46:41 2020 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Sun, 24 May 2020 17:46:41 +0000 Subject: [openssl] master update Message-ID: <1590342401.332318.24863.nullmailer@dev.openssl.org> The branch master has been updated via 9c47a3386d6733512b72f5fab43bffba6a1fe72b (commit) from 6e15b81c340e8124e45a92a2dbcd923c2ba4e79f (commit) - Log ----------------------------------------------------------------- commit 9c47a3386d6733512b72f5fab43bffba6a1fe72b Author: Nicola Tuveri Date: Fri May 22 19:50:17 2020 +0300 Fix coverity issues in EC after #11807 This should fix 2 issues detected by Coverity and introduced with https://github.com/openssl/openssl/pull/11807 - CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON) - CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON) In practice the tests seem to show that they both aren't real issues, yet I believe this small change should appease the scanner and at the same time improve clarity for the reader. Here is the original report: ``` ** CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON) ________________________________________________________________________________________________________ *** CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON) /crypto/ec/ec_lib.c: 1123 in EC_POINT_mul() 1117 1118 if (group->meth->mul != NULL) 1119 ret = group->meth->mul(group, r, g_scalar, point != NULL 1120 && p_scalar != NULL, &point, &p_scalar, ctx); 1121 else 1122 /* use default */ CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON) Passing "&point" to function "ec_wNAF_mul" which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 1123 ret = ec_wNAF_mul(group, r, g_scalar, point != NULL 1124 && p_scalar != NULL, &point, &p_scalar, ctx); 1125 1126 #ifndef FIPS_MODULE 1127 BN_CTX_free(new_ctx); 1128 #endif ** CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON) ________________________________________________________________________________________________________ *** CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON) /crypto/ec/ec_lib.c: 1123 in EC_POINT_mul() 1117 1118 if (group->meth->mul != NULL) 1119 ret = group->meth->mul(group, r, g_scalar, point != NULL 1120 && p_scalar != NULL, &point, &p_scalar, ctx); 1121 else 1122 /* use default */ CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON) Passing "&p_scalar" to function "ec_wNAF_mul" which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 1123 ret = ec_wNAF_mul(group, r, g_scalar, point != NULL 1124 && p_scalar != NULL, &point, &p_scalar, ctx); 1125 1126 #ifndef FIPS_MODULE 1127 BN_CTX_free(new_ctx); 1128 #endif ``` Reviewed-by: Kurt Roeckx Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11919) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_lib.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 4d88b28a98..1b2ddc2b44 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1095,6 +1095,7 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) { int ret = 0; + size_t num; #ifndef FIPS_MODULE BN_CTX *new_ctx = NULL; #endif @@ -1117,13 +1118,12 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, return 0; } + num = (point != NULL && p_scalar != NULL) ? 1 : 0; if (group->meth->mul != NULL) - ret = group->meth->mul(group, r, g_scalar, point != NULL - && p_scalar != NULL, &point, &p_scalar, ctx); + ret = group->meth->mul(group, r, g_scalar, num, &point, &p_scalar, ctx); else /* use default */ - ret = ec_wNAF_mul(group, r, g_scalar, point != NULL - && p_scalar != NULL, &point, &p_scalar, ctx); + ret = ec_wNAF_mul(group, r, g_scalar, num, &point, &p_scalar, ctx); #ifndef FIPS_MODULE BN_CTX_free(new_ctx); From no-reply at appveyor.com Sun May 24 18:25:49 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 24 May 2020 18:25:49 +0000 Subject: Build completed: openssl OpenSSL_1_1_1-stable.34364 Message-ID: <20200524182549.1.7BE5284837A792B1@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Sun May 24 18:41:47 2020 From: builds at travis-ci.org (Travis CI) Date: Sun, 24 May 2020 18:41:47 +0000 Subject: Failed: openssl/openssl#34924 (master - 9c47a33) In-Reply-To: Message-ID: <5ecabfeb21cd3_13f7f40894adc209017@travis-tasks-97b7ccbd4-fdsm4.mail> Build Update for openssl/openssl ------------------------------------- Build: #34924 Status: Failed Duration: 54 mins and 45 secs Commit: 9c47a33 (master) Author: Nicola Tuveri Message: Fix coverity issues in EC after #11807 This should fix 2 issues detected by Coverity and introduced with https://github.com/openssl/openssl/pull/11807 - CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON) - CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON) In practice the tests seem to show that they both aren't real issues, yet I believe this small change should appease the scanner and at the same time improve clarity for the reader. Here is the original report: ``` ** CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON) ________________________________________________________________________________________________________ *** CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON) /crypto/ec/ec_lib.c: 1123 in EC_POINT_mul() 1117 1118 if (group->meth->mul != NULL) 1119 ret = group->meth->mul(group, r, g_scalar, point != NULL 1120 && p_scalar != NULL, &point, &p_scalar, ctx); 1121 else 1122 /* use default */ CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON) Passing "&point" to function "ec_wNAF_mul" which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 1123 ret = ec_wNAF_mul(group, r, g_scalar, point != NULL 1124 && p_scalar != NULL, &point, &p_scalar, ctx); 1125 1126 #ifndef FIPS_MODULE 1127 BN_CTX_free(new_ctx); 1128 #endif ** CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON) ________________________________________________________________________________________________________ *** CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON) /crypto/ec/ec_lib.c: 1123 in EC_POINT_mul() 1117 1118 if (group->meth->mul != NULL) 1119 ret = group->meth->mul(group, r, g_scalar, point != NULL 1120 && p_scalar != NULL, &point, &p_scalar, ctx); 1121 else 1122 /* use default */ CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON) Passing "&p_scalar" to function "ec_wNAF_mul" which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 1123 ret = ec_wNAF_mul(group, r, g_scalar, point != NULL 1124 && p_scalar != NULL, &point, &p_scalar, ctx); 1125 1126 #ifndef FIPS_MODULE 1127 BN_CTX_free(new_ctx); 1128 #endif ``` Reviewed-by: Kurt Roeckx Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11919) View the changeset: https://github.com/openssl/openssl/compare/6e15b81c340e...9c47a3386d67 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/690675412?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmraz at fedoraproject.org Mon May 25 06:09:29 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Mon, 25 May 2020 06:09:29 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1590386969.225545.24868.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 294beba4ebfbc0b5e7d86e6b11d9f1c37ad26867 (commit) from e512efe0894481679a5d3c57d10bf4ea97046c2a (commit) - Log ----------------------------------------------------------------- commit 294beba4ebfbc0b5e7d86e6b11d9f1c37ad26867 Author: mettacrawler Date: Thu May 21 09:21:12 2020 -0400 There is no -signreq option in CA.pl CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11897) ----------------------------------------------------------------------- Summary of changes: doc/man1/CA.pl.pod | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/man1/CA.pl.pod b/doc/man1/CA.pl.pod index 6949ec6228..0176f20178 100644 --- a/doc/man1/CA.pl.pod +++ b/doc/man1/CA.pl.pod @@ -91,7 +91,7 @@ to standard output. Leverages B command. =item B<-signCA> -This option is the same as the B<-signreq> option except it uses the +This option is the same as the B<-sign> option except it uses the configuration file section B and so makes the signed request a valid CA certificate. This is useful when creating intermediate CA from a root CA. Extra params are passed on to B command. @@ -143,7 +143,7 @@ the request and finally create a PKCS#12 file containing it. CA.pl -newca CA.pl -newreq - CA.pl -signreq + CA.pl -sign CA.pl -pkcs12 "My Test Certificate" =head1 DSA CERTIFICATES @@ -173,7 +173,7 @@ can optionally be created first): Sign the request: - CA.pl -signreq + CA.pl -sign =head1 NOTES From tmraz at fedoraproject.org Mon May 25 06:17:38 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Mon, 25 May 2020 06:17:38 +0000 Subject: [openssl] master update Message-ID: <1590387458.017496.23201.nullmailer@dev.openssl.org> The branch master has been updated via f7201301ef001b70109d7007a37525e233d30907 (commit) from 9c47a3386d6733512b72f5fab43bffba6a1fe72b (commit) - Log ----------------------------------------------------------------- commit f7201301ef001b70109d7007a37525e233d30907 Author: Marc <34656315+MarcT512 at users.noreply.github.com> Date: Wed May 20 01:25:10 2020 +0100 s_client: Fix -proxy flag regression s_client: connection via an HTTP proxy broke somewhere prior to openssl-3.0.0-alpha2. openssl s_client -connect -proxy Results in s_client making a TCP connection to proxy_host:proxy_port and then issuing an HTTP CONNECT to the proxy, instead of the target. Fixes https://github.com/openssl/openssl/issues/11879 Reviewed-by: David von Oheimb Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11880) ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 46 +++++++++++++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 15 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index e21a23da75..886b2cd8d6 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -921,6 +921,7 @@ int s_client_main(int argc, char **argv) char *connectstr = NULL, *bindstr = NULL; char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; char *chCApath = NULL, *chCAfile = NULL, *chCAstore = NULL, *host = NULL; + char *thost = NULL, *tport = NULL; char *port = OPENSSL_strdup(PORT); char *bindhost = NULL, *bindport = NULL; char *passarg = NULL, *pass = NULL; @@ -1599,37 +1600,49 @@ int s_client_main(int argc, char **argv) goto opthelp; } #endif - if (proxystr != NULL) { + + if (connectstr != NULL) { int res; char *tmp_host = host, *tmp_port = port; - if (connectstr == NULL) { - BIO_printf(bio_err, "%s: -proxy requires use of -connect or target parameter\n", prog); - goto opthelp; - } - res = BIO_parse_hostserv(proxystr, &host, &port, BIO_PARSE_PRIO_HOST); + + res = BIO_parse_hostserv(connectstr, &host, &port, BIO_PARSE_PRIO_HOST); if (tmp_host != host) OPENSSL_free(tmp_host); if (tmp_port != port) OPENSSL_free(tmp_port); if (!res) { BIO_printf(bio_err, - "%s: -proxy argument malformed or ambiguous\n", prog); + "%s: -connect argument or target parameter malformed or ambiguous\n", + prog); goto end; } - } else { - int res = 1; + } + + if (proxystr != NULL) { + int res; char *tmp_host = host, *tmp_port = port; - if (connectstr != NULL) - res = BIO_parse_hostserv(connectstr, &host, &port, - BIO_PARSE_PRIO_HOST); + + if (host == NULL || port == NULL) { + BIO_printf(bio_err, "%s: -proxy requires use of -connect or target parameter\n", prog); + goto opthelp; + } + + /* Retain the original target host:port for use in the HTTP proxy connect string */ + thost = OPENSSL_strdup(host); + tport = OPENSSL_strdup(port); + if (thost == NULL || tport == NULL) { + BIO_printf(bio_err, "%s: out of memory\n", prog); + goto end; + } + + res = BIO_parse_hostserv(proxystr, &host, &port, BIO_PARSE_PRIO_HOST); if (tmp_host != host) OPENSSL_free(tmp_host); if (tmp_port != port) OPENSSL_free(tmp_port); if (!res) { BIO_printf(bio_err, - "%s: -connect argument or target parameter malformed or ambiguous\n", - prog); + "%s: -proxy argument malformed or ambiguous\n", prog); goto end; } } @@ -2389,7 +2402,8 @@ int s_client_main(int argc, char **argv) } break; case PROTO_CONNECT: - if (!OSSL_HTTP_proxy_connect(sbio, host, port, proxyuser, proxypass, + /* Here we must use the connect string target host & port */ + if (!OSSL_HTTP_proxy_connect(sbio, thost, tport, proxyuser, proxypass, 0 /* no timeout */, bio_err, prog)) goto shut; break; @@ -3138,6 +3152,8 @@ int s_client_main(int argc, char **argv) OPENSSL_free(bindstr); OPENSSL_free(host); OPENSSL_free(port); + OPENSSL_free(thost); + OPENSSL_free(tport); X509_VERIFY_PARAM_free(vpm); ssl_excert_free(exc); sk_OPENSSL_STRING_free(ssl_args); From openssl at openssl.org Mon May 25 06:41:57 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 25 May 2020 06:41:57 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1590388917.129028.31275.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 9c47a3386d Fix coverity issues in EC after #11807 6e15b81c34 Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h 5e5bc836fb Re-introduce legacy EVP_PKEY types for provided keys aa2cb51da0 GOST external tests 712e8debb5 Fix the parameter types of the CRYPTO_EX_dup function type. 2de64666a0 Adjust length of some strncpy() calls e12813d0d3 Prevent use after free of global_engine_lock 4d55122ee7 Coverity 1463571: Null pointer dereferences (FORWARD_NULL) 3f17066f5d Coverity 1463574: Null pointer dereferences (REVERSE_INULL) e5cb3453fb Coverity 1463576: Error handling issues (CHECKED_RETURN) 084b7bec0f Coverity 1463258: Incorrect expression (EVALUATION_ORDER) Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1986, 724 wallclock secs ( 8.86 usr 1.45 sys + 677.20 cusr 43.46 csys = 730.97 CPU) Result: FAIL Makefile:3079: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3077: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon May 25 07:04:10 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 25 May 2020 07:04:10 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1590390250.987507.10208.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: 9c47a3386d Fix coverity issues in EC after #11807 6e15b81c34 Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h 5e5bc836fb Re-introduce legacy EVP_PKEY types for provided keys aa2cb51da0 GOST external tests 712e8debb5 Fix the parameter types of the CRYPTO_EX_dup function type. 2de64666a0 Adjust length of some strncpy() calls e12813d0d3 Prevent use after free of global_engine_lock 4d55122ee7 Coverity 1463571: Null pointer dereferences (FORWARD_NULL) 3f17066f5d Coverity 1463574: Null pointer dereferences (REVERSE_INULL) e5cb3453fb Coverity 1463576: Error handling issues (CHECKED_RETURN) 084b7bec0f Coverity 1463258: Incorrect expression (EVALUATION_ORDER) Build log ended with (last 100 lines): :198:1: note: expanded from here der_oid_id_dsa_with_sha384 ^ ../openssl/providers/common/der/der_dsa_sig.c:30:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha384' ../openssl/providers/common/der/der_dsa_sig.c:17:33: note: expanded from macro 'MD_CASE' precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \ ^ :199:1: note: expanded from here der_oid_id_dsa_with_sha384 ^ ../openssl/providers/common/der/der_dsa_sig.c:31:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha512' MD_CASE(sha512); ^ ../openssl/providers/common/der/der_dsa_sig.c:16:23: note: expanded from macro 'MD_CASE' precompiled = der_oid_id_dsa_with_##name; \ ^ :201:1: note: expanded from here der_oid_id_dsa_with_sha512 ^ ../openssl/providers/common/der/der_dsa_sig.c:31:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha512' ../openssl/providers/common/der/der_dsa_sig.c:17:33: note: expanded from macro 'MD_CASE' precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \ ^ :202:1: note: expanded from here der_oid_id_dsa_with_sha512 ^ ../openssl/providers/common/der/der_dsa_sig.c:32:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha3_224' MD_CASE(sha3_224); ^ ../openssl/providers/common/der/der_dsa_sig.c:16:23: note: expanded from macro 'MD_CASE' precompiled = der_oid_id_dsa_with_##name; \ ^ :204:1: note: expanded from here der_oid_id_dsa_with_sha3_224 ^ ../openssl/providers/common/der/der_dsa_sig.c:32:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha3_224' ../openssl/providers/common/der/der_dsa_sig.c:17:33: note: expanded from macro 'MD_CASE' precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \ ^ :205:1: note: expanded from here der_oid_id_dsa_with_sha3_224 ^ ../openssl/providers/common/der/der_dsa_sig.c:33:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha3_256' MD_CASE(sha3_256); ^ ../openssl/providers/common/der/der_dsa_sig.c:16:23: note: expanded from macro 'MD_CASE' precompiled = der_oid_id_dsa_with_##name; \ ^ :3:1: note: expanded from here der_oid_id_dsa_with_sha3_256 ^ ../openssl/providers/common/der/der_dsa_sig.c:33:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha3_256' ../openssl/providers/common/der/der_dsa_sig.c:17:33: note: expanded from macro 'MD_CASE' precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \ ^ :4:1: note: expanded from here der_oid_id_dsa_with_sha3_256 ^ ../openssl/providers/common/der/der_dsa_sig.c:34:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha3_384' MD_CASE(sha3_384); ^ ../openssl/providers/common/der/der_dsa_sig.c:16:23: note: expanded from macro 'MD_CASE' precompiled = der_oid_id_dsa_with_##name; \ ^ :6:1: note: expanded from here der_oid_id_dsa_with_sha3_384 ^ ../openssl/providers/common/der/der_dsa_sig.c:34:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha3_384' ../openssl/providers/common/der/der_dsa_sig.c:17:33: note: expanded from macro 'MD_CASE' precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \ ^ :7:1: note: expanded from here der_oid_id_dsa_with_sha3_384 ^ ../openssl/providers/common/der/der_dsa_sig.c:35:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha3_512' MD_CASE(sha3_512); ^ ../openssl/providers/common/der/der_dsa_sig.c:16:23: note: expanded from macro 'MD_CASE' precompiled = der_oid_id_dsa_with_##name; \ ^ :9:1: note: expanded from here der_oid_id_dsa_with_sha3_512 ^ ../openssl/providers/common/der/der_dsa_sig.c:35:9: error: use of undeclared identifier 'der_oid_id_dsa_with_sha3_512' ../openssl/providers/common/der/der_dsa_sig.c:17:33: note: expanded from macro 'MD_CASE' precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \ ^ :10:1: note: expanded from here der_oid_id_dsa_with_sha3_512 ^ ../openssl/providers/common/der/der_dsa_sig.c:40:12: error: implicit declaration of function 'DER_w_begin_sequence' is invalid in C99 [-Werror,-Wimplicit-function-declaration] return DER_w_begin_sequence(pkt, tag) ^ fatal error: too many errors emitted, stopping now [-ferror-limit=] 20 errors generated. Makefile:21555: recipe for target 'providers/common/der/libnonfips-lib-der_dsa_sig.o' failed make[1]: *** [providers/common/der/libnonfips-lib-der_dsa_sig.o] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dsa' Makefile:2989: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Mon May 25 07:21:22 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 25 May 2020 07:21:22 +0000 Subject: Build failed: openssl master.34382 Message-ID: <20200525072122.1.61530DE9A07A0708@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon May 25 07:21:04 2020 From: builds at travis-ci.org (Travis CI) Date: Mon, 25 May 2020 07:21:04 +0000 Subject: Still Failing: openssl/openssl#34941 (master - f720130) In-Reply-To: Message-ID: <5ecb71dfa0c80_13f7ef3e9f85c2181a9@travis-tasks-6497879594-2km87.mail> Build Update for openssl/openssl ------------------------------------- Build: #34941 Status: Still Failing Duration: 30 mins and 52 secs Commit: f720130 (master) Author: Marc Message: s_client: Fix -proxy flag regression s_client: connection via an HTTP proxy broke somewhere prior to openssl-3.0.0-alpha2. openssl s_client -connect -proxy Results in s_client making a TCP connection to proxy_host:proxy_port and then issuing an HTTP CONNECT to the proxy, instead of the target. Fixes https://github.com/openssl/openssl/issues/11879 Reviewed-by: David von Oheimb Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11880) View the changeset: https://github.com/openssl/openssl/compare/9c47a3386d67...f7201301ef00 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/690823210?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon May 25 07:45:23 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 25 May 2020 07:45:23 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec Message-ID: <1590392723.387063.16566.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: 9c47a3386d Fix coverity issues in EC after #11807 6e15b81c34 Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h 5e5bc836fb Re-introduce legacy EVP_PKEY types for provided keys aa2cb51da0 GOST external tests 712e8debb5 Fix the parameter types of the CRYPTO_EX_dup function type. 2de64666a0 Adjust length of some strncpy() calls e12813d0d3 Prevent use after free of global_engine_lock 4d55122ee7 Coverity 1463571: Null pointer dereferences (FORWARD_NULL) 3f17066f5d Coverity 1463574: Null pointer dereferences (REVERSE_INULL) e5cb3453fb Coverity 1463576: Error handling issues (CHECKED_RETURN) 084b7bec0f Coverity 1463258: Incorrect expression (EVALUATION_ORDER) Build log ended with (last 100 lines): clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/libimplementations-lib-cipher_tdes_hw.d.tmp -MT providers/implementations/ciphers/libimplementations-lib-cipher_tdes_hw.o -c -o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_hw.o ../openssl/providers/implementations/ciphers/cipher_tdes_hw.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap.d.tmp -MT providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap.o -c -o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap.o ../openssl/providers/implementations/ciphers/cipher_tdes_wrap.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap_hw.d.tmp -MT providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap_hw.o -c -o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap_hw.o ../openssl/providers/implementations/ciphers/cipher_tdes_wrap_hw.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/libimplementations-lib-blake2_prov.d.tmp -MT providers/implementations/digests/libimplementations-lib-blake2_prov.o -c -o providers/implementations/digests/libimplementations-lib-blake2_prov.o ../openssl/providers/implementations/digests/blake2_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/libimplementations-lib-blake2b_prov.d.tmp -MT providers/implementations/digests/libimplementations-lib-blake2b_prov.o -c -o providers/implementations/digests/libimplementations-lib-blake2b_prov.o ../openssl/providers/implementations/digests/blake2b_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/libimplementations-lib-blake2s_prov.d.tmp -MT providers/implementations/digests/libimplementations-lib-blake2s_prov.o -c -o providers/implementations/digests/libimplementations-lib-blake2s_prov.o ../openssl/providers/implementations/digests/blake2s_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/libimplementations-lib-md5_prov.d.tmp -MT providers/implementations/digests/libimplementations-lib-md5_prov.o -c -o providers/implementations/digests/libimplementations-lib-md5_prov.o ../openssl/providers/implementations/digests/md5_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/libimplementations-lib-md5_sha1_prov.d.tmp -MT providers/implementations/digests/libimplementations-lib-md5_sha1_prov.o -c -o providers/implementations/digests/libimplementations-lib-md5_sha1_prov.o ../openssl/providers/implementations/digests/md5_sha1_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/libimplementations-lib-sha2_prov.d.tmp -MT providers/implementations/digests/libimplementations-lib-sha2_prov.o -c -o providers/implementations/digests/libimplementations-lib-sha2_prov.o ../openssl/providers/implementations/digests/sha2_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/libimplementations-lib-sha3_prov.d.tmp -MT providers/implementations/digests/libimplementations-lib-sha3_prov.o -c -o providers/implementations/digests/libimplementations-lib-sha3_prov.o ../openssl/providers/implementations/digests/sha3_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/libimplementations-lib-sm3_prov.d.tmp -MT providers/implementations/digests/libimplementations-lib-sm3_prov.o -c -o providers/implementations/digests/libimplementations-lib-sm3_prov.o ../openssl/providers/implementations/digests/sm3_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/exchange/libimplementations-lib-dh_exch.d.tmp -MT providers/implementations/exchange/libimplementations-lib-dh_exch.o -c -o providers/implementations/exchange/libimplementations-lib-dh_exch.o ../openssl/providers/implementations/exchange/dh_exch.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/kdfs/libimplementations-lib-hkdf.d.tmp -MT providers/implementations/kdfs/libimplementations-lib-hkdf.o -c -o providers/implementations/kdfs/libimplementations-lib-hkdf.o ../openssl/providers/implementations/kdfs/hkdf.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/kdfs/libimplementations-lib-kbkdf.d.tmp -MT providers/implementations/kdfs/libimplementations-lib-kbkdf.o -c -o providers/implementations/kdfs/libimplementations-lib-kbkdf.o ../openssl/providers/implementations/kdfs/kbkdf.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/kdfs/libimplementations-lib-krb5kdf.d.tmp -MT providers/implementations/kdfs/libimplementations-lib-krb5kdf.o -c -o providers/implementations/kdfs/libimplementations-lib-krb5kdf.o ../openssl/providers/implementations/kdfs/krb5kdf.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/kdfs/libimplementations-lib-pbkdf2.d.tmp -MT providers/implementations/kdfs/libimplementations-lib-pbkdf2.o -c -o providers/implementations/kdfs/libimplementations-lib-pbkdf2.o ../openssl/providers/implementations/kdfs/pbkdf2.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/kdfs/libimplementations-lib-scrypt.d.tmp -MT providers/implementations/kdfs/libimplementations-lib-scrypt.o -c -o providers/implementations/kdfs/libimplementations-lib-scrypt.o ../openssl/providers/implementations/kdfs/scrypt.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/kdfs/libimplementations-lib-sshkdf.d.tmp -MT providers/implementations/kdfs/libimplementations-lib-sshkdf.o -c -o providers/implementations/kdfs/libimplementations-lib-sshkdf.o ../openssl/providers/implementations/kdfs/sshkdf.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/kdfs/libimplementations-lib-sskdf.d.tmp -MT providers/implementations/kdfs/libimplementations-lib-sskdf.o -c -o providers/implementations/kdfs/libimplementations-lib-sskdf.o ../openssl/providers/implementations/kdfs/sskdf.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/kdfs/libimplementations-lib-tls1_prf.d.tmp -MT providers/implementations/kdfs/libimplementations-lib-tls1_prf.o -c -o providers/implementations/kdfs/libimplementations-lib-tls1_prf.o ../openssl/providers/implementations/kdfs/tls1_prf.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/kdfs/libimplementations-lib-x942kdf.d.tmp -MT providers/implementations/kdfs/libimplementations-lib-x942kdf.o -c -o providers/implementations/kdfs/libimplementations-lib-x942kdf.o ../openssl/providers/implementations/kdfs/x942kdf.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/keymgmt/libimplementations-lib-dh_kmgmt.d.tmp -MT providers/implementations/keymgmt/libimplementations-lib-dh_kmgmt.o -c -o providers/implementations/keymgmt/libimplementations-lib-dh_kmgmt.o ../openssl/providers/implementations/keymgmt/dh_kmgmt.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/keymgmt/libimplementations-lib-dsa_kmgmt.d.tmp -MT providers/implementations/keymgmt/libimplementations-lib-dsa_kmgmt.o -c -o providers/implementations/keymgmt/libimplementations-lib-dsa_kmgmt.o ../openssl/providers/implementations/keymgmt/dsa_kmgmt.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/macs/libimplementations-lib-blake2b_mac.d.tmp -MT providers/implementations/macs/libimplementations-lib-blake2b_mac.o -c -o providers/implementations/macs/libimplementations-lib-blake2b_mac.o ../openssl/providers/implementations/macs/blake2b_mac.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/macs/libimplementations-lib-blake2s_mac.d.tmp -MT providers/implementations/macs/libimplementations-lib-blake2s_mac.o -c -o providers/implementations/macs/libimplementations-lib-blake2s_mac.o ../openssl/providers/implementations/macs/blake2s_mac.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/macs/libimplementations-lib-cmac_prov.d.tmp -MT providers/implementations/macs/libimplementations-lib-cmac_prov.o -c -o providers/implementations/macs/libimplementations-lib-cmac_prov.o ../openssl/providers/implementations/macs/cmac_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/macs/libimplementations-lib-gmac_prov.d.tmp -MT providers/implementations/macs/libimplementations-lib-gmac_prov.o -c -o providers/implementations/macs/libimplementations-lib-gmac_prov.o ../openssl/providers/implementations/macs/gmac_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/macs/libimplementations-lib-hmac_prov.d.tmp -MT providers/implementations/macs/libimplementations-lib-hmac_prov.o -c -o providers/implementations/macs/libimplementations-lib-hmac_prov.o ../openssl/providers/implementations/macs/hmac_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/macs/libimplementations-lib-kmac_prov.d.tmp -MT providers/implementations/macs/libimplementations-lib-kmac_prov.o -c -o providers/implementations/macs/libimplementations-lib-kmac_prov.o ../openssl/providers/implementations/macs/kmac_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/macs/libimplementations-lib-poly1305_prov.d.tmp -MT providers/implementations/macs/libimplementations-lib-poly1305_prov.o -c -o providers/implementations/macs/libimplementations-lib-poly1305_prov.o ../openssl/providers/implementations/macs/poly1305_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/macs/libimplementations-lib-siphash_prov.d.tmp -MT providers/implementations/macs/libimplementations-lib-siphash_prov.o -c -o providers/implementations/macs/libimplementations-lib-siphash_prov.o ../openssl/providers/implementations/macs/siphash_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/serializers/libimplementations-lib-serializer_common.d.tmp -MT providers/implementations/serializers/libimplementations-lib-serializer_common.o -c -o providers/implementations/serializers/libimplementations-lib-serializer_common.o ../openssl/providers/implementations/serializers/serializer_common.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/serializers/libimplementations-lib-serializer_dh.d.tmp -MT providers/implementations/serializers/libimplementations-lib-serializer_dh.o -c -o providers/implementations/serializers/libimplementations-lib-serializer_dh.o ../openssl/providers/implementations/serializers/serializer_dh.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/serializers/libimplementations-lib-serializer_dh_param.d.tmp -MT providers/implementations/serializers/libimplementations-lib-serializer_dh_param.o -c -o providers/implementations/serializers/libimplementations-lib-serializer_dh_param.o ../openssl/providers/implementations/serializers/serializer_dh_param.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/serializers/libimplementations-lib-serializer_dh_priv.d.tmp -MT providers/implementations/serializers/libimplementations-lib-serializer_dh_priv.o -c -o providers/implementations/serializers/libimplementations-lib-serializer_dh_priv.o ../openssl/providers/implementations/serializers/serializer_dh_priv.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/serializers/libimplementations-lib-serializer_dh_pub.d.tmp -MT providers/implementations/serializers/libimplementations-lib-serializer_dh_pub.o -c -o providers/implementations/serializers/libimplementations-lib-serializer_dh_pub.o ../openssl/providers/implementations/serializers/serializer_dh_pub.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/serializers/libimplementations-lib-serializer_dsa.d.tmp -MT providers/implementations/serializers/libimplementations-lib-serializer_dsa.o -c -o providers/implementations/serializers/libimplementations-lib-serializer_dsa.o ../openssl/providers/implementations/serializers/serializer_dsa.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/serializers/libimplementations-lib-serializer_dsa_param.d.tmp -MT providers/implementations/serializers/libimplementations-lib-serializer_dsa_param.o -c -o providers/implementations/serializers/libimplementations-lib-serializer_dsa_param.o ../openssl/providers/implementations/serializers/serializer_dsa_param.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/serializers/libimplementations-lib-serializer_dsa_priv.d.tmp -MT providers/implementations/serializers/libimplementations-lib-serializer_dsa_priv.o -c -o providers/implementations/serializers/libimplementations-lib-serializer_dsa_priv.o ../openssl/providers/implementations/serializers/serializer_dsa_priv.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/serializers/libimplementations-lib-serializer_dsa_pub.d.tmp -MT providers/implementations/serializers/libimplementations-lib-serializer_dsa_pub.o -c -o providers/implementations/serializers/libimplementations-lib-serializer_dsa_pub.o ../openssl/providers/implementations/serializers/serializer_dsa_pub.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/serializers/libimplementations-lib-serializer_ffc_params.d.tmp -MT providers/implementations/serializers/libimplementations-lib-serializer_ffc_params.o -c -o providers/implementations/serializers/libimplementations-lib-serializer_ffc_params.o ../openssl/providers/implementations/serializers/serializer_ffc_params.c /usr/bin/perl "-I." "-I../openssl/providers/common/der" -Mconfigdata -Moids_to_c "../openssl/util/dofile.pl" "-oMakefile" ../openssl/providers/common/der/der_rsa.h.in > providers/common/include/prov/der_rsa.h clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/serializers/libimplementations-lib-serializer_rsa_priv.d.tmp -MT providers/implementations/serializers/libimplementations-lib-serializer_rsa_priv.o -c -o providers/implementations/serializers/libimplementations-lib-serializer_rsa_priv.o ../openssl/providers/implementations/serializers/serializer_rsa_priv.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/serializers/libimplementations-lib-serializer_rsa_pub.d.tmp -MT providers/implementations/serializers/libimplementations-lib-serializer_rsa_pub.o -c -o providers/implementations/serializers/libimplementations-lib-serializer_rsa_pub.o ../openssl/providers/implementations/serializers/serializer_rsa_pub.c /usr/bin/perl "-I." "-I../openssl/providers/common/der" -Mconfigdata -Moids_to_c "../openssl/util/dofile.pl" "-oMakefile" ../openssl/providers/common/der/der_dsa.h.in > providers/common/include/prov/der_dsa.h clang -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/libcommon-lib-bio_prov.d.tmp -MT providers/common/libcommon-lib-bio_prov.o -c -o providers/common/libcommon-lib-bio_prov.o ../openssl/providers/common/bio_prov.c clang -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/libcommon-lib-provider_ctx.d.tmp -MT providers/common/libcommon-lib-provider_ctx.o -c -o providers/common/libcommon-lib-provider_ctx.o ../openssl/providers/common/provider_ctx.c clang -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/libcommon-lib-provider_err.d.tmp -MT providers/common/libcommon-lib-provider_err.o -c -o providers/common/libcommon-lib-provider_err.o ../openssl/providers/common/provider_err.c clang -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/libcommon-lib-ciphercommon.d.tmp -MT providers/implementations/ciphers/libcommon-lib-ciphercommon.o -c -o providers/implementations/ciphers/libcommon-lib-ciphercommon.o ../openssl/providers/implementations/ciphers/ciphercommon.c clang -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/libcommon-lib-ciphercommon_block.d.tmp -MT providers/implementations/ciphers/libcommon-lib-ciphercommon_block.o -c -o providers/implementations/ciphers/libcommon-lib-ciphercommon_block.o ../openssl/providers/implementations/ciphers/ciphercommon_block.c clang -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/libcommon-lib-ciphercommon_ccm.d.tmp -MT providers/implementations/ciphers/libcommon-lib-ciphercommon_ccm.o -c -o providers/implementations/ciphers/libcommon-lib-ciphercommon_ccm.o ../openssl/providers/implementations/ciphers/ciphercommon_ccm.c clang -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/libcommon-lib-ciphercommon_ccm_hw.d.tmp -MT providers/implementations/ciphers/libcommon-lib-ciphercommon_ccm_hw.o -c -o providers/implementations/ciphers/libcommon-lib-ciphercommon_ccm_hw.o ../openssl/providers/implementations/ciphers/ciphercommon_ccm_hw.c clang -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/libcommon-lib-ciphercommon_gcm.d.tmp -MT providers/implementations/ciphers/libcommon-lib-ciphercommon_gcm.o -c -o providers/implementations/ciphers/libcommon-lib-ciphercommon_gcm.o ../openssl/providers/implementations/ciphers/ciphercommon_gcm.c clang -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/libcommon-lib-ciphercommon_gcm_hw.d.tmp -MT providers/implementations/ciphers/libcommon-lib-ciphercommon_gcm_hw.o -c -o providers/implementations/ciphers/libcommon-lib-ciphercommon_gcm_hw.o ../openssl/providers/implementations/ciphers/ciphercommon_gcm_hw.c clang -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/libcommon-lib-ciphercommon_hw.d.tmp -MT providers/implementations/ciphers/libcommon-lib-ciphercommon_hw.o -c -o providers/implementations/ciphers/libcommon-lib-ciphercommon_hw.o ../openssl/providers/implementations/ciphers/ciphercommon_hw.c clang -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/libcommon-lib-digestcommon.d.tmp -MT providers/implementations/digests/libcommon-lib-digestcommon.o -c -o providers/implementations/digests/libcommon-lib-digestcommon.o ../openssl/providers/implementations/digests/digestcommon.c /usr/bin/perl "-I." "-I../openssl/providers/common/der" -Mconfigdata -Moids_to_c "../openssl/util/dofile.pl" "-oMakefile" ../openssl/providers/common/der/der_digests_gen.c.in > providers/common/der/der_digests_gen.c /usr/bin/perl "-I." "-I../openssl/providers/common/der" -Mconfigdata -Moids_to_c "../openssl/util/dofile.pl" "-oMakefile" ../openssl/providers/common/der/der_digests.h.in > providers/common/include/prov/der_digests.h /usr/bin/perl "-I." "-I../openssl/providers/common/der" -Mconfigdata -Moids_to_c "../openssl/util/dofile.pl" "-oMakefile" ../openssl/providers/common/der/der_dsa_gen.c.in > providers/common/der/der_dsa_gen.c clang -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_key.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_key.o -c -o providers/common/der/libnonfips-lib-der_dsa_key.o ../openssl/providers/common/der/der_dsa_key.c clang -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_sig.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_sig.o -c -o providers/common/der/libnonfips-lib-der_dsa_sig.o ../openssl/providers/common/der/der_dsa_sig.c /usr/bin/perl "-I." "-I../openssl/providers/common/der" -Mconfigdata -Moids_to_c "../openssl/util/dofile.pl" "-oMakefile" ../openssl/providers/common/der/der_ec_gen.c.in > providers/common/der/der_ec_gen.c /usr/bin/perl "-I." "-I../openssl/providers/common/der" -Mconfigdata -Moids_to_c "../openssl/util/dofile.pl" "-oMakefile" ../openssl/providers/common/der/der_ec.h.in > providers/common/include/prov/der_ec.h clang -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_ec_key.d.tmp -MT providers/common/der/libnonfips-lib-der_ec_key.o -c -o providers/common/der/libnonfips-lib-der_ec_key.o ../openssl/providers/common/der/der_ec_key.c clang -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_ec_sig.d.tmp -MT providers/common/der/libnonfips-lib-der_ec_sig.o -c -o providers/common/der/libnonfips-lib-der_ec_sig.o ../openssl/providers/common/der/der_ec_sig.c ../openssl/providers/common/der/der_ec_key.c:16:12: error: implicit declaration of function 'DER_w_begin_sequence' is invalid in C99 [-Werror,-Wimplicit-function-declaration] return DER_w_begin_sequence(pkt, cont) ^ ../openssl/providers/common/der/der_ec_key.c:16:12: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/der/der_ec_key.c:18:12: error: implicit declaration of function 'DER_w_precompiled' is invalid in C99 [-Werror,-Wimplicit-function-declaration] && DER_w_precompiled(pkt, -1, der_oid_id_ecPublicKey, ^ ../openssl/providers/common/der/der_ec_key.c:18:12: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/der/der_ec_key.c:19:37: error: use of undeclared identifier 'der_oid_id_ecPublicKey' sizeof(der_oid_id_ecPublicKey)) ^ ../openssl/providers/common/der/der_ec_key.c:18:39: error: use of undeclared identifier 'der_oid_id_ecPublicKey' && DER_w_precompiled(pkt, -1, der_oid_id_ecPublicKey, ^ ../openssl/providers/common/der/der_ec_key.c:20:12: error: implicit declaration of function 'DER_w_end_sequence' is invalid in C99 [-Werror,-Wimplicit-function-declaration] && DER_w_end_sequence(pkt, cont); ^ /usr/bin/perl "-I." "-I../openssl/providers/common/der" -Mconfigdata -Moids_to_c "../openssl/util/dofile.pl" "-oMakefile" ../openssl/providers/common/der/der_rsa_gen.c.in > providers/common/der/der_rsa_gen.c ../openssl/providers/common/der/der_ec_key.c:20:12: note: did you mean 'DER_w_begin_sequence'? ../openssl/providers/common/der/der_ec_key.c:16:12: note: 'DER_w_begin_sequence' declared here return DER_w_begin_sequence(pkt, cont) ^ ../openssl/providers/common/der/der_ec_key.c:20:12: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] && DER_w_end_sequence(pkt, cont); ^ ../openssl/providers/common/der/der_ec_key.c:14:5: error: no previous prototype for function 'DER_w_algorithmIdentifier_EC' [-Werror,-Wmissing-prototypes] int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec) ^ 9 errors generated. Makefile:20697: recipe for target 'providers/common/der/libnonfips-lib-der_ec_key.o' failed make[1]: *** [providers/common/der/libnonfips-lib-der_ec_key.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-ec' Makefile:2931: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From tmraz at fedoraproject.org Mon May 25 09:43:51 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Mon, 25 May 2020 09:43:51 +0000 Subject: [openssl] master update Message-ID: <1590399831.070245.27659.nullmailer@dev.openssl.org> The branch master has been updated via e91916692724ee7042b17d287dfbb91e20eb6128 (commit) from f7201301ef001b70109d7007a37525e233d30907 (commit) - Log ----------------------------------------------------------------- commit e91916692724ee7042b17d287dfbb91e20eb6128 Author: Rich Salz Date: Fri May 22 11:21:11 2020 -0400 Fix auto-gen names in .gitignore Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11916) ----------------------------------------------------------------------- Summary of changes: .gitignore | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index d15303e49b..1ea4cb71af 100644 --- a/.gitignore +++ b/.gitignore @@ -29,10 +29,10 @@ doc/man1/openssl-*.pod # Auto generated der files -providers/common/der/der_dsa.c -providers/common/der/der_ec.c -providers/common/der/der_rsa.c -providers/common/der/der_digests.c +providers/common/der/der_digests_gen.c +providers/common/der/der_dsa_gen.c +providers/common/der/der_ec_gen.c +providers/common/der/der_rsa_gen.c providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h From tmraz at fedoraproject.org Mon May 25 10:02:28 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Mon, 25 May 2020 10:02:28 +0000 Subject: [openssl] master update Message-ID: <1590400948.805406.7090.nullmailer@dev.openssl.org> The branch master has been updated via 8069bf585453c96d1d14c1c0f53f3592bf057453 (commit) via 2bd928a1bff7e39070992df1876b8d9ea9634301 (commit) from e91916692724ee7042b17d287dfbb91e20eb6128 (commit) - Log ----------------------------------------------------------------- commit 8069bf585453c96d1d14c1c0f53f3592bf057453 Author: Tomas Mraz Date: Fri May 22 10:14:04 2020 +0200 Drop special case of time interval calculation for VMS The existing special case code is broken and it is not needed anymore as times() and _SC_CLK_TCK should be supported on the supported VMS versions. Reviewed-by: Richard Levitte Reviewed-by: Kurt Roeckx Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11905) commit 2bd928a1bff7e39070992df1876b8d9ea9634301 Author: Tomas Mraz Date: Fri May 22 10:07:43 2020 +0200 Revert "Guard use of struct tms with #ifdef __TMS" The __TMS might be necessary on VMS however there is no such define on glibc even though the times() function is fully supported. Fixes #11903 This reverts commit db71d315479762eefbf2bcda8be3b44b1867133f. Reviewed-by: Richard Levitte Reviewed-by: Kurt Roeckx Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11905) ----------------------------------------------------------------------- Summary of changes: apps/lib/apps.c | 53 +++-------------------------------------------------- 1 file changed, 3 insertions(+), 50 deletions(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 4337cc6c87..dbc9be344d 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -2230,70 +2230,23 @@ double app_tminterval(int stop, int usertime) return ret; } -#elif defined(OPENSSL_SYSTEM_VMS) -# include -# include - -double app_tminterval(int stop, int usertime) -{ - static clock_t tmstart; - double ret = 0; - clock_t now; -# ifdef __TMS - struct tms rus; - - now = times(&rus); - if (usertime) - now = rus.tms_utime; -# else - if (usertime) - now = clock(); /* sum of user and kernel times */ - else { - struct timeval tv; - gettimeofday(&tv, NULL); - now = (clock_t)((unsigned long long)tv.tv_sec * CLK_TCK + - (unsigned long long)tv.tv_usec * (1000000 / CLK_TCK) - ); - } -# endif - if (stop == TM_START) - tmstart = now; - else - ret = (now - tmstart) / (double)(CLK_TCK); - - return ret; -} - #elif defined(_SC_CLK_TCK) /* by means of unistd.h */ # include double app_tminterval(int stop, int usertime) { double ret = 0; - clock_t now; - static clock_t tmstart; - long int tck = sysconf(_SC_CLK_TCK); -# ifdef __TMS struct tms rus; + clock_t now = times(&rus); + static clock_t tmstart; - now = times(&rus); if (usertime) now = rus.tms_utime; -# else - if (usertime) - now = clock(); /* sum of user and kernel times */ - else { - struct timeval tv; - gettimeofday(&tv, NULL); - now = (clock_t)((unsigned long long)tv.tv_sec * tck + - (unsigned long long)tv.tv_usec * (1000000 / tck) - ); - } -# endif if (stop == TM_START) { tmstart = now; } else { + long int tck = sysconf(_SC_CLK_TCK); ret = (now - tmstart) / (double)tck; } From builds at travis-ci.org Mon May 25 11:44:35 2020 From: builds at travis-ci.org (Travis CI) Date: Mon, 25 May 2020 11:44:35 +0000 Subject: Still Failing: openssl/openssl#34945 (master - e919166) In-Reply-To: Message-ID: <5ecbafa2f1839_13fc918abb35c324463@travis-tasks-5f7d6f6bdf-jjqxk.mail> Build Update for openssl/openssl ------------------------------------- Build: #34945 Status: Still Failing Duration: 1 hr, 56 mins, and 58 secs Commit: e919166 (master) Author: Rich Salz Message: Fix auto-gen names in .gitignore Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11916) View the changeset: https://github.com/openssl/openssl/compare/f7201301ef00...e91916692724 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/690875305?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon May 25 12:00:14 2020 From: levitte at openssl.org (Richard Levitte) Date: Mon, 25 May 2020 12:00:14 +0000 Subject: [openssl] master update Message-ID: <1590408014.240249.1144.nullmailer@dev.openssl.org> The branch master has been updated via 3f5ea7dc0ca4affb1fbe5c9f6d25add8aa3535b3 (commit) from 8069bf585453c96d1d14c1c0f53f3592bf057453 (commit) - Log ----------------------------------------------------------------- commit 3f5ea7dc0ca4affb1fbe5c9f6d25add8aa3535b3 Author: Richard Levitte Date: Fri May 22 10:17:55 2020 +0200 Fix omissions in providers/common/der/build.info Dependencies on generated files must be declared explicitly. When refactoring the DER code in providers/common/der, a few of those dependency declaration were omitted, which may lead to build errors in a parallel build. Some cleanup and extensive used of build.info variables is done while at it, to avoid unnecessary repetition. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11906) ----------------------------------------------------------------------- Summary of changes: providers/common/der/build.info | 82 +++++++++++++++++++++++++++-------------- 1 file changed, 55 insertions(+), 27 deletions(-) diff --git a/providers/common/der/build.info b/providers/common/der/build.info index 43fe9038fe..7bb1d0dc46 100644 --- a/providers/common/der/build.info +++ b/providers/common/der/build.info @@ -1,36 +1,64 @@ -$FIPSABLE=\ - der_rsa_gen.c der_rsa_key.c der_rsa_sig.c \ - der_dsa_gen.c der_dsa_key.c der_dsa_sig.c \ - der_ec_gen.c der_ec_key.c der_ec_sig.c \ - der_digests_gen.c +#----- Digests +$DER_DIGESTS_H=../include/prov/der_digests.h +$DER_DIGESTS_GEN=der_digests_gen.c -SOURCE[../../libfips.a]=$FIPSABLE -SOURCE[../../libnonfips.a]=$FIPSABLE +GENERATE[$DER_DIGESTS_GEN]=der_digests_gen.c.in +DEPEND[$DER_DIGESTS_GEN]=oids_to_c.pm -GENERATE[der_rsa_gen.c]=der_rsa_gen.c.in -DEPEND[der_rsa_gen.c]=oids_to_c.pm +DEPEND[${DER_DIGESTS_GEN/.c/.o}]=$DER_DIGESTS_H +GENERATE[$DER_DIGESTS_H]=der_digests.h.in +DEPEND[$DER_DIGESTS_H]=oids_to_c.pm -DEPEND[der_rsa_gen.o]=../include/prov/der_rsa.h ../include/prov/der_digests.h -GENERATE[../include/prov/der_rsa.h]=der_rsa.h.in -DEPEND[../include/prov/der_rsa.h]=oids_to_c.pm +#----- RSA +$DER_RSA_H=../include/prov/der_rsa.h +$DER_RSA_GEN=der_rsa_gen.c +$DER_RSA_AUX=der_rsa_key.c der_rsa_sig.c +$DER_RSA_COMMON=$DER_RSA_GEN der_rsa_sig.c +$DER_RSA_FIPSABLE=der_rsa_key.c -GENERATE[der_dsa_gen.c]=der_dsa_gen.c.in -DEPEND[der_dsa_gen.c]=oids_to_c.pm +GENERATE[$DER_RSA_GEN]=der_rsa_gen.c.in +DEPEND[$DER_RSA_GEN]=oids_to_c.pm -DEPEND[der_dsa_gen.o]=../include/prov/der_dsa.h -GENERATE[../include/prov/der_dsa.h]=der_dsa.h.in -DEPEND[../include/prov/der_dsa.h]=oids_to_c.pm +DEPEND[${DER_RSA_AUX/.c/.o}]=$DER_RSA_H $DER_DIGESTS_H +DEPEND[${DER_RSA_GEN/.c/.o}]=$DER_RSA_H +GENERATE[$DER_RSA_H]=der_rsa.h.in +DEPEND[$DER_RSA_H]=oids_to_c.pm -GENERATE[der_ec_gen.c]=der_ec_gen.c.in -DEPEND[der_ec_gen.c]=oids_to_c.pm +#----- DSA +$DER_DSA_H=../include/prov/der_dsa.h +$DER_DSA_GEN=der_dsa_gen.c +$DER_DSA_AUX=der_dsa_key.c der_dsa_sig.c -DEPEND[der_ec_gen.o]=../include/prov/der_ec.h -GENERATE[../include/prov/der_ec.h]=der_ec.h.in -DEPEND[../include/prov/der_ec.h]=oids_to_c.pm +GENERATE[$DER_DSA_GEN]=der_dsa_gen.c.in +DEPEND[$DER_DSA_GEN]=oids_to_c.pm -GENERATE[der_digests_gen.c]=der_digests_gen.c.in -DEPEND[der_digests_gen.c]=oids_to_c.pm +DEPEND[${DER_DSA_AUX/.c/.o}]=$DER_DSA_H $DER_DIGESTS_H +DEPEND[${DER_DSA_GEN/.c/.o}]=$DER_DSA_H +GENERATE[$DER_DSA_H]=der_dsa.h.in +DEPEND[$DER_DSA_H]=oids_to_c.pm -DEPEND[der_digests_gen.o]=../include/prov/der_digests.h -GENERATE[../include/prov/der_digests.h]=der_digests.h.in -DEPEND[../include/prov/der_digests.h]=oids_to_c.pm +#----- EC +$DER_EC_H=../include/prov/der_ec.h +$DER_EC_GEN=der_ec_gen.c +$DER_EC_AUX=der_ec_key.c der_ec_sig.c + +GENERATE[$DER_EC_GEN]=der_ec_gen.c.in +DEPEND[$DER_EC_GEN]=oids_to_c.pm + +DEPEND[${DER_EC_AUX/.c/.o}]=$DER_EC_H $DER_DIGESTS_H +DEPEND[${DER_EC_GEN/.c/.o}]=$DER_EC_H +GENERATE[$DER_EC_H]=der_ec.h.in +DEPEND[$DER_EC_H]=oids_to_c.pm + +#----- Conclusion + +# TODO(3.0) $COMMON should go to libcommon.a, but this currently leads +# to linking conflicts, so we add it to libfips.a and libnonfips.a for +# the moment being +$COMMON=\ + $DER_RSA_COMMON \ + $DER_DSA_GEN $DER_DSA_AUX \ + $DER_EC_GEN $DER_EC_AUX \ + $DER_DIGESTS_GEN +SOURCE[../../libfips.a]=$COMMON $DER_RSA_FIPSABLE +SOURCE[../../libnonfips.a]=$COMMON $DER_RSA_FIPSABLE From builds at travis-ci.org Mon May 25 12:25:56 2020 From: builds at travis-ci.org (Travis CI) Date: Mon, 25 May 2020 12:25:56 +0000 Subject: Errored: openssl/openssl#34947 (master - 8069bf5) In-Reply-To: Message-ID: <5ecbb95487bc1_13fa2bb51587c7058b@travis-tasks-58fdc5868d-kghr4.mail> Build Update for openssl/openssl ------------------------------------- Build: #34947 Status: Errored Duration: 1 hr, 12 mins, and 29 secs Commit: 8069bf5 (master) Author: Tomas Mraz Message: Drop special case of time interval calculation for VMS The existing special case code is broken and it is not needed anymore as times() and _SC_CLK_TCK should be supported on the supported VMS versions. Reviewed-by: Richard Levitte Reviewed-by: Kurt Roeckx Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11905) View the changeset: https://github.com/openssl/openssl/compare/e91916692724...8069bf585453 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/690880775?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon May 25 13:16:34 2020 From: builds at travis-ci.org (Travis CI) Date: Mon, 25 May 2020 13:16:34 +0000 Subject: Still Failing: openssl/openssl#34947 (master - 8069bf5) In-Reply-To: Message-ID: <5ecbc5322d89f_13fe4307d9a34337dd@travis-tasks-58fdc5868d-fpdgd.mail> Build Update for openssl/openssl ------------------------------------- Build: #34947 Status: Still Failing Duration: 8 mins and 30 secs Commit: 8069bf5 (master) Author: Tomas Mraz Message: Drop special case of time interval calculation for VMS The existing special case code is broken and it is not needed anymore as times() and _SC_CLK_TCK should be supported on the supported VMS versions. Reviewed-by: Richard Levitte Reviewed-by: Kurt Roeckx Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11905) View the changeset: https://github.com/openssl/openssl/compare/e91916692724...8069bf585453 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/690880775?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon May 25 13:06:09 2020 From: builds at travis-ci.org (Travis CI) Date: Mon, 25 May 2020 13:06:09 +0000 Subject: Still Failing: openssl/openssl#34950 (master - 3f5ea7d) In-Reply-To: Message-ID: <5ecbc2c0c5795_13fb22231536c1109cb@travis-tasks-58fdc5868d-krtlr.mail> Build Update for openssl/openssl ------------------------------------- Build: #34950 Status: Still Failing Duration: 1 hr, 0 mins, and 46 secs Commit: 3f5ea7d (master) Author: Richard Levitte Message: Fix omissions in providers/common/der/build.info Dependencies on generated files must be declared explicitly. When refactoring the DER code in providers/common/der, a few of those dependency declaration were omitted, which may lead to build errors in a parallel build. Some cleanup and extensive used of build.info variables is done while at it, to avoid unnecessary repetition. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11906) View the changeset: https://github.com/openssl/openssl/compare/8069bf585453...3f5ea7dc0ca4 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/690910783?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon May 25 13:28:16 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 25 May 2020 13:28:16 +0000 Subject: Build failed: openssl master.34390 Message-ID: <20200525132816.1.0FD61FABBBC91827@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon May 25 13:32:29 2020 From: builds at travis-ci.org (Travis CI) Date: Mon, 25 May 2020 13:32:29 +0000 Subject: Still Failing: openssl/openssl#34945 (master - e919166) In-Reply-To: Message-ID: <5ecbc8ed1be6f_13fb22231518c1473ae@travis-tasks-58fdc5868d-krtlr.mail> Build Update for openssl/openssl ------------------------------------- Build: #34945 Status: Still Failing Duration: 9 mins and 32 secs Commit: e919166 (master) Author: Rich Salz Message: Fix auto-gen names in .gitignore Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11916) View the changeset: https://github.com/openssl/openssl/compare/f7201301ef00...e91916692724 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/690875305?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From beldmit at gmail.com Mon May 25 15:53:01 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Mon, 25 May 2020 15:53:01 +0000 Subject: [openssl] master update Message-ID: <1590421981.251196.22160.nullmailer@dev.openssl.org> The branch master has been updated via b394809c87bedddc6223e14098307f154224790f (commit) from 3f5ea7dc0ca4affb1fbe5c9f6d25add8aa3535b3 (commit) - Log ----------------------------------------------------------------- commit b394809c87bedddc6223e14098307f154224790f Author: Dmitry Belyavskiy Date: Mon May 25 12:45:37 2020 +0300 Update the gost-engine submodule Fixes #11949 [extended tests] Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/11951) ----------------------------------------------------------------------- Summary of changes: gost-engine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gost-engine b/gost-engine index 7f055baddc..a90ad6ce8f 160000 --- a/gost-engine +++ b/gost-engine @@ -1 +1 @@ -Subproject commit 7f055baddc3aa79fc1c2cf22bf5d5750843f5920 +Subproject commit a90ad6ce8f4cd876b5a8897b66ef49fb50b378cd From builds at travis-ci.org Mon May 25 16:40:19 2020 From: builds at travis-ci.org (Travis CI) Date: Mon, 25 May 2020 16:40:19 +0000 Subject: Errored: openssl/openssl#34954 (master - b394809) In-Reply-To: Message-ID: <5ecbf4f1a317a_13fdbdbcc404c76461@travis-tasks-5f74f6cb8-hw4hq.mail> Build Update for openssl/openssl ------------------------------------- Build: #34954 Status: Errored Duration: 45 mins and 49 secs Commit: b394809 (master) Author: Dmitry Belyavskiy Message: Update the gost-engine submodule Fixes #11949 [extended tests] Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/11951) View the changeset: https://github.com/openssl/openssl/compare/3f5ea7dc0ca4...b394809c87be View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/690997793?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev at ddvo.net Mon May 25 19:00:55 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Mon, 25 May 2020 19:00:55 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1590433255.046069.16312.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 1bde3c65baea32a3d87fe80f04f2f6594e74992d (commit) via 767b86ee52227b1c8e5c783b9c3850fa65338058 (commit) from 294beba4ebfbc0b5e7d86e6b11d9f1c37ad26867 (commit) - Log ----------------------------------------------------------------- commit 1bde3c65baea32a3d87fe80f04f2f6594e74992d Author: Dr. David von Oheimb Date: Sat May 23 14:23:14 2020 +0200 Fix B<..> vs. I<..> and add two remarks in OSSL_STORE_open.pod Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11912) commit 767b86ee52227b1c8e5c783b9c3850fa65338058 Author: Dr. David von Oheimb Date: Fri May 22 14:56:06 2020 +0200 Allow NULL arg to OSSL_STORE_close() Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11912) ----------------------------------------------------------------------- Summary of changes: crypto/store/store_lib.c | 6 +++++- doc/man3/OSSL_STORE_open.pod | 31 ++++++++++++++++++------------- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index fb8184d2d9..637466ce10 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -218,7 +218,11 @@ int OSSL_STORE_eof(OSSL_STORE_CTX *ctx) int OSSL_STORE_close(OSSL_STORE_CTX *ctx) { - int loader_ret = ctx->loader->close(ctx->loader_ctx); + int loader_ret; + + if (ctx == NULL) + return 1; + loader_ret = ctx->loader->close(ctx->loader_ctx); OPENSSL_free(ctx); return loader_ret; diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod index 1e8ebf7ce1..432ba9da92 100644 --- a/doc/man3/OSSL_STORE_open.pod +++ b/doc/man3/OSSL_STORE_open.pod @@ -46,21 +46,22 @@ OSSL_STORE_close() to work together. =head2 Functions -OSSL_STORE_open() takes a uri or path B, password UI method -B with associated data B, and post processing -callback B with associated data B, +OSSL_STORE_open() takes a uri or path I, password UI method +I with associated data I, and post processing +callback I with associated data I, opens a channel to the data located at that URI and returns a B with all necessary internal information. -The given B and B will be reused by all -functions that use B when interaction is needed. -The given B and B will be reused by +The given I and I will be reused by all +functions that use B when interaction is needed, +for instance to provide a password. +The given I and I will be reused by OSSL_STORE_load() to manipulate or drop the value to be returned. -The B function drops values by returning B, which +The I function drops values by returning NULL, which will cause OSSL_STORE_load() to start its process over with loading -the next object, until B returns something other than -B, or the end of data is reached as indicated by OSSL_STORE_eof(). +the next object, until I returns something other than +NULL, or the end of data is reached as indicated by OSSL_STORE_eof(). -OSSL_STORE_ctrl() takes a B, and command number B and +OSSL_STORE_ctrl() takes a B, and command number I and more arguments not specified here. The available loader specific command numbers and arguments they each take depends on the loader that's used and is documented together with @@ -94,6 +95,7 @@ OSSL_STORE_eof() shows that the end of data has been reached. OSSL_STORE_close() takes a B, closes the channel that was opened by OSSL_STORE_open() and frees all other information that was stored in the B, as well as the B itself. +If I is NULL it does nothing. =head1 SUPPORTED SCHEMES @@ -123,12 +125,12 @@ See L for further information. =head1 RETURN VALUES OSSL_STORE_open() returns a pointer to a B on success, or -B on failure. +NULL on failure. OSSL_STORE_load() returns a pointer to a B on success, or -B on error or when end of data is reached. +NULL on error or when end of data is reached. Use OSSL_STORE_error() and OSSL_STORE_eof() to determine the meaning of a -returned B. +returned NULL. OSSL_STORE_eof() returns 1 if the end of data has been reached, otherwise 0. @@ -149,6 +151,9 @@ OSSL_STORE_CTX(), OSSL_STORE_post_process_info_fn(), OSSL_STORE_open(), OSSL_STORE_ctrl(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close() were added in OpenSSL 1.1.1. +Handling of NULL I argument for OSSL_STORE_close() +was introduced in OpenSSL 1.1.1h. + =head1 COPYRIGHT Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. From pauli at openssl.org Mon May 25 21:58:12 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 25 May 2020 21:58:12 +0000 Subject: [openssl] master update Message-ID: <1590443892.101727.26386.nullmailer@dev.openssl.org> The branch master has been updated via bbc3c22c0e2b3b4b6f069712dc8322a48506b775 (commit) from b394809c87bedddc6223e14098307f154224790f (commit) - Log ----------------------------------------------------------------- commit bbc3c22c0e2b3b4b6f069712dc8322a48506b775 Author: Pauli Date: Mon May 25 07:43:45 2020 +1000 Coverity 1463830: Resource leaks (RESOURCE_LEAK) Reviewed-by: Tim Hudson Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/11941) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_vfy.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 75c5c0e201..1e881ccfcd 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -398,6 +398,7 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, x = sk_X509_value(ctx->other_ctx, i); if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) { if (!X509_up_ref(x)) { + sk_X509_pop_free(sk, X509_free); X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_INTERNAL_ERROR); ctx->error = X509_V_ERR_UNSPECIFIED; return NULL; From pauli at openssl.org Mon May 25 22:26:14 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 25 May 2020 22:26:14 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1590445574.358866.8676.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via b7bc412eafb4c252e640719f048d3ca293b64b0f (commit) from 1bde3c65baea32a3d87fe80f04f2f6594e74992d (commit) - Log ----------------------------------------------------------------- commit b7bc412eafb4c252e640719f048d3ca293b64b0f Author: Pauli Date: Mon May 25 07:43:45 2020 +1000 Coverity 1463830: Resource leaks (RESOURCE_LEAK) Reviewed-by: Tim Hudson Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/11941) (cherry picked from commit bbc3c22c0e2b3b4b6f069712dc8322a48506b775) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_vfy.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 39e0c53de0..5bd3c4c159 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -377,6 +377,7 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm) x = sk_X509_value(ctx->other_ctx, i); if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) { if (!X509_up_ref(x)) { + sk_X509_pop_free(sk, X509_free); X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_INTERNAL_ERROR); ctx->error = X509_V_ERR_UNSPECIFIED; return NULL; From builds at travis-ci.org Mon May 25 22:45:44 2020 From: builds at travis-ci.org (Travis CI) Date: Mon, 25 May 2020 22:45:44 +0000 Subject: Passed: openssl/openssl#34962 (master - bbc3c22) In-Reply-To: Message-ID: <5ecc4a98fef7_13f9627f09888108331@travis-tasks-6ccd7d8c54-8cmxd.mail> Build Update for openssl/openssl ------------------------------------- Build: #34962 Status: Passed Duration: 17 mins and 33 secs Commit: bbc3c22 (master) Author: Pauli Message: Coverity 1463830: Resource leaks (RESOURCE_LEAK) Reviewed-by: Tim Hudson Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/11941) View the changeset: https://github.com/openssl/openssl/compare/b394809c87be...bbc3c22c0e2b View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691105020?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Mon May 25 23:02:25 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 25 May 2020 23:02:25 +0000 Subject: [openssl] master update Message-ID: <1590447745.224451.31838.nullmailer@dev.openssl.org> The branch master has been updated via 1bdd86fb1ca40dd3536abf16b6273230c15537b6 (commit) from bbc3c22c0e2b3b4b6f069712dc8322a48506b775 (commit) - Log ----------------------------------------------------------------- commit 1bdd86fb1ca40dd3536abf16b6273230c15537b6 Author: Pauli Date: Mon May 25 08:40:20 2020 +1000 ossl_shim: add deprecation guards around the -use-ticket-callback option. The ticket callback is deprecated in 3.0 and can't be used in a no-deprecated build. [extended tests] Reviewed-by: Nicola Tuveri Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/11944) ----------------------------------------------------------------------- Summary of changes: test/ossl_shim/ossl_shim.cc | 9 +++++++++ test/ossl_shim/test_config.cc | 2 ++ test/ossl_shim/test_config.h | 4 ++++ 3 files changed, 15 insertions(+) diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc index ea1ff3a983..0bdf5dd451 100644 --- a/test/ossl_shim/ossl_shim.cc +++ b/test/ossl_shim/ossl_shim.cc @@ -7,6 +7,11 @@ * https://www.openssl.org/source/license.html */ +/* + * HMAC low level APIs are deprecated for public use but might be used here. + */ +#define OPENSSL_SUPPRESS_DEPRECATED + #if !defined(__STDC_FORMAT_MACROS) #define __STDC_FORMAT_MACROS #endif @@ -369,6 +374,7 @@ static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) { return 1; } +#ifndef OPENSSL_NO_DEPRECATED_3_0 static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, int encrypt) { @@ -401,6 +407,7 @@ static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, } return 1; } +#endif // kCustomExtensionValue is the extension value that the custom extension // callbacks will add. @@ -624,9 +631,11 @@ static bssl::UniquePtr SetupCtx(const TestConfig *config) { SSL_CTX_set_info_callback(ssl_ctx.get(), InfoCallback); SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback); +#ifndef OPENSSL_NO_DEPRECATED_3_0 if (config->use_ticket_callback) { SSL_CTX_set_tlsext_ticket_key_cb(ssl_ctx.get(), TicketKeyCallback); } +#endif if (config->enable_client_custom_extension && !SSL_CTX_add_client_custom_ext( diff --git a/test/ossl_shim/test_config.cc b/test/ossl_shim/test_config.cc index a37d010d7a..b1a3fa3920 100644 --- a/test/ossl_shim/test_config.cc +++ b/test/ossl_shim/test_config.cc @@ -63,7 +63,9 @@ const Flag kBoolFlags[] = { { "-use-export-context", &TestConfig::use_export_context }, { "-expect-ticket-renewal", &TestConfig::expect_ticket_renewal }, { "-expect-no-session", &TestConfig::expect_no_session }, +#ifndef OPENSSL_NO_DEPRECATED_3_0 { "-use-ticket-callback", &TestConfig::use_ticket_callback }, +#endif { "-renew-ticket", &TestConfig::renew_ticket }, { "-enable-client-custom-extension", &TestConfig::enable_client_custom_extension }, diff --git a/test/ossl_shim/test_config.h b/test/ossl_shim/test_config.h index 83677df52b..653554d995 100644 --- a/test/ossl_shim/test_config.h +++ b/test/ossl_shim/test_config.h @@ -13,6 +13,8 @@ #include #include +#include + struct TestConfig { int port = 0; @@ -60,7 +62,9 @@ struct TestConfig { bool use_export_context = false; bool expect_ticket_renewal = false; bool expect_no_session = false; +#ifndef OPENSSL_NO_DEPRECATED_3_0 bool use_ticket_callback = false; +#endif bool renew_ticket = false; bool enable_client_custom_extension = false; bool enable_server_custom_extension = false; From nic.tuv at gmail.com Mon May 25 23:26:57 2020 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Mon, 25 May 2020 23:26:57 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1590449217.073249.15600.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via efdfc392aac6d56fe385223cd26687fa26ca9af3 (commit) via e7bab429fb2f043165838496fb58aa257235dbe1 (commit) from b7bc412eafb4c252e640719f048d3ca293b64b0f (commit) - Log ----------------------------------------------------------------- commit efdfc392aac6d56fe385223cd26687fa26ca9af3 Author: Nicola Tuveri Date: Mon Nov 11 12:13:10 2019 +0200 More testing for CLI usage of Ed25519 and Ed448 keys Add testing for the `req` app and explicit conversion tests similar to what is done for ECDSA keys. The included test keys for Ed25519 are from the examples in RFC 8410 (Sec. 10) The key for Ed448 is derived from the first of the test vectors in RFC 8032 (Sec. 7.4) using OpenSSL to encode it into PEM format. (cherry picked from commit 81722fdf2e01cfa71c46abbcc19e65aa003e083f) This is originally a cherry-pick from https://github.com/openssl/openssl/pull/10410, with trivial changes from the original commit to account for the differences in 1.1.1. Fixes #10687 Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/11939) commit e7bab429fb2f043165838496fb58aa257235dbe1 Author: Nicola Tuveri Date: Mon Nov 11 15:52:52 2019 +0200 More testing for sign/verify through `dgst` Add tests for signature generation and verification with `dgst` CLI for common key types: - RSA - DSA - ECDSA (cherry picked from commit ef1e59ed833e8ed1d5f4de5b0c734da8561890e3) This is a backport from https://github.com/openssl/openssl/pull/10410. Support for testing EdDSA through `pkeyutl` was dropped as the required `-rawin` option is not supported in 1.1.1. Fixes #10687 Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/11939) ----------------------------------------------------------------------- Summary of changes: test/recipes/15-test_ec.t | 56 ++++++++++++++++++------ test/recipes/20-test_dgst.t | 104 ++++++++++++++++++++++++++++++++++++++++++++ test/recipes/25-test_req.t | 42 +++++++++++++++++- test/tested25519.pem | 3 ++ test/tested25519pub.pem | 3 ++ test/tested448.pem | 4 ++ test/tested448pub.pem | 4 ++ 7 files changed, 201 insertions(+), 15 deletions(-) create mode 100644 test/recipes/20-test_dgst.t create mode 100644 test/tested25519.pem create mode 100644 test/tested25519pub.pem create mode 100644 test/tested448.pem create mode 100644 test/tested448pub.pem diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t index a1c704a3f0..7bce442a44 100644 --- a/test/recipes/15-test_ec.t +++ b/test/recipes/15-test_ec.t @@ -16,23 +16,51 @@ use OpenSSL::Test::Utils; setup("test_ec"); -plan tests => 5; +plan tests => 11; require_ok(srctop_file('test','recipes','tconversion.pl')); ok(run(test(["ectest"])), "running ectest"); - SKIP: { - skip "Skipping ec conversion test", 3 - if disabled("ec"); - - subtest 'ec conversions -- private key' => sub { - tconversion("ec", srctop_file("test","testec-p256.pem")); - }; - subtest 'ec conversions -- private key PKCS#8' => sub { - tconversion("ec", srctop_file("test","testec-p256.pem"), "pkey"); - }; - subtest 'ec conversions -- public key' => sub { - tconversion("ec", srctop_file("test","testecpub-p256.pem"), "ec", "-pubin", "-pubout"); - }; +SKIP: { + skip "Skipping EC conversion test", 3 + if disabled("ec"); + + subtest 'EC conversions -- private key' => sub { + tconversion("ec", srctop_file("test","testec-p256.pem")); + }; + subtest 'EC conversions -- private key PKCS#8' => sub { + tconversion("ec", srctop_file("test","testec-p256.pem"), "pkey"); + }; + subtest 'EC conversions -- public key' => sub { + tconversion("ec", srctop_file("test","testecpub-p256.pem"), + "ec", "-pubin", "-pubout"); + }; +} + +SKIP: { + skip "Skipping EdDSA conversion test", 6 + if disabled("ec"); + + subtest 'Ed25519 conversions -- private key' => sub { + tconversion("pkey", srctop_file("test","tested25519.pem")); + }; + subtest 'Ed25519 conversions -- private key PKCS#8' => sub { + tconversion("pkey", srctop_file("test","tested25519.pem"), "pkey"); + }; + subtest 'Ed25519 conversions -- public key' => sub { + tconversion("pkey", srctop_file("test","tested25519pub.pem"), + "pkey", "-pubin", "-pubout"); + }; + + subtest 'Ed448 conversions -- private key' => sub { + tconversion("pkey", srctop_file("test","tested448.pem")); + }; + subtest 'Ed448 conversions -- private key PKCS#8' => sub { + tconversion("pkey", srctop_file("test","tested448.pem"), "pkey"); + }; + subtest 'Ed448 conversions -- public key' => sub { + tconversion("pkey", srctop_file("test","tested448pub.pem"), + "pkey", "-pubin", "-pubout"); + }; } diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t new file mode 100644 index 0000000000..1080770f53 --- /dev/null +++ b/test/recipes/20-test_dgst.t @@ -0,0 +1,104 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT with srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_dgst"); + +plan tests => 5; + +sub tsignverify { + my $testtext = shift; + my $privkey = shift; + my $pubkey = shift; + + my $data_to_sign = srctop_file('test', 'README'); + my $other_data = srctop_file('test', 'README.external'); + + plan tests => 4; + + ok(run(app(['openssl', 'dgst', '-sign', $privkey, + '-out', 'testdgst.sig', + $data_to_sign])), + $testtext.": Generating signature"); + + ok(run(app(['openssl', 'dgst', '-prverify', $privkey, + '-signature', 'testdgst.sig', + $data_to_sign])), + $testtext.": Verify signature with private key"); + + ok(run(app(['openssl', 'dgst', '-verify', $pubkey, + '-signature', 'testdgst.sig', + $data_to_sign])), + $testtext.": Verify signature with public key"); + + ok(!run(app(['openssl', 'dgst', '-verify', $pubkey, + '-signature', 'testdgst.sig', + $other_data])), + $testtext.": Expect failure verifying mismatching data"); + + unlink 'testdgst.sig'; +} + +SKIP: { + skip "RSA is not supported by this OpenSSL build", 1 + if disabled("rsa"); + + subtest "RSA signature generation and verification with `dgst` CLI" => sub { + tsignverify("RSA", + srctop_file("test","testrsa.pem"), + srctop_file("test","testrsapub.pem")); + }; +} + +SKIP: { + skip "DSA is not supported by this OpenSSL build", 1 + if disabled("dsa"); + + subtest "DSA signature generation and verification with `dgst` CLI" => sub { + tsignverify("DSA", + srctop_file("test","testdsa.pem"), + srctop_file("test","testdsapub.pem")); + }; +} + +SKIP: { + skip "ECDSA is not supported by this OpenSSL build", 1 + if disabled("ec"); + + subtest "ECDSA signature generation and verification with `dgst` CLI" => sub { + tsignverify("ECDSA", + srctop_file("test","testec-p256.pem"), + srctop_file("test","testecpub-p256.pem")); + }; +} + +SKIP: { + skip "EdDSA is not supported by this OpenSSL build", 2 + if disabled("ec"); + + skip "EdDSA is not supported with `dgst` CLI", 2; + + subtest "Ed25519 signature generation and verification with `dgst` CLI" => sub { + tsignverify("Ed25519", + srctop_file("test","tested25519.pem"), + srctop_file("test","tested25519pub.pem")); + }; + + subtest "Ed448 signature generation and verification with `dgst` CLI" => sub { + tsignverify("Ed448", + srctop_file("test","tested448.pem"), + srctop_file("test","tested448pub.pem")); + }; +} diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index cb30061fca..52260d6e56 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_req"); -plan tests => 12; +plan tests => 14; require_ok(srctop_file('test','recipes','tconversion.pl')); @@ -106,6 +106,46 @@ subtest "generating certificate requests with ECDSA" => sub { } }; +subtest "generating certificate requests with Ed25519" => sub { + plan tests => 2; + + SKIP: { + skip "Ed25519 is not supported by this OpenSSL build", 2 + if disabled("ec"); + + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-new", "-out", "testreq.pem", "-utf8", + "-key", srctop_file("test", "tested25519.pem")])), + "Generating request"); + + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-verify", "-in", "testreq.pem", "-noout"])), + "Verifying signature on request"); + } +}; + +subtest "generating certificate requests with Ed448" => sub { + plan tests => 2; + + SKIP: { + skip "Ed448 is not supported by this OpenSSL build", 2 + if disabled("ec"); + + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-new", "-out", "testreq.pem", "-utf8", + "-key", srctop_file("test", "tested448.pem")])), + "Generating request"); + + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-verify", "-in", "testreq.pem", "-noout"])), + "Verifying signature on request"); + } +}; + subtest "generating certificate requests" => sub { plan tests => 2; diff --git a/test/tested25519.pem b/test/tested25519.pem new file mode 100644 index 0000000000..e447080ae2 --- /dev/null +++ b/test/tested25519.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC +-----END PRIVATE KEY----- diff --git a/test/tested25519pub.pem b/test/tested25519pub.pem new file mode 100644 index 0000000000..41b0218e94 --- /dev/null +++ b/test/tested25519pub.pem @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE= +-----END PUBLIC KEY----- diff --git a/test/tested448.pem b/test/tested448.pem new file mode 100644 index 0000000000..98af16420a --- /dev/null +++ b/test/tested448.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEcCAQAwBQYDK2VxBDsEOWyCpWLLgI0Q1jK+ichRPr9skp803fqMn2PJlg7240ij +UoyKP8wvBE45o/xblEkvjwMudUmiAJj5Ww== +-----END PRIVATE KEY----- diff --git a/test/tested448pub.pem b/test/tested448pub.pem new file mode 100644 index 0000000000..640da6f2be --- /dev/null +++ b/test/tested448pub.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MEMwBQYDK2VxAzoAX9dEm1m0Yf0s54fsYWrUah2hNCSFpw4fig6nXYDpZ3jt8SR2 +m0bHBhvWeD3x5Q9s0foavq/oJWGA +-----END PUBLIC KEY----- From builds at travis-ci.org Mon May 25 23:50:02 2020 From: builds at travis-ci.org (Travis CI) Date: Mon, 25 May 2020 23:50:02 +0000 Subject: Errored: openssl/openssl#34964 (master - 1bdd86f) In-Reply-To: Message-ID: <5ecc59aa2c227_13ff321dd8a481596c8@travis-tasks-6ccd7d8c54-qk7k9.mail> Build Update for openssl/openssl ------------------------------------- Build: #34964 Status: Errored Duration: 47 mins and 16 secs Commit: 1bdd86f (master) Author: Pauli Message: ossl_shim: add deprecation guards around the -use-ticket-callback option. The ticket callback is deprecated in 3.0 and can't be used in a no-deprecated build. [extended tests] Reviewed-by: Nicola Tuveri Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/11944) View the changeset: https://github.com/openssl/openssl/compare/bbc3c22c0e2b...1bdd86fb1ca4 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691119194?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue May 26 01:05:31 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 26 May 2020 01:05:31 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1590455131.632744.20458.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 9c47a3386d Fix coverity issues in EC after #11807 6e15b81c34 Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h 5e5bc836fb Re-introduce legacy EVP_PKEY types for provided keys aa2cb51da0 GOST external tests 712e8debb5 Fix the parameter types of the CRYPTO_EX_dup function type. 2de64666a0 Adjust length of some strncpy() calls e12813d0d3 Prevent use after free of global_engine_lock 4d55122ee7 Coverity 1463571: Null pointer dereferences (FORWARD_NULL) 3f17066f5d Coverity 1463574: Null pointer dereferences (REVERSE_INULL) e5cb3453fb Coverity 1463576: Error handling issues (CHECKED_RETURN) 084b7bec0f Coverity 1463258: Incorrect expression (EVALUATION_ORDER) Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_cmp.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/Ed25519.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha3-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_socket.d.tmp -MT apps/lib/libapps-lib-s_socket.o -c -o apps/lib/libapps-lib-s_socket.o ../openssl/apps/lib/s_socket.c 1 error generated. Makefile:4070: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3045: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From shane.lontis at oracle.com Tue May 26 02:50:27 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Tue, 26 May 2020 02:50:27 +0000 Subject: [openssl] master update Message-ID: <1590461427.910954.13739.nullmailer@dev.openssl.org> The branch master has been updated via f32af93c924dca25728d8e7b85b8e4b660154e12 (commit) from 1bdd86fb1ca40dd3536abf16b6273230c15537b6 (commit) - Log ----------------------------------------------------------------- commit f32af93c924dca25728d8e7b85b8e4b660154e12 Author: Shane Lontis Date: Tue May 26 12:44:36 2020 +1000 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod Fixes #11743 The ouput format had 2 issues that caused it not to match the expected documented format: (1) At some point the thread id printing was changed to use the OPENSSL_hex2str method which puts ':' between hex bytes. An internal function that skips the seperator has been added. (2) The error code no longer exists. So this was completely removed from the string. It is now replaced by :: As an example: 00:77:6E:52:14:7F:00:00:error:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1135: Is now: 00776E52147F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1135: Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11789) ----------------------------------------------------------------------- Summary of changes: crypto/err/err_prn.c | 5 +- crypto/o_str.c | 100 ++++++++++------ include/internal/cryptlib.h | 4 + test/build.info | 7 +- test/errtest.c | 44 +++++++ test/hexstr_test.c | 133 +++++++++++++++++++++ .../{04-test_params.t => 04-test_hexstring.t} | 6 +- 7 files changed, 259 insertions(+), 40 deletions(-) create mode 100644 test/hexstr_test.c copy test/recipes/{04-test_params.t => 04-test_hexstring.t} (71%) diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c index 5c4ebcbddd..80cc0ecf1a 100644 --- a/crypto/err/err_prn.c +++ b/crypto/err/err_prn.c @@ -35,8 +35,9 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), func = "unknown function"; if ((flags & ERR_TXT_STRING) == 0) data = ""; - hex = OPENSSL_buf2hexstr((const unsigned char *)&tid, sizeof(tid)); - BIO_snprintf(buf, sizeof(buf), "%s:error:%s:%s:%s:%s:%d:%s\n", + hex = openssl_buf2hexstr_sep((const unsigned char *)&tid, sizeof(tid), + '\0'); + BIO_snprintf(buf, sizeof(buf), "%s:error::%s:%s:%s:%s:%d:%s\n", hex == NULL ? "" : hex, lib, func, reason, file, line, data); OPENSSL_free(hex); diff --git a/crypto/o_str.c b/crypto/o_str.c index 6780188cda..6578857b94 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -12,6 +12,9 @@ #include #include "internal/cryptlib.h" +#define DEFAULT_SEPARATOR ':' +#define CH_ZERO '\0' + char *CRYPTO_strdup(const char *str, const char* file, int line) { char *ret; @@ -37,7 +40,7 @@ char *CRYPTO_strndup(const char *str, size_t s, const char* file, int line) ret = CRYPTO_malloc(maxlen + 1, file, line); if (ret) { memcpy(ret, str, maxlen); - ret[maxlen] = '\0'; + ret[maxlen] = CH_ZERO; } return ret; } @@ -61,7 +64,7 @@ size_t OPENSSL_strnlen(const char *str, size_t maxlen) { const char *p; - for (p = str; maxlen-- != 0 && *p != '\0'; ++p) ; + for (p = str; maxlen-- != 0 && *p != CH_ZERO; ++p) ; return p - str; } @@ -74,7 +77,7 @@ size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size) l++; } if (size) - *dst = '\0'; + *dst = CH_ZERO; return l + strlen(src); } @@ -129,11 +132,8 @@ int OPENSSL_hexchar2int(unsigned char c) return -1; } -/* - * Give a string of hex digits convert to a buffer - */ -int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, size_t *buflen, - const char *str) +static int hexstr2buf_sep(unsigned char *buf, size_t buf_n, size_t *buflen, + const char *str, const char sep) { unsigned char *q; unsigned char ch, cl; @@ -143,26 +143,24 @@ int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, size_t *buflen, for (p = (const unsigned char *)str, q = buf, cnt = 0; *p; ) { ch = *p++; - if (ch == ':') + /* A separator of CH_ZERO means there is no separator */ + if (ch == sep && sep != CH_ZERO) continue; cl = *p++; if (!cl) { - CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF_EX, - CRYPTO_R_ODD_NUMBER_OF_DIGITS); + CRYPTOerr(0, CRYPTO_R_ODD_NUMBER_OF_DIGITS); return 0; } cli = OPENSSL_hexchar2int(cl); chi = OPENSSL_hexchar2int(ch); if (cli < 0 || chi < 0) { - CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF_EX, - CRYPTO_R_ILLEGAL_HEX_DIGIT); + CRYPTOerr(0, CRYPTO_R_ILLEGAL_HEX_DIGIT); return 0; } cnt++; if (q != NULL) { if (cnt > buf_n) { - CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF_EX, - CRYPTO_R_TOO_SMALL_BUFFER); + CRYPTOerr(0, CRYPTO_R_TOO_SMALL_BUFFER); return 0; } *q++ = (unsigned char)((chi << 4) | cli); @@ -174,21 +172,31 @@ int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, size_t *buflen, return 1; } -unsigned char *OPENSSL_hexstr2buf(const char *str, long *buflen) +/* + * Given a string of hex digits convert to a buffer + */ +int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, size_t *buflen, + const char *str) +{ + return hexstr2buf_sep(buf, buf_n, buflen, str, DEFAULT_SEPARATOR); +} + +unsigned char *openssl_hexstr2buf_sep(const char *str, long *buflen, + const char sep) { unsigned char *buf; size_t buf_n, tmp_buflen; buf_n = strlen(str) >> 1; if ((buf = OPENSSL_malloc(buf_n)) == NULL) { - CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, ERR_R_MALLOC_FAILURE); + CRYPTOerr(0, ERR_R_MALLOC_FAILURE); return NULL; } if (buflen != NULL) *buflen = 0; tmp_buflen = 0; - if (OPENSSL_hexstr2buf_ex(buf, buf_n, &tmp_buflen, str)) { + if (hexstr2buf_sep(buf, buf_n, &tmp_buflen, str, sep)) { if (buflen != NULL) *buflen = (long)tmp_buflen; return buf; @@ -197,21 +205,29 @@ unsigned char *OPENSSL_hexstr2buf(const char *str, long *buflen) return NULL; } -int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlen, - const unsigned char *buf, size_t buflen) +unsigned char *OPENSSL_hexstr2buf(const char *str, long *buflen) +{ + return openssl_hexstr2buf_sep(str, buflen, DEFAULT_SEPARATOR); +} + +static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlen, + const unsigned char *buf, size_t buflen, + const char sep) { static const char hexdig[] = "0123456789ABCDEF"; const unsigned char *p; char *q; size_t i; + int has_sep = (sep != CH_ZERO); + size_t len = has_sep ? buflen * 3 : 1 + buflen * 2; if (strlen != NULL) - *strlen = buflen * 3; + *strlen = len; if (str == NULL) return 1; - if (str_n < (unsigned long)buflen * 3) { - CRYPTOerr(CRYPTO_F_OPENSSL_BUF2HEXSTR_EX, CRYPTO_R_TOO_SMALL_BUFFER); + if (str_n < (unsigned long)len) { + CRYPTOerr(0, CRYPTO_R_TOO_SMALL_BUFFER); return 0; } @@ -219,21 +235,26 @@ int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlen, for (i = 0, p = buf; i < buflen; i++, p++) { *q++ = hexdig[(*p >> 4) & 0xf]; *q++ = hexdig[*p & 0xf]; - *q++ = ':'; + if (has_sep) + *q++ = sep; } - q[-1] = 0; + if (has_sep) + --q; + *q = CH_ZERO; + #ifdef CHARSET_EBCDIC ebcdic2ascii(str, str, q - str - 1); #endif return 1; } -/* - * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its - * hex representation @@@ (Contents of buffer are always kept in ASCII, also - * on EBCDIC machines) - */ -char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen) +int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlen, + const unsigned char *buf, size_t buflen) +{ + return buf2hexstr_sep(str, str_n, strlen, buf, buflen, DEFAULT_SEPARATOR); +} + +char *openssl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep) { char *tmp; size_t tmp_n; @@ -241,18 +262,29 @@ char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen) if (buflen == 0) return OPENSSL_zalloc(1); - tmp_n = buflen * 3; + tmp_n = (sep != CH_ZERO) ? buflen * 3 : 1 + buflen * 2; if ((tmp = OPENSSL_malloc(tmp_n)) == NULL) { - CRYPTOerr(CRYPTO_F_OPENSSL_BUF2HEXSTR, ERR_R_MALLOC_FAILURE); + CRYPTOerr(0, ERR_R_MALLOC_FAILURE); return NULL; } - if (OPENSSL_buf2hexstr_ex(tmp, tmp_n, NULL, buf, buflen)) + if (buf2hexstr_sep(tmp, tmp_n, NULL, buf, buflen, sep)) return tmp; OPENSSL_free(tmp); return NULL; } + +/* + * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its + * hex representation @@@ (Contents of buffer are always kept in ASCII, also + * on EBCDIC machines) + */ +char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen) +{ + return openssl_buf2hexstr_sep(buf, buflen, ':'); +} + int openssl_strerror_r(int errnum, char *buf, size_t buflen) { #if defined(_MSC_VER) && _MSC_VER>=1400 diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index b479b58a84..a4f18a5d3f 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -241,4 +241,8 @@ char *sk_ASN1_UTF8STRING2text(STACK_OF(ASN1_UTF8STRING) *text, const char *sep, size_t max_len); char *ipaddr_to_asc(unsigned char *p, int len); +char *openssl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep); +unsigned char *openssl_hexstr2buf_sep(const char *str, long *buflen, + const char sep); + #endif diff --git a/test/build.info b/test/build.info index 112b68c22f..9697e55f12 100644 --- a/test/build.info +++ b/test/build.info @@ -54,7 +54,7 @@ IF[{- !$disabled{tests} -}] http_test servername_test ocspapitest fatalerrtest tls13ccstest \ sysdefaulttest errtest ssl_ctx_test gosttest \ context_internal_test aesgcmtest params_test evp_pkey_dparams_test \ - keymgmt_internal_test + keymgmt_internal_test hexstr_test SOURCE[confdump]=confdump.c INCLUDE[confdump]=../include ../apps/include @@ -736,6 +736,11 @@ IF[{- !$disabled{tests} -}] INCLUDE[params_test]=.. ../include ../apps/include DEPEND[params_test]=../libcrypto.a libtestutil.a + PROGRAMS{noinst}=hexstr_test + SOURCE[hexstr_test]=hexstr_test.c + INCLUDE[hexstr_test]=.. ../include ../apps/include + DEPEND[hexstr_test]=../libcrypto.a libtestutil.a + PROGRAMS{noinst}=namemap_internal_test SOURCE[namemap_internal_test]=namemap_internal_test.c INCLUDE[namemap_internal_test]=.. ../include ../apps/include diff --git a/test/errtest.c b/test/errtest.c index 179c338c45..cc2f6612d1 100644 --- a/test/errtest.c +++ b/test/errtest.c @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include #include #include @@ -18,6 +19,46 @@ # include #endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IS_HEX(ch) ((ch >= '0' && ch <='9') || (ch >= 'A' && ch <='F')) + +static int test_print_error_format(void) +{ + static const char expected[] = + ":error::system library:test_print_error_format:Operation not permitted:" +# ifndef OPENSSL_NO_FILENAMES + "errtest.c:30:"; +# else + ":0:"; +# endif + char *out = NULL, *p = NULL; + int ret = 0, len; + BIO *bio = NULL; + + if (!TEST_ptr(bio = BIO_new(BIO_s_mem()))) + return 0; + + ERR_PUT_error(ERR_LIB_SYS, 0, 1, "errtest.c", 30); + ERR_print_errors(bio); + + if (!TEST_int_gt(len = BIO_get_mem_data(bio, &out), 0)) + goto err; + /* Skip over the variable thread id at the start of the string */ + for (p = out; *p != ':' && *p != 0; ++p) { + if (!TEST_true(IS_HEX(*p))) + goto err; + } + if (!TEST_true(*p != 0) + || !TEST_strn_eq(expected, p, strlen(expected))) + goto err; + + ret = 1; +err: + BIO_free(bio); + return ret; +} +#endif + /* Test that querying the error queue preserves the OS error. */ static int preserves_system_error(void) { @@ -79,5 +120,8 @@ int setup_tests(void) ADD_TEST(preserves_system_error); ADD_TEST(vdata_appends); ADD_TEST(raised_error); +#ifndef OPENSSL_NO_DEPRECATED_3_0 + ADD_TEST(test_print_error_format); +#endif return 1; } diff --git a/test/hexstr_test.c b/test/hexstr_test.c new file mode 100644 index 0000000000..c4f13b6d53 --- /dev/null +++ b/test/hexstr_test.c @@ -0,0 +1,133 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +/* + * This program tests the use of OSSL_PARAM, currently in raw form. + */ + +#include "internal/nelem.h" +#include "internal/cryptlib.h" +#include "testutil.h" + +struct testdata +{ + const char *in; + const unsigned char *expected; + size_t expected_len; + const char sep; +}; + +static const unsigned char test_1[] = { 0xAB, 0xCD, 0xEF, 0xF1 }; +static const unsigned char test_2[] = { 0xAB, 0xCD, 0xEF, 0x76, 0x00 }; + +static struct testdata tbl_testdata[] = { + { + "AB:CD:EF:F1", + test_1, sizeof(test_1), + ':', + }, + { + "AB:CD:EF:76:00", + test_2, sizeof(test_2), + ':', + }, + { + "AB_CD_EF_F1", + test_1, sizeof(test_1), + '_', + }, + { + "AB_CD_EF_76_00", + test_2, sizeof(test_2), + '_', + }, + { + "ABCDEFF1", + test_1, sizeof(test_1), + '\0', + }, + { + "ABCDEF7600", + test_2, sizeof(test_2), + '\0', + }, +}; + +static int test_hexstr_sep_to_from(int test_index) +{ + int ret = 0; + long len = 0; + unsigned char *buf = NULL; + char *out = NULL; + struct testdata *test = &tbl_testdata[test_index]; + + if (!TEST_ptr(buf = openssl_hexstr2buf_sep(test->in, &len, test->sep)) + || !TEST_mem_eq(buf, len, test->expected, test->expected_len) + || !TEST_ptr(out = openssl_buf2hexstr_sep(buf, len, test->sep)) + || !TEST_str_eq(out, test->in)) + goto err; + + ret = 1; +err: + OPENSSL_free(buf); + OPENSSL_free(out); + return ret; +} + +static int test_hexstr_to_from(int test_index) +{ + int ret = 0; + long len = 0; + unsigned char *buf = NULL; + char *out = NULL; + struct testdata *test = &tbl_testdata[test_index]; + + if (test->sep != '_') { + if (!TEST_ptr(buf = OPENSSL_hexstr2buf(test->in, &len)) + || !TEST_mem_eq(buf, len, test->expected, test->expected_len) + || !TEST_ptr(out = OPENSSL_buf2hexstr(buf, len))) + goto err; + if (test->sep == ':') { + if (!TEST_str_eq(out, test->in)) + goto err; + } else if (!TEST_str_ne(out, test->in)) { + goto err; + } + } else { + if (!TEST_ptr_null(buf = OPENSSL_hexstr2buf(test->in, &len))) + goto err; + } + ret = 1; +err: + OPENSSL_free(buf); + OPENSSL_free(out); + return ret; +} + +static int test_hexstr_ex_to_from(int test_index) +{ + size_t len = 0; + char out[64]; + unsigned char buf[64]; + struct testdata *test = &tbl_testdata[test_index]; + + return TEST_true(OPENSSL_hexstr2buf_ex(buf, sizeof(buf), &len, test->in)) + && TEST_mem_eq(buf, len, test->expected, test->expected_len) + && TEST_true(OPENSSL_buf2hexstr_ex(out, sizeof(out), NULL, buf, len)) + && TEST_str_eq(out, test->in); +} + +int setup_tests(void) +{ + ADD_ALL_TESTS(test_hexstr_sep_to_from, OSSL_NELEM(tbl_testdata)); + ADD_ALL_TESTS(test_hexstr_to_from, OSSL_NELEM(tbl_testdata)); + ADD_ALL_TESTS(test_hexstr_ex_to_from, 2); + return 1; +} diff --git a/test/recipes/04-test_params.t b/test/recipes/04-test_hexstring.t similarity index 71% copy from test/recipes/04-test_params.t copy to test/recipes/04-test_hexstring.t index ae83d4fdd0..664868fe60 100644 --- a/test/recipes/04-test_params.t +++ b/test/recipes/04-test_hexstring.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,6 @@ use strict; use OpenSSL::Test; use OpenSSL::Test::Simple; -setup("test_params"); +setup("test_hexstring"); -simple_test("test_params", "params_test"); +simple_test("test_hexstring", "hexstr_test"); From shane.lontis at oracle.com Tue May 26 03:56:06 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Tue, 26 May 2020 03:56:06 +0000 Subject: [openssl] master update Message-ID: <1590465366.603954.16246.nullmailer@dev.openssl.org> The branch master has been updated via b8086652650c0782bc8d63b620663e04a3c6a3a7 (commit) from f32af93c924dca25728d8e7b85b8e4b660154e12 (commit) - Log ----------------------------------------------------------------- commit b8086652650c0782bc8d63b620663e04a3c6a3a7 Author: Shane Lontis Date: Tue May 26 13:53:07 2020 +1000 Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11610) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_lib.c | 6 +- crypto/ec/ec_backend.c | 15 +- crypto/evp/pmeth_lib.c | 6 +- crypto/ffc/ffc_backend.c | 2 +- crypto/ffc/ffc_params.c | 2 +- crypto/provider_core.c | 16 +- doc/man3/EVP_KDF.pod | 12 +- doc/man3/EVP_MAC.pod | 3 + doc/man3/EVP_PKEY_CTX_ctrl.pod | 58 +---- doc/man3/EVP_PKEY_CTX_set_params.pod | 95 ++++++++ doc/man7/EVP_KEYEXCH-DH.pod | 98 ++++++++ doc/man7/EVP_KEYEXCH-ECDH.pod | 133 +++++++++++ doc/man7/EVP_KEYEXCH-X25519.pod | 50 ++++ doc/man7/EVP_PKEY-DH.pod | 229 ++++++++++++++++++ doc/man7/EVP_PKEY-DSA.pod | 259 ++++----------------- doc/man7/EVP_PKEY-EC.pod | 69 +++++- doc/man7/{EVP_PKEY-DSA.pod => EVP_PKEY-FFC.pod} | 113 ++------- doc/man7/EVP_PKEY-RSA.pod | 13 +- doc/man7/EVP_PKEY-X25519.pod | 4 + doc/man7/EVP_SIGNATURE-DSA.pod | 58 +++++ doc/man7/EVP_SIGNATURE-ECDSA.pod | 57 +++++ .../{Ed25519.pod => EVP_SIGNATURE-ED25519.pod} | 49 ++-- doc/man7/EVP_SIGNATURE-RSA.pod | 112 +++++++++ doc/man7/OSSL_PROVIDER-FIPS.pod | 14 +- doc/man7/OSSL_PROVIDER-default.pod | 4 +- doc/man7/OSSL_PROVIDER-legacy.pod | 4 +- doc/man7/provider-base.pod | 46 +++- doc/man7/provider-keyexch.pod | 64 +---- doc/man7/provider-signature.pod | 15 +- include/crypto/ec.h | 2 +- include/openssl/core_names.h | 41 ++-- providers/fips/fipsprov.c | 5 +- providers/implementations/asymciphers/rsa_enc.c | 11 +- providers/implementations/keymgmt/dh_kmgmt.c | 14 +- providers/implementations/keymgmt/dsa_kmgmt.c | 1 - providers/implementations/keymgmt/ec_kmgmt.c | 21 +- providers/implementations/signature/dsa.c | 1 + providers/implementations/signature/eddsa.c | 2 +- providers/implementations/signature/rsa.c | 45 ++-- test/dsatest.c | 2 +- test/evp_pkey_provided_test.c | 10 +- 41 files changed, 1199 insertions(+), 562 deletions(-) create mode 100644 doc/man3/EVP_PKEY_CTX_set_params.pod create mode 100644 doc/man7/EVP_KEYEXCH-DH.pod create mode 100644 doc/man7/EVP_KEYEXCH-ECDH.pod create mode 100644 doc/man7/EVP_KEYEXCH-X25519.pod create mode 100644 doc/man7/EVP_PKEY-DH.pod copy doc/man7/{EVP_PKEY-DSA.pod => EVP_PKEY-FFC.pod} (64%) create mode 100644 doc/man7/EVP_SIGNATURE-DSA.pod create mode 100644 doc/man7/EVP_SIGNATURE-ECDSA.pod rename doc/man7/{Ed25519.pod => EVP_SIGNATURE-ED25519.pod} (68%) create mode 100644 doc/man7/EVP_SIGNATURE-RSA.pod diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index c3585f264f..3a523c3591 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -475,7 +475,7 @@ int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen) EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL); #endif - *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GENERATOR, &gen); + *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_DH_GENERATOR, &gen); *p++ = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, params); @@ -500,7 +500,7 @@ int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen) if (name == NULL) return 0; - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, (void *)name, 0); *p++ = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, params); @@ -531,7 +531,7 @@ int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid) if (name == NULL) return 0; - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, (void *)name, 0); *p++ = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, params); diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c index 98dd0ecf5d..fb6497b084 100644 --- a/crypto/ec/ec_backend.c +++ b/crypto/ec/ec_backend.c @@ -19,15 +19,10 @@ * implementations alike. */ -int ec_set_param_ecdh_cofactor_mode(EC_KEY *ec, const OSSL_PARAM *p) +int ec_set_ecdh_cofactor_mode(EC_KEY *ec, int mode) { const EC_GROUP *ecg = EC_KEY_get0_group(ec); const BIGNUM *cofactor; - int mode; - - if (!OSSL_PARAM_get_int(p, &mode)) - return 0; - /* * mode can be only 0 for disable, or 1 for enable here. * @@ -224,8 +219,12 @@ int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]) return 0; p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH); - if (p != NULL && !ec_set_param_ecdh_cofactor_mode(ec, p)) - return 0; + if (p != NULL) { + int mode; + if (!OSSL_PARAM_get_int(p, &mode) + || !ec_set_ecdh_cofactor_mode(ec, mode)) + return 0; + } return 1; } diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index e4327b3a94..355565de63 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -1033,7 +1033,7 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, # endif # ifndef OPENSSL_NO_DH else if (strcmp(name, "dh_paramgen_generator") == 0) - name = OSSL_PKEY_PARAM_FFC_GENERATOR; + name = OSSL_PKEY_PARAM_DH_GENERATOR; else if (strcmp(name, "dh_paramgen_prime_len") == 0) name = OSSL_PKEY_PARAM_FFC_PBITS; else if (strcmp(name, "dh_paramgen_subprime_len") == 0) @@ -1042,9 +1042,9 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, name = OSSL_PKEY_PARAM_FFC_TYPE; value = dh_gen_type_id2name(atoi(value)); } else if (strcmp(name, "dh_param") == 0) - name = OSSL_PKEY_PARAM_FFC_GROUP; + name = OSSL_PKEY_PARAM_DH_GROUP; else if (strcmp(name, "dh_rfc5114") == 0) { - name = OSSL_PKEY_PARAM_FFC_GROUP; + name = OSSL_PKEY_PARAM_DH_GROUP; value = ffc_named_group_from_uid(atoi(value)); } else if (strcmp(name, "dh_pad") == 0) name = OSSL_EXCHANGE_PARAM_PAD; diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c index 1cfa427df6..c34e79bf4f 100644 --- a/crypto/ffc/ffc_backend.c +++ b/crypto/ffc/ffc_backend.c @@ -27,7 +27,7 @@ int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]) if (ffc == NULL) return 0; - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GROUP); + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_GROUP); if (prm != NULL) { if (prm->data_type != OSSL_PARAM_UTF8_STRING) goto err; diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c index efd7dc8920..a95a2fa12b 100644 --- a/crypto/ffc/ffc_params.c +++ b/crypto/ffc/ffc_params.c @@ -220,7 +220,7 @@ int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld, if (name == NULL || !ossl_param_build_set_utf8_string(bld, params, - OSSL_PKEY_PARAM_FFC_GROUP, + OSSL_PKEY_PARAM_DH_GROUP, name)) return 0; #else diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 0c21660080..f8aa5721b4 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -841,8 +841,13 @@ int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum, * never knows. */ static const OSSL_PARAM param_types[] = { - OSSL_PARAM_DEFN("openssl-version", OSSL_PARAM_UTF8_PTR, NULL, 0), - OSSL_PARAM_DEFN("provider-name", OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_PROV_NAME, OSSL_PARAM_UTF8_PTR, + NULL, 0), +#ifndef FIPS_MODULE + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_MODULE_FILENAME, OSSL_PARAM_UTF8_PTR, + NULL, 0), +#endif OSSL_PARAM_END }; @@ -879,13 +884,14 @@ static int core_get_params(const OSSL_CORE_HANDLE *handle, OSSL_PARAM params[]) */ OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle; - if ((p = OSSL_PARAM_locate(params, "openssl-version")) != NULL) + if ((p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_CORE_VERSION)) != NULL) OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR); - if ((p = OSSL_PARAM_locate(params, "provider-name")) != NULL) + if ((p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_CORE_PROV_NAME)) != NULL) OSSL_PARAM_set_utf8_ptr(p, prov->name); #ifndef FIPS_MODULE - if ((p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_MODULE_FILENAME)) != NULL) + if ((p = OSSL_PARAM_locate(params, + OSSL_PROV_PARAM_CORE_MODULE_FILENAME)) != NULL) OSSL_PARAM_set_utf8_ptr(p, ossl_provider_module_path(prov)); #endif diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod index 2d7fe49c16..bceee3f500 100644 --- a/doc/man3/EVP_KDF.pod +++ b/doc/man3/EVP_KDF.pod @@ -68,6 +68,9 @@ EVP_KDF_fetch() fetches an implementation of a KDF I, given a library context I and a set of I. See L for further information. +See L for the lists of +algorithms supported by the default provider. + The returned value must eventually be freed with L. @@ -248,14 +251,7 @@ supported by the KDF algorithm. =head1 SEE ALSO -L -L -L -L -L -L -L -L +L =head1 HISTORY diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index 1b961d4978..c98c8d873a 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -82,6 +82,9 @@ EVP_MAC_fetch() fetches an implementation of a MAC I, given a library context I and a set of I. See L for further information. +See L for the list +of algorithms supported by the default provider. + The returned value must eventually be freed with L. diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index 039073cacf..db91f01038 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -2,10 +2,6 @@ =head1 NAME -EVP_PKEY_CTX_get_params, -EVP_PKEY_CTX_gettable_params, -EVP_PKEY_CTX_set_params, -EVP_PKEY_CTX_settable_params, EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, @@ -78,11 +74,6 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len #include - int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); - const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx); - int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); - const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx); - int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2); int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, @@ -186,49 +177,6 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len =head1 DESCRIPTION -The EVP_PKEY_CTX_get_params() and EVP_PKEY_CTX_set_params() functions get and -send arbitrary parameters from and to the algorithm implementation respectively. -Not all parameters may be supported by all providers. -See L for more information on providers. -See L for more information on parameters. -These functions must only be called after the EVP_PKEY_CTX has been initialised -for use in an operation. - -The parameters currently supported by the default provider are: - -=over 4 - -=item "pad" (B) - -Sets the DH padding mode. -If B is 1 then the shared secret is padded with zeros -up to the size of the DH prime I

    . -If B is zero (the default) then no padding is -performed. - -=item "digest" (B) - -Gets and sets the name of the digest algorithm used for the input to the -signature functions. - -=item "digest-size" (B) - -Gets and sets the output size of the digest algorithm used for the input to the -signature functions. -The length of the "digest-size" parameter should not exceed that of a B. -The internal algorithm that supports this parameter is DSA. - -=back - -EVP_PKEY_CTX_gettable_params() and EVP_PKEY_CTX_settable_params() gets a -constant B array that describes the gettable and -settable parameters for the current algorithm implementation, i.e. parameters -that can be used with EVP_PKEY_CTX_get_params() and EVP_PKEY_CTX_set_params() -respectively. -See L for the use of B as parameter descriptor. -These functions must only be called after the EVP_PKEY_CTX has been initialised -for use in an operation. - The function EVP_PKEY_CTX_ctrl() sends a control operation to the context I. The key type used must match I if it is not -1. The parameter I is a mask indicating which operations the control can be applied to. @@ -662,17 +610,13 @@ allocate adequate memory space for the I before calling EVP_PKEY_CTX_get1_id =head1 RETURN VALUES -EVP_PKEY_CTX_set_params() returns 1 for success or 0 otherwise. -EVP_PKEY_CTX_settable_params() returns an OSSL_PARAM array on success or NULL on -error. -It may also return NULL if there are no settable parameters available. - All other functions and macros described on this page return a positive value for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm. =head1 SEE ALSO +L, L, L, L, diff --git a/doc/man3/EVP_PKEY_CTX_set_params.pod b/doc/man3/EVP_PKEY_CTX_set_params.pod new file mode 100644 index 0000000000..b4959c6f44 --- /dev/null +++ b/doc/man3/EVP_PKEY_CTX_set_params.pod @@ -0,0 +1,95 @@ +=pod + +=head1 NAME + +EVP_PKEY_CTX_set_params, +EVP_PKEY_CTX_settable_params, +EVP_PKEY_CTX_get_params, +EVP_PKEY_CTX_gettable_params +- provider parameter passing operations + +=head1 SYNOPSIS + + #include + + int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); + const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx); + int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); + const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx); + +=head1 DESCRIPTION + +The EVP_PKEY_CTX_get_params() and EVP_PKEY_CTX_set_params() functions allow +transfer of arbitrary key parameters to and from providers. +Not all parameters may be supported by all providers. +See L for more information on providers. +See L for more information on parameters. +These functions must only be called after the EVP_PKEY_CTX has been initialised +for use in an operation. +These methods replace the EVP_PKEY_CTX_ctrl() mechanism. (EVP_PKEY_CTX_ctrl now +calls these methods internally to interact with providers). + +EVP_PKEY_CTX_gettable_params() and EVP_PKEY_CTX_settable_params() get a +constant B array that describes the gettable and +settable parameters for the current algorithm implementation, i.e. parameters +that can be used with EVP_PKEY_CTX_get_params() and EVP_PKEY_CTX_set_params() +respectively. +See L for the use of B as parameter descriptor. +These functions must only be called after the EVP_PKEY_CTX has been initialised +for use in an operation. + +=head2 Parameters + +Examples of EVP_PKEY parameters include the following: + +L +L +L + +L +L +L +L +L +L +L +L +L +L + +=head1 RETURN VALUES + +EVP_PKEY_CTX_set_params() returns 1 for success or 0 otherwise. +EVP_PKEY_CTX_settable_params() returns an OSSL_PARAM array on success or NULL on +error. +It may also return NULL if there are no settable parameters available. + +All other functions and macros described on this page return a positive value +for success and 0 or a negative value for failure. In particular a return value +of -2 indicates the operation is not supported by the public key algorithm. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L, +L + +=head1 HISTORY + +All functions were added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_KEYEXCH-DH.pod b/doc/man7/EVP_KEYEXCH-DH.pod new file mode 100644 index 0000000000..9e9cee7dce --- /dev/null +++ b/doc/man7/EVP_KEYEXCH-DH.pod @@ -0,0 +1,98 @@ +=pod + +=head1 NAME + +EVP_KEYEXCH-DH +- DH Key Exchange algorithm support + +=head1 DESCRIPTION + +Key exchange support for the B key type. + +=head2 DH key exchange parameters + +=over 4 + +=item "pad" (B) + +See L. + +=back + +=head1 EXAMPLES + +The examples assume a host and peer both generate keys using the same +named group (or domain parameters). See L. +Both the host and peer transfer their public key to each other. + +To convert the peer's generated key pair to a public key in DER format in order +to transfer to the host: + + EVP_PKEY *peer_key; /* It is assumed this contains the peers generated key */ + unsigned char *peer_pub_der = NULL; + int peer_pub_der_len; + + peer_pub_der_len = i2d_PUBKEY(peer_key, &peer_pub_der); + ... + OPENSSL_free(peer_pub_der); + +To convert the received peer's public key from DER format on the host: + + const unsigned char *pd = peer_pub_der; + EVP_PKEY *peer_pub_key = d2i_PUBKEY(NULL, &pd, peer_pub_der_len); + ... + EVP_PKEY_free(peer_pub_key); + +To derive a shared secret on the host using the host's key and the peer's public +key: + /* It is assumed that the host_key and peer_pub_key are set up */ + void derive_secret(EVP_KEY *host_key, EVP_PKEY *peer_pub_key) + { + unsigned int pad = 1; + OSSL_PARAM params[2]; + unsigned char *secret = NULL; + size_t secret_len = 0; + EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_new_from_pkey(NULL, host_key, NULL); + + EVP_PKEY_derive_init(dctx); + + /* Optionally set the padding */ + params[0] = OSSL_PARAM_construct_uint(OSSL_EXCHANGE_PARAM_PAD, &pad); + params[1] = OSSL_PARAM_construct_end(); + EVP_PKEY_CTX_set_params(dctx, params); + + EVP_PKEY_derive_set_peer(dctx, peer_pub_key); + + /* Get the size by passing NULL as the buffer */ + EVP_PKEY_derive(dctx, NULL, &secret_len); + secret = OPENSSL_zalloc(secret_len); + + EVP_PKEY_derive(dctx, secret, &secret_len); + ... + OPENSSL_clear_free(secret, secret_len); + EVP_PKEY_CTX_free(dctx); + } + +Very similar code can be used by the peer to derive the same shared secret +using the host's public key and the peer's generated key pair. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L, + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_KEYEXCH-ECDH.pod b/doc/man7/EVP_KEYEXCH-ECDH.pod new file mode 100644 index 0000000000..1add4b7100 --- /dev/null +++ b/doc/man7/EVP_KEYEXCH-ECDH.pod @@ -0,0 +1,133 @@ +=pod + +=head1 NAME + +EVP_KEYEXCH-ECDH - ECDH Key Exchange algorithm support + +=head1 DESCRIPTION + +Key exchange support for the B key type. + +=head2 ECDH Key Exchange parameters + +=over 4 + +=item "ecdh-cofactor-mode" (B) + +Sets or gets the ECDH mode of operation for the associated key exchange ctx. + +In the context of an Elliptic Curve Diffie-Hellman key exchange, this parameter +can be used to select between the plain Diffie-Hellman (DH) or Cofactor +Diffie-Hellman (CDH) variants of the key exchange algorithm. + +When setting, the value should be 1, 0 or -1, respectively forcing cofactor mode +on, off, or resetting it to the default for the private key associated with the +given key exchange ctx. + +When getting, the value should be either 1 or 0, respectively signaling if the +cofactor mode is on or off. + +See also L for the related +B parameter that can be set on a +per-key basis. + +=item "kdf-type" (B) + +Sets or gets the Key Derivation Function type to apply within the associated key +exchange ctx. + +=item "kdf-digest" (B) + +Sets or gets the Digest algorithm to be used as part of the Key Derivation Function +associated with the given key exchange ctx. + +=item "kdf-digest-props" (B) + +Sets properties to be used upon look up of the implementation for the selected +Digest algorithm for the Key Derivation Function associated with the given key +exchange ctx. + +=item "kdf-outlen" (B) + +Sets or gets the desired size for the output of the chosen Key Derivation Function +associated with the given key exchange ctx. + +=item "kdf-ukm" (B) + +Sets the User Key Material to be used as part of the selected Key Derivation +Function associated with the given key exchange ctx. + +=item "kdf-ukm" (B) + +Gets a pointer to the User Key Material to be used as part of the selected +Key Derivation Function associated with the given key exchange ctx. + +=item "kdf-ukm-len" (B) + +Gets the size of the User Key Material to be used as part of the selected +Key Derivation Function associated with the given key exchange ctx. + +=back + +=head1 EXAMPLES + +Keys for the host and peer must be generated as shown in +L using the same curve name. + +The code to generate a shared secret for the normal case is identical to +L. + +To derive a shared secret on the host using the host's key and the peer's public +key but also using X963KDF with a user key material: + + /* It is assumed that the host_key, peer_pub_key and ukm are set up */ + void derive_secret(EVP_PKEY *host_key, EVP_PKEY *peer_key, + unsigned char *ukm, size_t ukm_len) + { + unsigned char secret[64]; + size_t out_len = sizeof(secret); + size_t secret_len = out_len; + unsigned int pad = 1; + OSSL_PARAM params[6]; + EVP_PKET_CTX *dctx = EVP_PKEY_CTX_new_from_pkey(NULL, host_key, NULL); + + EVP_PKEY_derive_init(dctx); + + params[0] = OSSL_PARAM_construct_uint(OSSL_EXCHANGE_PARAM_PAD, &pad); + params[1] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE, + "X963KDF", 0); + params[2] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, + "SHA1", 0); + params[3] = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, + &out_len); + params[4] = OSSL_PARAM_construct_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM, + ukm, ukm_len); + params[5] = OSSL_PARAM_construct_end(); + EVP_PKEY_CTX_set_params(dctx, params); + + EVP_PKEY_derive_set_peer(dctx, peer_pub_key); + EVP_PKEY_derive(dctx, secret, &secret_len); + ... + OPENSSL_clear_free(secret, secret_len); + EVP_PKEY_CTX_free(dctx); + } + +=head1 SEE ALSO + +L +L, +L, +L, +L, +L, + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_KEYEXCH-X25519.pod b/doc/man7/EVP_KEYEXCH-X25519.pod new file mode 100644 index 0000000000..6140c56196 --- /dev/null +++ b/doc/man7/EVP_KEYEXCH-X25519.pod @@ -0,0 +1,50 @@ +=pod + +=head1 NAME + +EVP_KEYEXCH-X25519, +EVP_KEYEXCH-X448 +- X25519 and X448 Key Exchange algorithm support + +=head1 DESCRIPTION + +Key exchange support for the B and B key types. + +=head2 Key exchange parameters + +=over 4 + +=item "pad" (B) + +See L. + +=back + +=head1 EXAMPLES + +Keys for the host and peer can be generated as shown in +L. + +The code to generate a shared secret is identical to +L. + +=head1 SEE ALSO + +L, +L +L, +L, +L, +L, +L, + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_PKEY-DH.pod b/doc/man7/EVP_PKEY-DH.pod new file mode 100644 index 0000000000..33b19a74f9 --- /dev/null +++ b/doc/man7/EVP_PKEY-DH.pod @@ -0,0 +1,229 @@ +=pod + +=head1 NAME + +EVP_PKEY-DH, EVP_KEYMGMT-DH - EVP_PKEY DH keytype and algorithm support + +=head1 DESCRIPTION + +For B FFC key agreement, two classes of domain parameters can be used: +"safe" domain parameters that are associated with approved named safe-prime +groups, and a class of "FIPS 186-type" domain parameters. FIPS 186-type domain +parameters should only be used for backward compatibility with existing +applications that cannot be upgraded to use the approved safe-prime groups. + +See L for more information about FFC keys. + +For B that is not a named group) the FIPS186-4 standard specifies that the +values used for FFC parameter generation are also required for parameter +validation. This means that optional FFC domain parameter values for +I, I and I may need to be stored for validation purposes. +For B the I and I can be stored in ASN1 data +(but the I is not). + +=head2 DH parameters + +In addition to the common FCC parameters that all FFC keytypes should support +(see L)) the B keytype +implementation supports the following: + +=over 4 + +=item "group" (B) + +Set or gets a string that associates a B named safe prime group with known +values for I

    , I and I. + +The following values can be used by the OpenSSL's default and FIPS providers: +"ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144", "ffdhe8192", +"modp_2048", "modp_3072", "modp_4096", "modp_6144", "modp_8192". + +The following additional values can also be used by OpenSSL's default provider: +"modp_1536", "dh_1024_160", "dh_2048_224", "dh_2048_256". + +DH named groups can be easily validated since the parameters are well known. +For protocols that only transfer I

    and I the value of I can also be +retrieved. + +=item "safeprime-generator" (B) + +Used for DH generation of safe primes using the old generator code. +It is recommended to use a named safe prime group instead, if domain parameter +validation is required. The default value is 2. + +These are not named safe prime groups so setting this value for the OpenSSL FIPS +provider will instead choose a named safe prime group based on the size of I

    . + +=back + +=head2 DH domain parameter / key generation parameters + +In addition to the common FCC key generation parameters that all FFC key types +should support (see L)) the +B keytype implementation supports the following: + +=over 4 + +=item "type" (B) + +Sets the type of parameter generation. For B valid values are: + +=over 4 + +=item "fips186_4" + +=item "default" + +=item "fips186_2" + +These are described in L + +=item "group" + +This specifies that a named safe prime name will be chosen using the "pbits" +type. + +=item "generator" + +A safe prime generator. See the "safeprime-generator" type above. + +=back + +=item "pbits" (B) + +Sets the size (in bits) of the prime 'p'. + +For "fips186_4" this must be 2048. +For "fips186_2" this must be 1024. +For "group" this can be any one of 2048, 3072, 4096, 6144 or 8192. + +=item "priv_len" (B) + +An optional value to set the maximum length of the generated private key. +The default valure used if this is not set is the maximum value of +BN_num_bits(I)). The minimum value that this can be set to is 2 * s. +Where s is the security strength of the key which has values of +112, 128, 152, 176 and 200 for key sizes of 2048, 3072, 4096, 6144 and 8192. + +=back + +=head1 EXAMPLES + +An B context can be obtained by calling: + + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL); + +An B key can be generated with a named safe prime group by calling: + + int priv_len = 2 * 112; + OSSL_PARAM params[3]; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL); + + params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0); + /* "priv_len" is optional */ + params[1] = OSSL_PARAM_construct_int("priv_len", &priv_len); + params[2] = OSSL_PARAM_construct_end(); + + EVP_PKEY_keygen_init(pctx); + EVP_PKEY_CTX_set_params(pctx, params); + EVP_PKEY_gen(pctx, &pkey); + ... + EVP_PKEY_free(key); + EVP_PKEY_CTX_free(pctx); + +Legacy B domain parameters can be generated by calling: + unsigned int pbits = 2048; + unsigned int qbits = 256; + int gindex = 1; + OSSL_PARAM params[5]; + EVP_PKEY *param_key = NULL; + EVP_PKEY_CTX *pctx = NULL; + + pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL); + EVP_PKEY_paramgen_init(pctx); + + params[0] = OSSL_PARAM_construct_uint("pbits", &pbits); + params[1] = OSSL_PARAM_construct_uint("qbits", &qbits); + params[2] = OSSL_PARAM_construct_int("gindex", &gindex); + params[3] = OSSL_PARAM_construct_utf8_string("digest", "SHA384", 0); + params[4] = OSSL_PARAM_construct_end(); + EVP_PKEY_CTX_set_params(pctx, params); + + EVP_PKEY_gen(pctx, ¶m_key); + + EVP_PKEY_print_params(bio_out, param_key, 0, NULL); + ... + EVP_PKEY_free(param_key); + EVP_PKEY_CTX_free(pctx); + +An B key can be generated using domain parameters by calling: + + EVP_PKEY *key = NULL; + EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL); + + EVP_PKEY_keygen_init(gctx); + EVP_PKEY_gen(gctx, &key); + EVP_PKEY_print_private(bio_out, key, 0, NULL); + ... + EVP_PKEY_free(key); + EVP_PKEY_CTX_free(gctx); + +=for comment TODO(3.0): To validate domain parameters, additional values used +during generation may be required to be set into the key. + +=head1 CONFORMING TO + +=over 4 + +=item RFC 7919 (TLS ffdhe named safe prime groups) + +=item RFC 3526 (IKE modp named safe prime groups) + +=item RFC 5114 (Additional DH named groups for dh_1024_160", "dh_2048_224" + and "dh_2048_256"). + +=back + +The following sections of SP800-56Ar3: + +=over 4 + +=item 5.5.1.1 FFC Domain Parameter Selection/Generation + +=item Appendix D: FFC Safe-prime Groups + +=back + +The following sections of FIPS 186-4: + +=over 4 + +=item A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function. + +=item A.2.3 Generation of canonical generator g. + +=item A.2.1 Unverifiable Generation of the Generator g. + +=back + +=head1 SEE ALSO + +L, +L +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_PKEY-DSA.pod b/doc/man7/EVP_PKEY-DSA.pod index ccb34a9f93..680717b140 100644 --- a/doc/man7/EVP_PKEY-DSA.pod +++ b/doc/man7/EVP_PKEY-DSA.pod @@ -2,240 +2,77 @@ =head1 NAME -EVP_PKEY-DSA, EVP_KEYMGMT-DSA, EVP_PKEY-DH, EVP_KEYMGMT-DH -- EVP_PKEY DSA and DH keytype and algorithm support +EVP_PKEY-DSA, EVP_KEYMGMT-DSA - EVP_PKEY DSA keytype and algorithm support =head1 DESCRIPTION -The B and B keytypes are implemented in OpenSSL's default and FIPS -providers. -The implementations support the basic DSA and DH keys, containing the public -and private keys I and I as well as the three main domain parameters -I

    , I and I. - -Finite field cryptography (FFC) is a method of implementing discrete logarithm -cryptography using finite field mathematics. DSA is an example of FFC and -Diffie-Hellman key establishment algorithms specified in SP800-56A can also be -implemented as FFC. - -For B FFC key agreement, two classes of domain parameters can be used: -"safe" domain parameters that are associated with approved named safe-prime -groups, and a class of "FIPS 186-type" domain parameters. FIPS 186-type domain -parameters should only be used for backward compatibility with existing -applications that cannot be upgraded to use the approved safe-prime groups. - -For B (and B that is not a named group) the FIPS186-4 standard -specifies that the values used for FFC parameter generation are also required -for parameter validation. +For B the FIPS186-4 standard specifies that the values used for FFC +parameter generation are also required for parameter validation. This means that optional FFC domain parameter values for I, I -and I may need to be stored for validation purposes. -For B the I and I can be stored in ASN1 data -(but the I is not). For B however, these fields are not stored in -the ASN1 data so they need to be stored externally if validation is required. +and I may need to be stored for validation purposes. For B these +fields are not stored in the ASN1 data so they need to be stored externally if +validation is required. -=head2 Common DH parameters +=head2 DSA parameters -=over 4 - -=item "group" (B) - -A string that associates a B named safe prime group with known values for -I

    , I and I. - -The following values can be used by the default and OpenSSL's FIPS providers: -"ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144", "ffdhe8192", -"modp_2048", "modp_3072", "modp_4096", "modp_6144", "modp_8192". - -The following additional values can also be used by the default provider: -"modp_1536", "dh_1024_160", "dh_2048_224", "dh_2048_256". - -DH named groups can be easily validated since the parameters are well known. -For protocols that only transfer I

    and I the value of I can also be -retrieved. - -=item "safeprime-generator" (B) - -Used for DH generation of safe primes using the old generator code. -It is recommended to use a named safe prime group instead, if domain parameter -validation is required. The default value is 2. - -These are not named safe prime groups so setting this value for the OpenSSL FIPS -provider will instead choose a named safe prime group based on the size of I

    . - -=back - -=head2 Common DSA & DH parameters - -In addition to the common parameters that all keytypes should support (see -L), the B and B keytype -implementations support the following. - -=over 4 - -=item "pub" (B) - -The public key value. - -=item "priv" (B) - -The private key value. - -=item "p" (B) +The B key type supports the FFC parameters (see +L). -A DSA or Diffie-Hellman prime "p" value. +=head2 DSA key generation parameters -=item "q" (B) +The B key type supports the FFC key generation parameters (see +L -A DSA or Diffie-Hellman prime "q" value. - -=item "g" (B) - -A DSA or Diffie-Hellman generator "g" value. - -=item "seed" (B) - -An optional domain parameter I value used during generation and validation -of I

    , I and canonical I. -For validation this needs to set the I that was produced during generation. - -=item "gindex" (B) - -Sets the index to use for canonical generation and verification of the generator -I. -Set this to a positive value from 0..FF to use this mode. This I can -then be reused during key validation to verify the value of I. If this value -is not set or is -1 then unverifiable generation of the generator I will be -used. - -=item "pcounter" (B) - -An optional domain parameter I value that is output during generation -of I

    . This value must be saved if domain parameter validation is required. - -=item "hindex" (B) - -For unverifiable generation of the generator I this value is output during -generation of I. Its value is the first integer larger than one that -satisfies g = h^j mod p (where g != 1 and "j" is the cofactor). - -=item "j" (B) - -An optional informational cofactor parameter that should equal (p - 1) / q. - -=back - - -=head2 DSA / DH key generation (FFC) parameters - -The following Key Generation types are available for the built-in FFC algorithms: - -=over 4 +The following restrictions apply to the "pbits" field: -=item "type" (B) - -Sets the type of parameter generation. For DH Valid values are: - -=over 4 - -=item "fips186_4" - -The current standard. This is the default value. - -=item "default" - -This is an alias to use the latest implemented standard. -It is currently set to "fips186_4". - -=item "group" - -This specifies that a named safe prime name will be chosen using the "pbits" -type. - -=item "fips186_2" - -The old standard that should only be used for legacy purposes. - -=item "generator" - -A safe prime generator. See the "safeprime-generator" type. - -=back - -For DSA valid values are one of "default", "fips186_4" or "fips186_2" as -described above. - -=item "pbits" (B) - -Sets the size (in bits) of the prime 'p'. - -For "fips186_4" this must be 2048 for DH, and either of 2048 or 3072 for DSA. +For "fips186_4" this must be either 2048 or 3072. For "fips186_2" this must be 1024. For "group" this can be any one of 2048, 3072, 4096, 6144 or 8192. -=item "qbits" (B) +=head1 EXAMPLES -Sets the size (in bits) of the prime 'q'. +An B context can be obtained by calling: -For "fips186_4" this can be either 224 or 256. -For "fips186_2" this has a size of 160. + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL); -=item "digest" (B) +An B domain parameters key can be generated by calling: -Sets the Digest algorithm to be used as part of the Key Generation Function -associated with the given Key Generation I. -This must also be set for key validation. + unsigned int pbits = 2048; + unsigned int qbits = 256; + int gindex = 1; + OSSL_PARAM params[5]; + EVP_PKEY *param_key = NULL; + EVP_PKEY_CTX *pctx = NULL; -=item "properties" (B) + pctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL); + EVP_PKEY_paramgen_init(pctx); -Sets properties to be used upon look up of the implementation for the selected -Digest algorithm for the Key Generation Function associated with the given key -generation I. This may also be set for key validation. + params[0] = OSSL_PARAM_construct_uint("pbits", &pbits); + params[1] = OSSL_PARAM_construct_uint("qbits", &qbits); + params[2] = OSSL_PARAM_construct_int("gindex", &gindex); + params[3] = OSSL_PARAM_construct_utf8_string("digest", "SHA384", 0); + params[4] = OSSL_PARAM_construct_end(); + EVP_PKEY_CTX_set_params(pctx, params); -=item "seed" (B) + EVP_PKEY_gen(pctx, ¶m_key); + EVP_PKEY_CTX_free(pctx); -For "fips186_4" or "fips186_2" generation this sets the I data to use -instead of generating a random seed internally. This should be used for -testing purposes only. This will either produce fixed values for the generated -parameters OR it will fail if the seed did not generate valid primes. + EVP_PKEY_print_params(bio_out, param_key, 0, NULL); -=item "group" (B) +An B key can be generated using domain parameters by calling: -=item "safeprime-generator" (B) + EVP_PKEY *key = NULL; + EVP_PKEY_CTX *gctx = NULL; -=item "gindex" (B) - -=item "pcounter" (B) - -=item "hindex" (B) - -These types are described above. - -=back + gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL); + EVP_PKEY_keygen_init(gctx); + EVP_PKEY_gen(gctx, &key); + EVP_PKEY_CTX_free(gctx); + EVP_PKEY_print_private(bio_out, key, 0, NULL); =head1 CONFORMING TO -=over 4 - -=item RFC 7919 (TLS ffdhe named safe prime groups) - -=item RFC 3526 (IKE modp named safe prime groups) - -=item RFC 5114 (Additional DH named groups for dh_1024_160", "dh_2048_224" - and "dh_2048_256"). - -=back - -The following sections of SP800-56Ar3: - -=over 4 - -=item 5.5.1.1 FFC Domain Parameter Selection/Generation - -=item Appendix D: FFC Safe-prime Groups - -=back - The following sections of FIPS 186-4: =over 4 @@ -250,9 +87,13 @@ The following sections of FIPS 186-4: =head1 SEE ALSO -L, L, L, -L, L, -L, L +L, +L +L, +L, +L, +L, +L =head1 COPYRIGHT diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod index 88d0ebdd36..1995cf7676 100644 --- a/doc/man7/EVP_PKEY-EC.pod +++ b/doc/man7/EVP_PKEY-EC.pod @@ -2,7 +2,9 @@ =head1 NAME -EVP_PKEY-EC - EVP_PKEY EC keytype and algorithm support +EVP_PKEY-EC, +EVP_KEYMGMT-EC +- EVP_PKEY EC keytype and algorithm support =head1 DESCRIPTION @@ -24,9 +26,8 @@ Enable Cofactor DH (ECC CDH) if this value is 1, otherwise it uses normal EC DH if the value is zero. The cofactor variant multiplies the shared secret by the EC curve's cofactor (note for some curves the cofactor is 1). -=for comment The following link should become L -See also L for the related +See also L for the related B parameter that can be set on a per-operation basis. @@ -47,10 +48,68 @@ An B context can be obtained by calling: EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); +An B ECDSA or ECDH key can be generated with a "P-256" named group by +calling: + + EVP_PKEY *key = NULL; + OSSL_PARAM params[2]; + EVP_PKEY_CTX *gctx = + EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); + + EVP_PKEY_keygen_init(gctx); + + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_NAME, + "P-256", 0); + params[1] = OSSL_PARAM_construct_end(); + EVP_PKEY_CTX_set_params(gctx, params); + + EVP_PKEY_gen(gctx, &key); + + EVP_PKEY_print_private(bio_out, key, 0, NULL); + ... + EVP_PKEY_free(key); + EVP_PKEY_CTX_free(gctx); + +An B EC CDH (Cofactor Diffie-Hellman) key can be generated with a +"K-571" named group by calling: + + int use_cdh = 1; + EVP_PKEY *key = NULL; + OSSL_PARAM params[3]; + EVP_PKEY_CTX *gctx = + EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); + + EVP_PKEY *key = NULL; + OSSL_PARAM params[3]; + EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); + + EVP_PKEY_keygen_init(gctx); + + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_NAME, + "K-571", 0); + /* + * This curve has a cofactor that is not 1 - so setting CDH mode changes + * the behaviour. For many curves the cofactor is 1 - so setting this has + * no effect. + */ + params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, + &use_cdh); + params[2] = OSSL_PARAM_construct_end(); + EVP_PKEY_CTX_set_params(gctx, params); + + EVP_PKEY_gen(gctx, &key); + EVP_PKEY_print_private(bio_out, key, 0, NULL); + ... + EVP_PKEY_free(key); + EVP_PKEY_CTX_free(gctx); + =head1 SEE ALSO -L, L, L, -L, L +L, +L, +L, +L, +L =head1 COPYRIGHT diff --git a/doc/man7/EVP_PKEY-DSA.pod b/doc/man7/EVP_PKEY-FFC.pod similarity index 64% copy from doc/man7/EVP_PKEY-DSA.pod copy to doc/man7/EVP_PKEY-FFC.pod index ccb34a9f93..e97a1c6bc4 100644 --- a/doc/man7/EVP_PKEY-DSA.pod +++ b/doc/man7/EVP_PKEY-FFC.pod @@ -2,27 +2,20 @@ =head1 NAME -EVP_PKEY-DSA, EVP_KEYMGMT-DSA, EVP_PKEY-DH, EVP_KEYMGMT-DH -- EVP_PKEY DSA and DH keytype and algorithm support +EVP_PKEY-FFC - EVP_PKEY DSA and DH shared FFC parameters. =head1 DESCRIPTION -The B and B keytypes are implemented in OpenSSL's default and FIPS -providers. -The implementations support the basic DSA and DH keys, containing the public -and private keys I and I as well as the three main domain parameters -I

    , I and I. - Finite field cryptography (FFC) is a method of implementing discrete logarithm cryptography using finite field mathematics. DSA is an example of FFC and Diffie-Hellman key establishment algorithms specified in SP800-56A can also be implemented as FFC. -For B FFC key agreement, two classes of domain parameters can be used: -"safe" domain parameters that are associated with approved named safe-prime -groups, and a class of "FIPS 186-type" domain parameters. FIPS 186-type domain -parameters should only be used for backward compatibility with existing -applications that cannot be upgraded to use the approved safe-prime groups. +The B and B keytypes are implemented in OpenSSL's default and FIPS +providers. +The implementations support the basic DSA and DH keys, containing the public +and private keys I and I as well as the three main domain parameters +I

    , I and I. For B (and B that is not a named group) the FIPS186-4 standard specifies that the values used for FFC parameter generation are also required @@ -33,38 +26,7 @@ For B the I and I can be stored in ASN1 data (but the I is not). For B however, these fields are not stored in the ASN1 data so they need to be stored externally if validation is required. -=head2 Common DH parameters - -=over 4 - -=item "group" (B) - -A string that associates a B named safe prime group with known values for -I

    , I and I. - -The following values can be used by the default and OpenSSL's FIPS providers: -"ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144", "ffdhe8192", -"modp_2048", "modp_3072", "modp_4096", "modp_6144", "modp_8192". - -The following additional values can also be used by the default provider: -"modp_1536", "dh_1024_160", "dh_2048_224", "dh_2048_256". - -DH named groups can be easily validated since the parameters are well known. -For protocols that only transfer I

    and I the value of I can also be -retrieved. - -=item "safeprime-generator" (B) - -Used for DH generation of safe primes using the old generator code. -It is recommended to use a named safe prime group instead, if domain parameter -validation is required. The default value is 2. - -These are not named safe prime groups so setting this value for the OpenSSL FIPS -provider will instead choose a named safe prime group based on the size of I

    . - -=back - -=head2 Common DSA & DH parameters +=head2 FFC parameters In addition to the common parameters that all keytypes should support (see L), the B and B keytype @@ -120,20 +82,19 @@ satisfies g = h^j mod p (where g != 1 and "j" is the cofactor). =item "j" (B) -An optional informational cofactor parameter that should equal (p - 1) / q. +An optional informational cofactor parameter that should equal to (p - 1) / q. =back +=head2 FFC key generation parameters -=head2 DSA / DH key generation (FFC) parameters - -The following Key Generation types are available for the built-in FFC algorithms: +The following key generation types are available for DSA and DH algorithms: =over 4 =item "type" (B) -Sets the type of parameter generation. For DH Valid values are: +Sets the type of parameter generation. The shared valid values are: =over 4 @@ -141,37 +102,21 @@ Sets the type of parameter generation. For DH Valid values are: The current standard. This is the default value. -=item "default" - -This is an alias to use the latest implemented standard. -It is currently set to "fips186_4". - -=item "group" - -This specifies that a named safe prime name will be chosen using the "pbits" -type. - =item "fips186_2" The old standard that should only be used for legacy purposes. -=item "generator" +=item "default" -A safe prime generator. See the "safeprime-generator" type. +This is an alias to use the latest implemented standard. +It is currently set to "fips186_4". =back -For DSA valid values are one of "default", "fips186_4" or "fips186_2" as -described above. - =item "pbits" (B) Sets the size (in bits) of the prime 'p'. -For "fips186_4" this must be 2048 for DH, and either of 2048 or 3072 for DSA. -For "fips186_2" this must be 1024. -For "group" this can be any one of 2048, 3072, 4096, 6144 or 8192. - =item "qbits" (B) Sets the size (in bits) of the prime 'q'. @@ -198,10 +143,6 @@ instead of generating a random seed internally. This should be used for testing purposes only. This will either produce fixed values for the generated parameters OR it will fail if the seed did not generate valid primes. -=item "group" (B) - -=item "safeprime-generator" (B) - =item "gindex" (B) =item "pcounter" (B) @@ -212,28 +153,14 @@ These types are described above. =back - =head1 CONFORMING TO -=over 4 - -=item RFC 7919 (TLS ffdhe named safe prime groups) - -=item RFC 3526 (IKE modp named safe prime groups) - -=item RFC 5114 (Additional DH named groups for dh_1024_160", "dh_2048_224" - and "dh_2048_256"). - -=back - The following sections of SP800-56Ar3: =over 4 =item 5.5.1.1 FFC Domain Parameter Selection/Generation -=item Appendix D: FFC Safe-prime Groups - =back The following sections of FIPS 186-4: @@ -250,9 +177,15 @@ The following sections of FIPS 186-4: =head1 SEE ALSO -L, L, L, -L, L, -L, L +L, +L, +L, +L +L, +L, +L, +L, +L, =head1 COPYRIGHT diff --git a/doc/man7/EVP_PKEY-RSA.pod b/doc/man7/EVP_PKEY-RSA.pod index c6533f2ffc..ad49284437 100644 --- a/doc/man7/EVP_PKEY-RSA.pod +++ b/doc/man7/EVP_PKEY-RSA.pod @@ -121,6 +121,7 @@ The value should be the number of primes for the generated B key. The default is 2. It isn't permitted to specify a larger number of primes than 10. Additionally, the number of primes is limited by the length of the key being generated so the maximum number could be less. +Some providers may only support a value of 2. =back @@ -158,15 +159,17 @@ An B key can be generated with key generation parameters: unsigned int bits = 4096; OSSL_PARAM params[3]; EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *pctx = - EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); - params[0] = OSSL_PARAM_construct_uint("bits", bits); - params[1] = OSSL_PARAM_construct_uint("primes", primes); - params[2] = OSSL_PARAM_END; EVP_PKEY_keygen_init(pctx); + + params[0] = OSSL_PARAM_construct_uint("bits", &bits); + params[1] = OSSL_PARAM_construct_uint("primes", &primes); + params[2] = OSSL_PARAM_construct_end(); EVP_PKEY_CTX_set_params(pctx, params); + EVP_PKEY_gen(pctx, &pkey); + EVP_PKEY_print_private(bio_out, pkey, 0, NULL); EVP_PKEY_CTX_free(pctx); =head1 SEE ALSO diff --git a/doc/man7/EVP_PKEY-X25519.pod b/doc/man7/EVP_PKEY-X25519.pod index 58f7525fd9..fa8c86844a 100644 --- a/doc/man7/EVP_PKEY-X25519.pod +++ b/doc/man7/EVP_PKEY-X25519.pod @@ -15,6 +15,8 @@ private key I. In the FIPS provider they are non-approved algorithms and do not have the "fips=yes" property set. +No additional parameters can be set during key generation. + =head2 Common X25519, X448, ED25519 and ED448 parameters @@ -50,6 +52,8 @@ The empty string, signifying that no digest may be specified. =item RFC 8032 +=item RFC 8410 + =back =head1 EXAMPLES diff --git a/doc/man7/EVP_SIGNATURE-DSA.pod b/doc/man7/EVP_SIGNATURE-DSA.pod new file mode 100644 index 0000000000..11fe500cb3 --- /dev/null +++ b/doc/man7/EVP_SIGNATURE-DSA.pod @@ -0,0 +1,58 @@ +=pod + +=head1 NAME + +EVP_SIGNATURE-DSA +- The B DSA signature implementation + +=head1 DESCRIPTION + +Support for computing DSA signatures. +See L for information related to DSA keys. + +=head2 Signature Parameters + +The following signature parameters can be set using EVP_PKEY_CTX_set_params(). +This may be called after EVP_PKEY_sign_init() or EVP_PKEY_verify_init(), +and before calling EVP_PKEY_sign() or EVP_PKEY_verify(). + +=over 4 + +=item "digest" (B) + +=item "properties" (B) + +The settable parameters are described in L. + +=back + +The following signature parameters can be retrieved using +EVP_PKEY_CTX_get_params(). + +=over 4 + +=item "algorithm-id" (B) + +=item "digest" (B) + +The gettable parameters are described in L. + +=back + +=head1 SEE ALSO + +L, +L, +L, +L, + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_SIGNATURE-ECDSA.pod b/doc/man7/EVP_SIGNATURE-ECDSA.pod new file mode 100644 index 0000000000..04b80a1118 --- /dev/null +++ b/doc/man7/EVP_SIGNATURE-ECDSA.pod @@ -0,0 +1,57 @@ +=pod + +=head1 NAME + +EVP_SIGNATURE-ECDSA - The EVP_PKEY ECDSA signature implementation. + +=head1 DESCRIPTION + +Support for computing ECDSA signatures. +See L for information related to EC keys. + +=head2 ECDSA Signature Parameters + +The following signature parameters can be set using EVP_PKEY_CTX_set_params(). +This may be called after EVP_PKEY_sign_init() or EVP_PKEY_verify_init(), +and before calling EVP_PKEY_sign() or EVP_PKEY_verify(). + +=over 4 + +=item "digest" (B) + +=item "properties" (B) + +These parameters are described in L. + +=back + +The following signature parameters can be retrieved using +EVP_PKEY_CTX_get_params(). + +=over 4 + +=item "algorithm-id" (B) + +=item "digest" (B) + +The parameters are described in L. + +=back + +=head1 SEE ALSO + +L, +L, +L, +L, + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/Ed25519.pod b/doc/man7/EVP_SIGNATURE-ED25519.pod similarity index 68% rename from doc/man7/Ed25519.pod rename to doc/man7/EVP_SIGNATURE-ED25519.pod index 912b607e36..e3d9cd47e2 100644 --- a/doc/man7/Ed25519.pod +++ b/doc/man7/EVP_SIGNATURE-ED25519.pod @@ -2,6 +2,8 @@ =head1 NAME +EVP_SIGNATURE-ED25519, +EVP_SIGNATURE-ED448, Ed25519, Ed448 - EVP_PKEY Ed25519 and Ed448 support @@ -13,9 +15,10 @@ one-shot digest sign and digest verify using PureEdDSA and B or B be -specified when signing or verifying. +No additional parameters can be set during one-shot signing or verification. +In particular, because PureEdDSA is used, a digest must B be specified when +signing or verifying. +See L for information related to B and B keys. =head1 NOTES @@ -31,14 +34,6 @@ Applications wishing to sign certificates (or other structures such as CRLs or certificate requests) using Ed25519 or Ed448 can either use X509_sign() or X509_sign_ctx() in the usual way. -A context for the B algorithm can be obtained by calling: - - EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); - -For the B algorithm a context can be obtained by calling: - - EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED448, NULL); - Ed25519 or Ed448 private keys can be set directly using L or loaded from a PKCS#8 private key file using L (or similar function). Completely new keys @@ -56,23 +51,29 @@ specified, then both Ed25519 and Ed448 are benchmarked. =head1 EXAMPLES -This example generates an B private key and writes it to standard -output in PEM format: +To sign a message using a ED25519 or ED448 key: + + void do_sign(EVP_PKEY *ed_key, unsigned char *msg, size_t msg_len) + { + size_t sig_len; + unsigned char *sig = NULL; + EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); + + EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, ed_key); + /* Calculate the requires size for the signature by passing a NULL buffer */ + EVP_DigestSign(md_ctx, NULL, &sig_len, msg, msg_len); + sig = OPENSSL_zalloc(sig_len); - #include - #include - ... - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); - EVP_PKEY_keygen_init(pctx); - EVP_PKEY_keygen(pctx, &pkey); - EVP_PKEY_CTX_free(pctx); - PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); + EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len); + ... + OPENSSL_free(sig); + EVP_MD_CTX_free(md_ctx); + } =head1 SEE ALSO -L, -L, +L +L, L, L, diff --git a/doc/man7/EVP_SIGNATURE-RSA.pod b/doc/man7/EVP_SIGNATURE-RSA.pod new file mode 100644 index 0000000000..0cc3336bc9 --- /dev/null +++ b/doc/man7/EVP_SIGNATURE-RSA.pod @@ -0,0 +1,112 @@ +=pod + +=head1 NAME + +EVP_SIGNATURE-RSA +- The EVP_PKEY RSA signature implementation + +=head1 DESCRIPTION + +Support for computing RSA signatures. +See L for information related to RSA keys. + +=head2 Signature Parameters + +The following signature parameters can be set using EVP_PKEY_CTX_set_params(). +This may be called after EVP_PKEY_sign_init() or EVP_PKEY_verify_init(), +and before calling EVP_PKEY_sign() or EVP_PKEY_verify(). + +=over 4 + +=item "digest" (B) + +=item "properties" (B) + +These common parameters are described in L. + +=item "pad-mode" (B) + +The type of padding to be used. Its value can be one of the following: + +=over 4 + +=item "none" (B) + +=item "pkcs1" (B) + +=item "sslv23" (B) + +=item "x931" (B) + +=item "pss" (B) + +=back + +=item "mgf1-digest" (B) + +The digest algorithm name to use for the maskGenAlgorithm used by "pss" mode. + +=item "mgf1-properties" (B) + +Sets the name of the property query associated with the "mgf1-digest" algorithm. +NULL is used if this optional value is not set. + +=item "pss-saltlen" (B) + +Set or get the "pss" mode minimum salt length. The value can either be a string +value representing a number or one of the following: + +=over 4 + +=item "digest" (B) + +Use the same length as the digest size. + +=item "max" (B) + +Use the maximum salt length. + +=item "auto" (B) + +Auto detect the salt length. + +=back + +=back + +The following signature parameters can be retrieved using +EVP_PKEY_CTX_get_params(). + +=over 4 + +=item "algorithm-id" (B) + +This common parameter is described in L. + +=item "digest" (B) + +=item "pad-mode" (B) + +=item "mgf1-digest" (B) + +These parameters are as described above. + +=back + +=head1 SEE ALSO + +L, +L, +L, +L, + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod index 92dab0e88a..1da465f47b 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -18,9 +18,9 @@ defined: =over 4 -"provider=default" +=item "provider=default" -"fips=yes" +=item "fips=yes" =back @@ -102,6 +102,16 @@ The OpenSSL FIPS provider supports these operations and algorithms: =item DH, see L +=item ECDH, see L + +=item X25519, see L + +This has the property "provider=fips,fips=no" + +=item X448, see L + +This has the property "provider=fips,fips=no" + =back =head2 Asymmetric Signature diff --git a/doc/man7/OSSL_PROVIDER-default.pod b/doc/man7/OSSL_PROVIDER-default.pod index acfd4d0e07..91b02c5e67 100644 --- a/doc/man7/OSSL_PROVIDER-default.pod +++ b/doc/man7/OSSL_PROVIDER-default.pod @@ -17,7 +17,7 @@ defined: =over 4 -"provider=default" +=item "provider=default" =back @@ -136,6 +136,8 @@ The OpenSSL default provider supports these operations and algorithms: =item KRB5KDF, see L +=item X963KDF, see L + =back =head2 Key Exchange diff --git a/doc/man7/OSSL_PROVIDER-legacy.pod b/doc/man7/OSSL_PROVIDER-legacy.pod index 27ed3080bf..db2d57ed59 100644 --- a/doc/man7/OSSL_PROVIDER-legacy.pod +++ b/doc/man7/OSSL_PROVIDER-legacy.pod @@ -15,12 +15,12 @@ We can consider this the retirement home of cryptographic algorithms. =head2 Properties -The implementations in this provider specifically have these property +The implementations in this provider specifically has this property defined: =over 4 -"provider=legacy" +=item "provider=legacy" =back diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod index aefaa4082d..081be53a0d 100644 --- a/doc/man7/provider-base.pod +++ b/doc/man7/provider-base.pod @@ -234,22 +234,52 @@ useless without at least provider_query_operation(), and provider_gettable_params() is fairly useless if not accompanied by provider_get_params(). +=head2 Provider parameters + +provider_get_params() can return the following provider parameters to the core: + +=over 4 + +=item "name" (B) + +This points to a string that should give a unique name for the provider. + +=item "version" (B) + +This points to a string that is a version number associated with this provider. +OpenSSL in-built providers use OPENSSL_VERSION_STR, but this may be different +for any third party provider. This string is for informational purposes only. + +=item "buildinfo" (B) + +This points to a string that is a build information associated with this provider. +OpenSSL in-built providers use OPENSSL_FULL_VERSION_STR, but this may be +different for any third party provider. + +=back + +provider_gettable_params() should return the above parameters. + + =head2 Core parameters -core_get_params() understands the following known parameters: +core_get_params() can retrieve the following core parameters for each provider: =over 4 -=item "openssl-version" +=item "openssl-version" (B) + +This points to the OpenSSL libraries' full version string, i.e. the string +expanded from the macro B. + +=item "provider-name" (B) -This is a B type of parameter, pointing at the -OpenSSL libraries' full version string, i.e. the string expanded from -the macro B. +This points to the OpenSSL libraries' idea of what the calling provider is named. -=item "provider-name" +=item "module-filename" (B) -This is a B type of parameter, pointing at the -OpenSSL libraries' idea of what the calling provider is called. +This points to a string containing the full filename of the providers +module file. =back diff --git a/doc/man7/provider-keyexch.pod b/doc/man7/provider-keyexch.pod index 1d34ded0d3..59cc2033bb 100644 --- a/doc/man7/provider-keyexch.pod +++ b/doc/man7/provider-keyexch.pod @@ -131,12 +131,12 @@ written to I<*secretlen>. OP_keyexch_set_ctx_params() sets key exchange parameters associated with the given provider side key exchange context I to I, -see L. +see L. Any parameter settings are additional to any that were previously set. OP_keyexch_get_ctx_params() gets key exchange parameters associated with the given provider side key exchange context I into I, -see L. +see L. OP_keyexch_settable_ctx_params() yields a constant B array that describes the settable parameters, i.e. parameters that can be used with @@ -152,15 +152,13 @@ See L for the use of B as parameter descriptor. Notice that not all settable parameters are also gettable, and vice versa. -=head2 Key Exchange Parameters +=head2 Common Key Exchange parameters See L for further details on the parameters structure used by the OP_keyexch_set_ctx_params() and OP_keyexch_get_ctx_params() functions. -Parameters currently recognised by built-in key exchange algorithms are as -follows. -Not all parameters are relevant to, or are understood by all key exchange -algorithms: +Common parameters currently recognised by built-in key exchange algorithms are +as follows. =over 4 @@ -168,63 +166,13 @@ algorithms: Sets the padding mode for the associated key exchange ctx. Setting a value of 1 will turn padding on. -Setting a vlue of 0 will turn padding off. +Setting a value of 0 will turn padding off. If padding is off then the derived shared secret may be smaller than the largest possible secret size. If padding is on then the derived shared secret will have its first bytes filled with 0s where necessary to make the shared secret the same size as the largest possible secret size. -=item "ecdh-cofactor-mode" (B) - -Sets/gets the ECDH mode of operation for the associated key exchange ctx. - -In the context of an Elliptic Curve Diffie-Hellman key exchange, this parameter -can be used to select between the plain Diffie-Hellman (DH) or Cofactor -Diffie-Hellman (CDH) variants of the key exchange algorithm. - -When setting, the value should be 1, 0 or -1, respectively forcing cofactor mode -on, off, or resetting it to the default for the private key associated with the -given key exchange ctx. - -When getting, the value should be either 1 or 0, respectively signaling if the -cofactor mode is on or off. - -See also L for the related -B parameter that can be set on a -per-key basis. - -=item "kdf-type" (B) - -Sets/gets the Key Derivation Function type to apply within the associated key -exchange ctx. - -=item "kdf-digest" (B) - -Sets/gets the Digest algorithm to be used as part of the Key Derivation Function -associated with the given key exchange ctx. - -=item "kdf-digest-props" (B) - -Sets properties to be used upon look up of the implementation for the selected -Digest algorithm for the Key Derivation Function associated with the given key -exchange ctx. - -=item "kdf-outlen" (B) - -Sets/gets the desired size for the output of the chosen Key Derivation Function -associated with the given key exchange ctx. - -=item "kdf-ukm" (B) - -Sets/gets User Key Material to be used as part of the selected Key Derivation -Function associated with the given key exchange ctx. - -=item "kdf-ukm-len" (B) - -Sets/gets the size of the User Key Material to be used as part of the selected -Key Derivation Function associated with the given key exchange ctx. - =back =head1 RETURN VALUES diff --git a/doc/man7/provider-signature.pod b/doc/man7/provider-signature.pod index 45d97e668c..538c342e86 100644 --- a/doc/man7/provider-signature.pod +++ b/doc/man7/provider-signature.pod @@ -303,7 +303,7 @@ initialised verification context is passed in the I parameter. The data to verified is in I which should be I bytes long. The signature to be verified is in I which is I bytes long. -=head2 Signature Parameters +=head2 Signature parameters See L for further details on the parameters structure used by the OP_signature_get_ctx_params() and OP_signature_set_ctx_params() functions. @@ -314,17 +314,20 @@ OP_signature_set_ctx_params() sets the signature parameters associated with the given provider side signature context I to I. Any parameter settings are additional to any that were previously set. -Parameters currently recognised by built-in signature algorithms are as +Common parameters currently recognised by built-in signature algorithms are as follows. -Not all parameters are relevant to, or are understood by all signature -algorithms: =over 4 =item "digest" (B) Get or sets the name of the digest algorithm used for the input to the signature -functions. +functions. It is required in order to calculate the "algorithm-id". + += item "properties" (B) + +Sets the name of the property query associated with the "digest" algorithm. +NULL is used if this optional value is not set. =item "digest-size" (B) @@ -358,7 +361,7 @@ i.e. parameters that can be used with OP_signature_get_ctx_params() and OP_signature_set_ctx_params() respectively. See L for the use of B as parameter descriptor. -=head2 MD Parameters +=head2 MD parameters See L for further details on the parameters structure used by the OP_signature_get_md_ctx_params() and OP_signature_set_md_ctx_params() diff --git a/include/crypto/ec.h b/include/crypto/ec.h index b4dd2f18a1..bccebb06db 100644 --- a/include/crypto/ec.h +++ b/include/crypto/ec.h @@ -62,7 +62,7 @@ const unsigned char *ecdsa_algorithmidentifier_encoding(int md_nid, size_t *len) int ec_key_fromdata(EC_KEY *ecx, const OSSL_PARAM params[], int include_private); int ec_key_domparams_fromdata(EC_KEY *ecx, const OSSL_PARAM params[]); int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]); -int ec_set_param_ecdh_cofactor_mode(EC_KEY *ec, const OSSL_PARAM *p); +int ec_set_ecdh_cofactor_mode(EC_KEY *ec, int mode); # endif /* OPENSSL_NO_EC */ #endif diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 1bd122482c..8bafc1ba5e 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -14,11 +14,15 @@ extern "C" { # endif +/* Well known parameter names that core passes to providers */ +#define OSSL_PROV_PARAM_CORE_VERSION "openssl-version" /* utf8_ptr */ +#define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name" /* utf8_ptr */ +#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */ + /* Well known parameter names that Providers can define */ #define OSSL_PROV_PARAM_NAME "name" /* utf8_string */ #define OSSL_PROV_PARAM_VERSION "version" /* utf8_string */ #define OSSL_PROV_PARAM_BUILDINFO "buildinfo" /* utf8_string */ -#define OSSL_PROV_PARAM_MODULE_FILENAME "module-filename" /* octet_string */ /* Self test callback parameters */ #define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase" /* utf8_string */ @@ -29,6 +33,8 @@ extern "C" { * Algorithm parameters * If "engine" or "properties" are specified, they should always be paired * with the algorithm type. + * Note these are common names that are shared by many types (such as kdf, mac, + * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below. */ #define OSSL_ALG_PARAM_DIGEST "digest" /* utf8_string */ #define OSSL_ALG_PARAM_CIPHER "cipher" /* utf8_string */ @@ -123,11 +129,16 @@ extern "C" { #define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */ #define OSSL_MAC_PARAM_SIZE "size" /* size_t */ -/* Known MAC names (not a complete list) */ +/* Known MAC names */ +#define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC" +#define OSSL_MAC_NAME_BLAKE2SMAC "BLAKE2SMAC" #define OSSL_MAC_NAME_CMAC "CMAC" +#define OSSL_MAC_NAME_GMAC "GMAC" #define OSSL_MAC_NAME_HMAC "HMAC" #define OSSL_MAC_NAME_KMAC128 "KMAC128" #define OSSL_MAC_NAME_KMAC256 "KMAC256" +#define OSSL_MAC_NAME_POLY1305 "POLY1305" +#define OSSL_MAC_NAME_SIPHASH "SIPHASH" /* KDF / PRF parameters */ #define OSSL_KDF_PARAM_SECRET "secret" /* octet string */ @@ -179,8 +190,6 @@ extern "C" { #define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest" /* utf8 string */ #define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest" /* utf8 string */ #define OSSL_PKEY_PARAM_PAD_MODE "pad-mode" -#define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST -#define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES #define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size" #define OSSL_PKEY_PARAM_MASKGENFUNC "mgf" #define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest" @@ -194,13 +203,6 @@ extern "C" { #define OSSL_PKEY_PARAM_FFC_P "p" #define OSSL_PKEY_PARAM_FFC_G "g" #define OSSL_PKEY_PARAM_FFC_Q "q" -#define OSSL_PKEY_PARAM_FFC_GINDEX "gindex" -#define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter" -#define OSSL_PKEY_PARAM_FFC_SEED "seed" -#define OSSL_PKEY_PARAM_FFC_COFACTOR "j" -#define OSSL_PKEY_PARAM_FFC_H "hindex" -#define OSSL_PKEY_PARAM_FFC_GROUP "group" - #define OSSL_PKEY_PARAM_FFC_GINDEX "gindex" #define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter" #define OSSL_PKEY_PARAM_FFC_SEED "seed" @@ -208,8 +210,8 @@ extern "C" { #define OSSL_PKEY_PARAM_FFC_H "hindex" /* Diffie-Hellman params */ -#define OSSL_PKEY_PARAM_FFC_GROUP "group" -#define OSSL_PKEY_PARAM_FFC_GENERATOR "safeprime-generator" +#define OSSL_PKEY_PARAM_DH_GROUP "group" +#define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator" #define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len" /* Elliptic Curve Domain Parameters */ @@ -270,6 +272,18 @@ extern "C" { #define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8" #define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9" +/* RSA padding modes */ +#define OSSL_PKEY_RSA_PAD_MODE_NONE "none" +#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1" +#define OSSL_PKEY_RSA_PAD_MODE_SSLV23 "sslv23" +#define OSSL_PKEY_RSA_PAD_MODE_OAEP "oaep" +#define OSSL_PKEY_RSA_PAD_MODE_X931 "x931" +#define OSSL_PKEY_RSA_PAD_MODE_PSS "pss" + +/* RSA pss padding salt length */ +#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest" +#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX "max" +#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO "auto" /* Key generation parameters */ #define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS @@ -287,7 +301,6 @@ extern "C" { #define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES /* Key Exchange parameters */ - #define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */ #define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */ #define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type" /* utf8_string */ diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 1c4f3fdf50..bbf95b7505 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -113,11 +113,12 @@ static const OSSL_PARAM fips_param_types[] = { /* * Parameters to retrieve from the core provider - required for self testing. * NOTE: inside core_get_params() these will be loaded from config items - * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME). + * stored inside prov->parameters (except for + * OSSL_PROV_PARAM_CORE_MODULE_FILENAME). */ static OSSL_PARAM core_params[] = { - OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME, + OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_CORE_MODULE_FILENAME, selftest_params.module_filename, sizeof(selftest_params.module_filename)), OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC, diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c index f7e7b549f8..405842e69e 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -44,13 +44,12 @@ static OSSL_OP_asym_cipher_set_ctx_params_fn rsa_set_ctx_params; static OSSL_OP_asym_cipher_settable_ctx_params_fn rsa_settable_ctx_params; static OSSL_ITEM padding_item[] = { - { RSA_PKCS1_PADDING, "pkcs1" }, - { RSA_SSLV23_PADDING, "sslv23" }, - { RSA_NO_PADDING, "none" }, - { RSA_PKCS1_OAEP_PADDING, "oaep" }, /* Correct spelling first */ + { RSA_PKCS1_PADDING, OSSL_PKEY_RSA_PAD_MODE_PKCSV15 }, + { RSA_SSLV23_PADDING, OSSL_PKEY_RSA_PAD_MODE_SSLV23 }, + { RSA_NO_PADDING, OSSL_PKEY_RSA_PAD_MODE_NONE }, + { RSA_PKCS1_OAEP_PADDING, OSSL_PKEY_RSA_PAD_MODE_OAEP }, /* Correct spelling first */ { RSA_PKCS1_OAEP_PADDING, "oeap" }, - { RSA_X931_PADDING, "x931" }, - { RSA_PKCS1_PSS_PADDING, "pss" }, + { RSA_X931_PADDING, OSSL_PKEY_RSA_PAD_MODE_X931 }, { 0, NULL } }; diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index a551a72d79..1e344bdc20 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -235,8 +235,8 @@ err: OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), \ OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), \ OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), \ - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, NULL, 0), \ - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0) + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0), \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, NULL, 0) # define DH_IMEXPORTABLE_PUBLIC_KEY \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) # define DH_IMEXPORTABLE_PRIVATE_KEY \ @@ -427,7 +427,7 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[]) return 0; } } - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GROUP); + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_GROUP); if (p != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING || ((gctx->group_nid = ffc_named_group_to_uid(p->data)) == NID_undef)) { @@ -436,7 +436,7 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[]) } gctx->gen_type = DH_PARAMGEN_TYPE_GROUP; } - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GENERATOR); + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_GENERATOR); if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->generator)) return 0; p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX); @@ -486,7 +486,9 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[]) static const OSSL_PARAM *dh_gen_settable_params(void *provctx) { static OSSL_PARAM settable[] = { - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, NULL, 0), + OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL), + OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_GENERATOR, NULL), OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0), OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL), OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_QBITS, NULL), @@ -494,10 +496,8 @@ static const OSSL_PARAM *dh_gen_settable_params(void *provctx) OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, NULL, 0), OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0), - OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GENERATOR, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), - OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL), OSSL_PARAM_END }; return settable; diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c index de54b9a3fd..af8361fb28 100644 --- a/providers/implementations/keymgmt/dsa_kmgmt.c +++ b/providers/implementations/keymgmt/dsa_kmgmt.c @@ -213,7 +213,6 @@ err: OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), \ OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), \ OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), \ - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, NULL, 0), \ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0) # define DSA_IMEXPORTABLE_PUBLIC_KEY \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index a48b279547..8e7b9f3014 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -543,13 +543,8 @@ static int ec_set_params(void *key, const OSSL_PARAM params[]) { EC_KEY *eck = key; - const OSSL_PARAM *p; - - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH); - if (p != NULL && !ec_set_param_ecdh_cofactor_mode(eck, p)) - return 0; - return 1; + return ec_key_otherparams_fromdata(eck, params); } static @@ -583,9 +578,9 @@ int ec_validate(void *keydata, int selection) struct ec_gen_ctx { OPENSSL_CTX *libctx; - EC_GROUP *gen_group; int selection; + int ecdh_mode; }; static void *ec_gen_init(void *provctx, int selection) @@ -600,6 +595,7 @@ static void *ec_gen_init(void *provctx, int selection) gctx->libctx = libctx; gctx->gen_group = NULL; gctx->selection = selection; + gctx->ecdh_mode = 0; } return gctx; } @@ -636,6 +632,11 @@ static int ec_gen_set_params(void *genctx, const OSSL_PARAM params[]) struct ec_gen_ctx *gctx = genctx; const OSSL_PARAM *p; + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH)) + != NULL) { + if (!OSSL_PARAM_get_int(p, &gctx->ecdh_mode)) + return 0; + } if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_NAME)) != NULL) { const char *curve_name = NULL; @@ -670,7 +671,8 @@ static int ec_gen_set_params(void *genctx, const OSSL_PARAM params[]) static const OSSL_PARAM *ec_gen_settable_params(void *provctx) { static OSSL_PARAM settable[] = { - { OSSL_PKEY_PARAM_EC_NAME, OSSL_PARAM_UTF8_STRING, NULL, 0, 0 }, + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_NAME, NULL, 0), + OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), OSSL_PARAM_END }; @@ -705,6 +707,9 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) ret = ret && EC_KEY_generate_key(ec); + if (gctx->ecdh_mode != -1) + ret = ret && ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode); + if (ret) return ec; diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c index 9227cb181c..de6aac670b 100644 --- a/providers/implementations/signature/dsa.c +++ b/providers/implementations/signature/dsa.c @@ -446,6 +446,7 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), OSSL_PARAM_END }; diff --git a/providers/implementations/signature/eddsa.c b/providers/implementations/signature/eddsa.c index 4ecc5266e2..35a69504d3 100644 --- a/providers/implementations/signature/eddsa.c +++ b/providers/implementations/signature/eddsa.c @@ -56,7 +56,7 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname, PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx; ECX_KEY *edkey = (ECX_KEY *)vedkey; - if (mdname != NULL) { + if (mdname != NULL && mdname[0] != '\0') { PROVerr(0, PROV_R_INVALID_DIGEST); return 0; } diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index 0e3885ec1d..81611bb4f0 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -55,13 +55,11 @@ static OSSL_OP_signature_set_ctx_md_params_fn rsa_set_ctx_md_params; static OSSL_OP_signature_settable_ctx_md_params_fn rsa_settable_ctx_md_params; static OSSL_ITEM padding_item[] = { - { RSA_PKCS1_PADDING, "pkcs1" }, - { RSA_SSLV23_PADDING, "sslv23" }, - { RSA_NO_PADDING, "none" }, - { RSA_PKCS1_OAEP_PADDING, "oaep" }, /* Correct spelling first */ - { RSA_PKCS1_OAEP_PADDING, "oeap" }, - { RSA_X931_PADDING, "x931" }, - { RSA_PKCS1_PSS_PADDING, "pss" }, + { RSA_PKCS1_PADDING, OSSL_PKEY_RSA_PAD_MODE_PKCSV15 }, + { RSA_SSLV23_PADDING, OSSL_PKEY_RSA_PAD_MODE_SSLV23 }, + { RSA_NO_PADDING, OSSL_PKEY_RSA_PAD_MODE_NONE }, + { RSA_X931_PADDING, OSSL_PKEY_RSA_PAD_MODE_X931 }, + { RSA_PKCS1_PSS_PADDING, OSSL_PKEY_RSA_PAD_MODE_PSS }, { 0, NULL } }; @@ -939,25 +937,32 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) if (!OSSL_PARAM_set_int(p, prsactx->saltlen)) return 0; } else if (p->data_type == OSSL_PARAM_UTF8_STRING) { + const char *value = NULL; + switch (prsactx->saltlen) { case RSA_PSS_SALTLEN_DIGEST: - if (!OSSL_PARAM_set_utf8_string(p, "digest")) - return 0; + value = OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST; break; case RSA_PSS_SALTLEN_MAX: - if (!OSSL_PARAM_set_utf8_string(p, "max")) - return 0; + value = OSSL_PKEY_RSA_PSS_SALT_LEN_MAX; break; case RSA_PSS_SALTLEN_AUTO: - if (!OSSL_PARAM_set_utf8_string(p, "auto")) - return 0; + value = OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO; break; default: - if (BIO_snprintf(p->data, p->data_size, "%d", prsactx->saltlen) - <= 0) - return 0; - break; + { + int len = BIO_snprintf(p->data, p->data_size, "%d", + prsactx->saltlen); + + if (len <= 0) + return 0; + p->return_size = len; + break; + } } + if (value != NULL + && !OSSL_PARAM_set_utf8_string(p, value)) + return 0; } } @@ -1117,11 +1122,11 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) return 0; break; case OSSL_PARAM_UTF8_STRING: - if (strcmp(p->data, "digest") == 0) + if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST) == 0) saltlen = RSA_PSS_SALTLEN_DIGEST; - else if (strcmp(p->data, "max") == 0) + else if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_MAX) == 0) saltlen = RSA_PSS_SALTLEN_MAX; - else if (strcmp(p->data, "auto") == 0) + else if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO) == 0) saltlen = RSA_PSS_SALTLEN_AUTO; else saltlen = atoi(p->data); diff --git a/test/dsatest.c b/test/dsatest.c index c9857d6c67..8444ea147a 100644 --- a/test/dsatest.c +++ b/test/dsatest.c @@ -282,7 +282,7 @@ static int dsa_keygen_test(void) &pcount_out)) || !TEST_int_eq(pcount_out, expected_c) || !TEST_false(EVP_PKEY_get_utf8_string_param(key, - OSSL_PKEY_PARAM_FFC_GROUP, + OSSL_PKEY_PARAM_DH_GROUP, group_out, sizeof(group_out), &len))) goto end; diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index c5ef7241db..4c68f6bc6c 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -447,7 +447,7 @@ static int test_fromdata_dh_named_group(void) || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL)) || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL)) || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, - OSSL_PKEY_PARAM_FFC_GROUP, + OSSL_PKEY_PARAM_DH_GROUP, group_name, 0)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv)) @@ -464,7 +464,7 @@ static int test_fromdata_dh_named_group(void) || !TEST_int_eq(EVP_PKEY_size(pk), 256)) goto err; - if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_FFC_GROUP, + if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_DH_GROUP, name_out, sizeof(name_out), &len)) || !TEST_str_eq(name_out, group_name) @@ -588,7 +588,7 @@ static int test_fromdata_dh_fips186_4(void) || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL)) || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL)) || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, - OSSL_PKEY_PARAM_FFC_GROUP, + OSSL_PKEY_PARAM_DH_GROUP, group_name, 0)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv)) @@ -605,7 +605,7 @@ static int test_fromdata_dh_fips186_4(void) || !TEST_int_eq(EVP_PKEY_size(pk), 256)) goto err; - if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_FFC_GROUP, + if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_DH_GROUP, name_out, sizeof(name_out), &len)) || !TEST_str_eq(name_out, group_name) @@ -1143,7 +1143,7 @@ static int test_fromdata_dsa_fips186_4(void) || !TEST_int_eq(EVP_PKEY_size(pk), 2 + 2 * (3 + sizeof(q_data)))) goto err; - if (!TEST_false(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_FFC_GROUP, + if (!TEST_false(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_DH_GROUP, name_out, sizeof(name_out), &len)) || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY, From builds at travis-ci.org Tue May 26 03:46:15 2020 From: builds at travis-ci.org (Travis CI) Date: Tue, 26 May 2020 03:46:15 +0000 Subject: Passed: openssl/openssl#34967 (master - f32af93) In-Reply-To: Message-ID: <5ecc91072a2de_13ff1376c41a81984f2@travis-tasks-bc5568cdc-4jgdk.mail> Build Update for openssl/openssl ------------------------------------- Build: #34967 Status: Passed Duration: 51 mins and 54 secs Commit: f32af93 (master) Author: Shane Lontis Message: Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod Fixes #11743 The ouput format had 2 issues that caused it not to match the expected documented format: (1) At some point the thread id printing was changed to use the OPENSSL_hex2str method which puts ':' between hex bytes. An internal function that skips the seperator has been added. (2) The error code no longer exists. So this was completely removed from the string. It is now replaced by :: As an example: 00:77:6E:52:14:7F:00:00:error:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1135: Is now: 00776E52147F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1135: Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11789) View the changeset: https://github.com/openssl/openssl/compare/1bdd86fb1ca4...f32af93c924d View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691156881?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue May 26 05:28:02 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 26 May 2020 05:28:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1590470882.464188.3151.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 9c47a3386d Fix coverity issues in EC after #11807 6e15b81c34 Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h 5e5bc836fb Re-introduce legacy EVP_PKEY types for provided keys aa2cb51da0 GOST external tests 712e8debb5 Fix the parameter types of the CRYPTO_EX_dup function type. 2de64666a0 Adjust length of some strncpy() calls e12813d0d3 Prevent use after free of global_engine_lock 4d55122ee7 Coverity 1463571: Null pointer dereferences (FORWARD_NULL) 3f17066f5d Coverity 1463574: Null pointer dereferences (REVERSE_INULL) e5cb3453fb Coverity 1463576: Error handling issues (CHECKED_RETURN) 084b7bec0f Coverity 1463258: Incorrect expression (EVALUATION_ORDER) Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_cmp.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/Ed25519.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_cmp.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/Ed25519.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha3-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4068: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3043: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Tue May 26 05:56:30 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 26 May 2020 05:56:30 +0000 Subject: Build failed: openssl master.34414 Message-ID: <20200526055630.1.CE75771CC74FF61A@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue May 26 05:57:50 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 26 May 2020 05:57:50 +0000 Subject: [openssl] master update Message-ID: <1590472670.502088.6437.nullmailer@dev.openssl.org> The branch master has been updated via 5606922c3d2e8c3d3ffda4347cb9fe3992d75f89 (commit) from b8086652650c0782bc8d63b620663e04a3c6a3a7 (commit) - Log ----------------------------------------------------------------- commit 5606922c3d2e8c3d3ffda4347cb9fe3992d75f89 Author: Richard Levitte Date: Sat May 23 17:34:07 2020 +0200 PROV: Fix RSA-OAEP memory leak The OAEP label wasn't freed when the operation context was freed. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11927) ----------------------------------------------------------------------- Summary of changes: providers/implementations/asymciphers/rsa_enc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c index 405842e69e..1f9ded4a65 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -257,6 +257,7 @@ static void rsa_freectx(void *vprsactx) EVP_MD_free(prsactx->oaep_md); EVP_MD_free(prsactx->mgf1_md); + OPENSSL_free(prsactx->oaep_label); OPENSSL_free(prsactx); } From builds at travis-ci.org Tue May 26 06:52:11 2020 From: builds at travis-ci.org (Travis CI) Date: Tue, 26 May 2020 06:52:11 +0000 Subject: Errored: openssl/openssl#34975 (master - 5606922) In-Reply-To: Message-ID: <5eccbc9a5fcf8_13f88f7c157041033e4@travis-tasks-95ccff48-hp6b5.mail> Build Update for openssl/openssl ------------------------------------- Build: #34975 Status: Errored Duration: 53 mins and 58 secs Commit: 5606922 (master) Author: Richard Levitte Message: PROV: Fix RSA-OAEP memory leak The OAEP label wasn't freed when the operation context was freed. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11927) View the changeset: https://github.com/openssl/openssl/compare/b8086652650c...5606922c3d2e View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691186117?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev at ddvo.net Tue May 26 07:48:20 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Tue, 26 May 2020 07:48:20 +0000 Subject: [openssl] master update Message-ID: <1590479300.740695.447.nullmailer@dev.openssl.org> The branch master has been updated via 93f99b681ab5a1cf7062053323e09b0cad5ff854 (commit) via 7674e92324648b59786d86d8e9014bbaed4e6d07 (commit) from 5606922c3d2e8c3d3ffda4347cb9fe3992d75f89 (commit) - Log ----------------------------------------------------------------- commit 93f99b681ab5a1cf7062053323e09b0cad5ff854 Author: Dr. David von Oheimb Date: Thu May 21 10:37:22 2020 +0200 Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it Fixes #11870 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11894) commit 7674e92324648b59786d86d8e9014bbaed4e6d07 Author: Dr. David von Oheimb Date: Sun May 24 18:28:06 2020 +0200 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11894) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/ameth_lib.c | 2 +- crypto/crmf/crmf_lib.c | 21 +-------------------- crypto/dh/dh_ameth.c | 2 +- crypto/dsa/dsa_ameth.c | 2 +- crypto/ec/ec_ameth.c | 2 +- crypto/ec/ecx_meth.c | 2 +- crypto/rsa/rsa_ameth.c | 2 +- crypto/x509/x_pubkey.c | 31 ++++++++++++++++++++++++++----- doc/man3/EVP_PKEY_ASN1_METHOD.pod | 2 +- doc/man3/X509_PUBKEY_new.pod | 19 ++++++++++++++----- include/crypto/asn1.h | 2 +- include/openssl/evp.h | 2 +- include/openssl/x509.h | 7 ++++--- util/libcrypto.num | 1 + 14 files changed, 55 insertions(+), 42 deletions(-) diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index a006c7624d..8c7df51fe4 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -277,7 +277,7 @@ void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth) void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, int (*pub_decode) (EVP_PKEY *pk, - X509_PUBKEY *pub), + const X509_PUBKEY *pub), int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk), int (*pub_cmp) (const EVP_PKEY *a, diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index 89eb2c3775..c20a6da0f2 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -461,25 +461,6 @@ int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG *crm, EVP_PKEY *pkey, return 0; } -/* returns 0 for equal, -1 for a < b or error on a, 1 for a > b or error on b */ -static int X509_PUBKEY_cmp(X509_PUBKEY *a, X509_PUBKEY *b) -{ - X509_ALGOR *algA = NULL, *algB = NULL; - int res = 0; - - if (a == b) - return 0; - if (a == NULL || !X509_PUBKEY_get0_param(NULL, NULL, NULL, &algA, a) - || algA == NULL) - return -1; - if (b == NULL || !X509_PUBKEY_get0_param(NULL, NULL, NULL, &algB, b) - || algB == NULL) - return 1; - if ((res = X509_ALGOR_cmp(algA, algB)) != 0) - return res; - return EVP_PKEY_cmp(X509_PUBKEY_get0(a), X509_PUBKEY_get0(b)); -} - /* verifies the Proof-of-Possession of the request with the given rid in reqs */ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, int rid, int acceptRAVerified) @@ -522,7 +503,7 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, CRMFerr(0, CRMF_R_POPO_MISSING_PUBLIC_KEY); return 0; } - if (X509_PUBKEY_cmp(pubkey, sig->poposkInput->publicKey) != 0) { + if (X509_PUBKEY_eq(pubkey, sig->poposkInput->publicKey) != 1) { CRMFerr(0, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY); return 0; } diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index e76b655f40..d93d519444 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -52,7 +52,7 @@ static void int_dh_free(EVP_PKEY *pkey) DH_free(pkey->pkey.dh); } -static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) +static int dh_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey) { const unsigned char *p, *pm; int pklen, pmlen; diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index f74b50ee9c..651b463235 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -27,7 +27,7 @@ #include "internal/ffc.h" #include "dsa_local.h" -static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) +static int dsa_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey) { const unsigned char *p, *pm; int pklen, pmlen; diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index cac0b682f9..6ccaef3815 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -141,7 +141,7 @@ static EC_KEY *eckey_type2param(int ptype, const void *pval) return NULL; } -static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) +static int eckey_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey) { const unsigned char *p = NULL; const void *pval; diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index eedb1c9259..8b63e6918d 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -126,7 +126,7 @@ static int ecx_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) return 1; } -static int ecx_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) +static int ecx_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey) { const unsigned char *p; int pklen; diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index e9eddde68e..6628e38342 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -101,7 +101,7 @@ static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) return 0; } -static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) +static int rsa_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey) { const unsigned char *p; int pklen; diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index d3e6af2552..14893adb2f 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -30,7 +30,7 @@ struct X509_pubkey_st { EVP_PKEY *pkey; }; -static int x509_pubkey_decode(EVP_PKEY **pk, X509_PUBKEY *key); +static int x509_pubkey_decode(EVP_PKEY **pk, const X509_PUBKEY *key); /* Minor tweak to operation: free up EVP_PKEY */ static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, @@ -151,7 +151,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) */ -static int x509_pubkey_decode(EVP_PKEY **ppkey, X509_PUBKEY *key) +static int x509_pubkey_decode(EVP_PKEY **ppkey, const X509_PUBKEY *key) { EVP_PKEY *pkey = EVP_PKEY_new(); @@ -188,7 +188,7 @@ static int x509_pubkey_decode(EVP_PKEY **ppkey, X509_PUBKEY *key) return 0; } -EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key) +EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key) { EVP_PKEY *ret = NULL; @@ -216,7 +216,7 @@ EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key) return NULL; } -EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) +EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key) { EVP_PKEY *ret = X509_PUBKEY_get0(key); @@ -453,7 +453,7 @@ int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, - X509_ALGOR **pa, X509_PUBKEY *pub) + X509_ALGOR **pa, const X509_PUBKEY *pub) { if (ppkalg) *ppkalg = pub->algor->algorithm; @@ -472,3 +472,24 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) return NULL; return x->cert_info.key->public_key; } + +/* Returns 1 for equal, 0, for non-equal, < 0 on error */ +int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b) +{ + X509_ALGOR *algA, *algB; + EVP_PKEY *pA, *pB; + + if (a == b) + return 1; + if (a == NULL || b == NULL) + return 0; + if (!X509_PUBKEY_get0_param(NULL, NULL, NULL, &algA, a) || algA == NULL + || !X509_PUBKEY_get0_param(NULL, NULL, NULL, &algB, b) || algB == NULL) + return -2; + if (X509_ALGOR_cmp(algA, algB) != 0) + return 0; + if ((pA = X509_PUBKEY_get0(a)) == NULL + || (pB = X509_PUBKEY_get0(b)) == NULL) + return -2; + return EVP_PKEY_cmp(pA, pB); +} diff --git a/doc/man3/EVP_PKEY_ASN1_METHOD.pod b/doc/man3/EVP_PKEY_ASN1_METHOD.pod index ed44749cc2..989008db07 100644 --- a/doc/man3/EVP_PKEY_ASN1_METHOD.pod +++ b/doc/man3/EVP_PKEY_ASN1_METHOD.pod @@ -43,7 +43,7 @@ EVP_PKEY_get0_asn1 void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, int (*pub_decode) (EVP_PKEY *pk, - X509_PUBKEY *pub), + const X509_PUBKEY *pub), int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk), int (*pub_cmp) (const EVP_PKEY *a, diff --git a/doc/man3/X509_PUBKEY_new.pod b/doc/man3/X509_PUBKEY_new.pod index 551031b82b..60d1cd390e 100644 --- a/doc/man3/X509_PUBKEY_new.pod +++ b/doc/man3/X509_PUBKEY_new.pod @@ -5,8 +5,8 @@ X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_dup, X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, -i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, -X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions +i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, X509_PUBKEY_get0_param, +X509_PUBKEY_eq - SubjectPublicKeyInfo public key functions =head1 SYNOPSIS @@ -17,8 +17,8 @@ X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions X509_PUBKEY *X509_PUBKEY_dup(const X509_PUBKEY *a); int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); - EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); - EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); + EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key); + EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key); EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp); @@ -34,7 +34,8 @@ X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions unsigned char *penc, int penclen); int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, - X509_ALGOR **pa, X509_PUBKEY *pub); + X509_ALGOR **pa, const X509_PUBKEY *pub); + int X509_PUBKEY_eq(X509_PUBKEY *a, X509_PUBKEY *b); =head1 DESCRIPTION @@ -81,6 +82,8 @@ parameters is not required it can be set to B. All of the retrieved pointers are internal and must not be freed after the call. +X509_PUBKEY_eq() compares two B values. + =head1 NOTES The B functions can be used to encode and decode public keys @@ -104,12 +107,18 @@ structure or B if an error occurs. X509_PUBKEY_set(), X509_PUBKEY_set0_param() and X509_PUBKEY_get0_param() return 1 for success and 0 if an error occurred. +X509_PUBKEY_eq() returns 1 for equal, 0 for different, and < 0 on error. + =head1 SEE ALSO L, L, L, +=head1 HISTORY + +The X509_PUBKEY_eq() function was added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h index aaf091f8a5..d3683649bc 100644 --- a/include/crypto/asn1.h +++ b/include/crypto/asn1.h @@ -19,7 +19,7 @@ struct evp_pkey_asn1_method_st { unsigned long pkey_flags; char *pem_str; char *info; - int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); + int (*pub_decode) (EVP_PKEY *pk, const X509_PUBKEY *pub); int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 0d5ce07f31..3d2e161549 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1306,7 +1306,7 @@ void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, int (*pub_decode) (EVP_PKEY *pk, - X509_PUBKEY *pub), + const X509_PUBKEY *pub), int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk), int (*pub_cmp) (const EVP_PKEY *a, diff --git a/include/openssl/x509.h b/include/openssl/x509.h index d709c53ced..b0e33d5286 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -519,8 +519,8 @@ DECLARE_ASN1_FUNCTIONS(X509_VAL) DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); -EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); -EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); +EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key); +EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key); int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); long X509_get_pathlen(X509 *x); DECLARE_ASN1_ENCODE_FUNCTIONS_only(EVP_PKEY, PUBKEY) @@ -1052,7 +1052,8 @@ int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, unsigned char *penc, int penclen); int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, - X509_ALGOR **pa, X509_PUBKEY *pub); + X509_ALGOR **pa, const X509_PUBKEY *pub); +int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b); int X509_check_trust(X509 *x, int id, int flags); int X509_TRUST_get_count(void); diff --git a/util/libcrypto.num b/util/libcrypto.num index aea01e55fa..724d5038de 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5094,3 +5094,4 @@ EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen ? 3_0_0 EXIST::FUNCTION:RSA EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md ? 3_0_0 EXIST::FUNCTION:RSA EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name ? 3_0_0 EXIST::FUNCTION:RSA OSSL_PROVIDER_do_all ? 3_0_0 EXIST::FUNCTION: +X509_PUBKEY_eq ? 3_0_0 EXIST::FUNCTION: From builds at travis-ci.org Tue May 26 08:36:59 2020 From: builds at travis-ci.org (Travis CI) Date: Tue, 26 May 2020 08:36:59 +0000 Subject: Failed: openssl/openssl#34979 (master - 93f99b6) In-Reply-To: Message-ID: <5eccd52b8e13b_13fd619e3261c5187e@travis-tasks-5b97994c5b-qsldg.mail> Build Update for openssl/openssl ------------------------------------- Build: #34979 Status: Failed Duration: 48 mins and 12 secs Commit: 93f99b6 (master) Author: Dr. David von Oheimb Message: Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it Fixes #11870 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11894) View the changeset: https://github.com/openssl/openssl/compare/5606922c3d2e...93f99b681ab5 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691209277?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue May 26 10:54:53 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 26 May 2020 10:54:53 +0000 Subject: Build failed: openssl master.34424 Message-ID: <20200526105453.1.CCB1A09B7579C99F@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue May 26 11:41:45 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 26 May 2020 11:41:45 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1590493305.018821.24751.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 9c47a3386d Fix coverity issues in EC after #11807 6e15b81c34 Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h 5e5bc836fb Re-introduce legacy EVP_PKEY types for provided keys aa2cb51da0 GOST external tests 712e8debb5 Fix the parameter types of the CRYPTO_EX_dup function type. 2de64666a0 Adjust length of some strncpy() calls e12813d0d3 Prevent use after free of global_engine_lock 4d55122ee7 Coverity 1463571: Null pointer dereferences (FORWARD_NULL) 3f17066f5d Coverity 1463574: Null pointer dereferences (REVERSE_INULL) e5cb3453fb Coverity 1463576: Error handling issues (CHECKED_RETURN) 084b7bec0f Coverity 1463258: Incorrect expression (EVALUATION_ORDER) Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=197, Tests=1986, 690 wallclock secs ( 7.81 usr 1.71 sys + 653.05 cusr 43.90 csys = 706.47 CPU) Result: FAIL Makefile:3060: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3058: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Tue May 26 13:38:20 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 26 May 2020 13:38:20 +0000 Subject: Build completed: openssl master.34425 Message-ID: <20200526133820.1.11A25342081BB567@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue May 26 14:02:52 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 26 May 2020 14:02:52 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1590501772.797670.20179.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 9c47a3386d Fix coverity issues in EC after #11807 6e15b81c34 Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h 5e5bc836fb Re-introduce legacy EVP_PKEY types for provided keys aa2cb51da0 GOST external tests 712e8debb5 Fix the parameter types of the CRYPTO_EX_dup function type. 2de64666a0 Adjust length of some strncpy() calls e12813d0d3 Prevent use after free of global_engine_lock 4d55122ee7 Coverity 1463571: Null pointer dereferences (FORWARD_NULL) 3f17066f5d Coverity 1463574: Null pointer dereferences (REVERSE_INULL) e5cb3453fb Coverity 1463576: Error handling issues (CHECKED_RETURN) 084b7bec0f Coverity 1463258: Incorrect expression (EVALUATION_ORDER) Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1988, 722 wallclock secs ( 8.12 usr 1.40 sys + 684.68 cusr 43.78 csys = 737.98 CPU) Result: FAIL Makefile:3079: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3077: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Tue May 26 14:18:31 2020 From: matt at openssl.org (Matt Caswell) Date: Tue, 26 May 2020 14:18:31 +0000 Subject: [web] master update Message-ID: <1590502711.794276.32513.nullmailer@dev.openssl.org> The branch master has been updated via b8cbeb50101d64690eeee8769827e8b03cc7c382 (commit) from a31146714fc598622c0439b595047fa0000782f0 (commit) - Log ----------------------------------------------------------------- commit b8cbeb50101d64690eeee8769827e8b03cc7c382 Author: Matt Caswell Date: Tue May 19 08:40:11 2020 +0100 Mention some blog posts in the newsflash file Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/178) ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 91573a2..6986755 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,7 +4,10 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item + +16-May-2020: New Blog post: OpenSSL 3.0 Alpha2 Release 15-May-2020: Alpha 2 of OpenSSL 3.0 is now available: please download and test it +12-May-2020: New Blog post: Security Policy Update on Prenotifications 23-Apr-2020: New Blog post: OpenSSL 3.0 Alpha1 Release 23-Apr-2020: Alpha 1 of OpenSSL 3.0 is now available: please download and test it 21-Apr-2020: Security Advisory: one high severity fix in SSL_check_chain() From openssl at openssl.org Tue May 26 16:06:26 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 26 May 2020 16:06:26 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1590509186.621287.13439.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 9c47a3386d Fix coverity issues in EC after #11807 6e15b81c34 Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h 5e5bc836fb Re-introduce legacy EVP_PKEY types for provided keys aa2cb51da0 GOST external tests 712e8debb5 Fix the parameter types of the CRYPTO_EX_dup function type. 2de64666a0 Adjust length of some strncpy() calls e12813d0d3 Prevent use after free of global_engine_lock 4d55122ee7 Coverity 1463571: Null pointer dereferences (FORWARD_NULL) 3f17066f5d Coverity 1463574: Null pointer dereferences (REVERSE_INULL) e5cb3453fb Coverity 1463576: Error handling issues (CHECKED_RETURN) 084b7bec0f Coverity 1463258: Incorrect expression (EVALUATION_ORDER) Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=197, Tests=1988, 722 wallclock secs ( 8.11 usr 1.50 sys + 682.44 cusr 44.83 csys = 736.88 CPU) Result: FAIL Makefile:3082: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3080: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Tue May 26 21:12:22 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 26 May 2020 21:12:22 +0000 Subject: Build failed: openssl master.34435 Message-ID: <20200526211222.1.E6866A34CF61DCDE@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue May 26 22:14:22 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 26 May 2020 22:14:22 +0000 Subject: Build completed: openssl master.34436 Message-ID: <20200526221422.1.2638F45137FB2289@appveyor.com> An HTML attachment was scrubbed... URL: From matthias.st.pierre at ncp-e.com Tue May 26 22:35:09 2020 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Tue, 26 May 2020 22:35:09 +0000 Subject: [openssl] master update Message-ID: <1590532509.697681.4086.nullmailer@dev.openssl.org> The branch master has been updated via e847085914476636d75ee1874b78e1c0e983da6e (commit) from 93f99b681ab5a1cf7062053323e09b0cad5ff854 (commit) - Log ----------------------------------------------------------------- commit e847085914476636d75ee1874b78e1c0e983da6e Author: Rich Salz Date: Thu May 21 17:21:27 2020 -0400 Clean up some doc nits Mostly "No items in =over/=back list" Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11902) ----------------------------------------------------------------------- Summary of changes: doc/man3/X509_get0_distinguishing_id.pod | 4 +++- doc/man7/EVP_MD-common.pod | 9 ++------- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/doc/man3/X509_get0_distinguishing_id.pod b/doc/man3/X509_get0_distinguishing_id.pod index 20a674104d..7db260cdce 100644 --- a/doc/man3/X509_get0_distinguishing_id.pod +++ b/doc/man3/X509_get0_distinguishing_id.pod @@ -21,7 +21,9 @@ The Distinguishing ID is defined in FIPS 196 as follows: =over 4 -I: information which unambiguously distinguishes +=item I + +Information which unambiguously distinguishes an entity in the authentication process. =back diff --git a/doc/man7/EVP_MD-common.pod b/doc/man7/EVP_MD-common.pod index 783844988b..58d8ed5641 100644 --- a/doc/man7/EVP_MD-common.pod +++ b/doc/man7/EVP_MD-common.pod @@ -7,11 +7,8 @@ EVP_MD-common - The OpenSSL EVP_MD implementations, common things =head1 DESCRIPTION All the OpenSSL EVP_MD implementations understand the following -L entries: - -=over 4 - -Gettable with L: +L entries that are +gettable with L, as well as these: =over 4 @@ -49,8 +46,6 @@ This value can also be retrieved with L. =back -=back - =head1 SEE ALSO L, L From matthias.st.pierre at ncp-e.com Tue May 26 23:33:47 2020 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Tue, 26 May 2020 23:33:47 +0000 Subject: [openssl] master update Message-ID: <1590536027.133144.26482.nullmailer@dev.openssl.org> The branch master has been updated via e978ab7894e966579fcd372d7cba9e051ba90150 (commit) from e847085914476636d75ee1874b78e1c0e983da6e (commit) - Log ----------------------------------------------------------------- commit e978ab7894e966579fcd372d7cba9e051ba90150 Author: Dr. Matthias St. Pierre Date: Sun May 10 02:42:58 2020 +0200 doc: fix trace category names The `ENGINE_CONF` and `PROVIDER_CONF` trace categories were merged into a single `CONF` category (see bc362b9b7202 and 71849dff56d6). Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11806) ----------------------------------------------------------------------- Summary of changes: doc/man1/openssl.pod | 4 ++-- doc/man3/OSSL_trace_set_channel.pod | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index 7170a98448..4bf1a00b0e 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -1298,9 +1298,9 @@ General SSL/TLS. SSL/TLS cipher. -=item B +=item B -ENGINE configuration. +Show details about provider and engine configuration. =item B diff --git a/doc/man3/OSSL_trace_set_channel.pod b/doc/man3/OSSL_trace_set_channel.pod index 1105479af2..57a5a1c8c9 100644 --- a/doc/man3/OSSL_trace_set_channel.pod +++ b/doc/man3/OSSL_trace_set_channel.pod @@ -178,9 +178,9 @@ point during evaluation. Traces BIGNUM context operations. -=item C +=item C -Traces the OSSL_PROVIDER configuration. +Traces details about the provider and engine configuration. =back From builds at travis-ci.org Tue May 26 23:42:33 2020 From: builds at travis-ci.org (Travis CI) Date: Tue, 26 May 2020 23:42:33 +0000 Subject: Still Failing: openssl/openssl#34995 (master - e847085) In-Reply-To: Message-ID: <5ecda96915f4c_13ffade57a95437392c@travis-tasks-5f44bd99b5-xb9ng.mail> Build Update for openssl/openssl ------------------------------------- Build: #34995 Status: Still Failing Duration: 47 mins and 57 secs Commit: e847085 (master) Author: Rich Salz Message: Clean up some doc nits Mostly "No items in =over/=back list" Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11902) View the changeset: https://github.com/openssl/openssl/compare/93f99b681ab5...e84708591447 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691515802?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed May 27 00:23:40 2020 From: builds at travis-ci.org (Travis CI) Date: Wed, 27 May 2020 00:23:40 +0000 Subject: Errored: openssl/openssl#34996 (master - e978ab7) In-Reply-To: Message-ID: <5ecdb30c136d7_13ffae39c426c421115@travis-tasks-5f44bd99b5-xb9ng.mail> Build Update for openssl/openssl ------------------------------------- Build: #34996 Status: Errored Duration: 49 mins and 24 secs Commit: e978ab7 (master) Author: Dr. Matthias St. Pierre Message: doc: fix trace category names The `ENGINE_CONF` and `PROVIDER_CONF` trace categories were merged into a single `CONF` category (see bc362b9b7202 and 71849dff56d6). Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11806) View the changeset: https://github.com/openssl/openssl/compare/e84708591447...e978ab7894e9 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691534918?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed May 27 01:25:43 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 27 May 2020 01:25:43 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1590542743.167358.17215.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression Build log ended with (last 100 lines): 65-test_cmp_msg.t .................. ok 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=198, Tests=1914, 724 wallclock secs ( 8.82 usr 1.42 sys + 676.66 cusr 45.63 csys = 732.53 CPU) Result: FAIL Makefile:3088: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3086: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed May 27 06:48:31 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 27 May 2020 06:48:31 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1590562111.953853.19281.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=198, Tests=1987, 725 wallclock secs ( 8.70 usr 1.52 sys + 671.58 cusr 45.61 csys = 727.41 CPU) Result: FAIL Makefile:3078: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3076: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed May 27 07:26:43 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 27 May 2020 07:26:43 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1590564403.157691.27266.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression From no-reply at appveyor.com Wed May 27 07:36:26 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 27 May 2020 07:36:26 +0000 Subject: Build failed: openssl master.34446 Message-ID: <20200527073626.1.85D3C0258822F4E3@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed May 27 08:24:14 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 27 May 2020 08:24:14 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ec Message-ID: <1590567854.911278.27878.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression From no-reply at appveyor.com Wed May 27 08:40:36 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 27 May 2020 08:40:36 +0000 Subject: Build completed: openssl OpenSSL_1_1_1-stable.34447 Message-ID: <20200527084036.1.525716A1C72EB2A0@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed May 27 10:43:19 2020 From: levitte at openssl.org (Richard Levitte) Date: Wed, 27 May 2020 10:43:19 +0000 Subject: [openssl] master update Message-ID: <1590576199.997754.14221.nullmailer@dev.openssl.org> The branch master has been updated via f7f53d7d61bba235b8babf4cf580114d74183e3e (commit) from e978ab7894e966579fcd372d7cba9e051ba90150 (commit) - Log ----------------------------------------------------------------- commit f7f53d7d61bba235b8babf4cf580114d74183e3e Author: Richard Levitte Date: Tue May 26 10:05:01 2020 +0200 PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP Fixes #11904 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11959) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_local.h | 7 ------- include/crypto/rsa.h | 7 +++++++ providers/implementations/asymciphers/rsa_enc.c | 12 +++++++----- 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index f94fc79cdd..65fd6022f7 100644 --- a/crypto/rsa/rsa_local.h +++ b/crypto/rsa/rsa_local.h @@ -187,12 +187,5 @@ int rsa_padding_add_PKCS1_type_2_with_libctx(OPENSSL_CTX *libctx, unsigned char *to, int tlen, const unsigned char *from, int flen); -int rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(OPENSSL_CTX *libctx, - unsigned char *to, int tlen, - const unsigned char *from, - int flen, - const unsigned char *param, - int plen, const EVP_MD *md, - const EVP_MD *mgf1md); #endif /* OSSL_CRYPTO_RSA_LOCAL_H */ diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h index 6f32ec422f..5d7a6e515d 100644 --- a/include/crypto/rsa.h +++ b/include/crypto/rsa.h @@ -69,6 +69,13 @@ int rsa_padding_check_PKCS1_type_2_TLS(OPENSSL_CTX *ctx, unsigned char *to, size_t tlen, const unsigned char *from, size_t flen, int client_version, int alt_version); +int rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(OPENSSL_CTX *libctx, + unsigned char *to, int tlen, + const unsigned char *from, + int flen, + const unsigned char *param, + int plen, const EVP_MD *md, + const EVP_MD *mgf1md); int rsa_validate_public(const RSA *key); int rsa_validate_private(const RSA *key); diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c index 1f9ded4a65..db89de8a26 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -138,11 +138,13 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, PROVerr(0, ERR_R_INTERNAL_ERROR); return 0; } - ret = RSA_padding_add_PKCS1_OAEP_mgf1(tbuf, rsasize, in, inlen, - prsactx->oaep_label, - prsactx->oaep_labellen, - prsactx->oaep_md, - prsactx->mgf1_md); + ret = + rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(prsactx->libctx, tbuf, + rsasize, in, inlen, + prsactx->oaep_label, + prsactx->oaep_labellen, + prsactx->oaep_md, + prsactx->mgf1_md); if (!ret) { OPENSSL_free(tbuf); From openssl at openssl.org Wed May 27 11:15:44 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 27 May 2020 11:15:44 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1590578144.125877.20599.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression Build log ended with (last 100 lines): 65-test_cmp_msg.t .................. ok 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=198, Tests=1914, 696 wallclock secs ( 7.98 usr 1.37 sys + 661.45 cusr 42.61 csys = 713.41 CPU) Result: FAIL Makefile:3092: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3090: recipe for target 'tests' failed make: *** [tests] Error 2 From tmraz at fedoraproject.org Wed May 27 11:19:45 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Wed, 27 May 2020 11:19:45 +0000 Subject: [openssl] master update Message-ID: <1590578385.818341.2016.nullmailer@dev.openssl.org> The branch master has been updated via 9e3c510bde91350c5a40b7ba4e9e0945895e9368 (commit) from f7f53d7d61bba235b8babf4cf580114d74183e3e (commit) - Log ----------------------------------------------------------------- commit 9e3c510bde91350c5a40b7ba4e9e0945895e9368 Author: FdaSilvaYY Date: Wed Jun 12 19:52:39 2019 +0200 crypto/cms: add CAdES-BES signed attributes validation for signing certificate V2 and signing certificate extensions. CAdES: lowercase name for now internal methods. crypto/cms: generated file changes. Add some CHANGES entries. [extended tests] Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8098) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 9 +++ apps/cms.c | 13 ++++- crypto/cms/cms_err.c | 4 ++ crypto/cms/cms_ess.c | 92 +++++++++++++++++++++++++---- crypto/cms/cms_local.h | 3 + crypto/cms/cms_smime.c | 43 +++++++++++--- crypto/err/openssl.txt | 4 ++ crypto/ess/build.info | 9 ++- crypto/ess/ess_asn1.c | 62 +++++++++++++++++++- crypto/ess/ess_err.c | 2 +- crypto/ess/ess_lib.c | 98 +++++++++++++++++++++++++++++-- crypto/ts/ts_rsp_verify.c | 93 ++---------------------------- doc/man1/openssl-cms.pod.in | 10 ++-- doc/man3/CMS_verify.pod | 10 +++- include/crypto/cms.h | 10 +++- include/crypto/ess.h | 6 +- include/openssl/cmserr.h | 4 ++ include/openssl/esserr.h | 3 +- test/recipes/80-test_cms.t | 137 ++++++++++++++++++++++++++++++++++++-------- 19 files changed, 462 insertions(+), 150 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index eb8659e9cf..10fd8d541d 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,15 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Add CAdES-BES signature verification support, mostly derived + from ESSCertIDv2 TS (RFC 5816) contribution by Marek Klein. + + *Filipe Raimundo da Silva* + + * Add CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API. + + *Antonio Iacono* + * Deprecated EC_POINT_make_affine() and EC_POINTs_make_affine(). These functions are not widely used and now OpenSSL automatically perform this conversion when needed. diff --git a/apps/cms.c b/apps/cms.c index 6b5577ecee..445fec5388 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -670,12 +670,18 @@ int cms_main(int argc, char **argv) goto opthelp; } - if (flags & CMS_CADES) { - if (flags & CMS_NOATTR) { + if ((flags & CMS_CADES) != 0) { + if ((flags & CMS_NOATTR) != 0) { BIO_puts(bio_err, "Incompatible options: " "CAdES required signed attributes\n"); goto opthelp; } + if (operation == SMIME_VERIFY + && (flags & (CMS_NO_SIGNER_CERT_VERIFY | CMS_NO_ATTR_VERIFY)) != 0) { + BIO_puts(bio_err, "Incompatible options: CAdES validation require" + " certs and signed attributes validations\n"); + goto opthelp; + } } if (operation & SMIME_SIGNERS) { @@ -1115,7 +1121,8 @@ int cms_main(int argc, char **argv) goto end; } else if (operation == SMIME_VERIFY) { if (CMS_verify(cms, other, store, indata, out, flags) > 0) { - BIO_printf(bio_err, "Verification successful\n"); + BIO_printf(bio_err, "%s Verification successful\n", + (flags & CMS_CADES) ? "CAdES" : "CMS"); } else { BIO_printf(bio_err, "Verification failure\n"); if (verify_retcode) diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c index 526d77357e..16e25afc7f 100644 --- a/crypto/cms/cms_err.c +++ b/crypto/cms/cms_err.c @@ -52,6 +52,10 @@ static const ERR_STRING_DATA CMS_str_reasons[] = { {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO), "error setting recipientinfo"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ESS_NO_SIGNING_CERTID_ATTRIBUTE), + "ess no signing certid attribute"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR), + "ess signing certid mismatch error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH), "invalid encrypted key length"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER), diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index 3901074033..e3604f7db8 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -21,6 +21,9 @@ DEFINE_STACK_OF(GENERAL_NAMES) DEFINE_STACK_OF(CMS_SignerInfo) +DEFINE_STACK_OF(ESS_CERT_ID) +DEFINE_STACK_OF(ESS_CERT_ID_V2) +DEFINE_STACK_OF(X509) IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest) @@ -29,33 +32,100 @@ IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest) int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr) { ASN1_STRING *str; - CMS_ReceiptRequest *rr = NULL; - if (prr) + CMS_ReceiptRequest *rr; + ASN1_OBJECT *obj = OBJ_nid2obj(NID_id_smime_aa_receiptRequest); + + if (prr != NULL) *prr = NULL; - str = CMS_signed_get0_data_by_OBJ(si, - OBJ_nid2obj - (NID_id_smime_aa_receiptRequest), -3, - V_ASN1_SEQUENCE); - if (!str) + str = CMS_signed_get0_data_by_OBJ(si, obj, -3, V_ASN1_SEQUENCE); + if (str == NULL) return 0; rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest)); - if (!rr) + if (rr == NULL) return -1; - if (prr) + if (prr != NULL) *prr = rr; else CMS_ReceiptRequest_free(rr); return 1; } +/* + First, get the ESS_SIGNING_CERT(V2) signed attribute from |si|. + Then check matching of each cert of trust |chain| with one of + the |cert_ids|(Hash+IssuerID) list from this ESS_SIGNING_CERT. + Derived from ts_check_signing_certs() +*/ +int ess_check_signing_certs(CMS_SignerInfo *si, STACK_OF(X509) *chain) +{ + ESS_SIGNING_CERT *ss = NULL; + ESS_SIGNING_CERT_V2 *ssv2 = NULL; + X509 *cert; + int i = 0, ret = 0; + + if (cms_signerinfo_get_signing_cert(si, &ss) > 0 && ss->cert_ids != NULL) { + STACK_OF(ESS_CERT_ID) *cert_ids = ss->cert_ids; + + cert = sk_X509_value(chain, 0); + if (ess_find_cert(cert_ids, cert) != 0) + goto err; + + /* + * Check the other certificates of the chain. + * Fail if no signing certificate ids found for each certificate. + */ + if (sk_ESS_CERT_ID_num(cert_ids) > 1) { + /* for each chain cert, try to find its cert id */ + for (i = 1; i < sk_X509_num(chain); ++i) { + cert = sk_X509_value(chain, i); + if (ess_find_cert(cert_ids, cert) < 0) + goto err; + } + } + } else if (cms_signerinfo_get_signing_cert_v2(si, &ssv2) > 0 + && ssv2->cert_ids!= NULL) { + STACK_OF(ESS_CERT_ID_V2) *cert_ids_v2 = ssv2->cert_ids; + + cert = sk_X509_value(chain, 0); + if (ess_find_cert_v2(cert_ids_v2, cert) != 0) + goto err; + + /* + * Check the other certificates of the chain. + * Fail if no signing certificate ids found for each certificate. + */ + if (sk_ESS_CERT_ID_V2_num(cert_ids_v2) > 1) { + /* for each chain cert, try to find its cert id */ + for (i = 1; i < sk_X509_num(chain); ++i) { + cert = sk_X509_value(chain, i); + if (ess_find_cert_v2(cert_ids_v2, cert) < 0) + goto err; + } + } + } else { + CMSerr(CMS_F_ESS_CHECK_SIGNING_CERTS, + CMS_R_ESS_NO_SIGNING_CERTID_ATTRIBUTE); + return 0; + } + ret = 1; + err: + if (!ret) + CMSerr(CMS_F_ESS_CHECK_SIGNING_CERTS, + CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR); + + ESS_SIGNING_CERT_free(ss); + ESS_SIGNING_CERT_V2_free(ssv2); + return ret; +} + CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo) { - CMS_ReceiptRequest *rr = NULL; + CMS_ReceiptRequest *rr; rr = CMS_ReceiptRequest_new(); if (rr == NULL) @@ -145,6 +215,7 @@ static int cms_msgSigDigest(CMS_SignerInfo *si, unsigned char *dig, unsigned int *diglen) { const EVP_MD *md; + md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); if (md == NULL) return 0; @@ -160,6 +231,7 @@ int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src) { unsigned char dig[EVP_MAX_MD_SIZE]; unsigned int diglen; + if (!cms_msgSigDigest(src, dig, &diglen)) { CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR); return 0; diff --git a/crypto/cms/cms_local.h b/crypto/cms/cms_local.h index 00ea9006c8..68c885622b 100644 --- a/crypto/cms/cms_local.h +++ b/crypto/cms/cms_local.h @@ -421,6 +421,9 @@ int cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, CMS_RecipientInfo * /* SignerInfo routines */ int CMS_si_check_attributes(const CMS_SignerInfo *si); +/* ESS routines */ +int ess_check_signing_certs(CMS_SignerInfo *si, STACK_OF(X509) *chain); + DECLARE_ASN1_ITEM(CMS_CertificateChoices) DECLARE_ASN1_ITEM(CMS_DigestedData) DECLARE_ASN1_ITEM(CMS_EncryptedData) diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index dbdc815e97..a83edce0f7 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -233,7 +233,8 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, X509_STORE *store, STACK_OF(X509) *certs, - STACK_OF(X509_CRL) *crls) + STACK_OF(X509_CRL) *crls, + STACK_OF(X509) **chain) { X509_STORE_CTX *ctx = X509_STORE_CTX_new(); X509 *signer; @@ -262,6 +263,10 @@ static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, goto err; } r = 1; + + /* also send back the trust chain when required */ + if (chain != NULL) + *chain = X509_STORE_CTX_get1_chain(ctx); err: X509_STORE_CTX_free(ctx); return r; @@ -275,9 +280,11 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, STACK_OF(CMS_SignerInfo) *sinfos; STACK_OF(X509) *cms_certs = NULL; STACK_OF(X509_CRL) *crls = NULL; + STACK_OF(X509) **si_chains = NULL; X509 *signer; int i, scount = 0, ret = 0; BIO *cmsbio = NULL, *tmpin = NULL, *tmpout = NULL; + int cadesVerify = (flags & CMS_CADES) != 0; if (!dcont && !check_content(cms)) return 0; @@ -312,27 +319,44 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, } /* Attempt to verify all signers certs */ - - if (!(flags & CMS_NO_SIGNER_CERT_VERIFY)) { + /* at this point scount == sk_CMS_SignerInfo_num(sinfos) */ + + if ((flags & CMS_NO_SIGNER_CERT_VERIFY) == 0 || cadesVerify) { + if (cadesVerify) { + /* Certificate trust chain is required to check CAdES signature */ + si_chains = OPENSSL_zalloc(scount * sizeof(si_chains[0])); + if (si_chains == NULL) { + CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } + } cms_certs = CMS_get1_certs(cms); if (!(flags & CMS_NOCRL)) crls = CMS_get1_crls(cms); - for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { + for (i = 0; i < scount; i++) { si = sk_CMS_SignerInfo_value(sinfos, i); - if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls)) + + if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls, + si_chains ? &si_chains[i] : NULL)) goto err; } } /* Attempt to verify all SignerInfo signed attribute signatures */ - if (!(flags & CMS_NO_ATTR_VERIFY)) { - for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { + if ((flags & CMS_NO_ATTR_VERIFY) == 0 || cadesVerify) { + for (i = 0; i < scount; i++) { si = sk_CMS_SignerInfo_value(sinfos, i); if (CMS_signed_get_attr_count(si) < 0) continue; if (CMS_SignerInfo_verify(si) <= 0) goto err; + if (cadesVerify) { + STACK_OF(X509) *si_chain = si_chains ? si_chains[i] : NULL; + + if (ess_check_signing_certs(si, si_chain) <= 0) + goto err; + } } } @@ -420,6 +444,11 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, BIO_free_all(tmpout); err2: + if (si_chains != NULL) { + for (i = 0; i < scount; ++i) + sk_X509_pop_free(si_chains[i], X509_free); + OPENSSL_free(si_chains); + } sk_X509_pop_free(cms_certs, X509_free); sk_X509_CRL_pop_free(crls, X509_CRL_free); diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 1b2c94b0a2..8afc67e747 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -320,6 +320,7 @@ CMS_F_CMS_SET_DETACHED:147:CMS_set_detached CMS_F_CMS_SIGN:148:CMS_sign CMS_F_CMS_SIGNED_DATA_INIT:149:cms_signed_data_init CMS_F_CMS_SIGNERINFO_CONTENT_SIGN:150:cms_SignerInfo_content_sign +CMS_F_CMS_SIGNERINFO_GET_CHAIN:184:cms_signerinfo_get_chain CMS_F_CMS_SIGNERINFO_SIGN:151:CMS_SignerInfo_sign CMS_F_CMS_SIGNERINFO_VERIFY:152:CMS_SignerInfo_verify CMS_F_CMS_SIGNERINFO_VERIFY_CERT:153:cms_signerinfo_verify_cert @@ -329,6 +330,7 @@ CMS_F_CMS_SI_CHECK_ATTRIBUTES:183:CMS_si_check_attributes CMS_F_CMS_STREAM:155:CMS_stream CMS_F_CMS_UNCOMPRESS:156:CMS_uncompress CMS_F_CMS_VERIFY:157:CMS_verify +CMS_F_ESS_CHECK_SIGNING_CERTS:185:ess_check_signing_certs CMS_F_KEK_UNWRAP_KEY:180:kek_unwrap_key COMP_F_BIO_ZLIB_FLUSH:99:bio_zlib_flush COMP_F_BIO_ZLIB_NEW:100:bio_zlib_new @@ -2188,6 +2190,8 @@ CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE:114:\ error reading messagedigest attribute CMS_R_ERROR_SETTING_KEY:115:error setting key CMS_R_ERROR_SETTING_RECIPIENTINFO:116:error setting recipientinfo +CMS_R_ESS_NO_SIGNING_CERTID_ATTRIBUTE:182:ess no signing certid attribute +CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR:183:ess signing certid mismatch error CMS_R_INVALID_ENCRYPTED_KEY_LENGTH:117:invalid encrypted key length CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER:176:invalid key encryption parameter CMS_R_INVALID_KEY_LENGTH:118:invalid key length diff --git a/crypto/ess/build.info b/crypto/ess/build.info index 24fcecc8f5..fa2bc41d08 100644 --- a/crypto/ess/build.info +++ b/crypto/ess/build.info @@ -1,3 +1,8 @@ LIBS=../../libcrypto -SOURCE[../../libcrypto]= \ - ess_lib.c ess_asn1.c ess_err.c + +IF[{- !$disabled{'cms'} and !$disabled{'ts'} -}] + SOURCE[../../libcrypto]= ess_lib.c +ENDIF + +SOURCE[../../libcrypto]= ess_asn1.c ess_err.c + diff --git a/crypto/ess/ess_asn1.c b/crypto/ess/ess_asn1.c index 19589d97f3..a8d13a3a20 100644 --- a/crypto/ess/ess_asn1.c +++ b/crypto/ess/ess_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,9 +9,11 @@ #include #include +#include #include #include #include "crypto/ess.h" +#include "crypto/cms.h" /* ASN1 stuff for ESS Structure */ @@ -55,3 +57,61 @@ ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { IMPLEMENT_ASN1_FUNCTIONS(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2) + +/* No cms support means no CMS_SignerInfo* definitions */ +#ifndef OPENSSL_NO_CMS + +/* + * Returns < 0 if attribute is not found, 1 if found, or + * -1 on attribute parsing failure. + */ +int cms_signerinfo_get_signing_cert_v2(CMS_SignerInfo *si, + ESS_SIGNING_CERT_V2 **psc) +{ + ASN1_STRING *str; + ESS_SIGNING_CERT_V2 *sc; + ASN1_OBJECT *obj = OBJ_nid2obj(NID_id_smime_aa_signingCertificateV2); + + if (psc != NULL) + *psc = NULL; + str = CMS_signed_get0_data_by_OBJ(si, obj, -3, V_ASN1_SEQUENCE); + if (str == NULL) + return 0; + + sc = ASN1_item_unpack(str, ASN1_ITEM_rptr(ESS_SIGNING_CERT_V2)); + if (sc == NULL) + return -1; + if (psc != NULL) + *psc = sc; + else + ESS_SIGNING_CERT_V2_free(sc); + return 1; +} + +/* + * Returns < 0 if attribute is not found, 1 if found, or + * -1 on attribute parsing failure. + */ +int cms_signerinfo_get_signing_cert(CMS_SignerInfo *si, + ESS_SIGNING_CERT **psc) +{ + ASN1_STRING *str; + ESS_SIGNING_CERT *sc; + ASN1_OBJECT *obj = OBJ_nid2obj(NID_id_smime_aa_signingCertificate); + + if (psc != NULL) + *psc = NULL; + str = CMS_signed_get0_data_by_OBJ(si, obj, -3, V_ASN1_SEQUENCE); + if (str == NULL) + return 0; + + sc = ASN1_item_unpack(str, ASN1_ITEM_rptr(ESS_SIGNING_CERT)); + if (sc == NULL) + return -1; + if (psc != NULL) + *psc = sc; + else + ESS_SIGNING_CERT_free(sc); + return 1; +} +#endif /* !OPENSSL_NO_CMS */ diff --git a/crypto/ess/ess_err.c b/crypto/ess/ess_err.c index b494aa246f..6547645fea 100644 --- a/crypto/ess/ess_err.c +++ b/crypto/ess/ess_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c index 9d9defa9d7..17f9db98ff 100644 --- a/crypto/ess/ess_lib.c +++ b/crypto/ess/ess_lib.c @@ -15,8 +15,8 @@ DEFINE_STACK_OF(ESS_CERT_ID) DEFINE_STACK_OF(ESS_CERT_ID_V2) -DEFINE_STACK_OF(X509) DEFINE_STACK_OF(GENERAL_NAME) +DEFINE_STACK_OF(X509) static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed); static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg, @@ -61,9 +61,12 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) unsigned char cert_sha1[SHA_DIGEST_LENGTH]; /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(cert, -1, 0); + if (!X509v3_cache_extensions(cert, NULL, NULL)) + return NULL; + if ((cid = ESS_CERT_ID_new()) == NULL) goto err; + /* TODO(3.0): fetch sha1 algorithm from providers */ if (!X509_digest(cert, EVP_sha1(), cert_sha1, NULL)) goto err; if (!ASN1_OCTET_STRING_set(cid->hash, cert_sha1, SHA_DIGEST_LENGTH)) @@ -85,8 +88,8 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) goto err; name = NULL; /* Ownership is lost. */ ASN1_INTEGER_free(cid->issuer_serial->serial); - if (!(cid->issuer_serial->serial = - ASN1_INTEGER_dup(X509_get_serialNumber(cert)))) + if ((cid->issuer_serial->serial = + ASN1_INTEGER_dup(X509_get_serialNumber(cert))) == NULL) goto err; return cid; @@ -159,6 +162,7 @@ static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg, cid->hash_alg = NULL; } + /* TODO(3.0): fetch sha1 algorithm from providers */ if (!X509_digest(cert, hash_alg, hash, &hash_len)) goto err; @@ -196,8 +200,9 @@ ESS_SIGNING_CERT *ESS_SIGNING_CERT_get(PKCS7_SIGNER_INFO *si) { ASN1_TYPE *attr; const unsigned char *p; + attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate); - if (!attr) + if (attr == NULL) return NULL; p = attr->value.sequence->data; return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); @@ -273,3 +278,86 @@ int ESS_SIGNING_CERT_V2_add(PKCS7_SIGNER_INFO *si, OPENSSL_free(pp); return 0; } + +static int ess_issuer_serial_cmp(const ESS_ISSUER_SERIAL *is, const X509 *cert) +{ + GENERAL_NAME *issuer; + + if (is == NULL || cert == NULL || sk_GENERAL_NAME_num(is->issuer) != 1) + return -1; + + issuer = sk_GENERAL_NAME_value(is->issuer, 0); + if (issuer->type != GEN_DIRNAME + || X509_NAME_cmp(issuer->d.dirn, X509_get_issuer_name(cert)) != 0) + return -1; + + return ASN1_INTEGER_cmp(is->serial, X509_get0_serialNumber(cert)); +} + +/* Returns < 0 if certificate is not found, certificate index otherwise. */ +int ess_find_cert(const STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) +{ + int i; + unsigned char cert_sha1[SHA_DIGEST_LENGTH]; + + if (cert_ids == NULL || cert == NULL) + return -1; + + /* Recompute SHA1 hash of certificate if necessary (side effect). */ + if (!X509v3_cache_extensions(cert, NULL, NULL)) + return -1; + + /* TODO(3.0): fetch sha1 algorithm from providers */ + if (!X509_digest(cert, EVP_sha1(), cert_sha1, NULL)) + return -1; + + /* Look for cert in the cert_ids vector. */ + for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) { + const ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i); + + if (cid->hash->length == SHA_DIGEST_LENGTH + && memcmp(cid->hash->data, cert_sha1, SHA_DIGEST_LENGTH) == 0) { + const ESS_ISSUER_SERIAL *is = cid->issuer_serial; + + if (is == NULL || ess_issuer_serial_cmp(is, cert) == 0) + return i; + } + } + + return -1; +} + +/* Returns < 0 if certificate is not found, certificate index otherwise. */ +int ess_find_cert_v2(const STACK_OF(ESS_CERT_ID_V2) *cert_ids, const X509 *cert) +{ + int i; + unsigned char cert_digest[EVP_MAX_MD_SIZE]; + unsigned int len; + + /* Look for cert in the cert_ids vector. */ + for (i = 0; i < sk_ESS_CERT_ID_V2_num(cert_ids); ++i) { + const ESS_CERT_ID_V2 *cid = sk_ESS_CERT_ID_V2_value(cert_ids, i); + const EVP_MD *md; + + if (cid != NULL && cid->hash_alg != NULL) + md = EVP_get_digestbyobj(cid->hash_alg->algorithm); + else + md = EVP_sha256(); + + /* TODO(3.0): fetch sha1 algorithm from providers */ + if (!X509_digest(cert, md, cert_digest, &len)) + return -1; + + if (cid->hash->length != (int)len) + return -1; + + if (memcmp(cid->hash->data, cert_digest, cid->hash->length) == 0) { + const ESS_ISSUER_SERIAL *is = cid->issuer_serial; + + if (is == NULL || ess_issuer_serial_cmp(is, cert) == 0) + return i; + } + } + + return -1; +} diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index b872f75bea..c909b211d4 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -26,8 +26,7 @@ static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer, STACK_OF(X509) **chain); static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain); -static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert); -static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert); + static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token, TS_TST_INFO *tst_info); static int ts_check_status_info(TS_RESP *response); @@ -44,7 +43,6 @@ static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info); static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer); static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name); -static int ts_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert); /* * This must be large enough to hold all values in ts_status_text (with @@ -218,7 +216,7 @@ static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si, if (ss != NULL) { cert_ids = ss->cert_ids; cert = sk_X509_value(chain, 0); - if (ts_find_cert(cert_ids, cert) != 0) + if (ess_find_cert(cert_ids, cert) != 0) goto err; /* @@ -228,14 +226,14 @@ static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si, if (sk_ESS_CERT_ID_num(cert_ids) > 1) { for (i = 1; i < sk_X509_num(chain); ++i) { cert = sk_X509_value(chain, i); - if (ts_find_cert(cert_ids, cert) < 0) + if (ess_find_cert(cert_ids, cert) < 0) goto err; } } } else if (ssv2 != NULL) { cert_ids_v2 = ssv2->cert_ids; cert = sk_X509_value(chain, 0); - if (ts_find_cert_v2(cert_ids_v2, cert) != 0) + if (ess_find_cert_v2(cert_ids_v2, cert) != 0) goto err; /* @@ -245,7 +243,7 @@ static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si, if (sk_ESS_CERT_ID_V2_num(cert_ids_v2) > 1) { for (i = 1; i < sk_X509_num(chain); ++i) { cert = sk_X509_value(chain, i); - if (ts_find_cert_v2(cert_ids_v2, cert) < 0) + if (ess_find_cert_v2(cert_ids_v2, cert) < 0) goto err; } } @@ -263,87 +261,6 @@ static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si, return ret; } -/* Returns < 0 if certificate is not found, certificate index otherwise. */ -static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) -{ - int i; - unsigned char cert_sha1[SHA_DIGEST_LENGTH]; - - if (!cert_ids || !cert) - return -1; - - /* Recompute SHA1 hash of certificate if necessary (side effect). */ - X509_check_purpose(cert, -1, 0); - - if (!X509_digest(cert, EVP_sha1(), cert_sha1, NULL)) - return -1; - - /* Look for cert in the cert_ids vector. */ - for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) { - ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i); - - if (cid->hash->length == SHA_DIGEST_LENGTH - && memcmp(cid->hash->data, cert_sha1, SHA_DIGEST_LENGTH) == 0) { - ESS_ISSUER_SERIAL *is = cid->issuer_serial; - if (!is || !ts_issuer_serial_cmp(is, cert)) - return i; - } - } - - return -1; -} - -/* Returns < 0 if certificate is not found, certificate index otherwise. */ -static int ts_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert) -{ - int i; - unsigned char cert_digest[EVP_MAX_MD_SIZE]; - unsigned int len; - - /* Look for cert in the cert_ids vector. */ - for (i = 0; i < sk_ESS_CERT_ID_V2_num(cert_ids); ++i) { - ESS_CERT_ID_V2 *cid = sk_ESS_CERT_ID_V2_value(cert_ids, i); - const EVP_MD *md; - - if (cid->hash_alg != NULL) - md = EVP_get_digestbyobj(cid->hash_alg->algorithm); - else - md = EVP_sha256(); - - if (!X509_digest(cert, md, cert_digest, &len)) - return -1; - if (cid->hash->length != (int)len) - return -1; - - if (memcmp(cid->hash->data, cert_digest, cid->hash->length) == 0) { - ESS_ISSUER_SERIAL *is = cid->issuer_serial; - - if (is == NULL || !ts_issuer_serial_cmp(is, cert)) - return i; - } - } - - return -1; -} - -static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert) -{ - GENERAL_NAME *issuer; - - if (!is || !cert || sk_GENERAL_NAME_num(is->issuer) != 1) - return -1; - - issuer = sk_GENERAL_NAME_value(is->issuer, 0); - if (issuer->type != GEN_DIRNAME - || X509_NAME_cmp(issuer->d.dirn, X509_get_issuer_name(cert))) - return -1; - - if (ASN1_INTEGER_cmp(is->serial, X509_get_serialNumber(cert))) - return -1; - - return 0; -} - /*- * Verifies whether 'response' contains a valid response with regards * to the settings of the context: diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in index 375d358703..5ef1219a2e 100644 --- a/doc/man1/openssl-cms.pod.in +++ b/doc/man1/openssl-cms.pod.in @@ -569,7 +569,8 @@ Message-digest of the eContent OCTET STRING within encapContentInfo being signed =item * -An ESS signing-certificate or ESS signing-certificate-v2 attribute, as defined in Enhanced Security Services (ESS), RFC 2634 and RFC 5035. +An ESS signing-certificate or ESS signing-certificate-v2 attribute, as defined +in Enhanced Security Services (ESS), RFC 2634 and RFC 5035. An ESS signing-certificate attribute only allows for the use of SHA-1 as a digest algorithm. An ESS signing-certificate-v2 attribute allows for the use of any digest algorithm. @@ -577,9 +578,10 @@ An ESS signing-certificate-v2 attribute allows for the use of any digest algorit The digital signature value computed on the user data and, when present, on the signed attributes. -Note that currently the B<-cades> option applies only to the B<-sign> operation and is ignored during -the B<-verify> operation, i.e. the signing certification is not checked during the verification process. -This feature might be added in a future version. +NOTE that the B<-cades> option applies to the B<-sign> or B<-verify> operations. +With this option, the B<-verify> operation also checks that the signing-certificates +attribute is present, and its value matches the verification trust chain built +during the verification process. =back diff --git a/doc/man3/CMS_verify.pod b/doc/man3/CMS_verify.pod index 159c378b0e..ed289b1aff 100644 --- a/doc/man3/CMS_verify.pod +++ b/doc/man3/CMS_verify.pod @@ -66,10 +66,14 @@ from the content. If the content is not of type B then an error is returned. If B is set the signing certificates are not -verified. +verified, unless CMS_CADES flag is also set. If B is set the signed attributes signature is not -verified. +verified, unless CMS_CADES flag is also set. + +If B is set, each signer certificate is checked against the +"ESS signing-certificate" extension added in the signed attributes of the +signature. If B is set then the content digest is not checked. @@ -122,7 +126,7 @@ L, L =head1 COPYRIGHT -Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/crypto/cms.h b/include/crypto/cms.h index c630991d68..67263fa886 100644 --- a/include/crypto/cms.h +++ b/include/crypto/cms.h @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,7 +7,15 @@ * https://www.openssl.org/source/license.html */ +#ifndef OPENSSL_NO_CMS + /* internal CMS-ESS related stuff */ int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc); int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc); + +int cms_signerinfo_get_signing_cert_v2(CMS_SignerInfo *si, + ESS_SIGNING_CERT_V2 **psc); +int cms_signerinfo_get_signing_cert(CMS_SignerInfo *si, + ESS_SIGNING_CERT **psc); +#endif diff --git a/include/crypto/ess.h b/include/crypto/ess.h index ac6c5c61d7..6ae9a8180b 100644 --- a/include/crypto/ess.h +++ b/include/crypto/ess.h @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,6 +24,10 @@ ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new_init(const EVP_MD *hash_alg, STACK_OF(X509) *certs, int issuer_needed); +/* Returns < 0 if certificate is not found, certificate index otherwise. */ +int ess_find_cert_v2(const STACK_OF(ESS_CERT_ID_V2) *cert_ids, const X509 *cert); +int ess_find_cert(const STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert); + /*- * IssuerSerial ::= SEQUENCE { * issuer GeneralNames, diff --git a/include/openssl/cmserr.h b/include/openssl/cmserr.h index 6cff785caa..97704bfa52 100644 --- a/include/openssl/cmserr.h +++ b/include/openssl/cmserr.h @@ -109,6 +109,7 @@ int ERR_load_CMS_strings(void); # define CMS_F_CMS_SIGN 0 # define CMS_F_CMS_SIGNED_DATA_INIT 0 # define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 0 +# define CMS_F_CMS_SIGNERINFO_GET_CHAIN 0 # define CMS_F_CMS_SIGNERINFO_SIGN 0 # define CMS_F_CMS_SIGNERINFO_VERIFY 0 # define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 0 @@ -118,6 +119,7 @@ int ERR_load_CMS_strings(void); # define CMS_F_CMS_STREAM 0 # define CMS_F_CMS_UNCOMPRESS 0 # define CMS_F_CMS_VERIFY 0 +# define CMS_F_ESS_CHECK_SIGNING_CERTS 0 # define CMS_F_KEK_UNWRAP_KEY 0 # endif @@ -147,6 +149,8 @@ int ERR_load_CMS_strings(void); # define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 # define CMS_R_ERROR_SETTING_KEY 115 # define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +# define CMS_R_ESS_NO_SIGNING_CERTID_ATTRIBUTE 182 +# define CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR 183 # define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 # define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 # define CMS_R_INVALID_KEY_LENGTH 118 diff --git a/include/openssl/esserr.h b/include/openssl/esserr.h index 8befce5c48..ff3c3d3d95 100644 --- a/include/openssl/esserr.h +++ b/include/openssl/esserr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,7 @@ #ifndef OPENSSL_ESSERR_H # define OPENSSL_ESSERR_H +# pragma once # include # include diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index db2fce650d..76342481fb 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -30,7 +30,7 @@ my $smcont = srctop_file("test", "smcont.txt"); my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) = disabled qw/des dh dsa ec ec2m rc2 zlib/; -plan tests => 7; +plan tests => 10; my @smime_pkcs7_tests = ( @@ -251,26 +251,6 @@ my @smime_cms_tests = ( "-CAfile", catfile($smdir, "smroot.pem") ] ], - [ "signed content DER format, RSA key, CAdES-BES compatible", - [ "{cmd1}", "-sign", "-cades", "-in", $smcont, "-outform", "DER", - "-nodetach", - "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], - [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], - \&final_compare - ], - - [ "signed content DER format, RSA key, SHA256 md, CAdES-BES compatible", - [ "{cmd1}", "-sign", "-cades", "-md", "sha256", "-in", $smcont, - "-outform", "DER", "-nodetach", - "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], - [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], - \&final_compare - ], - [ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid", [ "{cmd1}", "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", "-keyid", @@ -360,6 +340,87 @@ my @smime_cms_tests = ( ); +my @smime_cms_cades_tests = ( + + [ "signed content DER format, RSA key, CAdES-BES compatible", + [ "{cmd1}", "-sign", "-cades", "-in", $smcont, "-outform", "DER", + "-nodetach", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-cades", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare + ], + + [ "signed content DER format, RSA key, SHA256 md, CAdES-BES compatible", + [ "{cmd1}", "-sign", "-cades", "-md", "sha256", "-in", $smcont, "-outform", + "DER", "-nodetach", "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-cades", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare + ], + + [ "signed content DER format, RSA key, SHA512 md, CAdES-BES compatible", + [ "{cmd1}", "-sign", "-cades", "-md", "sha512", "-in", $smcont, "-outform", + "DER", "-nodetach", "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-cades", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare + ], + + [ "signed content DER format, RSA key, SHA256 md, CAdES-BES compatible", + [ "{cmd1}", "-sign", "-cades", "-binary", "-nodetach", "-nosmimecap", "-md", "sha256", + "-in", $smcont, "-outform", "DER", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), + "-outform", "DER", "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-cades", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare + ], + + [ "resigned content DER format, RSA key, SHA256 md, CAdES-BES compatible", + [ "{cmd1}", "-sign", "-cades", "-binary", "-nodetach", "-nosmimecap", "-md", "sha256", + "-in", $smcont, "-outform", "DER", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), + "-outform", "DER", "-out", "{output}.cms" ], + [ "{cmd1}", "-resign", "-cades", "-binary", "-nodetach", "-nosmimecap", "-md", "sha256", + "-inform", "DER", "-in", "{output}.cms", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-outform", "DER", "-out", "{output}2.cms" ], + + [ "{cmd2}", "-verify", "-cades", "-in", "{output}2.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare + ], +); + +my @smime_cms_cades_ko_tests = ( + [ "signed content DER format, RSA key, but verified as CAdES-BES compatible", + [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + [ "-verify", "-cades", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare + ] +); + +# cades options test - check that some combinations are rejected +my @smime_cms_cades_invalid_option_tests = ( + [ + [ "-cades", "-noattr" ], + ],[ + [ "-verify", "-cades", "-noattr" ], + ],[ + [ "-verify", "-cades", "-noverify" ], + ], +); + my @smime_cms_comp_tests = ( [ "compressed content test streaming PEM format", @@ -491,7 +552,7 @@ my @smime_cms_param_tests = ( "-in", "{output}.cms", "-out", "{output}.txt" ], \&final_compare ] - ); +); my @contenttype_cms_test = ( [ "signed content test - check that content type is added to additional signerinfo, RSA keys", @@ -542,7 +603,7 @@ sub runner_loop { $x; } @$_; - diag "CMD: openssl", join(" ", @cmd); + diag "CMD: openssl ", join(" ", @cmd); $ok &&= run(app(["openssl", @cmd])); $opts{input} = $opts{output}; } @@ -654,6 +715,36 @@ subtest "CMS Decrypt message encrypted with OpenSSL 1.1.1\n" => sub { } }; +subtest "CAdES <=> CAdES consistency tests\n" => sub { + plan tests => (scalar @smime_cms_cades_tests); + + runner_loop(prefix => 'cms-cades', cmd1 => 'cms', cmd2 => 'cms', + tests => [ @smime_cms_cades_tests ]); +}; + +subtest "CAdES; cms incompatible arguments tests\n" => sub { + plan tests => (scalar @smime_cms_cades_invalid_option_tests); + + foreach (@smime_cms_cades_invalid_option_tests) { + ok(!run(app(["openssl", "cms", @{$$_[0]} ] ))); + } +}; + +subtest "CAdES ko tests\n" => sub { + plan tests => (scalar @smime_cms_cades_ko_tests); + + foreach (@smime_cms_cades_ko_tests) { + SKIP: { + my $skip_reason = check_availability($$_[0]); + skip $skip_reason, 1 if $skip_reason; + + ok(run(app(["openssl", "cms", @{$$_[1]}])) + && !run(app(["openssl", "cms", @{$$_[2]}])), + $$_[0]); + } + } +}; + sub check_availability { my $tnam = shift; From builds at travis-ci.org Wed May 27 11:54:07 2020 From: builds at travis-ci.org (Travis CI) Date: Wed, 27 May 2020 11:54:07 +0000 Subject: Errored: openssl/openssl#35007 (master - f7f53d7) In-Reply-To: Message-ID: <5ece54df2281d_13f80117968342987a4@travis-tasks-574f8cf48-whcpd.mail> Build Update for openssl/openssl ------------------------------------- Build: #35007 Status: Errored Duration: 55 mins and 52 secs Commit: f7f53d7 (master) Author: Richard Levitte Message: PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP Fixes #11904 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11959) View the changeset: https://github.com/openssl/openssl/compare/e978ab7894e9...f7f53d7d61bb View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691690042?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed May 27 12:33:43 2020 From: builds at travis-ci.org (Travis CI) Date: Wed, 27 May 2020 12:33:43 +0000 Subject: Failed: openssl/openssl#35009 (master - 9e3c510) In-Reply-To: Message-ID: <5ece5e2713bfc_13ff2a6cc848029037@travis-tasks-6f67d7c85f-bd2vb.mail> Build Update for openssl/openssl ------------------------------------- Build: #35009 Status: Failed Duration: 43 mins and 50 secs Commit: 9e3c510 (master) Author: FdaSilvaYY Message: crypto/cms: add CAdES-BES signed attributes validation for signing certificate V2 and signing certificate extensions. CAdES: lowercase name for now internal methods. crypto/cms: generated file changes. Add some CHANGES entries. [extended tests] Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8098) View the changeset: https://github.com/openssl/openssl/compare/f7f53d7d61bb...9e3c510bde91 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691700411?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev at ddvo.net Wed May 27 12:37:31 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Wed, 27 May 2020 12:37:31 +0000 Subject: [openssl] master update Message-ID: <1590583051.153076.15966.nullmailer@dev.openssl.org> The branch master has been updated via c74aaa3920f116fe4c1003153838144c37d6e527 (commit) from 9e3c510bde91350c5a40b7ba4e9e0945895e9368 (commit) - Log ----------------------------------------------------------------- commit c74aaa3920f116fe4c1003153838144c37d6e527 Author: Dr. David von Oheimb Date: Mon May 25 13:17:51 2020 +0200 Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11953) ----------------------------------------------------------------------- Summary of changes: crypto/evp/exchange.c | 4 ++-- crypto/evp/keymgmt_lib.c | 4 ++-- crypto/evp/p_lib.c | 16 ++++++++++++- crypto/x509/x509_cmp.c | 2 +- crypto/x509/x509_req.c | 2 +- crypto/x509/x_pubkey.c | 2 +- doc/man3/EVP_PKEY_ASN1_METHOD.pod | 4 ++-- ...P_PKEY_cmp.pod => EVP_PKEY_copy_parameters.pod} | 27 +++++++++++++++------- include/openssl/evp.h | 6 +++++ ssl/ssl_rsa.c | 2 +- test/evp_test.c | 2 +- util/libcrypto.num | 6 +++-- 12 files changed, 55 insertions(+), 22 deletions(-) rename doc/man3/{EVP_PKEY_cmp.pod => EVP_PKEY_copy_parameters.pod} (65%) diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 26d7e1ce95..514ecd4039 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -368,13 +368,13 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) /* * For clarity. The error is if parameters in peer are - * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return + * present (!missing) but don't match. EVP_PKEY_parameters_eq may return * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1 * (different key types) is impossible here because it is checked earlier. * -2 is OK for us here, as well as 1, so we can check for 0 only. */ if (!EVP_PKEY_missing_parameters(peer) && - !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) { + !EVP_PKEY_parameters_eq(ctx->pkey, peer)) { EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS); return -1; } diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c index 54805d741d..a712233043 100644 --- a/crypto/evp/keymgmt_lib.c +++ b/crypto/evp/keymgmt_lib.c @@ -236,8 +236,8 @@ int evp_keymgmt_util_has(EVP_PKEY *pk, int selection) * but also in the operation cache to see if there's any common keymgmt that * supplies OP_keymgmt_match. * - * evp_keymgmt_util_match() adheres to the return values that EVP_PKEY_cmp() - * and EVP_PKEY_cmp_parameters() return, i.e.: + * evp_keymgmt_util_match() adheres to the return values that EVP_PKEY_eq() + * and EVP_PKEY_parameters_eq() return, i.e.: * * 1 same key * 0 not same key diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index d05f0f2cba..4670912588 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -156,7 +156,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) } if (!EVP_PKEY_missing_parameters(to)) { - if (EVP_PKEY_cmp_parameters(to, from) == 1) + if (EVP_PKEY_parameters_eq(to, from) == 1) return 1; EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS); return 0; @@ -272,7 +272,14 @@ static int evp_pkey_cmp_any(const EVP_PKEY *a, const EVP_PKEY *b, return evp_keymgmt_match(keymgmt1, keydata1, keydata2, selection); } +#ifndef OPENSSL_NO_DEPRECATED_3_0 int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) +{ + return EVP_PKEY_parameters_eq(a, b); +} +#endif + +int EVP_PKEY_parameters_eq(const EVP_PKEY *a, const EVP_PKEY *b) { /* * TODO: clean up legacy stuff from this function when legacy support @@ -290,7 +297,14 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) return -2; } +#ifndef OPENSSL_NO_DEPRECATED_3_0 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) +{ + return EVP_PKEY_eq(a, b); +} +#endif + +int EVP_PKEY_eq(const EVP_PKEY *a, const EVP_PKEY *b) { /* * TODO: clean up legacy stuff from this function when legacy support diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 05615c1e19..25f72e057e 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -300,7 +300,7 @@ int X509_check_private_key(const X509 *x, const EVP_PKEY *k) xk = X509_get0_pubkey(x); if (xk) - ret = EVP_PKEY_cmp(xk, k); + ret = EVP_PKEY_eq(xk, k); else ret = -2; diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 639e8e47db..fcc07b17dd 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -85,7 +85,7 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) int ok = 0; xk = X509_REQ_get_pubkey(x); - switch (EVP_PKEY_cmp(xk, k)) { + switch (EVP_PKEY_eq(xk, k)) { case 1: ok = 1; break; diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 14893adb2f..c73ea7a4ed 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -491,5 +491,5 @@ int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b) if ((pA = X509_PUBKEY_get0(a)) == NULL || (pB = X509_PUBKEY_get0(b)) == NULL) return -2; - return EVP_PKEY_cmp(pA, pB); + return EVP_PKEY_eq(pA, pB); } diff --git a/doc/man3/EVP_PKEY_ASN1_METHOD.pod b/doc/man3/EVP_PKEY_ASN1_METHOD.pod index 989008db07..bad9370867 100644 --- a/doc/man3/EVP_PKEY_ASN1_METHOD.pod +++ b/doc/man3/EVP_PKEY_ASN1_METHOD.pod @@ -170,7 +170,7 @@ They're called by L and L. The pub_cmp() method is called when two public keys are to be compared. It MUST return 1 when the keys are equal, 0 otherwise. -It's called by L. +It's called by L. The pub_print() method is called to print a public key in humanly readable text to B, indented B spaces. @@ -228,7 +228,7 @@ It's called by L. The param_cmp() method compares the parameters of keys B and B. It MUST return 1 when the keys are equal, 0 when not equal, or a negative number on error. -It's called by L. +It's called by L. The param_print() method prints the private key parameters in humanly readable text to B, indented B spaces. diff --git a/doc/man3/EVP_PKEY_cmp.pod b/doc/man3/EVP_PKEY_copy_parameters.pod similarity index 65% rename from doc/man3/EVP_PKEY_cmp.pod rename to doc/man3/EVP_PKEY_copy_parameters.pod index f0008ec150..01fbb48109 100644 --- a/doc/man3/EVP_PKEY_cmp.pod +++ b/doc/man3/EVP_PKEY_copy_parameters.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, +EVP_PKEY_missing_parameters, EVP_PKEY_copy_parameters, EVP_PKEY_parameters_eq, +EVP_PKEY_cmp_parameters, EVP_PKEY_eq, EVP_PKEY_cmp - public key parameter and comparison functions =head1 SYNOPSIS @@ -12,7 +13,9 @@ EVP_PKEY_cmp - public key parameter and comparison functions int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); + int EVP_PKEY_parameters_eq(const EVP_PKEY *a, const EVP_PKEY *b); int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + int EVP_PKEY_eq(const EVP_PKEY *a, const EVP_PKEY *b); int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); =head1 DESCRIPTION @@ -26,11 +29,11 @@ B to key B. An error is returned if the parameters are missing in B or present in both B and B and mismatch. If the parameters in B and B are both present and match this function has no effect. -The function EVP_PKEY_cmp_parameters() compares the parameters of keys -B and B. +The function EVP_PKEY_parameters_eq() checks the parameters of keys +B and B for equality. -The function EVP_PKEY_cmp() compares the public key components and parameters -(if present) of keys B and B. +The function EVP_PKEY_eq() checks the public key components and parameters +(if present) of keys B and B for equality. =head1 NOTES @@ -40,7 +43,7 @@ parameters are sometimes omitted from a public key if they are inherited from the CA that signed it. Since OpenSSL private keys contain public key components too the function -EVP_PKEY_cmp() can also be used to determine if a private key matches +EVP_PKEY_eq() can also be used to determine if a private key matches a public key. =head1 RETURN VALUES @@ -52,8 +55,8 @@ doesn't use parameters. These functions EVP_PKEY_copy_parameters() returns 1 for success and 0 for failure. -The function EVP_PKEY_cmp_parameters() and EVP_PKEY_cmp() return 1 if the -keys match, 0 if they don't match, -1 if the key types are different and +The function EVP_PKEY_parameters_eq() and EVP_PKEY_eq() return 1 if their +inputs match, 0 if they don't match, -1 if the key types are different and -2 if the operation is not supported. =head1 SEE ALSO @@ -61,6 +64,14 @@ keys match, 0 if they don't match, -1 if the key types are different and L, L +=head1 HISTORY + +The function EVP_PKEY_cmp was deprecated and renamed to B and +EVP_PKEY_cmp_parameters was deprecated and renamed to B +(without changing semantics) in OpenSSL 3.0. +This was done to avoid confusion on their return values with other _cmp() +functions that return 0 in case their arguments are equal. + =head1 COPYRIGHT Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 3d2e161549..81ec80ab2d 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1191,9 +1191,15 @@ EVP_PKEY *d2i_KeyParams_bio(int type, EVP_PKEY **a, BIO *in); int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode); +#ifndef OPENSSL_NO_DEPRECATED_3_0 int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); +#endif +int EVP_PKEY_parameters_eq(const EVP_PKEY *a, const EVP_PKEY *b); +#ifndef OPENSSL_NO_DEPRECATED_3_0 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); +#endif +int EVP_PKEY_eq(const EVP_PKEY *a, const EVP_PKEY *b); int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx); diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 7a699747d3..3df32b725b 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -1115,7 +1115,7 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr else #endif /* check that key <-> cert match */ - if (EVP_PKEY_cmp(pubkey, privatekey) != 1) { + if (EVP_PKEY_eq(pubkey, privatekey) != 1) { SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_PRIVATE_KEY_MISMATCH); goto out; } diff --git a/test/evp_test.c b/test/evp_test.c index 6727a007a0..813218a42a 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -2404,7 +2404,7 @@ static int keypair_test_run(EVP_TEST *t) goto end; } - if ((rv = EVP_PKEY_cmp(pair->privk, pair->pubk)) != 1 ) { + if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1 ) { if ( 0 == rv ) { t->err = "KEYPAIR_MISMATCH"; } else if ( -1 == rv ) { diff --git a/util/libcrypto.num b/util/libcrypto.num index 724d5038de..cc11651b76 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -190,7 +190,7 @@ EVP_DigestInit 193 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_find 194 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_get_count 195 3_0_0 EXIST::FUNCTION: ASN1_BIT_STRING_get_bit 196 3_0_0 EXIST::FUNCTION: -EVP_PKEY_cmp 197 3_0_0 EXIST::FUNCTION: +EVP_PKEY_cmp 197 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 d2i_X509_ALGORS 198 3_0_0 EXIST::FUNCTION: EVP_PKEY2PKCS8 199 3_0_0 EXIST::FUNCTION: BN_nist_mod_256 200 3_0_0 EXIST::FUNCTION: @@ -3461,7 +3461,7 @@ ERR_print_errors_cb 3531 3_0_0 EXIST::FUNCTION: ENGINE_set_default_string 3532 3_0_0 EXIST::FUNCTION:ENGINE BIO_number_read 3533 3_0_0 EXIST::FUNCTION: CRYPTO_zalloc 3534 3_0_0 EXIST::FUNCTION: -EVP_PKEY_cmp_parameters 3535 3_0_0 EXIST::FUNCTION: +EVP_PKEY_cmp_parameters 3535 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_PKEY_CTX_new_id 3537 3_0_0 EXIST::FUNCTION: TLS_FEATURE_free 3538 3_0_0 EXIST::FUNCTION: d2i_BASIC_CONSTRAINTS 3539 3_0_0 EXIST::FUNCTION: @@ -5095,3 +5095,5 @@ EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md ? 3_0_0 EXIST::FUNCTION:RSA EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name ? 3_0_0 EXIST::FUNCTION:RSA OSSL_PROVIDER_do_all ? 3_0_0 EXIST::FUNCTION: X509_PUBKEY_eq ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_eq ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_parameters_eq ? 3_0_0 EXIST::FUNCTION: From builds at travis-ci.org Wed May 27 13:30:06 2020 From: builds at travis-ci.org (Travis CI) Date: Wed, 27 May 2020 13:30:06 +0000 Subject: Errored: openssl/openssl#35012 (master - c74aaa3) In-Reply-To: Message-ID: <5ece6b5b90373_13ff2a6cf1fb010928e@travis-tasks-6f67d7c85f-bd2vb.mail> Build Update for openssl/openssl ------------------------------------- Build: #35012 Status: Errored Duration: 17 mins and 30 secs Commit: c74aaa3 (master) Author: Dr. David von Oheimb Message: Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11953) View the changeset: https://github.com/openssl/openssl/compare/9e3c510bde91...c74aaa3920f1 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691721841?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Wed May 27 18:11:46 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Wed, 27 May 2020 18:11:46 +0000 Subject: [openssl] master update Message-ID: <1590603106.997737.12932.nullmailer@dev.openssl.org> The branch master has been updated via 77286fe3ec6b9777934e67e35f3b7007143b0734 (commit) from c74aaa3920f116fe4c1003153838144c37d6e527 (commit) - Log ----------------------------------------------------------------- commit 77286fe3ec6b9777934e67e35f3b7007143b0734 Author: Bernd Edlinger Date: Tue Apr 24 21:10:13 2018 +0200 Avoid undefined behavior with unaligned accesses Fixes: #4983 [extended tests] Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/6074) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 4 ++-- crypto/aes/aes_ige.c | 14 +++++++++----- crypto/ec/ecp_nistp224.c | 9 +++++---- crypto/ec/ecp_nistp521.c | 33 +++++++++++++++++---------------- crypto/modes/cbc128.c | 19 ++++++++++++++----- crypto/modes/ccm128.c | 22 ++++++++++++++++------ crypto/modes/cfb128.c | 18 +++++++++++++----- crypto/modes/ctr128.c | 11 +++++++++-- crypto/modes/gcm128.c | 22 ++++++++++++++-------- crypto/modes/ofb128.c | 11 +++++++++-- crypto/modes/xts128.c | 24 ++++++++++++++++-------- crypto/whrlpool/wp_block.c | 32 +++++++++++++++++++++++--------- 12 files changed, 147 insertions(+), 72 deletions(-) diff --git a/.travis.yml b/.travis.yml index 65cf6b10a9..bc28ac7adf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -103,10 +103,10 @@ jobs: env: EXTENDED_TEST="yes" CONFIG_OPTS="enable-msan disable-afalgeng -Wno-unused-command-line-argument" - os: linux compiler: clang - env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared enable-buildtest-c++ -fno-sanitize=alignment -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -Wno-unused-command-line-argument" CXX="clang++" + env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared enable-buildtest-c++ -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -Wno-unused-command-line-argument" CXX="clang++" - os: linux compiler: gcc - env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-ubsan enable-rc5 enable-md2 enable-buildtest-c++ -DPEDANTIC" OPENSSL_TEST_RAND_ORDER=0 + env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-buildtest-c++" OPENSSL_TEST_RAND_ORDER=0 - os: linux dist: xenial addons: diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c index 51119186de..bbe9bcd4f8 100644 --- a/crypto/aes/aes_ige.c +++ b/crypto/aes/aes_ige.c @@ -18,11 +18,6 @@ #include #include "aes_local.h" -#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) -typedef struct { - unsigned long data[N_WORDS]; -} aes_block_t; - /* XXX: probably some better way to do this */ #if defined(__i386__) || defined(__x86_64__) # define UNALIGNED_MEMOPS_ARE_FAST 1 @@ -30,6 +25,15 @@ typedef struct { # define UNALIGNED_MEMOPS_ARE_FAST 0 #endif +#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) +typedef struct { + unsigned long data[N_WORDS]; +#if defined(__GNUC__) && UNALIGNED_MEMOPS_ARE_FAST +} aes_block_t __attribute((__aligned__(1))); +#else +} aes_block_t; +#endif + #if UNALIGNED_MEMOPS_ARE_FAST # define load_block(d, s) (d) = *(const aes_block_t *)(s) # define store_block(d, s) *(aes_block_t *)(d) = (s) diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 1808c4c76c..2b665842c7 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -75,6 +75,7 @@ typedef uint64_t u64; */ typedef uint64_t limb; +typedef uint64_t limb_aX __attribute((__aligned__(1))); typedef uint128_t widelimb; typedef limb felem[4]; @@ -311,10 +312,10 @@ const EC_METHOD *EC_GFp_nistp224_method(void) */ static void bin28_to_felem(felem out, const u8 in[28]) { - out[0] = *((const uint64_t *)(in)) & 0x00ffffffffffffff; - out[1] = (*((const uint64_t *)(in + 7))) & 0x00ffffffffffffff; - out[2] = (*((const uint64_t *)(in + 14))) & 0x00ffffffffffffff; - out[3] = (*((const uint64_t *)(in+20))) >> 8; + out[0] = *((const limb *)(in)) & 0x00ffffffffffffff; + out[1] = (*((const limb_aX *)(in + 7))) & 0x00ffffffffffffff; + out[2] = (*((const limb_aX *)(in + 14))) & 0x00ffffffffffffff; + out[3] = (*((const limb_aX *)(in + 20))) >> 8; } static void felem_to_bin28(u8 out[28], const felem in) diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 28e048ede9..0e7f1dae3b 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -131,6 +131,7 @@ static const felem_bytearray nistp521_curve_params[5] = { #define NLIMBS 9 typedef uint64_t limb; +typedef limb limb_aX __attribute((__aligned__(1))); typedef limb felem[NLIMBS]; typedef uint128_t largefelem[NLIMBS]; @@ -144,14 +145,14 @@ static const limb bottom58bits = 0x3ffffffffffffff; static void bin66_to_felem(felem out, const u8 in[66]) { out[0] = (*((limb *) & in[0])) & bottom58bits; - out[1] = (*((limb *) & in[7]) >> 2) & bottom58bits; - out[2] = (*((limb *) & in[14]) >> 4) & bottom58bits; - out[3] = (*((limb *) & in[21]) >> 6) & bottom58bits; - out[4] = (*((limb *) & in[29])) & bottom58bits; - out[5] = (*((limb *) & in[36]) >> 2) & bottom58bits; - out[6] = (*((limb *) & in[43]) >> 4) & bottom58bits; - out[7] = (*((limb *) & in[50]) >> 6) & bottom58bits; - out[8] = (*((limb *) & in[58])) & bottom57bits; + out[1] = (*((limb_aX *) & in[7]) >> 2) & bottom58bits; + out[2] = (*((limb_aX *) & in[14]) >> 4) & bottom58bits; + out[3] = (*((limb_aX *) & in[21]) >> 6) & bottom58bits; + out[4] = (*((limb_aX *) & in[29])) & bottom58bits; + out[5] = (*((limb_aX *) & in[36]) >> 2) & bottom58bits; + out[6] = (*((limb_aX *) & in[43]) >> 4) & bottom58bits; + out[7] = (*((limb_aX *) & in[50]) >> 6) & bottom58bits; + out[8] = (*((limb_aX *) & in[58])) & bottom57bits; } /* @@ -162,14 +163,14 @@ static void felem_to_bin66(u8 out[66], const felem in) { memset(out, 0, 66); (*((limb *) & out[0])) = in[0]; - (*((limb *) & out[7])) |= in[1] << 2; - (*((limb *) & out[14])) |= in[2] << 4; - (*((limb *) & out[21])) |= in[3] << 6; - (*((limb *) & out[29])) = in[4]; - (*((limb *) & out[36])) |= in[5] << 2; - (*((limb *) & out[43])) |= in[6] << 4; - (*((limb *) & out[50])) |= in[7] << 6; - (*((limb *) & out[58])) = in[8]; + (*((limb_aX *) & out[7])) |= in[1] << 2; + (*((limb_aX *) & out[14])) |= in[2] << 4; + (*((limb_aX *) & out[21])) |= in[3] << 6; + (*((limb_aX *) & out[29])) = in[4]; + (*((limb_aX *) & out[36])) |= in[5] << 2; + (*((limb_aX *) & out[43])) |= in[6] << 4; + (*((limb_aX *) & out[50])) |= in[7] << 6; + (*((limb_aX *) & out[58])) = in[8]; } /* BN_to_felem converts an OpenSSL BIGNUM into an felem */ diff --git a/crypto/modes/cbc128.c b/crypto/modes/cbc128.c index eec44bd91a..ba765626ee 100644 --- a/crypto/modes/cbc128.c +++ b/crypto/modes/cbc128.c @@ -15,6 +15,12 @@ # define STRICT_ALIGNMENT 0 #endif +#if defined(__GNUC__) && !STRICT_ALIGNMENT +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, unsigned char ivec[16], block128_f block) @@ -40,8 +46,8 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, } else { while (len >= 16) { for (n = 0; n < 16; n += sizeof(size_t)) - *(size_t *)(out + n) = - *(size_t *)(in + n) ^ *(size_t *)(iv + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(in + n) ^ *(size_t_aX *)(iv + n); (*block) (out, out, key); iv = out; len -= 16; @@ -96,7 +102,8 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, } } else if (16 % sizeof(size_t) == 0) { /* always true */ while (len >= 16) { - size_t *out_t = (size_t *)out, *iv_t = (size_t *)iv; + size_t_aX *out_t = (size_t_aX *)out; + size_t_aX *iv_t = (size_t_aX *)iv; (*block) (in, out, key); for (n = 0; n < 16 / sizeof(size_t); n++) @@ -125,8 +132,10 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, } } else if (16 % sizeof(size_t) == 0) { /* always true */ while (len >= 16) { - size_t c, *out_t = (size_t *)out, *ivec_t = (size_t *)ivec; - const size_t *in_t = (const size_t *)in; + size_t c; + size_t_aX *out_t = (size_t_aX *)out; + size_t_aX *ivec_t = (size_t_aX *)ivec; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (in, tmp.c, key); for (n = 0; n < 16 / sizeof(size_t); n++) { diff --git a/crypto/modes/ccm128.c b/crypto/modes/ccm128.c index 1ffd6df46f..e1b2501273 100644 --- a/crypto/modes/ccm128.c +++ b/crypto/modes/ccm128.c @@ -11,6 +11,14 @@ #include #include "crypto/modes.h" +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u64 u64_a1 __attribute((__aligned__(1))); +# else +typedef u64 u64_a1; +# endif +#endif + /* * First you setup M and L parameters and pass the key schedule. This is * called once per session setup... @@ -170,8 +178,8 @@ int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, ctx->cmac.u[0] ^= temp.u[0]; ctx->cmac.u[1] ^= temp.u[1]; #else - ctx->cmac.u[0] ^= ((u64 *)inp)[0]; - ctx->cmac.u[1] ^= ((u64 *)inp)[1]; + ctx->cmac.u[0] ^= ((u64_a1 *)inp)[0]; + ctx->cmac.u[1] ^= ((u64_a1 *)inp)[1]; #endif (*block) (ctx->cmac.c, ctx->cmac.c, key); (*block) (ctx->nonce.c, scratch.c, key); @@ -181,8 +189,8 @@ int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, temp.u[1] ^= scratch.u[1]; memcpy(out, temp.c, 16); #else - ((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]; - ((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]; + ((u64_a1 *)out)[0] = scratch.u[0] ^ ((u64_a1 *)inp)[0]; + ((u64_a1 *)out)[1] = scratch.u[1] ^ ((u64_a1 *)inp)[1]; #endif inp += 16; out += 16; @@ -254,8 +262,10 @@ int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]); memcpy(out, scratch.c, 16); #else - ctx->cmac.u[0] ^= (((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]); - ctx->cmac.u[1] ^= (((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]); + ctx->cmac.u[0] ^= (((u64_a1 *)out)[0] + = scratch.u[0] ^ ((u64_a1 *)inp)[0]); + ctx->cmac.u[1] ^= (((u64_a1 *)out)[1] + = scratch.u[1] ^ ((u64_a1 *)inp)[1]); #endif (*block) (ctx->cmac.c, ctx->cmac.c, key); diff --git a/crypto/modes/cfb128.c b/crypto/modes/cfb128.c index e9ce4df3a5..e60b90b8c6 100644 --- a/crypto/modes/cfb128.c +++ b/crypto/modes/cfb128.c @@ -11,6 +11,12 @@ #include #include "crypto/modes.h" +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + /* * The input and output encrypted as though 128bit cfb mode is being used. * The extra state information to record how much of the 128bit block we have @@ -43,8 +49,9 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, while (len >= 16) { (*block) (ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) { - *(size_t *)(out + n) = - *(size_t *)(ivec + n) ^= *(size_t *)(in + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(ivec + n) + ^= *(size_t_aX *)(in + n); } len -= 16; out += 16; @@ -92,9 +99,10 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, while (len >= 16) { (*block) (ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) { - size_t t = *(size_t *)(in + n); - *(size_t *)(out + n) = *(size_t *)(ivec + n) ^ t; - *(size_t *)(ivec + n) = t; + size_t t = *(size_t_aX *)(in + n); + *(size_t_aX *)(out + n) + = *(size_t_aX *)(ivec + n) ^ t; + *(size_t_aX *)(ivec + n) = t; } len -= 16; out += 16; diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c index ff7499b34a..fc1db42d7f 100644 --- a/crypto/modes/ctr128.c +++ b/crypto/modes/ctr128.c @@ -11,6 +11,12 @@ #include #include "crypto/modes.h" +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + /* * NOTE: the IV/counter CTR mode is big-endian. The code itself is * endian-neutral. @@ -97,8 +103,9 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, (*block) (ivec, ecount_buf, key); ctr128_inc_aligned(ivec); for (n = 0; n < 16; n += sizeof(size_t)) - *(size_t *)(out + n) = - *(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(in + n) + ^ *(size_t_aX *)(ecount_buf + n); len -= 16; out += 16; in += 16; diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index d2f2da61b3..dc6d90dd0c 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -12,6 +12,12 @@ #include "internal/cryptlib.h" #include "crypto/modes.h" +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + #if defined(BSWAP4) && defined(STRICT_ALIGNMENT) /* redefine, because alignment is ensured */ # undef GETU32 @@ -1080,8 +1086,8 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, size_t j = GHASH_CHUNK; while (j) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -1107,8 +1113,8 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, size_t j = i; while (len >= 16) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -1318,8 +1324,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, GHASH(ctx, in, GHASH_CHUNK); while (j) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -1343,8 +1349,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, if ((i = (len & (size_t)-16))) { GHASH(ctx, in, i); while (len >= 16) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; diff --git a/crypto/modes/ofb128.c b/crypto/modes/ofb128.c index 2eca09bc1b..e9b24f863e 100644 --- a/crypto/modes/ofb128.c +++ b/crypto/modes/ofb128.c @@ -11,6 +11,12 @@ #include #include "crypto/modes.h" +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + /* * The input and output encrypted as though 128bit ofb mode is being used. * The extra state information to record how much of the 128bit block we have @@ -41,8 +47,9 @@ void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, while (len >= 16) { (*block) (ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) - *(size_t *)(out + n) = - *(size_t *)(in + n) ^ *(size_t *)(ivec + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(in + n) + ^ *(size_t_aX *)(ivec + n); len -= 16; out += 16; in += 16; diff --git a/crypto/modes/xts128.c b/crypto/modes/xts128.c index 9d9b65caa5..9dbcb5bc9a 100644 --- a/crypto/modes/xts128.c +++ b/crypto/modes/xts128.c @@ -11,6 +11,14 @@ #include #include "crypto/modes.h" +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u64 u64_a1 __attribute((__aligned__(1))); +# else +typedef u64 u64_a1; +# endif +#endif + int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], const unsigned char *inp, unsigned char *out, @@ -45,8 +53,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; #else - scratch.u[0] = ((u64 *)inp)[0] ^ tweak.u[0]; - scratch.u[1] = ((u64 *)inp)[1] ^ tweak.u[1]; + scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak.u[0]; + scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak.u[1]; #endif (*ctx->block1) (scratch.c, scratch.c, ctx->key1); #if defined(STRICT_ALIGNMENT) @@ -54,8 +62,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[1] ^= tweak.u[1]; memcpy(out, scratch.c, 16); #else - ((u64 *)out)[0] = scratch.u[0] ^= tweak.u[0]; - ((u64 *)out)[1] = scratch.u[1] ^= tweak.u[1]; + ((u64_a1 *)out)[0] = scratch.u[0] ^= tweak.u[0]; + ((u64_a1 *)out)[1] = scratch.u[1] ^= tweak.u[1]; #endif inp += 16; out += 16; @@ -128,8 +136,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[0] ^= tweak1.u[0]; scratch.u[1] ^= tweak1.u[1]; #else - scratch.u[0] = ((u64 *)inp)[0] ^ tweak1.u[0]; - scratch.u[1] = ((u64 *)inp)[1] ^ tweak1.u[1]; + scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak1.u[0]; + scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak1.u[1]; #endif (*ctx->block1) (scratch.c, scratch.c, ctx->key1); scratch.u[0] ^= tweak1.u[0]; @@ -148,8 +156,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[1] ^= tweak.u[1]; memcpy(out, scratch.c, 16); #else - ((u64 *)out)[0] = scratch.u[0] ^ tweak.u[0]; - ((u64 *)out)[1] = scratch.u[1] ^ tweak.u[1]; + ((u64_a1 *)out)[0] = scratch.u[0] ^ tweak.u[0]; + ((u64_a1 *)out)[1] = scratch.u[1] ^ tweak.u[1]; #endif } diff --git a/crypto/whrlpool/wp_block.c b/crypto/whrlpool/wp_block.c index eb6a69cef7..e5aa1a03ce 100644 --- a/crypto/whrlpool/wp_block.c +++ b/crypto/whrlpool/wp_block.c @@ -70,6 +70,20 @@ typedef unsigned long long u64; # undef STRICT_ALIGNMENT #endif +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u64 u64_a1 __attribute((__aligned__(1))); +# else +typedef u64 u64_a1; +# endif +#endif + +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef u64 u64_aX __attribute((__aligned__(1))); +#else +typedef u64 u64_aX; +#endif + #undef SMALL_REGISTER_BANK #if defined(__i386) || defined(__i386__) || defined(_M_IX86) # define SMALL_REGISTER_BANK @@ -197,13 +211,13 @@ typedef unsigned long long u64; # define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ c0,c1,c2,c3,c4,c5,c6,c7 # define C0(K,i) (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]]) -# define C1(K,i) (((u64*)(Cx.c+7))[2*K.c[(i)*8+1]]) -# define C2(K,i) (((u64*)(Cx.c+6))[2*K.c[(i)*8+2]]) -# define C3(K,i) (((u64*)(Cx.c+5))[2*K.c[(i)*8+3]]) -# define C4(K,i) (((u64*)(Cx.c+4))[2*K.c[(i)*8+4]]) -# define C5(K,i) (((u64*)(Cx.c+3))[2*K.c[(i)*8+5]]) -# define C6(K,i) (((u64*)(Cx.c+2))[2*K.c[(i)*8+6]]) -# define C7(K,i) (((u64*)(Cx.c+1))[2*K.c[(i)*8+7]]) +# define C1(K,i) (((u64_a1*)(Cx.c+7))[2*K.c[(i)*8+1]]) +# define C2(K,i) (((u64_a1*)(Cx.c+6))[2*K.c[(i)*8+2]]) +# define C3(K,i) (((u64_a1*)(Cx.c+5))[2*K.c[(i)*8+3]]) +# define C4(K,i) (((u64_a1*)(Cx.c+4))[2*K.c[(i)*8+4]]) +# define C5(K,i) (((u64_a1*)(Cx.c+3))[2*K.c[(i)*8+5]]) +# define C6(K,i) (((u64_a1*)(Cx.c+2))[2*K.c[(i)*8+6]]) +# define C7(K,i) (((u64_a1*)(Cx.c+1))[2*K.c[(i)*8+7]]) #endif static const @@ -537,7 +551,7 @@ void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n) } else # endif { - const u64 *pa = (const u64 *)p; + const u64_aX *pa = (const u64_aX *)p; S.q[0] = (K.q[0] = H->q[0]) ^ pa[0]; S.q[1] = (K.q[1] = H->q[1]) ^ pa[1]; S.q[2] = (K.q[2] = H->q[2]) ^ pa[2]; @@ -775,7 +789,7 @@ void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n) } else # endif { - const u64 *pa = (const u64 *)p; + const u64_aX *pa = (const u64_aX *)p; H->q[0] ^= S.q[0] ^ pa[0]; H->q[1] ^= S.q[1] ^ pa[1]; H->q[2] ^= S.q[2] ^ pa[2]; From bernd.edlinger at hotmail.de Wed May 27 18:14:57 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Wed, 27 May 2020 18:14:57 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1590603297.922209.15446.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via d03ffeaf45da6541875bff05b3f79d8dba355c97 (commit) from efdfc392aac6d56fe385223cd26687fa26ca9af3 (commit) - Log ----------------------------------------------------------------- commit d03ffeaf45da6541875bff05b3f79d8dba355c97 Author: Bernd Edlinger Date: Tue Apr 24 21:10:13 2018 +0200 Avoid undefined behavior with unaligned accesses Fixes: #4983 [extended tests] Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/11781) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 6 +++--- crypto/aes/aes_ige.c | 14 +++++++++----- crypto/ec/ecp_nistp224.c | 9 +++++---- crypto/ec/ecp_nistp521.c | 33 +++++++++++++++++---------------- crypto/modes/cbc128.c | 19 ++++++++++++++----- crypto/modes/ccm128.c | 22 ++++++++++++++++------ crypto/modes/cfb128.c | 18 +++++++++++++----- crypto/modes/ctr128.c | 11 +++++++++-- crypto/modes/gcm128.c | 22 ++++++++++++++-------- crypto/modes/modes_local.h | 12 ++++++++++-- crypto/modes/ofb128.c | 11 +++++++++-- crypto/modes/xts128.c | 24 ++++++++++++++++-------- crypto/whrlpool/wp_block.c | 32 +++++++++++++++++++++++--------- 13 files changed, 158 insertions(+), 75 deletions(-) diff --git a/.travis.yml b/.travis.yml index fe1b0f78fa..6cf1ba02c0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -57,7 +57,7 @@ matrix: apt: packages: - clang-6.0 - env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared enable-buildtest-c++ -fno-sanitize=alignment -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument" MATRIX_EVAL="CC=clang-6.0 && CXX=clang++-6.0" + env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared enable-buildtest-c++ -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument" MATRIX_EVAL="CC=clang-6.0 && CXX=clang++-6.0" - os: linux arch: s390x compiler: gcc @@ -121,7 +121,7 @@ matrix: env: EXTENDED_TEST="yes" CONFIG_OPTS="enable-msan -D__NO_STRING_INLINES -Wno-unused-command-line-argument" - os: linux compiler: clang - env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared -fno-sanitize=alignment -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument" + env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument" - os: linux compiler: clang env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2 no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument" @@ -134,7 +134,7 @@ matrix: sources: - ubuntu-toolchain-r-test compiler: gcc-5 - env: UBUNTU_GCC_HACK="yes" EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" OPENSSL_TEST_RAND_ORDER=0 + env: UBUNTU_GCC_HACK="yes" EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128" OPENSSL_TEST_RAND_ORDER=0 - os: linux addons: apt: diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c index dce4ef11be..0df04b3bb2 100644 --- a/crypto/aes/aes_ige.c +++ b/crypto/aes/aes_ige.c @@ -12,11 +12,6 @@ #include #include "aes_local.h" -#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) -typedef struct { - unsigned long data[N_WORDS]; -} aes_block_t; - /* XXX: probably some better way to do this */ #if defined(__i386__) || defined(__x86_64__) # define UNALIGNED_MEMOPS_ARE_FAST 1 @@ -24,6 +19,15 @@ typedef struct { # define UNALIGNED_MEMOPS_ARE_FAST 0 #endif +#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) +typedef struct { + unsigned long data[N_WORDS]; +#if defined(__GNUC__) && UNALIGNED_MEMOPS_ARE_FAST +} aes_block_t __attribute((__aligned__(1))); +#else +} aes_block_t; +#endif + #if UNALIGNED_MEMOPS_ARE_FAST # define load_block(d, s) (d) = *(const aes_block_t *)(s) # define store_block(d, s) *(aes_block_t *)(d) = (s) diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 9a9ced8f13..6f7d66c8be 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -72,6 +72,7 @@ typedef uint64_t u64; */ typedef uint64_t limb; +typedef uint64_t limb_aX __attribute((__aligned__(1))); typedef uint128_t widelimb; typedef limb felem[4]; @@ -307,10 +308,10 @@ const EC_METHOD *EC_GFp_nistp224_method(void) */ static void bin28_to_felem(felem out, const u8 in[28]) { - out[0] = *((const uint64_t *)(in)) & 0x00ffffffffffffff; - out[1] = (*((const uint64_t *)(in + 7))) & 0x00ffffffffffffff; - out[2] = (*((const uint64_t *)(in + 14))) & 0x00ffffffffffffff; - out[3] = (*((const uint64_t *)(in+20))) >> 8; + out[0] = *((const limb *)(in)) & 0x00ffffffffffffff; + out[1] = (*((const limb_aX *)(in + 7))) & 0x00ffffffffffffff; + out[2] = (*((const limb_aX *)(in + 14))) & 0x00ffffffffffffff; + out[3] = (*((const limb_aX *)(in + 20))) >> 8; } static void felem_to_bin28(u8 out[28], const felem in) diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 75eeba8536..08b3278729 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -128,6 +128,7 @@ static const felem_bytearray nistp521_curve_params[5] = { # define NLIMBS 9 typedef uint64_t limb; +typedef limb limb_aX __attribute((__aligned__(1))); typedef limb felem[NLIMBS]; typedef uint128_t largefelem[NLIMBS]; @@ -141,14 +142,14 @@ static const limb bottom58bits = 0x3ffffffffffffff; static void bin66_to_felem(felem out, const u8 in[66]) { out[0] = (*((limb *) & in[0])) & bottom58bits; - out[1] = (*((limb *) & in[7]) >> 2) & bottom58bits; - out[2] = (*((limb *) & in[14]) >> 4) & bottom58bits; - out[3] = (*((limb *) & in[21]) >> 6) & bottom58bits; - out[4] = (*((limb *) & in[29])) & bottom58bits; - out[5] = (*((limb *) & in[36]) >> 2) & bottom58bits; - out[6] = (*((limb *) & in[43]) >> 4) & bottom58bits; - out[7] = (*((limb *) & in[50]) >> 6) & bottom58bits; - out[8] = (*((limb *) & in[58])) & bottom57bits; + out[1] = (*((limb_aX *) & in[7]) >> 2) & bottom58bits; + out[2] = (*((limb_aX *) & in[14]) >> 4) & bottom58bits; + out[3] = (*((limb_aX *) & in[21]) >> 6) & bottom58bits; + out[4] = (*((limb_aX *) & in[29])) & bottom58bits; + out[5] = (*((limb_aX *) & in[36]) >> 2) & bottom58bits; + out[6] = (*((limb_aX *) & in[43]) >> 4) & bottom58bits; + out[7] = (*((limb_aX *) & in[50]) >> 6) & bottom58bits; + out[8] = (*((limb_aX *) & in[58])) & bottom57bits; } /* @@ -159,14 +160,14 @@ static void felem_to_bin66(u8 out[66], const felem in) { memset(out, 0, 66); (*((limb *) & out[0])) = in[0]; - (*((limb *) & out[7])) |= in[1] << 2; - (*((limb *) & out[14])) |= in[2] << 4; - (*((limb *) & out[21])) |= in[3] << 6; - (*((limb *) & out[29])) = in[4]; - (*((limb *) & out[36])) |= in[5] << 2; - (*((limb *) & out[43])) |= in[6] << 4; - (*((limb *) & out[50])) |= in[7] << 6; - (*((limb *) & out[58])) = in[8]; + (*((limb_aX *) & out[7])) |= in[1] << 2; + (*((limb_aX *) & out[14])) |= in[2] << 4; + (*((limb_aX *) & out[21])) |= in[3] << 6; + (*((limb_aX *) & out[29])) = in[4]; + (*((limb_aX *) & out[36])) |= in[5] << 2; + (*((limb_aX *) & out[43])) |= in[6] << 4; + (*((limb_aX *) & out[50])) |= in[7] << 6; + (*((limb_aX *) & out[58])) = in[8]; } /* BN_to_felem converts an OpenSSL BIGNUM into an felem */ diff --git a/crypto/modes/cbc128.c b/crypto/modes/cbc128.c index fc7e0b6051..f25f14aa5b 100644 --- a/crypto/modes/cbc128.c +++ b/crypto/modes/cbc128.c @@ -15,6 +15,12 @@ # define STRICT_ALIGNMENT 0 #endif +#if defined(__GNUC__) && !STRICT_ALIGNMENT +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, unsigned char ivec[16], block128_f block) @@ -40,8 +46,8 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, } else { while (len >= 16) { for (n = 0; n < 16; n += sizeof(size_t)) - *(size_t *)(out + n) = - *(size_t *)(in + n) ^ *(size_t *)(iv + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(in + n) ^ *(size_t_aX *)(iv + n); (*block) (out, out, key); iv = out; len -= 16; @@ -96,7 +102,8 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, } } else if (16 % sizeof(size_t) == 0) { /* always true */ while (len >= 16) { - size_t *out_t = (size_t *)out, *iv_t = (size_t *)iv; + size_t_aX *out_t = (size_t_aX *)out; + size_t_aX *iv_t = (size_t_aX *)iv; (*block) (in, out, key); for (n = 0; n < 16 / sizeof(size_t); n++) @@ -125,8 +132,10 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, } } else if (16 % sizeof(size_t) == 0) { /* always true */ while (len >= 16) { - size_t c, *out_t = (size_t *)out, *ivec_t = (size_t *)ivec; - const size_t *in_t = (const size_t *)in; + size_t c; + size_t_aX *out_t = (size_t_aX *)out; + size_t_aX *ivec_t = (size_t_aX *)ivec; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (in, tmp.c, key); for (n = 0; n < 16 / sizeof(size_t); n++) { diff --git a/crypto/modes/ccm128.c b/crypto/modes/ccm128.c index 424722811c..170a7c9edb 100644 --- a/crypto/modes/ccm128.c +++ b/crypto/modes/ccm128.c @@ -11,6 +11,14 @@ #include "modes_local.h" #include +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u64 u64_a1 __attribute((__aligned__(1))); +# else +typedef u64 u64_a1; +# endif +#endif + /* * First you setup M and L parameters and pass the key schedule. This is * called once per session setup... @@ -170,8 +178,8 @@ int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, ctx->cmac.u[0] ^= temp.u[0]; ctx->cmac.u[1] ^= temp.u[1]; #else - ctx->cmac.u[0] ^= ((u64 *)inp)[0]; - ctx->cmac.u[1] ^= ((u64 *)inp)[1]; + ctx->cmac.u[0] ^= ((u64_a1 *)inp)[0]; + ctx->cmac.u[1] ^= ((u64_a1 *)inp)[1]; #endif (*block) (ctx->cmac.c, ctx->cmac.c, key); (*block) (ctx->nonce.c, scratch.c, key); @@ -181,8 +189,8 @@ int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, temp.u[1] ^= scratch.u[1]; memcpy(out, temp.c, 16); #else - ((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]; - ((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]; + ((u64_a1 *)out)[0] = scratch.u[0] ^ ((u64_a1 *)inp)[0]; + ((u64_a1 *)out)[1] = scratch.u[1] ^ ((u64_a1 *)inp)[1]; #endif inp += 16; out += 16; @@ -254,8 +262,10 @@ int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]); memcpy(out, scratch.c, 16); #else - ctx->cmac.u[0] ^= (((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]); - ctx->cmac.u[1] ^= (((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]); + ctx->cmac.u[0] ^= (((u64_a1 *)out)[0] + = scratch.u[0] ^ ((u64_a1 *)inp)[0]); + ctx->cmac.u[1] ^= (((u64_a1 *)out)[1] + = scratch.u[1] ^ ((u64_a1 *)inp)[1]); #endif (*block) (ctx->cmac.c, ctx->cmac.c, key); diff --git a/crypto/modes/cfb128.c b/crypto/modes/cfb128.c index b6bec414a9..806adb4ead 100644 --- a/crypto/modes/cfb128.c +++ b/crypto/modes/cfb128.c @@ -11,6 +11,12 @@ #include "modes_local.h" #include +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + /* * The input and output encrypted as though 128bit cfb mode is being used. * The extra state information to record how much of the 128bit block we have @@ -43,8 +49,9 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, while (len >= 16) { (*block) (ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) { - *(size_t *)(out + n) = - *(size_t *)(ivec + n) ^= *(size_t *)(in + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(ivec + n) + ^= *(size_t_aX *)(in + n); } len -= 16; out += 16; @@ -92,9 +99,10 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, while (len >= 16) { (*block) (ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) { - size_t t = *(size_t *)(in + n); - *(size_t *)(out + n) = *(size_t *)(ivec + n) ^ t; - *(size_t *)(ivec + n) = t; + size_t t = *(size_t_aX *)(in + n); + *(size_t_aX *)(out + n) + = *(size_t_aX *)(ivec + n) ^ t; + *(size_t_aX *)(ivec + n) = t; } len -= 16; out += 16; diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c index ae35116e95..9e610f4f49 100644 --- a/crypto/modes/ctr128.c +++ b/crypto/modes/ctr128.c @@ -11,6 +11,12 @@ #include "modes_local.h" #include +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + /* * NOTE: the IV/counter CTR mode is big-endian. The code itself is * endian-neutral. @@ -97,8 +103,9 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, (*block) (ivec, ecount_buf, key); ctr128_inc_aligned(ivec); for (n = 0; n < 16; n += sizeof(size_t)) - *(size_t *)(out + n) = - *(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(in + n) + ^ *(size_t_aX *)(ecount_buf + n); len -= 16; out += 16; in += 16; diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 48775e6d05..cdab35339d 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -11,6 +11,12 @@ #include "modes_local.h" #include +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + #if defined(BSWAP4) && defined(STRICT_ALIGNMENT) /* redefine, because alignment is ensured */ # undef GETU32 @@ -1080,8 +1086,8 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, size_t j = GHASH_CHUNK; while (j) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -1107,8 +1113,8 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, size_t j = i; while (len >= 16) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -1318,8 +1324,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, GHASH(ctx, in, GHASH_CHUNK); while (j) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -1343,8 +1349,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, if ((i = (len & (size_t)-16))) { GHASH(ctx, in, i); while (len >= 16) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; diff --git a/crypto/modes/modes_local.h b/crypto/modes/modes_local.h index f2ae01d11a..abcca797d7 100644 --- a/crypto/modes/modes_local.h +++ b/crypto/modes/modes_local.h @@ -37,6 +37,14 @@ typedef unsigned char u8; # endif #endif +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u32 u32_a1 __attribute((__aligned__(1))); +# else +typedef u32 u32_a1; +# endif +#endif + #if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) # if defined(__GNUC__) && __GNUC__>=2 # if defined(__x86_64) || defined(__x86_64__) @@ -86,8 +94,8 @@ _asm mov eax, val _asm bswap eax} # endif #endif #if defined(BSWAP4) && !defined(STRICT_ALIGNMENT) -# define GETU32(p) BSWAP4(*(const u32 *)(p)) -# define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) +# define GETU32(p) BSWAP4(*(const u32_a1 *)(p)) +# define PUTU32(p,v) *(u32_a1 *)(p) = BSWAP4(v) #else # define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) # define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) diff --git a/crypto/modes/ofb128.c b/crypto/modes/ofb128.c index 44bdf888db..df0fb559cb 100644 --- a/crypto/modes/ofb128.c +++ b/crypto/modes/ofb128.c @@ -11,6 +11,12 @@ #include "modes_local.h" #include +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + /* * The input and output encrypted as though 128bit ofb mode is being used. * The extra state information to record how much of the 128bit block we have @@ -41,8 +47,9 @@ void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, while (len >= 16) { (*block) (ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) - *(size_t *)(out + n) = - *(size_t *)(in + n) ^ *(size_t *)(ivec + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(in + n) + ^ *(size_t_aX *)(ivec + n); len -= 16; out += 16; in += 16; diff --git a/crypto/modes/xts128.c b/crypto/modes/xts128.c index b5bda5e640..b2d3fff74c 100644 --- a/crypto/modes/xts128.c +++ b/crypto/modes/xts128.c @@ -11,6 +11,14 @@ #include "modes_local.h" #include +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u64 u64_a1 __attribute((__aligned__(1))); +# else +typedef u64 u64_a1; +# endif +#endif + int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], const unsigned char *inp, unsigned char *out, @@ -45,8 +53,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; #else - scratch.u[0] = ((u64 *)inp)[0] ^ tweak.u[0]; - scratch.u[1] = ((u64 *)inp)[1] ^ tweak.u[1]; + scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak.u[0]; + scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak.u[1]; #endif (*ctx->block1) (scratch.c, scratch.c, ctx->key1); #if defined(STRICT_ALIGNMENT) @@ -54,8 +62,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[1] ^= tweak.u[1]; memcpy(out, scratch.c, 16); #else - ((u64 *)out)[0] = scratch.u[0] ^= tweak.u[0]; - ((u64 *)out)[1] = scratch.u[1] ^= tweak.u[1]; + ((u64_a1 *)out)[0] = scratch.u[0] ^= tweak.u[0]; + ((u64_a1 *)out)[1] = scratch.u[1] ^= tweak.u[1]; #endif inp += 16; out += 16; @@ -128,8 +136,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[0] ^= tweak1.u[0]; scratch.u[1] ^= tweak1.u[1]; #else - scratch.u[0] = ((u64 *)inp)[0] ^ tweak1.u[0]; - scratch.u[1] = ((u64 *)inp)[1] ^ tweak1.u[1]; + scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak1.u[0]; + scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak1.u[1]; #endif (*ctx->block1) (scratch.c, scratch.c, ctx->key1); scratch.u[0] ^= tweak1.u[0]; @@ -148,8 +156,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[1] ^= tweak.u[1]; memcpy(out, scratch.c, 16); #else - ((u64 *)out)[0] = scratch.u[0] ^ tweak.u[0]; - ((u64 *)out)[1] = scratch.u[1] ^ tweak.u[1]; + ((u64_a1 *)out)[0] = scratch.u[0] ^ tweak.u[0]; + ((u64_a1 *)out)[1] = scratch.u[1] ^ tweak.u[1]; #endif } diff --git a/crypto/whrlpool/wp_block.c b/crypto/whrlpool/wp_block.c index c21c04dbc1..0e31253e1d 100644 --- a/crypto/whrlpool/wp_block.c +++ b/crypto/whrlpool/wp_block.c @@ -63,6 +63,20 @@ typedef unsigned long long u64; # undef STRICT_ALIGNMENT #endif +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u64 u64_a1 __attribute((__aligned__(1))); +# else +typedef u64 u64_a1; +# endif +#endif + +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef u64 u64_aX __attribute((__aligned__(1))); +#else +typedef u64 u64_aX; +#endif + #undef SMALL_REGISTER_BANK #if defined(__i386) || defined(__i386__) || defined(_M_IX86) # define SMALL_REGISTER_BANK @@ -191,13 +205,13 @@ typedef unsigned long long u64; # define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ c0,c1,c2,c3,c4,c5,c6,c7 # define C0(K,i) (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]]) -# define C1(K,i) (((u64*)(Cx.c+7))[2*K.c[(i)*8+1]]) -# define C2(K,i) (((u64*)(Cx.c+6))[2*K.c[(i)*8+2]]) -# define C3(K,i) (((u64*)(Cx.c+5))[2*K.c[(i)*8+3]]) -# define C4(K,i) (((u64*)(Cx.c+4))[2*K.c[(i)*8+4]]) -# define C5(K,i) (((u64*)(Cx.c+3))[2*K.c[(i)*8+5]]) -# define C6(K,i) (((u64*)(Cx.c+2))[2*K.c[(i)*8+6]]) -# define C7(K,i) (((u64*)(Cx.c+1))[2*K.c[(i)*8+7]]) +# define C1(K,i) (((u64_a1*)(Cx.c+7))[2*K.c[(i)*8+1]]) +# define C2(K,i) (((u64_a1*)(Cx.c+6))[2*K.c[(i)*8+2]]) +# define C3(K,i) (((u64_a1*)(Cx.c+5))[2*K.c[(i)*8+3]]) +# define C4(K,i) (((u64_a1*)(Cx.c+4))[2*K.c[(i)*8+4]]) +# define C5(K,i) (((u64_a1*)(Cx.c+3))[2*K.c[(i)*8+5]]) +# define C6(K,i) (((u64_a1*)(Cx.c+2))[2*K.c[(i)*8+6]]) +# define C7(K,i) (((u64_a1*)(Cx.c+1))[2*K.c[(i)*8+7]]) #endif static const @@ -531,7 +545,7 @@ void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n) } else # endif { - const u64 *pa = (const u64 *)p; + const u64_aX *pa = (const u64_aX *)p; S.q[0] = (K.q[0] = H->q[0]) ^ pa[0]; S.q[1] = (K.q[1] = H->q[1]) ^ pa[1]; S.q[2] = (K.q[2] = H->q[2]) ^ pa[2]; @@ -769,7 +783,7 @@ void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n) } else # endif { - const u64 *pa = (const u64 *)p; + const u64_aX *pa = (const u64_aX *)p; H->q[0] ^= S.q[0] ^ pa[0]; H->q[1] ^= S.q[1] ^ pa[1]; H->q[2] ^= S.q[2] ^ pa[2]; From builds at travis-ci.org Wed May 27 19:03:21 2020 From: builds at travis-ci.org (Travis CI) Date: Wed, 27 May 2020 19:03:21 +0000 Subject: Failed: openssl/openssl#35017 (master - 77286fe) In-Reply-To: Message-ID: <5eceb978a6d2e_13fa193298c80123452@travis-tasks-7fcb5d946f-655s8.mail> Build Update for openssl/openssl ------------------------------------- Build: #35017 Status: Failed Duration: 51 mins and 5 secs Commit: 77286fe (master) Author: Bernd Edlinger Message: Avoid undefined behavior with unaligned accesses Fixes: #4983 [extended tests] Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/6074) View the changeset: https://github.com/openssl/openssl/compare/c74aaa3920f1...77286fe3ec6b View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691858288?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Wed May 27 22:00:39 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 27 May 2020 22:00:39 +0000 Subject: [openssl] master update Message-ID: <1590616839.778295.4021.nullmailer@dev.openssl.org> The branch master has been updated via 4f65bc6f8fc4464631a93002d99f61a4a75b4552 (commit) via 0839afa747cd0e0ef35179ed49dfd4a481fcc918 (commit) from 77286fe3ec6b9777934e67e35f3b7007143b0734 (commit) - Log ----------------------------------------------------------------- commit 4f65bc6f8fc4464631a93002d99f61a4a75b4552 Author: Pauli Date: Sat May 23 10:20:46 2020 +1000 fips: add AES OFB mode ciphers to FIPS provider. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11908) commit 0839afa747cd0e0ef35179ed49dfd4a481fcc918 Author: Pauli Date: Fri May 22 19:30:52 2020 +1000 fips: add AES CFB mode ciphers to FIPS provider. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11908) ----------------------------------------------------------------------- Summary of changes: providers/fips/fipsprov.c | 12 ++++++++ test/recipes/30-test_evp_data/evpciph.txt | 48 ------------------------------- 2 files changed, 12 insertions(+), 48 deletions(-) diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index bbf95b7505..31217202f2 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -390,6 +390,18 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { ALG("AES-256-CBC", aes256cbc_functions), ALG("AES-192-CBC", aes192cbc_functions), ALG("AES-128-CBC", aes128cbc_functions), + ALG("AES-256-OFB", aes256ofb_functions), + ALG("AES-192-OFB", aes192ofb_functions), + ALG("AES-128-OFB", aes128ofb_functions), + ALG("AES-256-CFB", aes256cfb_functions), + ALG("AES-192-CFB", aes192cfb_functions), + ALG("AES-128-CFB", aes128cfb_functions), + ALG("AES-256-CFB1", aes256cfb1_functions), + ALG("AES-192-CFB1", aes192cfb1_functions), + ALG("AES-128-CFB1", aes128cfb1_functions), + ALG("AES-256-CFB8", aes256cfb8_functions), + ALG("AES-192-CFB8", aes192cfb8_functions), + ALG("AES-128-CFB8", aes128cfb8_functions), ALG("AES-256-CTR", aes256ctr_functions), ALG("AES-192-CTR", aes192ctr_functions), ALG("AES-128-CTR", aes128ctr_functions), diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt index 4d7f9f0d94..4f7afd0e1d 100644 --- a/test/recipes/30-test_evp_data/evpciph.txt +++ b/test/recipes/30-test_evp_data/evpciph.txt @@ -259,7 +259,6 @@ Ciphertext = B2EB05E2C39BE9FCDA6C19078C6A9D1B # AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec # CFB128-AES128.Encrypt Cipher = AES-128-CFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT @@ -267,7 +266,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A Cipher = AES-128-CFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 3B3FD92EB72DAD20333449F8E83CFB4A Operation = ENCRYPT @@ -275,7 +273,6 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = C8A64537A0B3A93FCDE3CDAD9F1CE58B Cipher = AES-128-CFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = C8A64537A0B3A93FCDE3CDAD9F1CE58B Operation = ENCRYPT @@ -283,7 +280,6 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 26751F67A3CBB140B1808CF187A4F4DF Cipher = AES-128-CFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 26751F67A3CBB140B1808CF187A4F4DF Operation = ENCRYPT @@ -292,7 +288,6 @@ Ciphertext = C04B05357C5D1C0EEAC4C66F9FF7F2E6 # CFB128-AES128.Decrypt Cipher = AES-128-CFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 000102030405060708090A0B0C0D0E0F Operation = DECRYPT @@ -300,7 +295,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A Cipher = AES-128-CFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 3B3FD92EB72DAD20333449F8E83CFB4A Operation = DECRYPT @@ -308,7 +302,6 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = C8A64537A0B3A93FCDE3CDAD9F1CE58B Cipher = AES-128-CFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = C8A64537A0B3A93FCDE3CDAD9F1CE58B Operation = DECRYPT @@ -316,7 +309,6 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 26751F67A3CBB140B1808CF187A4F4DF Cipher = AES-128-CFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 26751F67A3CBB140B1808CF187A4F4DF Operation = DECRYPT @@ -325,7 +317,6 @@ Ciphertext = C04B05357C5D1C0EEAC4C66F9FF7F2E6 # CFB128-AES192.Encrypt Cipher = AES-192-CFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT @@ -333,7 +324,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174 Cipher = AES-192-CFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = CDC80D6FDDF18CAB34C25909C99A4174 Operation = ENCRYPT @@ -341,7 +331,6 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 67CE7F7F81173621961A2B70171D3D7A Cipher = AES-192-CFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 67CE7F7F81173621961A2B70171D3D7A Operation = ENCRYPT @@ -349,7 +338,6 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9 Cipher = AES-192-CFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9 Operation = ENCRYPT @@ -358,7 +346,6 @@ Ciphertext = C05F9F9CA9834FA042AE8FBA584B09FF # CFB128-AES192.Decrypt Cipher = AES-192-CFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 000102030405060708090A0B0C0D0E0F Operation = DECRYPT @@ -366,7 +353,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174 Cipher = AES-192-CFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = CDC80D6FDDF18CAB34C25909C99A4174 Operation = DECRYPT @@ -374,7 +360,6 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 67CE7F7F81173621961A2B70171D3D7A Cipher = AES-192-CFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 67CE7F7F81173621961A2B70171D3D7A Operation = DECRYPT @@ -382,7 +367,6 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9 Cipher = AES-192-CFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9 Operation = DECRYPT @@ -391,7 +375,6 @@ Ciphertext = C05F9F9CA9834FA042AE8FBA584B09FF # CFB128-AES256.Encrypt Cipher = AES-256-CFB -Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT @@ -399,7 +382,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 Cipher = AES-256-CFB -Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = DC7E84BFDA79164B7ECD8486985D3860 Operation = ENCRYPT @@ -407,7 +389,6 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 39FFED143B28B1C832113C6331E5407B Cipher = AES-256-CFB -Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 39FFED143B28B1C832113C6331E5407B Operation = ENCRYPT @@ -415,7 +396,6 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = DF10132415E54B92A13ED0A8267AE2F9 Cipher = AES-256-CFB -Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = DF10132415E54B92A13ED0A8267AE2F9 Operation = ENCRYPT @@ -424,7 +404,6 @@ Ciphertext = 75A385741AB9CEF82031623D55B1E471 # CFB128-AES256.Decrypt Cipher = AES-256-CFB -Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 000102030405060708090A0B0C0D0E0F Operation = DECRYPT @@ -432,7 +411,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 Cipher = AES-256-CFB -Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = DC7E84BFDA79164B7ECD8486985D3860 Operation = DECRYPT @@ -440,7 +418,6 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 39FFED143B28B1C832113C6331E5407B Cipher = AES-256-CFB -Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 39FFED143B28B1C832113C6331E5407B Operation = DECRYPT @@ -448,7 +425,6 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = DF10132415E54B92A13ED0A8267AE2F9 Cipher = AES-256-CFB -Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = DF10132415E54B92A13ED0A8267AE2F9 Operation = DECRYPT @@ -459,7 +435,6 @@ Ciphertext = 75A385741AB9CEF82031623D55B1E471 # AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec # OFB-AES128.Encrypt Cipher = AES-128-OFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT @@ -467,7 +442,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A Cipher = AES-128-OFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 50FE67CC996D32B6DA0937E99BAFEC60 Operation = ENCRYPT @@ -475,7 +449,6 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 7789508D16918F03F53C52DAC54ED825 Cipher = AES-128-OFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = D9A4DADA0892239F6B8B3D7680E15674 Operation = ENCRYPT @@ -483,7 +456,6 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 9740051E9C5FECF64344F7A82260EDCC Cipher = AES-128-OFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = A78819583F0308E7A6BF36B1386ABF23 Operation = ENCRYPT @@ -492,7 +464,6 @@ Ciphertext = 304C6528F659C77866A510D9C1D6AE5E # OFB-AES128.Decrypt Cipher = AES-128-OFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 000102030405060708090A0B0C0D0E0F Operation = DECRYPT @@ -500,7 +471,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A Cipher = AES-128-OFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 50FE67CC996D32B6DA0937E99BAFEC60 Operation = DECRYPT @@ -508,7 +478,6 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 7789508D16918F03F53C52DAC54ED825 Cipher = AES-128-OFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = D9A4DADA0892239F6B8B3D7680E15674 Operation = DECRYPT @@ -516,7 +485,6 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 9740051E9C5FECF64344F7A82260EDCC Cipher = AES-128-OFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = A78819583F0308E7A6BF36B1386ABF23 Operation = DECRYPT @@ -525,7 +493,6 @@ Ciphertext = 304C6528F659C77866A510D9C1D6AE5E # OFB-AES192.Encrypt Cipher = AES-192-OFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT @@ -533,7 +500,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174 Cipher = AES-192-OFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = A609B38DF3B1133DDDFF2718BA09565E Operation = ENCRYPT @@ -541,7 +507,6 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = FCC28B8D4C63837C09E81700C1100401 Cipher = AES-192-OFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 52EF01DA52602FE0975F78AC84BF8A50 Operation = ENCRYPT @@ -549,7 +514,6 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 8D9A9AEAC0F6596F559C6D4DAF59A5F2 Cipher = AES-192-OFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = BD5286AC63AABD7EB067AC54B553F71D Operation = ENCRYPT @@ -558,7 +522,6 @@ Ciphertext = 6D9F200857CA6C3E9CAC524BD9ACC92A # OFB-AES192.Decrypt Cipher = AES-192-OFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT @@ -566,7 +529,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174 Cipher = AES-192-OFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = A609B38DF3B1133DDDFF2718BA09565E Operation = ENCRYPT @@ -574,7 +536,6 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = FCC28B8D4C63837C09E81700C1100401 Cipher = AES-192-OFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 52EF01DA52602FE0975F78AC84BF8A50 Operation = ENCRYPT @@ -582,7 +543,6 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 8D9A9AEAC0F6596F559C6D4DAF59A5F2 Cipher = AES-192-OFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = BD5286AC63AABD7EB067AC54B553F71D Operation = ENCRYPT @@ -591,7 +551,6 @@ Ciphertext = 6D9F200857CA6C3E9CAC524BD9ACC92A # OFB-AES256.Encrypt Cipher = AES-256-OFB -Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT @@ -599,7 +558,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 Cipher = AES-256-OFB -Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A Operation = ENCRYPT @@ -607,7 +565,6 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 4FEBDC6740D20B3AC88F6AD82A4FB08D Cipher = AES-256-OFB -Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = E1C656305ED1A7A6563805746FE03EDC Operation = ENCRYPT @@ -615,7 +572,6 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 71AB47A086E86EEDF39D1C5BBA97C408 Cipher = AES-256-OFB -Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 41635BE625B48AFC1666DD42A09D96E7 Operation = ENCRYPT @@ -624,7 +580,6 @@ Ciphertext = 0126141D67F37BE8538F5A8BE740E484 # OFB-AES256.Decrypt Cipher = AES-256-OFB -Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 000102030405060708090A0B0C0D0E0F Operation = DECRYPT @@ -632,7 +587,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 Cipher = AES-256-OFB -Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A Operation = DECRYPT @@ -640,7 +594,6 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 4FEBDC6740D20B3AC88F6AD82A4FB08D Cipher = AES-256-OFB -Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = E1C656305ED1A7A6563805746FE03EDC Operation = DECRYPT @@ -648,7 +601,6 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 71AB47A086E86EEDF39D1C5BBA97C408 Cipher = AES-256-OFB -Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 41635BE625B48AFC1666DD42A09D96E7 Operation = DECRYPT From builds at travis-ci.org Wed May 27 22:49:32 2020 From: builds at travis-ci.org (Travis CI) Date: Wed, 27 May 2020 22:49:32 +0000 Subject: Still Failing: openssl/openssl#35019 (master - 4f65bc6) In-Reply-To: Message-ID: <5eceee7c54b62_13fbe3b3a9e0c1178c7@travis-tasks-545d7f88f6-qrr97.mail> Build Update for openssl/openssl ------------------------------------- Build: #35019 Status: Still Failing Duration: 48 mins and 17 secs Commit: 4f65bc6 (master) Author: Pauli Message: fips: add AES OFB mode ciphers to FIPS provider. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11908) View the changeset: https://github.com/openssl/openssl/compare/77286fe3ec6b...4f65bc6f8fc4 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691933758?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu May 28 02:02:41 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 28 May 2020 02:02:41 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1590631361.804550.364.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_cmp.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha3-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_socket.d.tmp -MT apps/lib/libapps-lib-s_socket.o -c -o apps/lib/libapps-lib-s_socket.o ../openssl/apps/lib/s_socket.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4072: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3047: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From pauli at openssl.org Thu May 28 03:55:08 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 28 May 2020 03:55:08 +0000 Subject: [openssl] master update Message-ID: <1590638108.071518.26250.nullmailer@dev.openssl.org> The branch master has been updated via bac8d066a595454e3f4a75e6e155a9d5b99ce4ea (commit) from 4f65bc6f8fc4464631a93002d99f61a4a75b4552 (commit) - Log ----------------------------------------------------------------- commit bac8d066a595454e3f4a75e6e155a9d5b99ce4ea Author: Pauli Date: Wed May 27 07:26:46 2020 +1000 ossl_shim: use the correct ticket key call back. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11966) ----------------------------------------------------------------------- Summary of changes: test/ossl_shim/ossl_shim.cc | 25 ++++++++++++------------- test/ossl_shim/test_config.cc | 2 -- test/ossl_shim/test_config.h | 2 -- 3 files changed, 12 insertions(+), 17 deletions(-) diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc index 0bdf5dd451..3ebe31b7dd 100644 --- a/test/ossl_shim/ossl_shim.cc +++ b/test/ossl_shim/ossl_shim.cc @@ -7,11 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* - * HMAC low level APIs are deprecated for public use but might be used here. - */ -#define OPENSSL_SUPPRESS_DEPRECATED - #if !defined(__STDC_FORMAT_MACROS) #define __STDC_FORMAT_MACROS #endif @@ -374,10 +369,11 @@ static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) { return 1; } -#ifndef OPENSSL_NO_DEPRECATED_3_0 static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, - EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, + EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hmac_ctx, int encrypt) { + OSSL_PARAM params[3], *p = params; + if (!encrypt) { if (GetTestState(ssl)->ticket_decrypt_done) { fprintf(stderr, "TicketKeyCallback called after completion.\n"); @@ -397,8 +393,14 @@ static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, return 0; } - if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) || - !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) { + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "SHA256", 0); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, kZeros, + sizeof(kZeros)); + *p = OSSL_PARAM_construct_end(); + + if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt) + || !EVP_MAC_init(hmac_ctx) + || !EVP_MAC_CTX_set_params(hmac_ctx, params)) { return -1; } @@ -407,7 +409,6 @@ static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, } return 1; } -#endif // kCustomExtensionValue is the extension value that the custom extension // callbacks will add. @@ -631,11 +632,9 @@ static bssl::UniquePtr SetupCtx(const TestConfig *config) { SSL_CTX_set_info_callback(ssl_ctx.get(), InfoCallback); SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback); -#ifndef OPENSSL_NO_DEPRECATED_3_0 if (config->use_ticket_callback) { - SSL_CTX_set_tlsext_ticket_key_cb(ssl_ctx.get(), TicketKeyCallback); + SSL_CTX_set_tlsext_ticket_key_evp_cb(ssl_ctx.get(), TicketKeyCallback); } -#endif if (config->enable_client_custom_extension && !SSL_CTX_add_client_custom_ext( diff --git a/test/ossl_shim/test_config.cc b/test/ossl_shim/test_config.cc index b1a3fa3920..a37d010d7a 100644 --- a/test/ossl_shim/test_config.cc +++ b/test/ossl_shim/test_config.cc @@ -63,9 +63,7 @@ const Flag kBoolFlags[] = { { "-use-export-context", &TestConfig::use_export_context }, { "-expect-ticket-renewal", &TestConfig::expect_ticket_renewal }, { "-expect-no-session", &TestConfig::expect_no_session }, -#ifndef OPENSSL_NO_DEPRECATED_3_0 { "-use-ticket-callback", &TestConfig::use_ticket_callback }, -#endif { "-renew-ticket", &TestConfig::renew_ticket }, { "-enable-client-custom-extension", &TestConfig::enable_client_custom_extension }, diff --git a/test/ossl_shim/test_config.h b/test/ossl_shim/test_config.h index 653554d995..6968a128ca 100644 --- a/test/ossl_shim/test_config.h +++ b/test/ossl_shim/test_config.h @@ -62,9 +62,7 @@ struct TestConfig { bool use_export_context = false; bool expect_ticket_renewal = false; bool expect_no_session = false; -#ifndef OPENSSL_NO_DEPRECATED_3_0 bool use_ticket_callback = false; -#endif bool renew_ticket = false; bool enable_client_custom_extension = false; bool enable_server_custom_extension = false; From no-reply at appveyor.com Thu May 28 04:10:22 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 28 May 2020 04:10:22 +0000 Subject: Build failed: openssl master.34470 Message-ID: <20200528041022.1.56ECFCFC604502CB@appveyor.com> An HTML attachment was scrubbed... URL: From shane.lontis at oracle.com Thu May 28 04:19:24 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Thu, 28 May 2020 04:19:24 +0000 Subject: [openssl] master update Message-ID: <1590639564.293222.8127.nullmailer@dev.openssl.org> The branch master has been updated via 3d518d3d813da40195ff9fe5f4567ab9f09ddcc9 (commit) from bac8d066a595454e3f4a75e6e155a9d5b99ce4ea (commit) - Log ----------------------------------------------------------------- commit 3d518d3d813da40195ff9fe5f4567ab9f09ddcc9 Author: Shane Lontis Date: Wed May 27 12:10:52 2020 +1000 Fix errtest for older compilers Some older compilers use "unknown function" if they dont support __func, so the test using ERR_PUT_error needed to compensate for this when comparing against the expected value. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11967) ----------------------------------------------------------------------- Summary of changes: test/errtest.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/test/errtest.c b/test/errtest.c index cc2f6612d1..9adf4ca917 100644 --- a/test/errtest.c +++ b/test/errtest.c @@ -10,6 +10,7 @@ #include #include #include +#include #include "testutil.h" @@ -24,17 +25,20 @@ static int test_print_error_format(void) { - static const char expected[] = - ":error::system library:test_print_error_format:Operation not permitted:" + static const char expected_format[] = + ":error::system library:%s:Operation not permitted:" # ifndef OPENSSL_NO_FILENAMES "errtest.c:30:"; # else ":0:"; # endif + char expected[256]; char *out = NULL, *p = NULL; int ret = 0, len; BIO *bio = NULL; + BIO_snprintf(expected, sizeof(expected), expected_format, OPENSSL_FUNC); + if (!TEST_ptr(bio = BIO_new(BIO_s_mem()))) return 0; From no-reply at appveyor.com Thu May 28 04:53:48 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 28 May 2020 04:53:48 +0000 Subject: Build failed: openssl master.34472 Message-ID: <20200528045348.1.E6C32985B2102BE7@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu May 28 05:07:18 2020 From: builds at travis-ci.org (Travis CI) Date: Thu, 28 May 2020 05:07:18 +0000 Subject: Still Failing: openssl/openssl#35025 (master - bac8d06) In-Reply-To: Message-ID: <5ecf470575982_13ff2a6e977343142d@travis-tasks-77c5c5899-qnbgs.mail> Build Update for openssl/openssl ------------------------------------- Build: #35025 Status: Still Failing Duration: 1 hr, 7 mins, and 54 secs Commit: bac8d06 (master) Author: Pauli Message: ossl_shim: use the correct ticket key call back. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11966) View the changeset: https://github.com/openssl/openssl/compare/4f65bc6f8fc4...bac8d066a595 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/692010963?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu May 28 05:52:35 2020 From: builds at travis-ci.org (Travis CI) Date: Thu, 28 May 2020 05:52:35 +0000 Subject: Still Failing: openssl/openssl#35027 (master - 3d518d3) In-Reply-To: Message-ID: <5ecf51a32f5e6_13ff2a6e9719455411@travis-tasks-77c5c5899-qnbgs.mail> Build Update for openssl/openssl ------------------------------------- Build: #35027 Status: Still Failing Duration: 19 mins and 42 secs Commit: 3d518d3 (master) Author: Shane Lontis Message: Fix errtest for older compilers Some older compilers use "unknown function" if they dont support __func, so the test using ERR_PUT_error needed to compensate for this when comparing against the expected value. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11967) View the changeset: https://github.com/openssl/openssl/compare/bac8d066a595...3d518d3d813d View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/692014979?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu May 28 06:32:32 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 28 May 2020 06:32:32 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1590647552.089456.17928.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_cmp.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_cmp.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha3-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4063: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3038: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Thu May 28 07:00:21 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 28 May 2020 07:00:21 +0000 Subject: Build completed: openssl master.34473 Message-ID: <20200528070021.1.4114EBFE41C29E82@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu May 28 10:05:48 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 28 May 2020 10:05:48 +0000 Subject: Build failed: openssl master.34479 Message-ID: <20200528100548.1.D14611AB1759A3EE@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu May 28 11:09:12 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 28 May 2020 11:09:12 +0000 Subject: Build completed: openssl master.34480 Message-ID: <20200528110912.1.692CC8BAE4431912@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu May 28 12:05:54 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 28 May 2020 12:05:54 +0000 Subject: [openssl] master update Message-ID: <1590667554.934230.22904.nullmailer@dev.openssl.org> The branch master has been updated via bb90f9fee1a3055f8a9cd63aad691b1bfae3e53e (commit) from 3d518d3d813da40195ff9fe5f4567ab9f09ddcc9 (commit) - Log ----------------------------------------------------------------- commit bb90f9fee1a3055f8a9cd63aad691b1bfae3e53e Author: Richard Levitte Date: Wed May 27 10:09:04 2020 +0200 util/mkpod2html.pl: Fix unbalanced quotes Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11969) ----------------------------------------------------------------------- Summary of changes: util/mkpod2html.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mkpod2html.pl b/util/mkpod2html.pl index 9e81d36653..2df4b22b41 100755 --- a/util/mkpod2html.pl +++ b/util/mkpod2html.pl @@ -45,7 +45,7 @@ close F; unlink $opt_o; $contents =~ - s|href="http://man\.he\.net/(man\d/[^"]+)(?:\.html)?"|href="../$1.html|g; + s|href="http://man\.he\.net/(man\d/[^"]+)(?:\.html)?"|href="../$1.html"|g; open F, ">$opt_o" or die "Can't write $opt_o, $!"; print F $contents; From openssl at openssl.org Thu May 28 12:48:54 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 28 May 2020 12:48:54 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1590670134.332107.5778.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=198, Tests=1987, 709 wallclock secs ( 8.22 usr 1.56 sys + 672.91 cusr 44.74 csys = 727.43 CPU) Result: FAIL Makefile:3073: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3071: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.org Thu May 28 13:54:06 2020 From: builds at travis-ci.org (Travis CI) Date: Thu, 28 May 2020 13:54:06 +0000 Subject: Still Failing: openssl/openssl#35042 (master - bb90f9f) In-Reply-To: Message-ID: <5ecfc27c5d4a6_13fc1fe0c989c1875d2@travis-tasks-5f788bc895-hhrlr.mail> Build Update for openssl/openssl ------------------------------------- Build: #35042 Status: Still Failing Duration: 45 mins and 14 secs Commit: bb90f9f (master) Author: Richard Levitte Message: util/mkpod2html.pl: Fix unbalanced quotes Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11969) View the changeset: https://github.com/openssl/openssl/compare/3d518d3d813d...bb90f9fee1a3 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/692131706?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From beldmit at gmail.com Thu May 28 14:31:14 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Thu, 28 May 2020 14:31:14 +0000 Subject: [openssl] master update Message-ID: <1590676274.378462.3550.nullmailer@dev.openssl.org> The branch master has been updated via 9e6cb4344233aeefe91c6092567f887015ee345a (commit) from bb90f9fee1a3055f8a9cd63aad691b1bfae3e53e (commit) - Log ----------------------------------------------------------------- commit 9e6cb4344233aeefe91c6092567f887015ee345a Author: Dmitry Belyavskiy Date: Wed May 27 13:03:04 2020 +0300 Update gost-engine commit to match the API changes [extended tests] Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11970) ----------------------------------------------------------------------- Summary of changes: gost-engine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gost-engine b/gost-engine index a90ad6ce8f..4108e77e0e 160000 --- a/gost-engine +++ b/gost-engine @@ -1 +1 @@ -Subproject commit a90ad6ce8f4cd876b5a8897b66ef49fb50b378cd +Subproject commit 4108e77e0eb091fdd9b9c4174374a6ac0cc0abd0 From openssl at openssl.org Thu May 28 15:08:44 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 28 May 2020 15:08:44 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1590678524.509553.769.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=198, Tests=1989, 730 wallclock secs ( 8.17 usr 1.58 sys + 690.88 cusr 44.82 csys = 745.45 CPU) Result: FAIL Makefile:3080: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3078: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.org Thu May 28 15:25:14 2020 From: builds at travis-ci.org (Travis CI) Date: Thu, 28 May 2020 15:25:14 +0000 Subject: Still Failing: openssl/openssl#35051 (master - 9e6cb43) In-Reply-To: Message-ID: <5ecfd7d876572_13fc1fe0c839841312a@travis-tasks-5f788bc895-hhrlr.mail> Build Update for openssl/openssl ------------------------------------- Build: #35051 Status: Still Failing Duration: 47 mins and 37 secs Commit: 9e6cb43 (master) Author: Dmitry Belyavskiy Message: Update gost-engine commit to match the API changes [extended tests] Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11970) View the changeset: https://github.com/openssl/openssl/compare/bb90f9fee1a3...9e6cb4344233 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/692193012?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Thu May 28 16:08:47 2020 From: matt at openssl.org (Matt Caswell) Date: Thu, 28 May 2020 16:08:47 +0000 Subject: [openssl] master update Message-ID: <1590682127.690455.21392.nullmailer@dev.openssl.org> The branch master has been updated via 5ddec6a7d3206c61209a016db4227b847dcaad27 (commit) via b533510f3bc70957dbf447f7ea8ec20765c5b314 (commit) from 9e6cb4344233aeefe91c6092567f887015ee345a (commit) - Log ----------------------------------------------------------------- commit 5ddec6a7d3206c61209a016db4227b847dcaad27 Author: Matt Caswell Date: Thu May 14 11:33:01 2020 +0100 Add a test for fetching EVP_PKEY style algs without a provider Following on from the previous commit, add a test to check that we fail to create an EVP_PKEY_CTX if an algorithm is not available in any provider, *unless* it is an algorithm that has no provider support. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11826) commit b533510f3bc70957dbf447f7ea8ec20765c5b314 Author: Matt Caswell Date: Wed May 13 17:17:35 2020 +0100 Fail if we fail to fetch the EVP_KEYMGMT If we failed to fetch an EVP_KEYMGMT then we were falling back to legacy. This is because some algorithms (such as MACs and KDFs used via an old style EVP_PKEY) have not been transferred to providers. Unfortunately this means that you cannot stop some algorithms from being used by not loading the provider. For example if you wanted to prevent RSA from being used, you might expect to just not load any providers that make it available. Unfortunately that doesn't work because we simply fall back to legacy if we fail to fetch the EVP_KEYMGMT. Instead we should fail *unless* the key type is one of those legacy key types that we have not transferred. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11826) ----------------------------------------------------------------------- Summary of changes: crypto/evp/pmeth_lib.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++--- test/evp_extra_test.c | 42 ++++++++++++++++++++++++++++++++++++++++++ test/evp_test.c | 3 ++- 3 files changed, 91 insertions(+), 4 deletions(-) diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 355565de63..ea8bdec388 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -137,6 +137,40 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) } #endif /* FIPS_MODULE */ +static int is_legacy_alg(int id, const char *keytype) +{ +#ifndef FIPS_MODULE + /* Certain EVP_PKEY keytypes are only available in legacy form */ + if (id == -1) { + id = OBJ_sn2nid(keytype); + if (id == NID_undef) + id = OBJ_ln2nid(keytype); + if (id == NID_undef) + return 0; + } + switch (id) { + /* + * TODO(3.0): Remove SM2 and DHX when they are converted to have provider + * support + */ + case EVP_PKEY_SM2: + case EVP_PKEY_DHX: + case EVP_PKEY_SCRYPT: + case EVP_PKEY_TLS1_PRF: + case EVP_PKEY_HKDF: + case EVP_PKEY_CMAC: + case EVP_PKEY_HMAC: + case EVP_PKEY_SIPHASH: + case EVP_PKEY_POLY1305: + return 1; + default: + return 0; + } +#else + return 0; +#endif +} + static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx, EVP_PKEY *pkey, ENGINE *e, const char *keytype, const char *propquery, @@ -228,10 +262,20 @@ static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx, * implementation. */ if (e == NULL && keytype != NULL) { - /* This could fail so ignore errors */ - ERR_set_mark(); + int legacy = is_legacy_alg(id, keytype); + + if (legacy) { + /* This could fail so ignore errors */ + ERR_set_mark(); + } + keymgmt = EVP_KEYMGMT_fetch(libctx, keytype, propquery); - ERR_pop_to_mark(); + if (legacy) { + ERR_pop_to_mark(); + } else if (keymgmt == NULL) { + EVPerr(EVP_F_INT_CTX_NEW, EVP_R_FETCH_FAILED); + return NULL; + } } ret = OPENSSL_zalloc(sizeof(*ret)); diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 53d2f3afdb..2ab4be89a3 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1625,6 +1625,47 @@ static int test_keygen_with_empty_template(int n) return ret; } +/* + * Test that we fail if we attempt to use an algorithm that is not available + * in the current library context (unless we are using an algorithm that should + * be made available via legacy codepaths). + */ +static int test_pkey_ctx_fail_without_provider(int tst) +{ + OPENSSL_CTX *tmpctx = OPENSSL_CTX_new(); + OSSL_PROVIDER *nullprov = NULL; + EVP_PKEY_CTX *pctx = NULL; + int ret = 0; + + if (!TEST_ptr(tmpctx)) + goto err; + + nullprov = OSSL_PROVIDER_load(tmpctx, "null"); + if (!TEST_ptr(nullprov)) + goto err; + + pctx = EVP_PKEY_CTX_new_from_name(tmpctx, tst == 0 ? "RSA" : "HMAC", ""); + + /* RSA is not available via any provider so we expect this to fail */ + if (tst == 0 && !TEST_ptr_null(pctx)) + goto err; + + /* + * HMAC is always available because it is implemented via legacy codepaths + * and not in a provider at all. We expect this to pass. + */ + if (tst == 1 && !TEST_ptr(pctx)) + goto err; + + ret = 1; + + err: + EVP_PKEY_CTX_free(pctx); + OSSL_PROVIDER_unload(nullprov); + OPENSSL_CTX_free(tmpctx); + return ret; +} + int setup_tests(void) { testctx = OPENSSL_CTX_new(); @@ -1673,6 +1714,7 @@ int setup_tests(void) ADD_TEST(test_EVP_PKEY_set1_DH); #endif ADD_ALL_TESTS(test_keygen_with_empty_template, 2); + ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2); return 1; } diff --git a/test/evp_test.c b/test/evp_test.c index 813218a42a..6ed5bafba6 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -2995,7 +2995,8 @@ static int key_unsupported(void) long err = ERR_peek_error(); if (ERR_GET_LIB(err) == ERR_LIB_EVP - && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM) { + && (ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM + || ERR_GET_REASON(err) == EVP_R_FETCH_FAILED)) { ERR_clear_error(); return 1; } From openssl at openssl.org Thu May 28 17:12:10 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 28 May 2020 17:12:10 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1590685930.600759.26484.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=198, Tests=1989, 702 wallclock secs ( 7.92 usr 1.30 sys + 662.70 cusr 44.45 csys = 716.37 CPU) Result: FAIL Makefile:3100: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3098: recipe for target 'tests' failed make: *** [tests] Error 2 From kaduk at mit.edu Thu May 28 17:14:56 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Thu, 28 May 2020 17:14:56 +0000 Subject: [openssl] master update Message-ID: <1590686096.405704.22424.nullmailer@dev.openssl.org> The branch master has been updated via 9c44916ce555a0280170c5fc519a0ebf693292f8 (commit) via 7c302f8afc1d36ec12effd0c08047baced095b46 (commit) via 2cd3ebc76c7d8e76a8e337ef1eef43753eacef00 (commit) from 5ddec6a7d3206c61209a016db4227b847dcaad27 (commit) - Log ----------------------------------------------------------------- commit 9c44916ce555a0280170c5fc519a0ebf693292f8 Author: Benjamin Kaduk Date: Fri May 22 11:13:24 2020 -0700 RSA: Do not set NULL OAEP labels As of the previous commit, when a zero-length (string) parameter is present in the parameters passed to a provider for a given operation, we will produce an object corresponding to that zero-length parameter, indicating to the underlying cryptographic operation that the parameter was passed. However, rsa_cms_decrypt() was relying on the previous behavior, and unconditionally tried to call EVP_PKEY_CTX_set0_rsa_oaep_label() even when the implicit default label was used (and thus the relevant local variable was still NULL). In the new setup that distinguishes present-but-empty and absent more clearly, it is an error to attempt to set a NULL parameter, even if it is zero-length. Exercise more caution when setting parameters, and do not call EVP_PKEY_CTX_set0_rsa_oaep_label() when there is not actually a label provided. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11920) commit 7c302f8afc1d36ec12effd0c08047baced095b46 Author: Benjamin Kaduk Date: Thu May 21 14:10:50 2020 -0700 params: do not ignore zero-length strings Prior to this commit, if a string (or octet string) parameter was present but indicated it was zero-length, we would return success but with a NULL output value. This can be problematic in cases where there is a protocol-level distinction between parameter-absent and parameter-present-but-zero-length, which is uncommon but can happen. Since OPENSSL_malloc() returns NULL for zero-length allocation requests, make a dummy allocation for this case, to give a signal that the string parameter does exist but has zero length. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11920) commit 2cd3ebc76c7d8e76a8e337ef1eef43753eacef00 Author: Benjamin Kaduk Date: Thu May 21 12:53:59 2020 -0700 test HKDF with empty IKM Add an extra EVP test that provides empty input key material. It currently fails, since we lose the information about "key present but zero length" as we deserialize parameters in the provider. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11920) ----------------------------------------------------------------------- Summary of changes: crypto/params.c | 7 +++---- crypto/rsa/rsa_ameth.c | 3 ++- test/evp_extra_test.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 47 insertions(+), 5 deletions(-) diff --git a/crypto/params.c b/crypto/params.c index 06ae1bc44f..9bccc51760 100644 --- a/crypto/params.c +++ b/crypto/params.c @@ -788,8 +788,6 @@ static int get_string_internal(const OSSL_PARAM *p, void **val, size_t max_len, if (used_len != NULL) *used_len = sz; - if (sz == 0) - return 1; if (p->data == NULL) return 0; @@ -797,12 +795,13 @@ static int get_string_internal(const OSSL_PARAM *p, void **val, size_t max_len, return 1; if (*val == NULL) { - char *const q = OPENSSL_malloc(sz); + char *const q = OPENSSL_malloc(sz > 0 ? sz : 1); if (q == NULL) return 0; *val = q; - memcpy(q, p->data, sz); + if (sz != 0) + memcpy(q, p->data, sz); return 1; } if (max_len < sz) diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 6628e38342..22c06a2139 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -1007,7 +1007,8 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) goto err; if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) goto err; - if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) + if (label != NULL + && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) goto err; /* Carry on */ rv = 1; diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 2ab4be89a3..e6a76a1fa6 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1246,6 +1246,47 @@ static int test_HKDF(void) return ret; } +static int test_emptyikm_HKDF(void) +{ + EVP_PKEY_CTX *pctx; + unsigned char out[20]; + size_t outlen; + int ret = 0; + unsigned char salt[] = "9876543210"; + unsigned char key[] = ""; + unsigned char info[] = "stringinfo"; + const unsigned char expected[] = { + 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47, + 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30 + }; + size_t expectedlen = sizeof(expected); + + if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL))) + goto done; + + outlen = sizeof(out); + memset(out, 0, outlen); + + if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, + sizeof(salt) - 1), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, + sizeof(key) - 1), 0) + || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, + sizeof(info) - 1), 0) + || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) + || !TEST_mem_eq(out, outlen, expected, expectedlen)) + goto done; + + ret = 1; + + done: + EVP_PKEY_CTX_free(pctx); + + return ret; +} + #ifndef OPENSSL_NO_EC static int test_X509_PUBKEY_inplace(void) { @@ -1698,6 +1739,7 @@ int setup_tests(void) ADD_TEST(test_CMAC_keygen); #endif ADD_TEST(test_HKDF); + ADD_TEST(test_emptyikm_HKDF); #ifndef OPENSSL_NO_EC ADD_TEST(test_X509_PUBKEY_inplace); ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode, From builds at travis-ci.org Thu May 28 17:30:44 2020 From: builds at travis-ci.org (Travis CI) Date: Thu, 28 May 2020 17:30:44 +0000 Subject: Still Failing: openssl/openssl#35058 (master - 5ddec6a) In-Reply-To: Message-ID: <5ecff543196e7_13fd5faccd03420255b@travis-tasks-6d847ff99c-5lclg.mail> Build Update for openssl/openssl ------------------------------------- Build: #35058 Status: Still Failing Duration: 58 mins and 36 secs Commit: 5ddec6a (master) Author: Matt Caswell Message: Add a test for fetching EVP_PKEY style algs without a provider Following on from the previous commit, add a test to check that we fail to create an EVP_PKEY_CTX if an algorithm is not available in any provider, *unless* it is an algorithm that has no provider support. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11826) View the changeset: https://github.com/openssl/openssl/compare/9e6cb4344233...5ddec6a7d320 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/692231152?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu May 28 17:49:53 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 28 May 2020 17:49:53 +0000 Subject: [web] master update Message-ID: <1590688193.648828.21769.nullmailer@dev.openssl.org> The branch master has been updated via ea973d250e311c51c91217c2e6edf93370be0e43 (commit) from b8cbeb50101d64690eeee8769827e8b03cc7c382 (commit) - Log ----------------------------------------------------------------- commit ea973d250e311c51c91217c2e6edf93370be0e43 Author: Richard Levitte Date: Thu Apr 23 19:44:05 2020 +0200 Adapt man-page making for OpenSSL master / 3.0 We use OpenSSL's rendering instead of our own, and just lightly strip the result to fit in our page layout. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/175) ----------------------------------------------------------------------- Summary of changes: Makefile | 63 +++++++++++++++++++++++++++++++++++----------- bin/all-html-man-names | 16 ++++++++++++ bin/from-tt | 6 ++--- bin/mk-manpages | 2 +- bin/mk-manpages3 | 34 +++++++++++++++++++++++++ bin/strip-man-html | 17 +++++++++++++ inc/manpage-template.html5 | 46 +++++++++++++++++++++++++++++++++ 7 files changed, 166 insertions(+), 18 deletions(-) create mode 100755 bin/all-html-man-names create mode 100755 bin/mk-manpages3 create mode 100755 bin/strip-man-html create mode 100644 inc/manpage-template.html5 diff --git a/Makefile b/Makefile index d31a473..4b1bd1f 100644 --- a/Makefile +++ b/Makefile @@ -21,11 +21,12 @@ SERIES=1.1.1 ## Older series. The second type is for source listings OLDSERIES=1.1.0 1.0.2 1.0.1 1.0.0 0.9.8 0.9.7 0.9.6 OLDSERIES2=1.1.0 1.0.2 1.0.1 1.0.0 0.9.x +## Series for manual layouts +MANSERIES1=1.1.1 +MANSERIES3=3.0 # All simple generated files. SIMPLE = newsflash.inc sitemap.txt \ - community/committers.inc \ - community/otc.inc community/omc.inc community/omc-alumni.inc \ docs/faq.inc docs/fips.inc \ docs/OpenSSLStrategicArchitecture.html \ docs/OpenSSL300Design.html \ @@ -79,13 +80,19 @@ rebuild: all ## ## A lot of the work is made with generated rules. -# makemanpages creates rules for targets like manpages-1.1.1, to -# build the set of man-pages and indexes of man-pages for the given -# OpenSSL release (such as 1.1.1) +# makemanpages1 and makemanpages3 creates rules for targets like man-pages-1.1.1, +# to build the set of man-pages. makemanpages1 is used for pre-3.0 OpenSSL, +# while makemanpages3 is used for OpenSSL 3.0 and on. +# makemanapropos creates rules for targets like man-apropos-1.1.1, to build +# 'apropos' like indexes for all the manpages. +# makemanindexes creates rules for targets like man-index-1.1.1, to build the +# main HTML index for a set of man-pages. # # $(1) = input directory in CHECKOUTS, $(2) = release version -define makemanpages -manpages-$(2): + +# This variant is for pre-3.0 documentation +define makemanpages1 +man-pages-$(2): @rm -rf docs/man$(2) @mkdir -p docs/man$(2) \ docs/man$(2)/man1 \ @@ -93,34 +100,62 @@ manpages-$(2): docs/man$(2)/man5 \ docs/man$(2)/man7 ./bin/mk-manpages $(CHECKOUTS)/$(1)/doc $(2) docs/man$(2) +endef +# This variant is for 3.0 documentation +define makemanpages3 +man-pages-$(2): + @rm -rf docs/man$(2) + @mkdir -p docs/man$(2) \ + docs/man$(2)/man1 \ + docs/man$(2)/man3 \ + docs/man$(2)/man5 \ + docs/man$(2)/man7 + ./bin/mk-manpages3 $(CHECKOUTS)/$(1) $(2) docs/man$(2) +endef +define makemanapropos +man-apropos-$(2): man-pages-$(2) ./bin/mk-apropos docs/man$(2)/man1 > docs/man$(2)/man1/index.inc ./bin/mk-apropos docs/man$(2)/man3 > docs/man$(2)/man3/index.inc ./bin/mk-apropos docs/man$(2)/man5 > docs/man$(2)/man5/index.inc ./bin/mk-apropos docs/man$(2)/man7 > docs/man$(2)/man7/index.inc +endef +define makemanindexes +man-index-$(2): ./bin/from-tt -d docs/man$(2)/man1 releases='$(SERIES)' release='$(2)' \ < docs/sub-man1-index.html.tt > docs/man$(2)/man1/index.html - ./bin/from-tt -d docs/man$(2)/man1 releases='$(SERIES)' release='$(2)' \ + ./bin/from-tt -d docs/man$(2)/man3 releases='$(SERIES)' release='$(2)' \ < docs/sub-man3-index.html.tt > docs/man$(2)/man3/index.html - ./bin/from-tt -d docs/man$(2)/man1 releases='$(SERIES)' release='$(2)' \ + ./bin/from-tt -d docs/man$(2)/man5 releases='$(SERIES)' release='$(2)' \ < docs/sub-man5-index.html.tt > docs/man$(2)/man5/index.html - ./bin/from-tt -d docs/man$(2)/man1 releases='$(SERIES)' release='$(2)' \ + ./bin/from-tt -d docs/man$(2)/man7 releases='$(SERIES)' release='$(2)' \ < docs/sub-man7-index.html.tt > docs/man$(2)/man7/index.html ./bin/from-tt -d docs/man$(2) releases='$(SERIES)' release='$(2)' \ < docs/sub-index.html.tt > docs/man$(2)/index.html endef +define makemanuals1 +$(eval $(call makemanpages1,$(1),$(2))) +$(eval $(call makemanapropos,$(1),$(2))) +$(eval $(call makemanindexes,$(1),$(2))) +endef +define makemanuals3 +$(eval $(call makemanpages3,$(1),$(2))) +$(eval $(call makemanapropos,$(1),$(2))) +$(eval $(call makemanindexes,$(1),$(2))) +endef # Now that we have the generating macros in place, let's use them! # # Start off with creating the 'manpages-master' target, taking the # source from $(CHECKOUTS)/openssl/doc -$(eval $(call makemanpages,openssl,master)) +$(eval $(call makemanuals3,openssl,master)) +#$(foreach S,$(MANSERIES3),$(eval $(call makemanuals3,openssl-$(S),$(S)))) # Next, create 'manpages-x.y.z' for all current releases, taking the # source from $(CHECKOUTS)/openssl-x.y.z-stable/doc -$(foreach S,$(SERIES),$(eval $(call makemanpages,openssl-$(S)-stable,$(S)))) +$(foreach S,$(MANSERIES1),$(eval $(call makemanuals1,openssl-$(S)-stable,$(S)))) -manmaster: manpages-master -manpages: $(foreach S,$(SERIES),manpages-$(S)) +manmaster: man-apropos-master man-index-master +manpages: $(foreach S,$(MANSERIES1),man-apropos-$(S) man-index-$(S)) mancross: ./bin/mk-mancross master $(SERIES) diff --git a/bin/all-html-man-names b/bin/all-html-man-names new file mode 100755 index 0000000..7f9ed22 --- /dev/null +++ b/bin/all-html-man-names @@ -0,0 +1,16 @@ +#! /usr/bin/env perl + + +local $/; # Slurp the whole file +my $contents = ; + +$contents =~ m@^

    NAME

    @m; +$contents = $'; # Everything before and including NAME is removed +$contents =~ m@^

    @@g; # All paragraph tags are removed +$contents =~ s@^\s+@@s; # All whitespace at the beginning is removed +$contents =~ s@\s+$@@s; # All whitespace at the end is removed +$contents =~ s@\s+@ @gs; # All whitespace blocks are collapsed to a space + +print $contents; diff --git a/bin/from-tt b/bin/from-tt index b5018b6..c302835 100755 --- a/bin/from-tt +++ b/bin/from-tt @@ -98,9 +98,9 @@ if [ $# -eq 0 ]; then ( cd $dir ( cat $HERE/../inc/common.tt; - if [ -n "$input" ]; then cat "$input"; else cat; fi ) \ - | eval "$tpagecmd --define 'dir=${dir:-filedir}'" \ - | ( if [ -n "$output" ]; then cat > "$output"; else cat; fi ) + if [ -n "$input" ]; then cat "$HERE/../$input"; else cat; fi ) \ + | eval "$tpagecmd --define 'dir=$HERE/../${dir:-filedir}'" \ + | ( if [ -n "$output" ]; then cat > "$HERE/../$output"; else cat; fi ) ) else errfiles= diff --git a/bin/mk-manpages b/bin/mk-manpages index 6b57ead..5911342 100755 --- a/bin/mk-manpages +++ b/bin/mk-manpages @@ -182,7 +182,7 @@ sub getdata { while (<$fh>) { chop; s/\n/ /gm; - if (/^=for comment openssl_manual_section:\s*(\d+)/) { + if (/^=for (?:comment|openssl) openssl_manual_section:\s*(\d+)/) { $data{sectnum} = "$1"; } elsif (/^=head1\s/) { diff --git a/bin/mk-manpages3 b/bin/mk-manpages3 new file mode 100755 index 0000000..dba2772 --- /dev/null +++ b/bin/mk-manpages3 @@ -0,0 +1,34 @@ +#! /bin/bash -e + +HERE=$(dirname $0) +checkoutdir=$1 +series=$2 +destdir=$3 + +rm -rf tmp +mkdir tmp + +(cd tmp; $checkoutdir/Configure cc && make build_html_docs) + +srcdir=tmp/doc/html +(cd $srcdir; find -type f) | while read F; do + Dn=$(dirname $F) + Fn=$(basename $F .html) + G=$Dn/$Fn.inc + $HERE/strip-man-html < $srcdir/$F > $destdir/$G + + section=$(basename $Dn | sed -e 's|^man||') + description="$($HERE/all-html-man-names < $destdir/$G | sed 's|^.* - ||')" + names="$($HERE/all-html-man-names < $destdir/$G | sed -e 's| - .*||' -e 's|, *| |g' -e 's|/|-|g')" + for name in $names; do + G=$Dn/$name.html + cat $HERE/../inc/manpage-template.html5 \ + | sed -E \ + -e "s|\\\$release\\\$|$series|g" \ + -e "s|\\\$sectnum\\\$|$section|g" \ + -e "s|\\\$description\\\$|$description|g" \ + -e "s|\\\$name\\\$|$name|g" \ + -e "s|\\\$origname\\\$|$Fn|g" \ + > $destdir/$G + done +done diff --git a/bin/strip-man-html b/bin/strip-man-html new file mode 100755 index 0000000..c4842d1 --- /dev/null +++ b/bin/strip-man-html @@ -0,0 +1,17 @@ +#! /usr/bin/env perl + +# pod2html creates complete pages, but we want embeddable ones. +# Fortunately, it's easy to find the stuff that need to go away. + +local $/; # Slurp the whole file +my $contents = ; + +$contents =~ m@^

    NAME

    @m; +$contents = $&.$'; # Everything before NAME is stripped +$contents =~ m@^@m; +$contents = $`; # and everything after is stripped + +# Adapt all H tags to be wrapped inside H1 and H2 +$contents =~ s@()@$1.($2 + 2).$3 at emg; + +print $contents; diff --git a/inc/manpage-template.html5 b/inc/manpage-template.html5 new file mode 100644 index 0000000..f38e698 --- /dev/null +++ b/inc/manpage-template.html5 @@ -0,0 +1,46 @@ + + + + + + + + +     + + + From bernd.edlinger at hotmail.de Thu May 28 18:25:17 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Thu, 28 May 2020 18:25:17 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1590690317.935967.22894.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 53eb05bdf00d7237e3b12976c2ac38d68206eb13 (commit) from d03ffeaf45da6541875bff05b3f79d8dba355c97 (commit) - Log ----------------------------------------------------------------- commit 53eb05bdf00d7237e3b12976c2ac38d68206eb13 Author: Patrick Steuer Date: Fri Nov 15 23:27:09 2019 +0100 AES CTR-DRGB: performance improvement Optimize the the AES-based implementation of the CTR_DRBG construction, see 10.2.1 in [1]. Due to the optimizations, the code may deviate (more) from the pseudocode in [1], but it is functional equivalence being decisive for compliance: "All DRBG mechanisms and algorithms are described in this document in pseudocode, which is intended to explain functionality. The pseudocode is not intended to constrain real-world implementations." [9 in [1]]. The following optimizations are done: - Replace multiple plain AES encryptions by a single AES-ECB encryption of a corresponding pre-initialized buffer, where possible. This allows platform-specific AES-ECB support to be used and reduces the overhead of multiple EVP calls. - Replace the generate operation loop (which is a counter increment followed by a plain AES encryption) by a loop which does a plain AES encryption followed by a counter increment. The latter loop is just a description of AES-CTR, so we replace it by a single AES-CTR encryption. This allows for platform-specific AES-CTR support to be used and reduces the overhead of multiple EVP calls. This change, that is, going from a pre- to a post- counter increment, requires the counter in the internal state to be kept at "+1" (compared to the pseudocode in [1]) such that it is in the correct state, when a generate operation is called. That in turn also requires all other operations to be changed from pre- to post-increment to keep functional equivalence. [1] NIST SP 800-90A Revision 1 Signed-off-by: Patrick Steuer Reviewed-by: Tomas Mraz (cherry picked from commit 28bdbe1aaa474ae8cd83e520d02e463e46ce89d9) Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/11968) ----------------------------------------------------------------------- Summary of changes: crypto/rand/drbg_ctr.c | 198 ++++++++++++++++++++++++++++++----------------- crypto/rand/rand_local.h | 6 +- 2 files changed, 129 insertions(+), 75 deletions(-) diff --git a/crypto/rand/drbg_ctr.c b/crypto/rand/drbg_ctr.c index 0f0ad1b37b..89c9ccc876 100644 --- a/crypto/rand/drbg_ctr.c +++ b/crypto/rand/drbg_ctr.c @@ -63,15 +63,15 @@ static void ctr_XOR(RAND_DRBG_CTR *ctr, const unsigned char *in, size_t inlen) * Process a complete block using BCC algorithm of SP 800-90A 10.3.3 */ __owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out, - const unsigned char *in) + const unsigned char *in, int len) { int i, outlen = AES_BLOCK_SIZE; - for (i = 0; i < 16; i++) + for (i = 0; i < len; i++) out[i] ^= in[i]; - if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, AES_BLOCK_SIZE) - || outlen != AES_BLOCK_SIZE) + if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, len) + || outlen != len) return 0; return 1; } @@ -82,12 +82,16 @@ __owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out, */ __owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in) { - if (!ctr_BCC_block(ctr, ctr->KX, in) - || !ctr_BCC_block(ctr, ctr->KX + 16, in)) - return 0; - if (ctr->keylen != 16 && !ctr_BCC_block(ctr, ctr->KX + 32, in)) - return 0; - return 1; + unsigned char in_tmp[48]; + unsigned char num_of_blk = 2; + + memcpy(in_tmp, in, 16); + memcpy(in_tmp + 16, in, 16); + if (ctr->keylen != 16) { + memcpy(in_tmp + 32, in, 16); + num_of_blk = 3; + } + return ctr_BCC_block(ctr, ctr->KX, in_tmp, AES_BLOCK_SIZE * num_of_blk); } /* @@ -96,19 +100,14 @@ __owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in) */ __owur static int ctr_BCC_init(RAND_DRBG_CTR *ctr) { + unsigned char bltmp[48] = {0}; + unsigned char num_of_blk; + memset(ctr->KX, 0, 48); - memset(ctr->bltmp, 0, 16); - if (!ctr_BCC_block(ctr, ctr->KX, ctr->bltmp)) - return 0; - ctr->bltmp[3] = 1; - if (!ctr_BCC_block(ctr, ctr->KX + 16, ctr->bltmp)) - return 0; - if (ctr->keylen != 16) { - ctr->bltmp[3] = 2; - if (!ctr_BCC_block(ctr, ctr->KX + 32, ctr->bltmp)) - return 0; - } - return 1; + num_of_blk = ctr->keylen == 16 ? 2 : 3; + bltmp[(AES_BLOCK_SIZE * 1) + 3] = 1; + bltmp[(AES_BLOCK_SIZE * 2) + 3] = 2; + return ctr_BCC_block(ctr, ctr->KX, bltmp, num_of_blk * AES_BLOCK_SIZE); } /* @@ -197,20 +196,20 @@ __owur static int ctr_df(RAND_DRBG_CTR *ctr, || !ctr_BCC_final(ctr)) return 0; /* Set up key K */ - if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->KX, NULL, 1)) + if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->KX, NULL, -1)) return 0; /* X follows key K */ - if (!EVP_CipherUpdate(ctr->ctx, ctr->KX, &outlen, ctr->KX + ctr->keylen, + if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX, &outlen, ctr->KX + ctr->keylen, AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; - if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 16, &outlen, ctr->KX, + if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 16, &outlen, ctr->KX, AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; if (ctr->keylen != 16) - if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 32, &outlen, ctr->KX + 16, - AES_BLOCK_SIZE) + if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 32, &outlen, + ctr->KX + 16, AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; return 1; @@ -229,31 +228,25 @@ __owur static int ctr_update(RAND_DRBG *drbg, { RAND_DRBG_CTR *ctr = &drbg->data.ctr; int outlen = AES_BLOCK_SIZE; + unsigned char V_tmp[48], out[48]; + unsigned char len; /* correct key is already set up. */ + memcpy(V_tmp, ctr->V, 16); inc_128(ctr); - if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outlen, ctr->V, AES_BLOCK_SIZE) - || outlen != AES_BLOCK_SIZE) - return 0; - - /* If keylen longer than 128 bits need extra encrypt */ - if (ctr->keylen != 16) { + memcpy(V_tmp + 16, ctr->V, 16); + if (ctr->keylen == 16) { + len = 32; + } else { inc_128(ctr); - if (!EVP_CipherUpdate(ctr->ctx, ctr->K+16, &outlen, ctr->V, - AES_BLOCK_SIZE) - || outlen != AES_BLOCK_SIZE) - return 0; + memcpy(V_tmp + 32, ctr->V, 16); + len = 48; } - inc_128(ctr); - if (!EVP_CipherUpdate(ctr->ctx, ctr->V, &outlen, ctr->V, AES_BLOCK_SIZE) - || outlen != AES_BLOCK_SIZE) + if (!EVP_CipherUpdate(ctr->ctx_ecb, out, &outlen, V_tmp, len) + || outlen != len) return 0; - - /* If 192 bit key part of V is on end of K */ - if (ctr->keylen == 24) { - memcpy(ctr->V + 8, ctr->V, 8); - memcpy(ctr->V, ctr->K + 24, 8); - } + memcpy(ctr->K, out, ctr->keylen); + memcpy(ctr->V, out + ctr->keylen, 16); if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) { /* If no input reuse existing derived value */ @@ -268,7 +261,8 @@ __owur static int ctr_update(RAND_DRBG *drbg, ctr_XOR(ctr, in2, in2len); } - if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1)) + if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1) + || !EVP_CipherInit_ex(ctr->ctx_ctr, NULL, NULL, ctr->K, NULL, -1)) return 0; return 1; } @@ -285,8 +279,10 @@ __owur static int drbg_ctr_instantiate(RAND_DRBG *drbg, memset(ctr->K, 0, sizeof(ctr->K)); memset(ctr->V, 0, sizeof(ctr->V)); - if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1)) + if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1)) return 0; + + inc_128(ctr); if (!ctr_update(drbg, entropy, entropylen, pers, perslen, nonce, noncelen)) return 0; return 1; @@ -296,20 +292,40 @@ __owur static int drbg_ctr_reseed(RAND_DRBG *drbg, const unsigned char *entropy, size_t entropylen, const unsigned char *adin, size_t adinlen) { + RAND_DRBG_CTR *ctr = &drbg->data.ctr; + if (entropy == NULL) return 0; + + inc_128(ctr); if (!ctr_update(drbg, entropy, entropylen, adin, adinlen, NULL, 0)) return 0; return 1; } +static void ctr96_inc(unsigned char *counter) +{ + u32 n = 12, c = 1; + + do { + --n; + c += counter[n]; + counter[n] = (u8)c; + c >>= 8; + } while (n); +} + __owur static int drbg_ctr_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, const unsigned char *adin, size_t adinlen) { RAND_DRBG_CTR *ctr = &drbg->data.ctr; + unsigned int ctr32, blocks; + int outl, buflen; if (adin != NULL && adinlen != 0) { + inc_128(ctr); + if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) return 0; /* This means we reuse derived value */ @@ -321,28 +337,51 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg, adinlen = 0; } - for ( ; ; ) { - int outl = AES_BLOCK_SIZE; + inc_128(ctr); + if (outlen == 0) { inc_128(ctr); - if (outlen < 16) { - /* Use K as temp space as it will be updated */ - if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outl, ctr->V, - AES_BLOCK_SIZE) - || outl != AES_BLOCK_SIZE) - return 0; - memcpy(out, ctr->K, outlen); - break; - } - if (!EVP_CipherUpdate(ctr->ctx, out, &outl, ctr->V, AES_BLOCK_SIZE) - || outl != AES_BLOCK_SIZE) + + if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) return 0; - out += 16; - outlen -= 16; - if (outlen == 0) - break; + return 1; } + memset(out, 0, outlen); + + do { + if (!EVP_CipherInit_ex(ctr->ctx_ctr, + NULL, NULL, NULL, ctr->V, -1)) + return 0; + + /*- + * outlen has type size_t while EVP_CipherUpdate takes an + * int argument and thus cannot be guaranteed to process more + * than 2^31-1 bytes at a time. We process such huge generate + * requests in 2^30 byte chunks, which is the greatest multiple + * of AES block size lower than or equal to 2^31-1. + */ + buflen = outlen > (1U << 30) ? (1U << 30) : outlen; + blocks = (buflen + 15) / 16; + + ctr32 = GETU32(ctr->V + 12) + blocks; + if (ctr32 < blocks) { + /* 32-bit counter overflow into V. */ + blocks -= ctr32; + buflen = blocks * 16; + ctr32 = 0; + ctr96_inc(ctr->V); + } + PUTU32(ctr->V + 12, ctr32); + + if (!EVP_CipherUpdate(ctr->ctx_ctr, out, &outl, out, buflen) + || outl != buflen) + return 0; + + out += buflen; + outlen -= buflen; + } while (outlen); + if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) return 0; return 1; @@ -350,7 +389,8 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg, static int drbg_ctr_uninstantiate(RAND_DRBG *drbg) { - EVP_CIPHER_CTX_free(drbg->data.ctr.ctx); + EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ecb); + EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ctr); EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_df); OPENSSL_cleanse(&drbg->data.ctr, sizeof(drbg->data.ctr)); return 1; @@ -374,25 +414,36 @@ int drbg_ctr_init(RAND_DRBG *drbg) return 0; case NID_aes_128_ctr: keylen = 16; - ctr->cipher = EVP_aes_128_ecb(); + ctr->cipher_ecb = EVP_aes_128_ecb(); + ctr->cipher_ctr = EVP_aes_128_ctr(); break; case NID_aes_192_ctr: keylen = 24; - ctr->cipher = EVP_aes_192_ecb(); + ctr->cipher_ecb = EVP_aes_192_ecb(); + ctr->cipher_ctr = EVP_aes_192_ctr(); break; case NID_aes_256_ctr: keylen = 32; - ctr->cipher = EVP_aes_256_ecb(); + ctr->cipher_ecb = EVP_aes_256_ecb(); + ctr->cipher_ctr = EVP_aes_256_ctr(); break; } drbg->meth = &drbg_ctr_meth; ctr->keylen = keylen; - if (ctr->ctx == NULL) - ctr->ctx = EVP_CIPHER_CTX_new(); - if (ctr->ctx == NULL) + if (ctr->ctx_ecb == NULL) + ctr->ctx_ecb = EVP_CIPHER_CTX_new(); + if (ctr->ctx_ctr == NULL) + ctr->ctx_ctr = EVP_CIPHER_CTX_new(); + if (ctr->ctx_ecb == NULL || ctr->ctx_ctr == NULL + || !EVP_CipherInit_ex(ctr->ctx_ecb, + ctr->cipher_ecb, NULL, NULL, NULL, 1) + || !EVP_CipherInit_ex(ctr->ctx_ctr, + ctr->cipher_ctr, NULL, NULL, NULL, 1)) return 0; + + drbg->meth = &drbg_ctr_meth; drbg->strength = keylen * 8; drbg->seedlen = keylen + 16; @@ -410,7 +461,8 @@ int drbg_ctr_init(RAND_DRBG *drbg) if (ctr->ctx_df == NULL) return 0; /* Set key schedule for df_key */ - if (!EVP_CipherInit_ex(ctr->ctx_df, ctr->cipher, NULL, df_key, NULL, 1)) + if (!EVP_CipherInit_ex(ctr->ctx_df, + ctr->cipher_ecb, NULL, df_key, NULL, 1)) return 0; drbg->min_entropylen = ctr->keylen; diff --git a/crypto/rand/rand_local.h b/crypto/rand/rand_local.h index 1bc9bf7d26..0cdfb3332e 100644 --- a/crypto/rand/rand_local.h +++ b/crypto/rand/rand_local.h @@ -138,9 +138,11 @@ typedef struct rand_drbg_method_st { * The state of a DRBG AES-CTR. */ typedef struct rand_drbg_ctr_st { - EVP_CIPHER_CTX *ctx; + EVP_CIPHER_CTX *ctx_ecb; + EVP_CIPHER_CTX *ctx_ctr; EVP_CIPHER_CTX *ctx_df; - const EVP_CIPHER *cipher; + const EVP_CIPHER *cipher_ecb; + const EVP_CIPHER *cipher_ctr; size_t keylen; unsigned char K[32]; unsigned char V[16]; From builds at travis-ci.org Thu May 28 18:35:32 2020 From: builds at travis-ci.org (Travis CI) Date: Thu, 28 May 2020 18:35:32 +0000 Subject: Still Failing: openssl/openssl#35062 (master - 9c44916) In-Reply-To: Message-ID: <5ed004734b8c1_13fd5facc413c308565@travis-tasks-6d847ff99c-5lclg.mail> Build Update for openssl/openssl ------------------------------------- Build: #35062 Status: Still Failing Duration: 32 mins and 40 secs Commit: 9c44916 (master) Author: Benjamin Kaduk Message: RSA: Do not set NULL OAEP labels As of the previous commit, when a zero-length (string) parameter is present in the parameters passed to a provider for a given operation, we will produce an object corresponding to that zero-length parameter, indicating to the underlying cryptographic operation that the parameter was passed. However, rsa_cms_decrypt() was relying on the previous behavior, and unconditionally tried to call EVP_PKEY_CTX_set0_rsa_oaep_label() even when the implicit default label was used (and thus the relevant local variable was still NULL). In the new setup that distinguishes present-but-empty and absent more clearly, it is an error to attempt to set a NULL parameter, even if it is zero-length. Exercise more caution when setting parameters, and do not call EVP_PKEY_CTX_set0_rsa_oaep_label() when there is not actually a label provided. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11920) View the changeset: https://github.com/openssl/openssl/compare/5ddec6a7d320...9c44916ce555 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/692253389?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From patrick.steuer at de.ibm.com Thu May 28 18:50:22 2020 From: patrick.steuer at de.ibm.com (patrick.steuer at de.ibm.com) Date: Thu, 28 May 2020 18:50:22 +0000 Subject: [openssl] master update Message-ID: <1590691822.954823.3310.nullmailer@dev.openssl.org> The branch master has been updated via d561b84143f5e7956454090e15de0c5e1425ceac (commit) from 9c44916ce555a0280170c5fc519a0ebf693292f8 (commit) - Log ----------------------------------------------------------------- commit d561b84143f5e7956454090e15de0c5e1425ceac Author: Patrick Steuer Date: Wed May 27 16:32:43 2020 +0200 EVP_EncryptInit.pod: fix example Signed-off-by: Patrick Steuer Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11976) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_EncryptInit.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index ad4297df13..88d0e7dabc 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -770,7 +770,7 @@ with a 128-bit key: /* Don't set key or IV right away; we want to check lengths */ ctx = EVP_CIPHER_CTX_new(); - EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, + EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, do_encrypt); OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16); OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16); From patrick.steuer at de.ibm.com Thu May 28 18:54:02 2020 From: patrick.steuer at de.ibm.com (patrick.steuer at de.ibm.com) Date: Thu, 28 May 2020 18:54:02 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1590692042.349884.19883.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 3c09a5b0ba78a15311252ab8b7fb3ce16e7109ca (commit) from 53eb05bdf00d7237e3b12976c2ac38d68206eb13 (commit) - Log ----------------------------------------------------------------- commit 3c09a5b0ba78a15311252ab8b7fb3ce16e7109ca Author: Patrick Steuer Date: Wed May 27 16:32:43 2020 +0200 EVP_EncryptInit.pod: fix example Signed-off-by: Patrick Steuer Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11976) (cherry picked from commit d561b84143f5e7956454090e15de0c5e1425ceac) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_EncryptInit.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index aaf9975c4c..2828bca2f8 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -591,7 +591,7 @@ with a 128-bit key: /* Don't set key or IV right away; we want to check lengths */ ctx = EVP_CIPHER_CTX_new(); - EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, + EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, do_encrypt); OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16); OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16); From builds at travis-ci.org Thu May 28 19:40:59 2020 From: builds at travis-ci.org (Travis CI) Date: Thu, 28 May 2020 19:40:59 +0000 Subject: Errored: openssl/openssl#35066 (OpenSSL_1_1_1-stable - 3c09a5b) In-Reply-To: Message-ID: <5ed013cb13a06_13fd5f8c49e344229b4@travis-tasks-6d847ff99c-5lclg.mail> Build Update for openssl/openssl ------------------------------------- Build: #35066 Status: Errored Duration: 5 mins and 8 secs Commit: 3c09a5b (OpenSSL_1_1_1-stable) Author: Patrick Steuer Message: EVP_EncryptInit.pod: fix example Signed-off-by: Patrick Steuer Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11976) (cherry picked from commit d561b84143f5e7956454090e15de0c5e1425ceac) View the changeset: https://github.com/openssl/openssl/compare/53eb05bdf00d...3c09a5b0ba78 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/692288093?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu May 28 19:47:02 2020 From: builds at travis-ci.org (Travis CI) Date: Thu, 28 May 2020 19:47:02 +0000 Subject: Still Failing: openssl/openssl#35065 (master - d561b84) In-Reply-To: Message-ID: <5ed01535a5623_13fca7d314ffc19191a@travis-tasks-6d847ff99c-k577w.mail> Build Update for openssl/openssl ------------------------------------- Build: #35065 Status: Still Failing Duration: 37 mins and 31 secs Commit: d561b84 (master) Author: Patrick Steuer Message: EVP_EncryptInit.pod: fix example Signed-off-by: Patrick Steuer Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11976) View the changeset: https://github.com/openssl/openssl/compare/9c44916ce555...d561b84143f5 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/692286911?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri May 29 01:20:05 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 29 May 2020 01:20:05 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1590715205.476824.28567.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: d561b84143 EVP_EncryptInit.pod: fix example 9c44916ce5 RSA: Do not set NULL OAEP labels 7c302f8afc params: do not ignore zero-length strings 2cd3ebc76c test HKDF with empty IKM 5ddec6a7d3 Add a test for fetching EVP_PKEY style algs without a provider b533510f3b Fail if we fail to fetch the EVP_KEYMGMT 9e6cb43442 Update gost-engine commit to match the API changes bb90f9fee1 util/mkpod2html.pl: Fix unbalanced quotes 3d518d3d81 Fix errtest for older compilers bac8d066a5 ossl_shim: use the correct ticket key call back. 4f65bc6f8f fips: add AES OFB mode ciphers to FIPS provider. 0839afa747 fips: add AES CFB mode ciphers to FIPS provider. 77286fe3ec Avoid undefined behavior with unaligned accesses c74aaa3920 Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() 9e3c510bde crypto/cms: add CAdES-BES signed attributes validation f7f53d7d61 PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP e978ab7894 doc: fix trace category names e847085914 Clean up some doc nits Build log ended with (last 100 lines): 65-test_cmp_msg.t .................. ok 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=198, Tests=1917, 730 wallclock secs ( 8.77 usr 1.61 sys + 682.72 cusr 43.70 csys = 736.80 CPU) Result: FAIL Makefile:3102: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3100: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri May 29 04:01:37 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 29 May 2020 04:01:37 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1590724897.553977.14804.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: d561b84143 EVP_EncryptInit.pod: fix example 9c44916ce5 RSA: Do not set NULL OAEP labels 7c302f8afc params: do not ignore zero-length strings 2cd3ebc76c test HKDF with empty IKM 5ddec6a7d3 Add a test for fetching EVP_PKEY style algs without a provider b533510f3b Fail if we fail to fetch the EVP_KEYMGMT 9e6cb43442 Update gost-engine commit to match the API changes bb90f9fee1 util/mkpod2html.pl: Fix unbalanced quotes 3d518d3d81 Fix errtest for older compilers bac8d066a5 ossl_shim: use the correct ticket key call back. 4f65bc6f8f fips: add AES OFB mode ciphers to FIPS provider. 0839afa747 fips: add AES CFB mode ciphers to FIPS provider. 77286fe3ec Avoid undefined behavior with unaligned accesses c74aaa3920 Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() 9e3c510bde crypto/cms: add CAdES-BES signed attributes validation f7f53d7d61 PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP e978ab7894 doc: fix trace category names e847085914 Clean up some doc nits Build log ended with (last 100 lines): ssl/statem/libssl-shlib-statem_dtls.o \ ssl/statem/libssl-shlib-statem_lib.o \ ssl/statem/libssl-shlib-statem_srvr.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/afalg.so -Wl,--version-script=engines/afalg.ld \ engines/afalg-dso-e_afalg.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/capi.so -Wl,--version-script=engines/capi.ld \ engines/capi-dso-e_capi.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/dasync.so -Wl,--version-script=engines/dasync.ld \ engines/dasync-dso-e_dasync.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/ossltest.so -Wl,--version-script=engines/ossltest.ld \ engines/ossltest-dso-e_ossltest.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/padlock.so -Wl,--version-script=engines/padlock.ld \ engines/padlock-dso-e_padlock-x86_64.o \ engines/padlock-dso-e_padlock.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/legacy.so -Wl,--version-script=providers/legacy.ld \ providers/legacy-dso-legacyprov.o \ providers/liblegacy.a providers/libcommon.a providers/libnonfips.a -lcrypto -ldl -pthread rm -f fuzz/asn1parse-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/asn1parse-test \ fuzz/asn1parse-test-bin-asn1parse.o \ fuzz/asn1parse-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bignum-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bignum-test \ fuzz/bignum-test-bin-bignum.o \ fuzz/bignum-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bndiv-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bndiv-test \ fuzz/bndiv-test-bin-bndiv.o \ fuzz/bndiv-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/conf-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/conf-test \ fuzz/conf-test-bin-conf.o fuzz/conf-test-bin-test-corpus.o \ -lcrypto -ldl -pthread ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22659: recipe for target 'fuzz/asn1parse-test' failed make[1]: *** [fuzz/asn1parse-test] Error 1 make[1]: *** Waiting for unfinished jobs.... ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22707: recipe for target 'fuzz/bndiv-test' failed make[1]: *** [fuzz/bndiv-test] Error 1 ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22683: recipe for target 'fuzz/bignum-test' failed make[1]: *** [fuzz/bignum-test] Error 1 ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22778: recipe for target 'fuzz/conf-test' failed make[1]: *** [fuzz/conf-test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-cms' Makefile:3013: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Fri May 29 05:14:44 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 29 May 2020 05:14:44 +0000 Subject: Build failed: openssl master.34513 Message-ID: <20200529051444.1.8AA2ECC14DCFEF1D@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri May 29 06:09:58 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 29 May 2020 06:09:58 +0000 Subject: Build completed: openssl master.34514 Message-ID: <20200529060958.1.4295858CDAD6ABF4@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Fri May 29 06:28:53 2020 From: levitte at openssl.org (Richard Levitte) Date: Fri, 29 May 2020 06:28:53 +0000 Subject: [openssl] master update Message-ID: <1590733733.286151.27868.nullmailer@dev.openssl.org> The branch master has been updated via f438f53a4e57462216be271c1c965550b6ff9941 (commit) via 329b2a2cde480fbfe1cf43bf8ecf1c75a16cf6bf (commit) from d561b84143f5e7956454090e15de0c5e1425ceac (commit) - Log ----------------------------------------------------------------- commit f438f53a4e57462216be271c1c965550b6ff9941 Author: Richard Levitte Date: Tue May 26 14:26:30 2020 +0200 DOCS: add openssl-core_names.h(7) A CAVEATS section is present in this manual. That section name is borrowed from OpenBSD, where mdoc(7) explains it like this: CAVEATS Common misuses and misunderstandings should be explained in this section. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11963) commit 329b2a2cde480fbfe1cf43bf8ecf1c75a16cf6bf Author: Richard Levitte Date: Tue May 26 14:25:44 2020 +0200 DOCS: add openssl-core_numbers.h(7) Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11963) ----------------------------------------------------------------------- Summary of changes: doc/man7/openssl-core_names.h.pod | 49 ++++++++++++++++++++++++++++++++ doc/man7/openssl-core_numbers.h.pod | 56 +++++++++++++++++++++++++++++++++++++ util/missingcrypto.txt | 1 - 3 files changed, 105 insertions(+), 1 deletion(-) create mode 100644 doc/man7/openssl-core_names.h.pod create mode 100644 doc/man7/openssl-core_numbers.h.pod diff --git a/doc/man7/openssl-core_names.h.pod b/doc/man7/openssl-core_names.h.pod new file mode 100644 index 0000000000..a11bf3feee --- /dev/null +++ b/doc/man7/openssl-core_names.h.pod @@ -0,0 +1,49 @@ +=pod + +=head1 NAME + +openssl/core_names.h - OpenSSL provider parameter names + +=head1 SYNOPSIS + + #include + +=head1 DESCRIPTION + +The F<< >> header defines a multitude of macros +for L names, algorithm names and other known names used +with OpenSSL's providers, made available for practical purposes only. + +Existing names are further described in the manuals for OpenSSL's +providers (see L) and the manuals for each algorithm they +provide (listed in those provider manuals). + +=head1 SEE ALSO + +L, L, +L + +=head1 HISTORY + +The macros described here were added in OpenSSL 3.0. + +=head1 CAVEATS + +I. +Providers that implement new algorithms are to be responsible for +their own parameter names. + +However, authors of provider that implement their own variants of +algorithms that OpenSSL providers support will want to pay attention +to the names provided in this header to work in a compatible manner. + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/openssl-core_numbers.h.pod b/doc/man7/openssl-core_numbers.h.pod new file mode 100644 index 0000000000..d9bdcbc810 --- /dev/null +++ b/doc/man7/openssl-core_numbers.h.pod @@ -0,0 +1,56 @@ +=pod + +=head1 NAME + +openssl/core_numbers.h +- OpenSSL provider dispatch numbers and function types + +=head1 SYNOPSIS + + #include + +=head1 DESCRIPTION + +The F<< >> header defines all the operation +numbers, dispatch numbers and provider interface function types +currently available. + +The operation and dispatch numbers are represented with macros, which +are named as follows: + +=over 4 + +=item operation numbers + +These macros have the form C>. + +=item dipatch numbers + +These macros have the form C_I>, where +C> is the same as in the macro for the operation this +function belongs to. + +=back + +With every dispatch number, there is an associated function type. + +For further information, please see the L + +=head1 SEE ALSO + +L + +=head1 HISTORY + +The types and macros described here were added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index 6fba94701a..bc276a8c4a 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -1570,7 +1570,6 @@ i2v_ASN1_BIT_STRING(3) i2v_GENERAL_NAME(3) i2v_GENERAL_NAMES(3) o2i_ECPublicKey(3) -openssl-core_numbers.h(7) provider-kdf(7) v2i_ASN1_BIT_STRING(3) v2i_GENERAL_NAME(3) From openssl at openssl.org Fri May 29 06:33:36 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 29 May 2020 06:33:36 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1590734016.176169.14799.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: d561b84143 EVP_EncryptInit.pod: fix example 9c44916ce5 RSA: Do not set NULL OAEP labels 7c302f8afc params: do not ignore zero-length strings 2cd3ebc76c test HKDF with empty IKM 5ddec6a7d3 Add a test for fetching EVP_PKEY style algs without a provider b533510f3b Fail if we fail to fetch the EVP_KEYMGMT 9e6cb43442 Update gost-engine commit to match the API changes bb90f9fee1 util/mkpod2html.pl: Fix unbalanced quotes 3d518d3d81 Fix errtest for older compilers bac8d066a5 ossl_shim: use the correct ticket key call back. 4f65bc6f8f fips: add AES OFB mode ciphers to FIPS provider. 0839afa747 fips: add AES CFB mode ciphers to FIPS provider. 77286fe3ec Avoid undefined behavior with unaligned accesses c74aaa3920 Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() 9e3c510bde crypto/cms: add CAdES-BES signed attributes validation f7f53d7d61 PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP e978ab7894 doc: fix trace category names e847085914 Clean up some doc nits Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=198, Tests=1990, 743 wallclock secs ( 8.70 usr 1.56 sys + 695.60 cusr 44.14 csys = 750.00 CPU) Result: FAIL Makefile:3109: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3107: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.org Fri May 29 07:59:05 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 29 May 2020 07:59:05 +0000 Subject: Still Failing: openssl/openssl#35076 (master - f438f53) In-Reply-To: Message-ID: <5ed0c0c81961f_13fec64afdcb01917ab@travis-tasks-69cb866bd5-pnlqb.mail> Build Update for openssl/openssl ------------------------------------- Build: #35076 Status: Still Failing Duration: 1 hr, 20 mins, and 9 secs Commit: f438f53 (master) Author: Richard Levitte Message: DOCS: add openssl-core_names.h(7) A CAVEATS section is present in this manual. That section name is borrowed from OpenBSD, where mdoc(7) explains it like this: CAVEATS Common misuses and misunderstandings should be explained in this section. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11963) View the changeset: https://github.com/openssl/openssl/compare/d561b84143f5...f438f53a4e57 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/692445709?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri May 29 11:11:30 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 29 May 2020 11:11:30 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1590750690.631550.15874.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: d561b84143 EVP_EncryptInit.pod: fix example 9c44916ce5 RSA: Do not set NULL OAEP labels 7c302f8afc params: do not ignore zero-length strings 2cd3ebc76c test HKDF with empty IKM 5ddec6a7d3 Add a test for fetching EVP_PKEY style algs without a provider b533510f3b Fail if we fail to fetch the EVP_KEYMGMT 9e6cb43442 Update gost-engine commit to match the API changes bb90f9fee1 util/mkpod2html.pl: Fix unbalanced quotes 3d518d3d81 Fix errtest for older compilers bac8d066a5 ossl_shim: use the correct ticket key call back. 4f65bc6f8f fips: add AES OFB mode ciphers to FIPS provider. 0839afa747 fips: add AES CFB mode ciphers to FIPS provider. 77286fe3ec Avoid undefined behavior with unaligned accesses c74aaa3920 Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() 9e3c510bde crypto/cms: add CAdES-BES signed attributes validation f7f53d7d61 PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP e978ab7894 doc: fix trace category names e847085914 Clean up some doc nits Build log ended with (last 100 lines): 65-test_cmp_msg.t .................. ok 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=198, Tests=1917, 723 wallclock secs ( 8.33 usr 1.73 sys + 682.46 cusr 44.20 csys = 736.72 CPU) Result: FAIL Makefile:3093: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3091: recipe for target 'tests' failed make: *** [tests] Error 2 From bernd.edlinger at hotmail.de Fri May 29 13:24:07 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Fri, 29 May 2020 13:24:07 +0000 Subject: [openssl] master update Message-ID: <1590758647.086021.26931.nullmailer@dev.openssl.org> The branch master has been updated via 082c041b4233b17b80129d4ac6b33a28014442b0 (commit) from f438f53a4e57462216be271c1c965550b6ff9941 (commit) - Log ----------------------------------------------------------------- commit 082c041b4233b17b80129d4ac6b33a28014442b0 Author: Bernd Edlinger Date: Mon May 25 20:13:47 2020 +0200 bio printf: Avoid using rounding errors in range check There is a problem casting ULONG_MAX to double which clang-10 is warning about. ULONG_MAX typically cannot be exactly represented as a double. ULONG_MAX + 1 can be and this fix uses the latter, however since ULONG_MAX cannot be represented exactly as a double number we subtract 65535 from this number, and the result has at most 48 leading one bits, and can therefore be represented as a double integer without rounding error. By adding 65536.0 to this number we achive the correct result, which should avoid the warning. The addresses a symptom of the underlying problem: we print doubles via an unsigned long integer. Doubles have a far greater range and should be printed better. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11955) ----------------------------------------------------------------------- Summary of changes: crypto/bio/b_print.c | 8 +++++++- test/bioprinttest.c | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 0d6fafcc2d..6b995f8233 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -635,7 +635,13 @@ fmtfp(char **sbuffer, fvalue = tmpvalue; } ufvalue = abs_val(fvalue); - if (ufvalue > ULONG_MAX) { + /* + * By subtracting 65535 (2^16-1) we cancel the low order 15 bits + * of ULONG_MAX to avoid using imprecise floating point values. + * The second condition is necessary to catch NaN values. + */ + if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0 + || !(ufvalue == ufvalue) /* NaN */) { /* Number too big */ return 0; } diff --git a/test/bioprinttest.c b/test/bioprinttest.c index 14f0bfe52d..3dd5b3efa2 100644 --- a/test/bioprinttest.c +++ b/test/bioprinttest.c @@ -241,14 +241,48 @@ static int test_fp(int i) return r; } +extern double zero_value; +double zero_value = 0.0; + static int test_big(void) { char buf[80]; + double d, z, inf, nan; /* Test excessively big number. Should fail */ if (!TEST_int_eq(BIO_snprintf(buf, sizeof(buf), "%f\n", 2 * (double)ULONG_MAX), -1)) return 0; + + d = 1.0; + z = zero_value; + inf = d / z; + nan = z / z; + + /* + * Test +/-inf, nan. Should fail. + * Test +/-1.0, +/-0.0. Should work. + */ + if (!TEST_int_eq(BIO_snprintf(buf, sizeof(buf), + "%f", inf), -1) + || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), + "%f", -inf), -1) + || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), + "%f", nan), -1) + || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), + "%f", d), 8) + || !TEST_str_eq(buf, "1.000000") + || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), + "%f", z), 8) + || !TEST_str_eq(buf, "0.000000") + || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), + "%f", -d), 9) + || !TEST_str_eq(buf, "-1.000000") + || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), + "%f", -z), 8) + || !TEST_str_eq(buf, "0.000000")) + return 0; + return 1; } From bernd.edlinger at hotmail.de Fri May 29 13:24:45 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Fri, 29 May 2020 13:24:45 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1590758685.063460.28182.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 7d76c1fa0d6cd085419cb4cfadad8cfdfd24ce1f (commit) from 3c09a5b0ba78a15311252ab8b7fb3ce16e7109ca (commit) - Log ----------------------------------------------------------------- commit 7d76c1fa0d6cd085419cb4cfadad8cfdfd24ce1f Author: Bernd Edlinger Date: Mon May 25 20:13:47 2020 +0200 bio printf: Avoid using rounding errors in range check There is a problem casting ULONG_MAX to double which clang-10 is warning about. ULONG_MAX typically cannot be exactly represented as a double. ULONG_MAX + 1 can be and this fix uses the latter, however since ULONG_MAX cannot be represented exactly as a double number we subtract 65535 from this number, and the result has at most 48 leading one bits, and can therefore be represented as a double integer without rounding error. By adding 65536.0 to this number we achive the correct result, which should avoid the warning. The addresses a symptom of the underlying problem: we print doubles via an unsigned long integer. Doubles have a far greater range and should be printed better. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11955) (cherry picked from commit 082c041b4233b17b80129d4ac6b33a28014442b0) ----------------------------------------------------------------------- Summary of changes: crypto/bio/b_print.c | 8 +++++++- test/bioprinttest.c | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 8ef90ac1d4..48556f72bc 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -635,7 +635,13 @@ fmtfp(char **sbuffer, fvalue = tmpvalue; } ufvalue = abs_val(fvalue); - if (ufvalue > ULONG_MAX) { + /* + * By subtracting 65535 (2^16-1) we cancel the low order 15 bits + * of ULONG_MAX to avoid using imprecise floating point values. + * The second condition is necessary to catch NaN values. + */ + if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0 + || !(ufvalue == ufvalue) /* NaN */) { /* Number too big */ return 0; } diff --git a/test/bioprinttest.c b/test/bioprinttest.c index 680391ea9f..e37b854e6b 100644 --- a/test/bioprinttest.c +++ b/test/bioprinttest.c @@ -241,14 +241,48 @@ static int test_fp(int i) return r; } +extern double zero_value; +double zero_value = 0.0; + static int test_big(void) { char buf[80]; + double d, z, inf, nan; /* Test excessively big number. Should fail */ if (!TEST_int_eq(BIO_snprintf(buf, sizeof(buf), "%f\n", 2 * (double)ULONG_MAX), -1)) return 0; + + d = 1.0; + z = zero_value; + inf = d / z; + nan = z / z; + + /* + * Test +/-inf, nan. Should fail. + * Test +/-1.0, +/-0.0. Should work. + */ + if (!TEST_int_eq(BIO_snprintf(buf, sizeof(buf), + "%f", inf), -1) + || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), + "%f", -inf), -1) + || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), + "%f", nan), -1) + || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), + "%f", d), 8) + || !TEST_str_eq(buf, "1.000000") + || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), + "%f", z), 8) + || !TEST_str_eq(buf, "0.000000") + || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), + "%f", -d), 9) + || !TEST_str_eq(buf, "-1.000000") + || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), + "%f", -z), 8) + || !TEST_str_eq(buf, "0.000000")) + return 0; + return 1; } From builds at travis-ci.org Fri May 29 14:27:46 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 29 May 2020 14:27:46 +0000 Subject: Passed: openssl/openssl#35085 (OpenSSL_1_1_1-stable - 7d76c1f) In-Reply-To: Message-ID: <5ed11be075a51_13f9fcf5fb5dc3800e@travis-tasks-75fb9d8564-fp2hs.mail> Build Update for openssl/openssl ------------------------------------- Build: #35085 Status: Passed Duration: 19 mins and 52 secs Commit: 7d76c1f (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: bio printf: Avoid using rounding errors in range check There is a problem casting ULONG_MAX to double which clang-10 is warning about. ULONG_MAX typically cannot be exactly represented as a double. ULONG_MAX + 1 can be and this fix uses the latter, however since ULONG_MAX cannot be represented exactly as a double number we subtract 65535 from this number, and the result has at most 48 leading one bits, and can therefore be represented as a double integer without rounding error. By adding 65536.0 to this number we achive the correct result, which should avoid the warning. The addresses a symptom of the underlying problem: we print doubles via an unsigned long integer. Doubles have a far greater range and should be printed better. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11955) (cherry picked from commit 082c041b4233b17b80129d4ac6b33a28014442b0) View the changeset: https://github.com/openssl/openssl/compare/3c09a5b0ba78...7d76c1fa0d6c View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/692553504?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri May 29 14:35:41 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 29 May 2020 14:35:41 +0000 Subject: Still Failing: openssl/openssl#35084 (master - 082c041) In-Reply-To: Message-ID: <5ed11dbd4796d_13f9fce9125c8393279@travis-tasks-75fb9d8564-fp2hs.mail> Build Update for openssl/openssl ------------------------------------- Build: #35084 Status: Still Failing Duration: 45 mins and 27 secs Commit: 082c041 (master) Author: Bernd Edlinger Message: bio printf: Avoid using rounding errors in range check There is a problem casting ULONG_MAX to double which clang-10 is warning about. ULONG_MAX typically cannot be exactly represented as a double. ULONG_MAX + 1 can be and this fix uses the latter, however since ULONG_MAX cannot be represented exactly as a double number we subtract 65535 from this number, and the result has at most 48 leading one bits, and can therefore be represented as a double integer without rounding error. By adding 65536.0 to this number we achive the correct result, which should avoid the warning. The addresses a symptom of the underlying problem: we print doubles via an unsigned long integer. Doubles have a far greater range and should be printed better. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11955) View the changeset: https://github.com/openssl/openssl/compare/f438f53a4e57...082c041b4233 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/692553385?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Sat May 30 02:15:35 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 30 May 2020 02:15:35 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1590804935.721392.2085.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: d561b84143 EVP_EncryptInit.pod: fix example 9c44916ce5 RSA: Do not set NULL OAEP labels 7c302f8afc params: do not ignore zero-length strings 2cd3ebc76c test HKDF with empty IKM 5ddec6a7d3 Add a test for fetching EVP_PKEY style algs without a provider b533510f3b Fail if we fail to fetch the EVP_KEYMGMT 9e6cb43442 Update gost-engine commit to match the API changes bb90f9fee1 util/mkpod2html.pl: Fix unbalanced quotes 3d518d3d81 Fix errtest for older compilers bac8d066a5 ossl_shim: use the correct ticket key call back. 4f65bc6f8f fips: add AES OFB mode ciphers to FIPS provider. 0839afa747 fips: add AES CFB mode ciphers to FIPS provider. 77286fe3ec Avoid undefined behavior with unaligned accesses c74aaa3920 Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() 9e3c510bde crypto/cms: add CAdES-BES signed attributes validation f7f53d7d61 PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP e978ab7894 doc: fix trace category names e847085914 Clean up some doc nits Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha3-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4077: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3052: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Sat May 30 06:46:45 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 30 May 2020 06:46:45 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1590821205.281387.20795.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: d561b84143 EVP_EncryptInit.pod: fix example 9c44916ce5 RSA: Do not set NULL OAEP labels 7c302f8afc params: do not ignore zero-length strings 2cd3ebc76c test HKDF with empty IKM 5ddec6a7d3 Add a test for fetching EVP_PKEY style algs without a provider b533510f3b Fail if we fail to fetch the EVP_KEYMGMT 9e6cb43442 Update gost-engine commit to match the API changes bb90f9fee1 util/mkpod2html.pl: Fix unbalanced quotes 3d518d3d81 Fix errtest for older compilers bac8d066a5 ossl_shim: use the correct ticket key call back. 4f65bc6f8f fips: add AES OFB mode ciphers to FIPS provider. 0839afa747 fips: add AES CFB mode ciphers to FIPS provider. 77286fe3ec Avoid undefined behavior with unaligned accesses c74aaa3920 Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() 9e3c510bde crypto/cms: add CAdES-BES signed attributes validation f7f53d7d61 PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP e978ab7894 doc: fix trace category names e847085914 Clean up some doc nits Build log ended with (last 100 lines): rm -f *.ld rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha3-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4091: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3066: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Sat May 30 09:09:15 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 30 May 2020 09:09:15 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-ts Message-ID: <1590829755.654994.9282.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ts Commit log since last time: d561b84143 EVP_EncryptInit.pod: fix example 9c44916ce5 RSA: Do not set NULL OAEP labels 7c302f8afc params: do not ignore zero-length strings 2cd3ebc76c test HKDF with empty IKM 5ddec6a7d3 Add a test for fetching EVP_PKEY style algs without a provider b533510f3b Fail if we fail to fetch the EVP_KEYMGMT 9e6cb43442 Update gost-engine commit to match the API changes bb90f9fee1 util/mkpod2html.pl: Fix unbalanced quotes 3d518d3d81 Fix errtest for older compilers bac8d066a5 ossl_shim: use the correct ticket key call back. 4f65bc6f8f fips: add AES OFB mode ciphers to FIPS provider. 0839afa747 fips: add AES CFB mode ciphers to FIPS provider. 77286fe3ec Avoid undefined behavior with unaligned accesses c74aaa3920 Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() 9e3c510bde crypto/cms: add CAdES-BES signed attributes validation f7f53d7d61 PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP e978ab7894 doc: fix trace category names e847085914 Clean up some doc nits Build log ended with (last 100 lines): clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-list.d.tmp -MT apps/openssl-bin-list.o -c -o apps/openssl-bin-list.o ../openssl/apps/list.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-mac.d.tmp -MT apps/openssl-bin-mac.o -c -o apps/openssl-bin-mac.o ../openssl/apps/mac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-nseq.d.tmp -MT apps/openssl-bin-nseq.o -c -o apps/openssl-bin-nseq.o ../openssl/apps/nseq.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-ocsp.d.tmp -MT apps/openssl-bin-ocsp.o -c -o apps/openssl-bin-ocsp.o ../openssl/apps/ocsp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-openssl.d.tmp -MT apps/openssl-bin-openssl.o -c -o apps/openssl-bin-openssl.o ../openssl/apps/openssl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-passwd.d.tmp -MT apps/openssl-bin-passwd.o -c -o apps/openssl-bin-passwd.o ../openssl/apps/passwd.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs12.d.tmp -MT apps/openssl-bin-pkcs12.o -c -o apps/openssl-bin-pkcs12.o ../openssl/apps/pkcs12.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs7.d.tmp -MT apps/openssl-bin-pkcs7.o -c -o apps/openssl-bin-pkcs7.o ../openssl/apps/pkcs7.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs8.d.tmp -MT apps/openssl-bin-pkcs8.o -c -o apps/openssl-bin-pkcs8.o ../openssl/apps/pkcs8.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkey.d.tmp -MT apps/openssl-bin-pkey.o -c -o apps/openssl-bin-pkey.o ../openssl/apps/pkey.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyparam.d.tmp -MT apps/openssl-bin-pkeyparam.o -c -o apps/openssl-bin-pkeyparam.o ../openssl/apps/pkeyparam.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyutl.d.tmp -MT apps/openssl-bin-pkeyutl.o -c -o apps/openssl-bin-pkeyutl.o ../openssl/apps/pkeyutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-prime.d.tmp -MT apps/openssl-bin-prime.o -c -o apps/openssl-bin-prime.o ../openssl/apps/prime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-progs.d.tmp -MT apps/openssl-bin-progs.o -c -o apps/openssl-bin-progs.o apps/progs.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-provider.d.tmp -MT apps/openssl-bin-provider.o -c -o apps/openssl-bin-provider.o ../openssl/apps/provider.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rand.d.tmp -MT apps/openssl-bin-rand.o -c -o apps/openssl-bin-rand.o ../openssl/apps/rand.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rehash.d.tmp -MT apps/openssl-bin-rehash.o -c -o apps/openssl-bin-rehash.o ../openssl/apps/rehash.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-req.d.tmp -MT apps/openssl-bin-req.o -c -o apps/openssl-bin-req.o ../openssl/apps/req.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsa.d.tmp -MT apps/openssl-bin-rsa.o -c -o apps/openssl-bin-rsa.o ../openssl/apps/rsa.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsautl.d.tmp -MT apps/openssl-bin-rsautl.o -c -o apps/openssl-bin-rsautl.o ../openssl/apps/rsautl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_client.d.tmp -MT apps/openssl-bin-s_client.o -c -o apps/openssl-bin-s_client.o ../openssl/apps/s_client.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_server.d.tmp -MT apps/openssl-bin-s_server.o -c -o apps/openssl-bin-s_server.o ../openssl/apps/s_server.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_time.d.tmp -MT apps/openssl-bin-s_time.o -c -o apps/openssl-bin-s_time.o ../openssl/apps/s_time.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-sess_id.d.tmp -MT apps/openssl-bin-sess_id.o -c -o apps/openssl-bin-sess_id.o ../openssl/apps/sess_id.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-smime.d.tmp -MT apps/openssl-bin-smime.o -c -o apps/openssl-bin-smime.o ../openssl/apps/smime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-speed.d.tmp -MT apps/openssl-bin-speed.o -c -o apps/openssl-bin-speed.o ../openssl/apps/speed.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-spkac.d.tmp -MT apps/openssl-bin-spkac.o -c -o apps/openssl-bin-spkac.o ../openssl/apps/spkac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-srp.d.tmp -MT apps/openssl-bin-srp.o -c -o apps/openssl-bin-srp.o ../openssl/apps/srp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-storeutl.d.tmp -MT apps/openssl-bin-storeutl.o -c -o apps/openssl-bin-storeutl.o ../openssl/apps/storeutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-verify.d.tmp -MT apps/openssl-bin-verify.o -c -o apps/openssl-bin-verify.o ../openssl/apps/verify.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-version.d.tmp -MT apps/openssl-bin-version.o -c -o apps/openssl-bin-version.o ../openssl/apps/version.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-x509.d.tmp -MT apps/openssl-bin-x509.o -c -o apps/openssl-bin-x509.o ../openssl/apps/x509.c rm -f fuzz/cmp-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o fuzz/cmp-test \ fuzz/cmp-test-bin-cmp.o fuzz/cmp-test-bin-test-corpus.o \ libcrypto.a -ldl -pthread rm -f test/asn1_dsa_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_dsa_internal_test \ test/asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/asn1_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_internal_test \ test/asn1_internal_test-bin-asn1_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/bn_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/bn_internal_test \ test/bn_internal_test-bin-bn_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23052: recipe for target 'test/asn1_dsa_internal_test' failed make[1]: *** [test/asn1_dsa_internal_test] Error 1 make[1]: *** Waiting for unfinished jobs.... clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22831: recipe for target 'fuzz/cmp-test' failed make[1]: *** [fuzz/cmp-test] Error 1 libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23082: recipe for target 'test/asn1_internal_test' failed make[1]: *** [test/asn1_internal_test] Error 1 libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23280: recipe for target 'test/bn_internal_test' failed make[1]: *** [test/bn_internal_test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ts' Makefile:3041: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Sat May 30 12:44:48 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 30 May 2020 12:44:48 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1590842688.312016.22660.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: d561b84143 EVP_EncryptInit.pod: fix example 9c44916ce5 RSA: Do not set NULL OAEP labels 7c302f8afc params: do not ignore zero-length strings 2cd3ebc76c test HKDF with empty IKM 5ddec6a7d3 Add a test for fetching EVP_PKEY style algs without a provider b533510f3b Fail if we fail to fetch the EVP_KEYMGMT 9e6cb43442 Update gost-engine commit to match the API changes bb90f9fee1 util/mkpod2html.pl: Fix unbalanced quotes 3d518d3d81 Fix errtest for older compilers bac8d066a5 ossl_shim: use the correct ticket key call back. 4f65bc6f8f fips: add AES OFB mode ciphers to FIPS provider. 0839afa747 fips: add AES CFB mode ciphers to FIPS provider. 77286fe3ec Avoid undefined behavior with unaligned accesses c74aaa3920 Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() 9e3c510bde crypto/cms: add CAdES-BES signed attributes validation f7f53d7d61 PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP e978ab7894 doc: fix trace category names e847085914 Clean up some doc nits Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=198, Tests=1990, 686 wallclock secs ( 7.98 usr 1.39 sys + 650.11 cusr 43.24 csys = 702.72 CPU) Result: FAIL Makefile:3099: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3097: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat May 30 15:05:53 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 30 May 2020 15:05:53 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1590851153.421695.18309.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: d561b84143 EVP_EncryptInit.pod: fix example 9c44916ce5 RSA: Do not set NULL OAEP labels 7c302f8afc params: do not ignore zero-length strings 2cd3ebc76c test HKDF with empty IKM 5ddec6a7d3 Add a test for fetching EVP_PKEY style algs without a provider b533510f3b Fail if we fail to fetch the EVP_KEYMGMT 9e6cb43442 Update gost-engine commit to match the API changes bb90f9fee1 util/mkpod2html.pl: Fix unbalanced quotes 3d518d3d81 Fix errtest for older compilers bac8d066a5 ossl_shim: use the correct ticket key call back. 4f65bc6f8f fips: add AES OFB mode ciphers to FIPS provider. 0839afa747 fips: add AES CFB mode ciphers to FIPS provider. 77286fe3ec Avoid undefined behavior with unaligned accesses c74aaa3920 Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() 9e3c510bde crypto/cms: add CAdES-BES signed attributes validation f7f53d7d61 PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP e978ab7894 doc: fix trace category names e847085914 Clean up some doc nits Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=198, Tests=1992, 738 wallclock secs ( 8.53 usr 1.69 sys + 688.69 cusr 46.86 csys = 745.77 CPU) Result: FAIL Makefile:3102: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3100: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat May 30 17:12:51 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 30 May 2020 17:12:51 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1590858771.102794.12423.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: d561b84143 EVP_EncryptInit.pod: fix example 9c44916ce5 RSA: Do not set NULL OAEP labels 7c302f8afc params: do not ignore zero-length strings 2cd3ebc76c test HKDF with empty IKM 5ddec6a7d3 Add a test for fetching EVP_PKEY style algs without a provider b533510f3b Fail if we fail to fetch the EVP_KEYMGMT 9e6cb43442 Update gost-engine commit to match the API changes bb90f9fee1 util/mkpod2html.pl: Fix unbalanced quotes 3d518d3d81 Fix errtest for older compilers bac8d066a5 ossl_shim: use the correct ticket key call back. 4f65bc6f8f fips: add AES OFB mode ciphers to FIPS provider. 0839afa747 fips: add AES CFB mode ciphers to FIPS provider. 77286fe3ec Avoid undefined behavior with unaligned accesses c74aaa3920 Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() 9e3c510bde crypto/cms: add CAdES-BES signed attributes validation f7f53d7d61 PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP e978ab7894 doc: fix trace category names e847085914 Clean up some doc nits Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=198, Tests=1992, 749 wallclock secs ( 8.56 usr 1.53 sys + 698.18 cusr 46.25 csys = 754.52 CPU) Result: FAIL Makefile:3093: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3091: recipe for target 'tests' failed make: *** [tests] Error 2 From scan-admin at coverity.com Sun May 31 07:52:00 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 31 May 2020 07:52:00 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5ed362206a6f6_1b33de2b0e9a90af50134fa@appnode-2.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDi0WH2X69cApo3pLD935e8Q-3D-3Dma0N_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFfSvgMvA2YTmrtaDecw4t8omb2mswVnJCWxFh-2FDolYQW4BUHfTr10cxzoahyvxl96FyBuZC6dOszV7W4O-2F3zzqPjzD7lCixTL2lDO1Dt51U6TGZuxvyjWqWmWGOUa6yhkwx-2BxFAmJShmseYzUaFlTtq2Oa77a4X3opHeGpHakK9g-3D-3D Build ID: 317857 Analysis Summary: New defects found: 1 Defects eliminated: 1 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/ls/click?upn=QsMnDxMCOVVs7CDlyD2jouKTgNlKFinTRd3y-2BJC7sZryfVdWHH2BBU620aHLHGfhMXPTHYY5wQ5zOiTMnTlWDg-3D-3Dznz7_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFfSvgMvA2YTmrtaDecw4t8omb2mswVnJCWxFh-2FDolYQV7FTXBpMg50U1h93cDlfnceY0VjSKXMalfQMpmMM3yaKK-2Filz7nkx85HBvdIvF7xmwdZfsvtuSnZzx9i0pHWncg9zq8P4Mb9h2rvaAtYsYU1HQaVLsTT4GQ3s7LXF1Bqw-3D-3D From scan-admin at coverity.com Sun May 31 07:53:36 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 31 May 2020 07:53:36 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5ed3628061006_1b34982b0e9a90af50134d5@appnode-2.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDoN19TFJwpfzx7faM2hcaNQ-3D-3Dev2n_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHG-2F3x0Sk1Fo8wgVsO-2BC4ewtC3TPTC89c241xoH3ixi6bfqWjBn-2Bw54M1G3hLeODmlYTl3UsD4Krrt2ZQ7sE369iwqCR8p8ETmh3u9XvfxPQcoJ6CulvZDPLCdFDoYPYXknI5P-2BGyh3viDEOSwEctqtcXm0xMWvlibJDHE2ZMuPgR-2FRyMeF-2BW326c7XQu3PDJo-3D Build ID: 317858 Analysis Summary: New defects found: 0 Defects eliminated: 0 From no-reply at appveyor.com Sun May 31 14:16:53 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 31 May 2020 14:16:53 +0000 Subject: Build failed: openssl master.34567 Message-ID: <20200531141653.1.B1C5BCC0A9822625@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun May 31 16:04:06 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 31 May 2020 16:04:06 +0000 Subject: Build completed: openssl master.34568 Message-ID: <20200531160406.1.8762297773040172@appveyor.com> An HTML attachment was scrubbed... URL:

    KBytes