From no-reply at appveyor.com Tue Sep 1 04:30:04 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 01 Sep 2020 04:30:04 +0000 Subject: Build failed: openssl master.36529 Message-ID: <20200901043004.1.D28DB9A8DE9E9242@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Sep 1 05:31:34 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 01 Sep 2020 05:31:34 +0000 Subject: Build completed: openssl master.36530 Message-ID: <20200901053134.1.2D901FB9F6FD4954@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Sep 1 06:16:30 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 01 Sep 2020 06:16:30 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1598940990.412431.24357.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EncryptedData_decrypt.3 doc/man/man3/CMS_EncryptedData_encrypt.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_data_create.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_digest_create.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_CTX_get_iv.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_certreq.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_DECODER.3 doc/man/man3/OSSL_DECODER_CTX.3 doc/man/man3/OSSL_DECODER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_DECODER_from_bio.3 doc/man/man3/OSSL_ENCODER.3 doc/man/man3/OSSL_ENCODER_CTX.3 doc/man/man3/OSSL_ENCODER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_ENCODER_to_bio.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_X509_INFO_read_bio_with_libctx.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_create_cert.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_SAFEBAG_get1_cert.3 doc/man/man3/PKCS12_add1_attr_by_NID.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_cert.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_add_safe.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_get0_primary.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_ASN1.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_ASN1.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_add_cert.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-PKCS12KDF.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-HMAC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-HMAC.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-base.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-encoder.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-object.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-signature.7 doc/man/man7/provider-storemgmt.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_core_object test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_decoder test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_encoder test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/defltfips_test test/destest test/dhtest test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/endecode_test test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkcs12_format_test test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_status_test test/provider_test test/rand_status_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/der/der_wrap_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/common/include/prov/der_wrap.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_core_object.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_decoder.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_encoder.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha7-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4173: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3142: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Tue Sep 1 07:06:10 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 01 Sep 2020 07:06:10 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-rc2 Message-ID: <1598943970.597497.29258.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-rc2 Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok Could not read any cert of certificates from -in file from ../../../openssl/test/certs/v3-certs-RC2.p12 C020816D647F0000:error::digital envelope routines:EVP_PBE_CipherInit:unknown cipher:../openssl/crypto/evp/evp_pbe.c:116: C020816D647F0000:error::PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:../openssl/crypto/pkcs12/p12_decr.c:37: C020816D647F0000:error::PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../openssl/crypto/pkcs12/p12_decr.c:90: C020816D647F0000:error::PKCS12 routines:PKCS12_parse:parse error:../openssl/crypto/pkcs12/p12_kiss.c:87: ../../util/wrap.pl ../../apps/openssl pkcs12 -export -in ../../../openssl/test/certs/v3-certs-RC2.p12 -passin 'pass:v3-certs' -provider default -provider legacy -nokeys -passout 'pass:v3-certs' -descert -out tmp.p12 => 1 not ok 5 - test_pkcs12_passcert # ------------------------------------------------------------------------------ # Failed test 'test_pkcs12_passcert' # at ../openssl/test/recipes/80-test_pkcs12.t line 93. # Looks like you failed 1 test of 5.80-test_pkcs12.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/5 subtests 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_pkcs12.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=211, Tests=3328, 884 wallclock secs (13.82 usr 1.25 sys + 802.84 cusr 62.24 csys = 880.15 CPU) Result: FAIL Makefile:3174: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-rc2' Makefile:3172: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Sep 1 11:24:34 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 01 Sep 2020 11:24:34 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1598959474.693688.12203.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EncryptedData_decrypt.3 doc/man/man3/CMS_EncryptedData_encrypt.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_data_create.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_digest_create.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_CTX_get_iv.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_certreq.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_DECODER.3 doc/man/man3/OSSL_DECODER_CTX.3 doc/man/man3/OSSL_DECODER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_DECODER_from_bio.3 doc/man/man3/OSSL_ENCODER.3 doc/man/man3/OSSL_ENCODER_CTX.3 doc/man/man3/OSSL_ENCODER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_ENCODER_to_bio.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_X509_INFO_read_bio_with_libctx.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_create_cert.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_SAFEBAG_get1_cert.3 doc/man/man3/PKCS12_add1_attr_by_NID.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_cert.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_add_safe.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_get0_primary.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_ASN1.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_ASN1.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_add_cert.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-PKCS12KDF.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-HMAC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-HMAC.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-base.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-encoder.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-object.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-signature.7 doc/man/man7/provider-storemgmt.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_core_object test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_decoder test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_encoder test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/defltfips_test test/destest test/dhtest test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/endecode_test test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkcs12_format_test test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_status_test test/provider_test test/rand_status_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/der/der_wrap_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/common/include/prov/der_wrap.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_core_object.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_decoder.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_encoder.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha7-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4177: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3146: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From tmraz at fedoraproject.org Tue Sep 1 12:27:37 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Tue, 01 Sep 2020 12:27:37 +0000 Subject: [openssl] master update Message-ID: <1598963257.103376.16609.nullmailer@dev.openssl.org> The branch master has been updated via 807b0a1dbb65fcf0d432184326e76e9f745dc3f1 (commit) from 72c1e37421ffe9a4db4bba46f3d736dbc227c255 (commit) - Log ----------------------------------------------------------------- commit 807b0a1dbb65fcf0d432184326e76e9f745dc3f1 Author: Felix Monninger Date: Tue Jun 30 22:57:36 2020 +0200 also zero pad DHE public key in ClientKeyExchange message for interop Reviewed-by: Ben Kaduk Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12331) ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_clnt.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 4c994dd389..0780e5fc9a 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -3069,9 +3069,9 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt) { #ifndef OPENSSL_NO_DH DH *dh_clnt = NULL; - const BIGNUM *pub_key; EVP_PKEY *ckey = NULL, *skey = NULL; unsigned char *keybytes = NULL; + int prime_len; skey = s->s3.peer_tmp; if (skey == NULL) { @@ -3101,15 +3101,19 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt) } /* send off the data */ - DH_get0_key(dh_clnt, &pub_key, NULL); - if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key), - &keybytes)) { + prime_len = BN_num_bytes(DH_get0_p(dh_clnt)); + /* + * For interoperability with some versions of the Microsoft TLS + * stack, we need to zero pad the DHE pub key to the same length + * as the prime, so use the length of the prime here. + */ + if (!WPACKET_sub_allocate_bytes_u16(pkt, prime_len, &keybytes) + || BN_bn2binpad(DH_get0_pub_key(dh_clnt), keybytes, prime_len) < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR); goto err; } - BN_bn2bin(pub_key, keybytes); EVP_PKEY_free(ckey); return 1; From builds at travis-ci.com Tue Sep 1 13:53:29 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 01 Sep 2020 13:53:29 +0000 Subject: Still Failing: openssl/openssl#37072 (master - 807b0a1) In-Reply-To: Message-ID: <5f4e5258ddcec_13fe692e1f54c2558b7@travis-pro-tasks-69cb5ff87d-2k8xq.mail> Build Update for openssl/openssl ------------------------------------- Build: #37072 Status: Still Failing Duration: 1 hr, 24 mins, and 22 secs Commit: 807b0a1 (master) Author: Felix Monninger Message: also zero pad DHE public key in ClientKeyExchange message for interop Reviewed-by: Ben Kaduk Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12331) View the changeset: https://github.com/openssl/openssl/compare/72c1e37421ff...807b0a1dbb65 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182247328?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Sep 1 15:21:02 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 01 Sep 2020 15:21:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1598973662.012515.5453.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 40E73BEC1F7F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 4017F694CA7F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 4017F694CA7F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=211, Tests=3353, 1822 wallclock secs (14.55 usr 1.46 sys + 1725.84 cusr 91.64 csys = 1833.49 CPU) Result: FAIL Makefile:3175: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:3173: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Sep 1 15:46:22 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 01 Sep 2020 15:46:22 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui Message-ID: <1598975182.113627.23683.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=211, Tests=3353, 926 wallclock secs (13.56 usr 1.25 sys + 819.02 cusr 66.26 csys = 900.09 CPU) Result: FAIL Makefile:3183: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui' Makefile:3181: recipe for target 'tests' failed make: *** [tests] Error 2 From dev at ddvo.net Tue Sep 1 16:54:04 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Tue, 01 Sep 2020 16:54:04 +0000 Subject: [openssl] master update Message-ID: <1598979244.152839.23936.nullmailer@dev.openssl.org> The branch master has been updated via 1a5ae1da14f24a170c200c653c8b81e4a2966d3e (commit) from 807b0a1dbb65fcf0d432184326e76e9f745dc3f1 (commit) - Log ----------------------------------------------------------------- commit 1a5ae1da14f24a170c200c653c8b81e4a2966d3e Author: Dr. David von Oheimb Date: Wed Aug 26 10:11:14 2020 +0200 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp * In the cmp app so far the -verbosity option had been missing. * Extend log output helpful for debugging CMP applications in setup_ssl_ctx() of the cmp app, ossl_cmp_msg_add_extraCerts(), OSSL_CMP_validate_msg(), and OSSL_CMP_MSG_http_perform(). * Correct suppression of log output with insufficient severity. * Add logging/severity level OSSL_CMP_LOG_TRACE = OSSL_CMP_LOG_MAX. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12739) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 94 +++++++++++++++++++++++++++--------------- crypto/cmp/cmp_ctx.c | 4 +- crypto/cmp/cmp_http.c | 9 ++-- crypto/cmp/cmp_protect.c | 24 +++++++---- crypto/cmp/cmp_vfy.c | 12 +++++- doc/man1/openssl-cmp.pod.in | 8 ++++ doc/man3/OSSL_CMP_log_open.pod | 3 ++ include/openssl/cmp_util.h | 2 + util/other.syms | 1 + 9 files changed, 110 insertions(+), 47 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 97fa322b11..4a8b6e75fb 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -51,6 +51,7 @@ static char *opt_config = NULL; #define SECTION_NAME_MAX 40 /* max length of section name */ #define DEFAULT_SECTION "default" static char *opt_section = CMP_SECTION; +static int opt_verbosity = OSSL_CMP_LOG_INFO; #undef PROG #define PROG cmp_main @@ -194,7 +195,7 @@ static X509_VERIFY_PARAM *vpm = NULL; typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_CONFIG, OPT_SECTION, + OPT_CONFIG, OPT_SECTION, OPT_VERBOSITY, OPT_CMD, OPT_INFOTYPE, OPT_GENINFO, @@ -257,6 +258,8 @@ const OPTIONS cmp_options[] = { "Configuration file to use. \"\" = none. Default from env variable OPENSSL_CONF"}, {"section", OPT_SECTION, 's', "Section(s) in config file to get options from. \"\" = 'default'. Default 'cmp'"}, + {"verbosity", OPT_VERBOSITY, 'n', + "Log level; 3=ERR, 4=WARN, 6=INFO, 7=DEBUG, 8=TRACE. Default 6 = INFO"}, OPT_SECTION("Generic message"), {"cmd", OPT_CMD, 's', "CMP request to send: ir/cr/kur/p10cr/rr/genm"}, @@ -507,7 +510,7 @@ typedef union { long *num_long; } varref; static varref cmp_vars[] = { /* must be in same order as enumerated above! */ - {&opt_config}, {&opt_section}, + {&opt_config}, {&opt_section}, {(char **)&opt_verbosity}, {&opt_cmd_s}, {&opt_infotype_s}, {&opt_geninfo}, @@ -564,28 +567,32 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */ {NULL} }; -#ifndef NDEBUG -# define FUNC (strcmp(OPENSSL_FUNC, "(unknown function)") == 0 \ - ? "CMP" : "OPENSSL_FUNC") -# define PRINT_LOCATION(bio) BIO_printf(bio, "%s:%s:%d:", \ - FUNC, OPENSSL_FILE, OPENSSL_LINE) -#else -# define PRINT_LOCATION(bio) ((void)0) -#endif -#define CMP_print(bio, prefix, msg, a1, a2, a3) \ - (PRINT_LOCATION(bio), \ - BIO_printf(bio, "CMP %s: " msg "\n", prefix, a1, a2, a3)) -#define CMP_INFO(msg, a1, a2, a3) CMP_print(bio_out, "info", msg, a1, a2, a3) +#define FUNC (strcmp(OPENSSL_FUNC, "(unknown function)") == 0 \ + ? "CMP" : OPENSSL_FUNC) +#define CMP_print(bio, level, prefix, msg, a1, a2, a3) \ + ((void)(level > opt_verbosity ? 0 : \ + (BIO_printf(bio, "%s:%s:%d:CMP %s: " msg "\n", \ + FUNC, OPENSSL_FILE, OPENSSL_LINE, prefix, a1, a2, a3)))) +#define CMP_DEBUG(m, a1, a2, a3) \ + CMP_print(bio_out, OSSL_CMP_LOG_DEBUG, "debug", m, a1, a2, a3) +#define CMP_debug(msg) CMP_DEBUG(msg"%s%s%s", "", "", "") +#define CMP_debug1(msg, a1) CMP_DEBUG(msg"%s%s", a1, "", "") +#define CMP_debug2(msg, a1, a2) CMP_DEBUG(msg"%s", a1, a2, "") +#define CMP_debug3(msg, a1, a2, a3) CMP_DEBUG(msg, a1, a2, a3) +#define CMP_INFO(msg, a1, a2, a3) \ + CMP_print(bio_out, OSSL_CMP_LOG_INFO, "info", msg, a1, a2, a3) #define CMP_info(msg) CMP_INFO(msg"%s%s%s", "", "", "") #define CMP_info1(msg, a1) CMP_INFO(msg"%s%s", a1, "", "") #define CMP_info2(msg, a1, a2) CMP_INFO(msg"%s", a1, a2, "") #define CMP_info3(msg, a1, a2, a3) CMP_INFO(msg, a1, a2, a3) -#define CMP_WARN(m, a1, a2, a3) CMP_print(bio_out, "warning", m, a1, a2, a3) +#define CMP_WARN(m, a1, a2, a3) \ + CMP_print(bio_out, OSSL_CMP_LOG_WARNING, "warning", m, a1, a2, a3) #define CMP_warn(msg) CMP_WARN(msg"%s%s%s", "", "", "") #define CMP_warn1(msg, a1) CMP_WARN(msg"%s%s", a1, "", "") #define CMP_warn2(msg, a1, a2) CMP_WARN(msg"%s", a1, a2, "") #define CMP_warn3(msg, a1, a2, a3) CMP_WARN(msg, a1, a2, a3) -#define CMP_ERR(msg, a1, a2, a3) CMP_print(bio_err, "error", msg, a1, a2, a3) +#define CMP_ERR(msg, a1, a2, a3) \ + CMP_print(bio_err, OSSL_CMP_LOG_ERR, "error", msg, a1, a2, a3) #define CMP_err(msg) CMP_ERR(msg"%s%s%s", "", "", "") #define CMP_err1(msg, a1) CMP_ERR(msg"%s%s", a1, "", "") #define CMP_err2(msg, a1, a2) CMP_ERR(msg"%s", a1, a2, "") @@ -597,6 +604,16 @@ static int print_to_bio_out(const char *func, const char *file, int line, return OSSL_CMP_print_to_bio(bio_out, func, file, line, level, msg); } +static int set_verbosity(int level) +{ + if (level < OSSL_CMP_LOG_EMERG || level > OSSL_CMP_LOG_MAX) { + CMP_err1("Logging verbosity level %d out of range (0 .. 8)", level); + return 0; + } + opt_verbosity = level; + return 1; +} + static char *next_item(char *opt) /* in list separated by comma and/or space */ { /* advance to separator (comma or whitespace), if any */ @@ -1476,11 +1493,14 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) goto err; } } - if (!SSL_CTX_build_cert_chain(ssl_ctx, - SSL_BUILD_CHAIN_FLAG_UNTRUSTED | - SSL_BUILD_CHAIN_FLAG_NO_ROOT)) { - CMP_warn("could not build cert chain for own TLS cert"); + CMP_debug("trying to build cert chain for own TLS cert"); + if (SSL_CTX_build_cert_chain(ssl_ctx, + SSL_BUILD_CHAIN_FLAG_UNTRUSTED | + SSL_BUILD_CHAIN_FLAG_NO_ROOT)) { + CMP_debug("succeeded building cert chain for own TLS cert"); + } else { OSSL_CMP_CTX_print_errors(ctx); + CMP_warn("could not build cert chain for own TLS cert"); } /* If present we append to the list also the certs from opt_tls_extra */ @@ -2224,12 +2244,14 @@ static int read_config(void) const OPTIONS *opt; int provider_option; int verification_option; - + int start = OPT_VERBOSITY; /* - * starting with offset OPT_SECTION because OPT_CONFIG and OPT_SECTION would - * not make sense within the config file. They have already been handled. + * starting with offset OPT_VERBOSITY because OPT_CONFIG and OPT_SECTION + * would not make sense within the config file. + * Moreover, these two options and OPT_VERBOSITY have already been handled. */ - for (i = OPT_SECTION - OPT_HELP, opt = &cmp_options[OPT_SECTION]; + + for (i = start - OPT_HELP, opt = &cmp_options[start]; opt->name; i++, opt++) { if (!strcmp(opt->name, OPT_SECTION_STR) || !strcmp(opt->name, OPT_MORE_STR)) { @@ -2255,11 +2277,6 @@ static int read_config(void) continue; /* option not provided */ } break; - /* - * do not use '<' in cmp_options. Incorrect treatment - * somewhere in args_verify() can wrongly set badarg = 1 - */ - case '<': case 's': case 'M': txt = conf_get_string(conf, opt_section, opt->name); @@ -2368,8 +2385,8 @@ static int get_opts(int argc, char **argv) opt_help(cmp_options); return -1; case OPT_CONFIG: /* has already been handled */ - break; case OPT_SECTION: /* has already been handled */ + case OPT_VERBOSITY: /* has already been handled */ break; case OPT_SERVER: opt_server = opt_str("server"); @@ -2700,15 +2717,20 @@ int cmp_main(int argc, char **argv) } /* - * handle OPT_CONFIG and OPT_SECTION upfront to take effect for other opts + * handle options -config, -section, and -verbosity upfront + * to take effect for other options */ for (i = 1; i < argc - 1; i++) { if (*argv[i] == '-') { if (!strcmp(argv[i] + 1, cmp_options[OPT_CONFIG - OPT_HELP].name)) - opt_config = argv[i + 1]; + opt_config = argv[++i]; else if (!strcmp(argv[i] + 1, cmp_options[OPT_SECTION - OPT_HELP].name)) - opt_section = argv[i + 1]; + opt_section = argv[++i]; + else if (strcmp(argv[i] + 1, + cmp_options[OPT_VERBOSITY - OPT_HELP].name) == 0 + && !set_verbosity(atoi(argv[++i]))) + goto err; } } if (opt_section[0] == '\0') /* empty string */ @@ -2783,6 +2805,7 @@ int cmp_main(int argc, char **argv) cmp_ctx = OSSL_CMP_CTX_new(app_get0_libctx(), app_get0_propq()); if (cmp_ctx == NULL) goto err; + OSSL_CMP_CTX_set_log_verbosity(cmp_ctx, opt_verbosity); if (!OSSL_CMP_CTX_set_log_cb(cmp_ctx, print_to_bio_out)) { CMP_err1("cannot set up error reporting and logging for %s", prog); goto err; @@ -2943,6 +2966,11 @@ int cmp_main(int argc, char **argv) OSSL_CMP_PKISI_BUFLEN); CMP_print(bio_err, + status == OSSL_CMP_PKISTATUS_accepted + ? OSSL_CMP_LOG_INFO : + status == OSSL_CMP_PKISTATUS_rejection + || status == OSSL_CMP_PKISTATUS_waiting + ? OSSL_CMP_LOG_ERR : OSSL_CMP_LOG_WARNING, status == OSSL_CMP_PKISTATUS_accepted ? "info" : status == OSSL_CMP_PKISTATUS_rejection ? "server error" : status == OSSL_CMP_PKISTATUS_waiting ? "internal error" diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index e731f15958..57878a8f8d 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -420,6 +420,8 @@ int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb) /* Print OpenSSL and CMP errors via the log cb of the ctx or ERR_print_errors */ void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx) { + if (ctx != NULL && OSSL_CMP_LOG_ERR > ctx->log_verbosity) + return; /* suppress output since severity is not sufficient */ OSSL_CMP_print_errors_cb(ctx == NULL ? NULL : ctx->log_cb); } @@ -954,7 +956,7 @@ int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val) switch (opt) { case OSSL_CMP_OPT_LOG_VERBOSITY: - if (val > OSSL_CMP_LOG_DEBUG) { + if (val > OSSL_CMP_LOG_MAX) { CMPerr(0, CMP_R_VALUE_TOO_LARGE); return 0; } diff --git a/crypto/cmp/cmp_http.c b/crypto/cmp/cmp_http.c index 3804f2498f..f3cd06fb23 100644 --- a/crypto/cmp/cmp_http.c +++ b/crypto/cmp/cmp_http.c @@ -40,6 +40,7 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, char server_port[32] = { '\0' }; STACK_OF(CONF_VALUE) *headers = NULL; const char *const content_type_pkix = "application/pkixcmp"; + int tls_used; OSSL_CMP_MSG *res; if (ctx == NULL || req == NULL) { @@ -53,16 +54,18 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, if (ctx->serverPort != 0) BIO_snprintf(server_port, sizeof(server_port), "%d", ctx->serverPort); + tls_used = OSSL_CMP_CTX_get_http_cb_arg(ctx) != NULL; + ossl_cmp_log2(DEBUG, ctx, "connecting to CMP server %s%s", + ctx->server, tls_used ? " using TLS" : ""); res = (OSSL_CMP_MSG *) OSSL_HTTP_post_asn1(ctx->server, server_port, ctx->serverPath, - OSSL_CMP_CTX_get_http_cb_arg(ctx) != NULL, - ctx->proxy, ctx->no_proxy, NULL, NULL, + tls_used, ctx->proxy, ctx->no_proxy, NULL, NULL, ctx->http_cb, OSSL_CMP_CTX_get_http_cb_arg(ctx), headers, content_type_pkix, (const ASN1_VALUE *)req, ASN1_ITEM_rptr(OSSL_CMP_MSG), 0, 0, ctx->msg_timeout, content_type_pkix, ASN1_ITEM_rptr(OSSL_CMP_MSG)); - + ossl_cmp_debug(ctx, "disconnected from CMP server"); sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); return res; } diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index 212ef92f50..140b1720c8 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -147,16 +147,24 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) return 0; /* if we have untrusted certs, try to add intermediate certs */ if (ctx->untrusted_certs != NULL) { - STACK_OF(X509) *chain = - ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, - ctx->untrusted_certs, ctx->cert); - int res = X509_add_certs(msg->extraCerts, chain, - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP - | X509_ADD_FLAG_NO_SS); - + STACK_OF(X509) *chain; + int res; + + ossl_cmp_debug(ctx, + "trying to build chain for own CMP signer cert"); + chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, + ctx->untrusted_certs, ctx->cert); + res = X509_add_certs(msg->extraCerts, chain, + X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP + | X509_ADD_FLAG_NO_SS); sk_X509_pop_free(chain, X509_free); - if (res == 0) + if (res == 0) { + ossl_cmp_err(ctx, + "could not build chain for own CMP signer cert"); return 0; + } + ossl_cmp_debug(ctx, + "succeeded building chain for own CMP signer cert"); } } diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index b50a3fe83a..86e39d262e 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -552,6 +552,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) { X509 *scrt; + ossl_cmp_debug(ctx, "validating CMP message"); if (ctx == NULL || msg == NULL || msg->header == NULL || msg->body == NULL) { CMPerr(0, CMP_R_NULL_ARGUMENT); @@ -593,8 +594,11 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) default: break; } + ossl_cmp_debug(ctx, + "sucessfully validated PBM-based CMP message protection"); return 1; } + ossl_cmp_warn(ctx, "verifying PBM-based CMP message protection failed"); break; /* @@ -615,9 +619,13 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) return 1; } else { /* use pinned sender cert */ /* use ctx->srvCert for signature check even if not acceptable */ - if (verify_signature(ctx, msg, scrt)) + if (verify_signature(ctx, msg, scrt)) { + ossl_cmp_debug(ctx, + "sucessfully validated signature-based CMP message protection"); + return 1; - ossl_cmp_warn(ctx, "msg signature verification failed"); + } + ossl_cmp_warn(ctx, "CMP message signature verification failed"); CMPerr(0, CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG); } break; diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index a6a769af9d..77d38d9d75 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -81,6 +81,7 @@ B B [B<-tls_trusted> I] [B<-tls_host> I] +[B<-verbosity> I] [B<-batch>] [B<-repeat> I] [B<-reqin>] I @@ -770,6 +771,13 @@ If not given it defaults to the B<-server> address. =over 4 +=item B<-verbosity> I + +Level of verbosity for logging, error output, etc. +0 = EMERG, 1 = ALERT, 2 = CRIT, 3 = ERR, 4 = WARN, 5 = NOTE, +6 = INFO, 7 = DEBUG, 8 = TRACE. +Defaults to 6 = INFO. + =item B<-batch> Do not interactively prompt for input, for instance when a password is needed. diff --git a/doc/man3/OSSL_CMP_log_open.pod b/doc/man3/OSSL_CMP_log_open.pod index fdc416c0cf..5c6b924bda 100644 --- a/doc/man3/OSSL_CMP_log_open.pod +++ b/doc/man3/OSSL_CMP_log_open.pod @@ -13,6 +13,8 @@ OSSL_CMP_LOG_WARNING, OSSL_CMP_LOG_NOTICE, OSSL_CMP_LOG_INFO, OSSL_CMP_LOG_DEBUG, +OSSL_CMP_LOG_TRACE, + OSSL_CMP_log_cb_t, OSSL_CMP_print_to_bio, OSSL_CMP_print_errors_cb @@ -35,6 +37,7 @@ OSSL_CMP_print_errors_cb #define OSSL_CMP_LOG_NOTICE 5 #define OSSL_CMP_LOG_INFO 6 #define OSSL_CMP_LOG_DEBUG 7 + #define OSSL_CMP_LOG_TRACE 8 typedef int (*OSSL_CMP_log_cb_t)(const char *component, const char *file, int line, diff --git a/include/openssl/cmp_util.h b/include/openssl/cmp_util.h index a243d7e742..becbc9208e 100644 --- a/include/openssl/cmp_util.h +++ b/include/openssl/cmp_util.h @@ -38,6 +38,8 @@ typedef int OSSL_CMP_severity; # define OSSL_CMP_LOG_NOTICE 5 # define OSSL_CMP_LOG_INFO 6 # define OSSL_CMP_LOG_DEBUG 7 +# define OSSL_CMP_LOG_TRACE 8 +# define OSSL_CMP_LOG_MAX OSSL_CMP_LOG_TRACE typedef int (*OSSL_CMP_log_cb_t)(const char *func, const char *file, int line, OSSL_CMP_severity level, const char *msg); diff --git a/util/other.syms b/util/other.syms index 964e09f0bd..6dcc9b260c 100644 --- a/util/other.syms +++ b/util/other.syms @@ -388,6 +388,7 @@ OSSL_CMP_LOG_EMERG define OSSL_CMP_LOG_ERR define OSSL_CMP_LOG_INFO define OSSL_CMP_LOG_NOTICE define +OSSL_CMP_LOG_TRACE define OSSL_CMP_LOG_WARNING define OSSL_CMP_MSTR_HELPER define OSSL_CMP_MSTR define From builds at travis-ci.com Tue Sep 1 18:17:10 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 01 Sep 2020 18:17:10 +0000 Subject: Still Failing: openssl/openssl#37075 (master - 1a5ae1d) In-Reply-To: Message-ID: <5f4e9025b7fd9_13fdded5ddb5c3357d4@travis-pro-tasks-7bdd9b657d-dvtrd.mail> Build Update for openssl/openssl ------------------------------------- Build: #37075 Status: Still Failing Duration: 40 mins and 22 secs Commit: 1a5ae1d (master) Author: Dr. David von Oheimb Message: Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp * In the cmp app so far the -verbosity option had been missing. * Extend log output helpful for debugging CMP applications in setup_ssl_ctx() of the cmp app, ossl_cmp_msg_add_extraCerts(), OSSL_CMP_validate_msg(), and OSSL_CMP_MSG_http_perform(). * Correct suppression of log output with insufficient severity. * Add logging/severity level OSSL_CMP_LOG_TRACE = OSSL_CMP_LOG_MAX. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12739) View the changeset: https://github.com/openssl/openssl/compare/807b0a1dbb65...1a5ae1da14f2 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182294448?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Sep 1 18:40:47 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 01 Sep 2020 18:40:47 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1598985647.314811.22950.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=211, Tests=3350, 877 wallclock secs (13.27 usr 1.25 sys + 809.79 cusr 64.17 csys = 888.48 CPU) Result: FAIL Makefile:3186: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3184: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Sep 1 21:26:39 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 01 Sep 2020 21:26:39 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1598995599.964570.16694.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C06010DC627F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1631 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1709 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C06010DC627F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C06010DC627F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6760 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/khMXMDtl5Q default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A05F89017F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0A05F89017F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:846 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A05F89017F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0A05F89017F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1631 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1709 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A05F89017F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0A05F89017F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6760 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/khMXMDtl5Q fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=211, Tests=3352, 889 wallclock secs (13.31 usr 1.33 sys + 821.19 cusr 65.27 csys = 901.10 CPU) Result: FAIL Makefile:3183: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3181: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Sep 1 23:53:32 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 01 Sep 2020 23:53:32 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1599004412.939922.27583.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0C0631AB17F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1631 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1709 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0C0631AB17F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0C0631AB17F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6760 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/6vLXWG_fAA default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C090F9A36D7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C090F9A36D7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:846 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C090F9A36D7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C090F9A36D7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1631 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1709 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C090F9A36D7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C090F9A36D7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6760 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/6vLXWG_fAA fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=211, Tests=3352, 889 wallclock secs (13.58 usr 1.41 sys + 821.73 cusr 65.60 csys = 902.32 CPU) Result: FAIL Makefile:3177: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3175: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Sep 2 00:42:07 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 02 Sep 2020 00:42:07 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1599007327.406662.30504.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: 458cb85d19 Fix ECX serializer import calls to use correct selection flags. d9cdfda24f Fix RSA serializer import calls to use correct selection flags. 81fca0e7c1 Fix DSA serializer import calls to use correct selection flags. 3fab56631f Fix DH serializer import calls to use correct selection flags. 835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms. bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms. 8e32ea633f Check whether we have MD5-SHA1 and whether we need it 7cd1420b3e Improve some error messages if a digest is not available e3bf65da88 Include "legacy" in the name of the various MAC bridge functions 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface 2ef9a7ac5e Improve code reuse in the provider MAC bridge 2106b04719 Document the EVP_PKEY_new_CMAC_key_with_libctx() function e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test 2cf765e5a2 Delete unused PKEY MAC files a540ef90f5 Extend the provider MAC bridge for CMAC 4db71d0175 Extend the provider MAC bridge for Poly1305 8014b2a966 Don't require a default digest from signature algorithms b27b31b628 Extend the provider MAC bridge for SIPHASH 6f0bd6ca1c Ensure libssl creates libctx aware MAC keys ada0670bf6 Fix some EVP_MD_CTX_* functions 5d51925a90 Convert EVP_PKEY_CTX_set_mac_key() into a function 1bf625040c Fix evp_extra_test to not assume that HMAC is legacy b571e662cd Make the provider side EVP PKEY MAC bridge available in default and fips 409910be16 Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge e538294f8f Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge bddfea0271 TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional() 87d91d223b Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 b6ef3c7089 Correct description of BN_mask_bits 33855c0af6 conf: add diagnostic option 3d94185718 provider_conf: report missing section on error cd84d8832d Ignore vendor name in Clang version number. 4516bf7422 rand: instantiate the DRBGs upon first use. edd53e9135 rand: add a note about a potentially misleading code analyzer warning. 1d6c86709c apps/pkcs12.c: Add -untrusted option 77a9bb83d7 X509_add_certs(): Add to doc some warning notes on memory management 0495a3ec4a Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() fcc3a5204c apps: -msg flag enhancement 2/2 50c911b0c5 apps: -msg flag enhancement 1/2 625679b6d7 EVP: NULL pctx pointer after free. Build log ended with (last 100 lines): # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C020C6391E7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C020C6391E7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8216 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C020C6391E7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C020C6391E7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8216 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/8YmXYEoSpg default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C010BC55197F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C010BC55197F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8216 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C010BC55197F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C010BC55197F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8216 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/8YmXYEoSpg fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=211, Tests=3274, 839 wallclock secs (11.89 usr 1.30 sys + 769.55 cusr 62.17 csys = 844.91 CPU) Result: FAIL Makefile:3185: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3183: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Wed Sep 2 04:50:05 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 02 Sep 2020 04:50:05 +0000 Subject: Build failed: openssl master.36541 Message-ID: <20200902045005.1.16E612D5557A53F3@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Sep 2 05:55:01 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 02 Sep 2020 05:55:01 +0000 Subject: Build completed: openssl master.36542 Message-ID: <20200902055501.1.DC0281401CBB57FB@appveyor.com> An HTML attachment was scrubbed... URL: From beldmit at gmail.com Wed Sep 2 06:06:54 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Wed, 02 Sep 2020 06:06:54 +0000 Subject: [openssl] master update Message-ID: <1599026814.592978.12020.nullmailer@dev.openssl.org> The branch master has been updated via ef0f01c0afc84c85f07d739d77f04a29e7739cd6 (commit) from 1a5ae1da14f24a170c200c653c8b81e4a2966d3e (commit) - Log ----------------------------------------------------------------- commit ef0f01c0afc84c85f07d739d77f04a29e7739cd6 Author: Jon Spillett Date: Tue Sep 1 13:13:09 2020 +1000 Avoid uninitialised variable warning for jobs Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12762) ----------------------------------------------------------------------- Summary of changes: test/run_tests.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/run_tests.pl b/test/run_tests.pl index 2b05ddcbb0..14e195b468 100644 --- a/test/run_tests.pl +++ b/test/run_tests.pl @@ -31,7 +31,7 @@ my $srctop = $ENV{SRCTOP} || $ENV{TOP}; my $bldtop = $ENV{BLDTOP} || $ENV{TOP}; my $recipesdir = catdir($srctop, "test", "recipes"); my $libdir = rel2abs(catdir($srctop, "util", "perl")); -my $jobs = $ENV{HARNESS_JOBS}; +my $jobs = $ENV{HARNESS_JOBS} // 1; $ENV{OPENSSL_CONF} = rel2abs(catdir($srctop, "apps", "openssl.cnf")); $ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "providers")); @@ -46,7 +46,7 @@ my %tapargs = merge => 1, ); -$tapargs{jobs} = $jobs if defined $jobs; +$tapargs{jobs} = $jobs if $jobs > 1; # Additional OpenSSL special TAP arguments. Because we can't pass them via # TAP::Harness->new(), they will be accessed directly, see the @@ -57,7 +57,7 @@ $openssl_args{'failure_verbosity'} = $ENV{HARNESS_VERBOSE} ? 0 : $ENV{HARNESS_VERBOSE_FAILURE_PROGRESS} ? 2 : 1; # $ENV{HARNESS_VERBOSE_FAILURE} print "Warning: HARNESS_JOBS > 1 overrides HARNESS_VERBOSE\n" - if $ENV{HARNESS_JOBS} > 1; + if $jobs > 1; print "Warning: HARNESS_VERBOSE overrides HARNESS_VERBOSE_FAILURE*\n" if ($ENV{HARNESS_VERBOSE} && ($ENV{HARNESS_VERBOSE_FAILURE} || $ENV{HARNESS_VERBOSE_FAILURE_PROGRESS})); From builds at travis-ci.com Wed Sep 2 07:32:25 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 02 Sep 2020 07:32:25 +0000 Subject: Still Failing: openssl/openssl#37081 (master - ef0f01c) In-Reply-To: Message-ID: <5f4f4a8757ce3_13f9f798b47fc3055fd@travis-pro-tasks-8c9776865-xp8rq.mail> Build Update for openssl/openssl ------------------------------------- Build: #37081 Status: Still Failing Duration: 1 hr, 24 mins, and 8 secs Commit: ef0f01c (master) Author: Jon Spillett Message: Avoid uninitialised variable warning for jobs Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12762) View the changeset: https://github.com/openssl/openssl/compare/1a5ae1da14f2...ef0f01c0afc8 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182371724?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev at ddvo.net Wed Sep 2 12:00:42 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Wed, 02 Sep 2020 12:00:42 +0000 Subject: [openssl] master update Message-ID: <1599048042.014617.30782.nullmailer@dev.openssl.org> The branch master has been updated via 2c0e356ef7fdbb117c9294b57deb67be66db3470 (commit) from ef0f01c0afc84c85f07d739d77f04a29e7739cd6 (commit) - Log ----------------------------------------------------------------- commit 2c0e356ef7fdbb117c9294b57deb67be66db3470 Author: Dr. David von Oheimb Date: Fri Aug 28 15:30:23 2020 +0200 apps/cmp.c: Clean up loading of certificates and CRLs Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12751) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 177 +++++++++++++++++--------------------------- doc/man1/openssl-cmp.pod.in | 2 +- 2 files changed, 67 insertions(+), 112 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 4a8b6e75fb..4d6acdd499 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -303,7 +303,7 @@ const OPTIONS cmp_options[] = { {OPT_MORE_STR, 0, 0, "-1 = NONE, 0 = RAVERIFIED, 1 = SIGNATURE (default), 2 = KEYENC"}, {"csr", OPT_CSR, 's', - "CSR file in PKCS#10 format to use in p10cr for legacy support"}, + "PKCS#10 CSR file in PEM or DER format to use in p10cr for legacy support"}, {"out_trusted", OPT_OUT_TRUSTED, 's', "Certificates to trust when verifying newly enrolled certificates"}, {"implicit_confirm", OPT_IMPLICIT_CONFIRM, '-', @@ -653,42 +653,6 @@ static X509 *load_cert_pwd(const char *uri, const char *pass, const char *desc) return cert; } -/* TODO potentially move this and related functions to apps/lib/apps.c */ -static int adjust_format(const char **infile, int format, int engine_ok) -{ - if (!strncasecmp(*infile, "http://", 7) - || !strncasecmp(*infile, "https://", 8)) { - format = FORMAT_HTTP; - } else if (engine_ok && strncasecmp(*infile, "engine:", 7) == 0) { - *infile += 7; - format = FORMAT_ENGINE; - } else { - if (strncasecmp(*infile, "file:", 5) == 0) - *infile += 5; - /* - * the following is a heuristic whether first to try PEM or DER - * or PKCS12 as the input format for files - */ - if (strlen(*infile) >= 4) { - const char *extension = *infile + strlen(*infile) - 4; - - if (strncasecmp(extension, ".crt", 4) == 0 - || strncasecmp(extension, ".pem", 4) == 0) - /* weak recognition of PEM format */ - format = FORMAT_PEM; - else if (strncasecmp(extension, ".cer", 4) == 0 - || strncasecmp(extension, ".der", 4) == 0) - /* weak recognition of DER format */ - format = FORMAT_ASN1; - else if (strncasecmp(extension, ".p12", 4) == 0) - /* weak recognition of PKCS#12 format */ - format = FORMAT_PKCS12; - /* else retain given format */ - } - } - return format; -} - /* * TODO potentially move this and related functions to apps/lib/ * or even better extend OSSL_STORE with type OSSL_STORE_INFO_CRL @@ -697,18 +661,13 @@ static X509_REQ *load_csr_autofmt(const char *infile, const char *desc) { X509_REQ *csr; BIO *bio_bak = bio_err; - int can_retry; - int format = adjust_format(&infile, FORMAT_PEM, 0); - can_retry = format == FORMAT_PEM || format == FORMAT_ASN1; - if (can_retry) - bio_err = NULL; /* do not show errors on more than one try */ - csr = load_csr(infile, format, desc); + bio_err = NULL; /* do not show errors on more than one try */ + csr = load_csr(infile, FORMAT_PEM, desc); bio_err = bio_bak; - if (csr == NULL && can_retry) { + if (csr == NULL) { ERR_clear_error(); - format = (format == FORMAT_PEM ? FORMAT_ASN1 : FORMAT_PEM); - csr = load_csr(infile, format, desc); + csr = load_csr(infile, FORMAT_ASN1, desc); } if (csr == NULL) { ERR_print_errors(bio_err); @@ -718,43 +677,59 @@ static X509_REQ *load_csr_autofmt(const char *infile, const char *desc) return csr; } -static void warn_certs_expired(const char *file, STACK_OF(X509) **certs) +static void warn_cert_msg(const char *uri, X509 *cert, const char *msg) { - int i, res; - X509 *cert; - char *subj; + char *subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); + + CMP_warn3("certificate from '%s' with subject '%s' %s", uri, subj, msg); + OPENSSL_free(subj); +} - for (i = 0; i < sk_X509_num(*certs); i++) { - cert = sk_X509_value(*certs, i); - res = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert), +static void warn_cert(const char *uri, X509 *cert, int warn_EE) +{ + int res = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert), X509_get0_notAfter(cert)); - if (res != 0) { - subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); - CMP_warn3("certificate from '%s' with subject '%s' %s", file, subj, - res > 0 ? "has expired" : "not yet valid"); - OPENSSL_free(subj); - } - } + + if (res != 0) + warn_cert_msg(uri, cert, res > 0 ? "has expired" : "not yet valid"); + if (warn_EE && (X509_get_extension_flags(cert) & EXFLAG_CA) == 0) + warn_cert_msg(uri, cert, "is not a CA cert"); } -static int load_certs_pwd(const char *infile, STACK_OF(X509) **certs, - int exclude_http, const char *pass, - const char *desc) +static void warn_certs(const char *uri, STACK_OF(X509) *certs, int warn_EE) +{ + int i; + + for (i = 0; i < sk_X509_num(certs); i++) + warn_cert(uri, sk_X509_value(certs, i), warn_EE); +} + +/* TODO potentially move this and related functions to apps/lib/apps.c */ +static int load_cert_certs(const char *uri, + X509 **pcert, STACK_OF(X509) **pcerts, + int exclude_http, const char *pass, const char *desc) { int ret = 0; char *pass_string; - int format = adjust_format(&infile, FORMAT_PEM, 0); - if (exclude_http && format == FORMAT_HTTP) { + if (exclude_http && (strncasecmp(uri, "http://", 7) == 0 + || strncasecmp(uri, "https://", 8) == 0)) { BIO_printf(bio_err, "error: HTTP retrieval not allowed for %s\n", desc); return ret; } pass_string = get_passwd(pass, desc); - ret = load_certs(infile, certs, pass_string, desc); + ret = load_key_certs_crls(uri, 0, pass_string, desc, NULL, NULL, + pcert, pcerts, NULL, NULL); clear_free(pass_string); - if (ret) - warn_certs_expired(infile, certs); + if (ret) { + if (pcert != NULL) + warn_cert(uri, *pcert, 0); + warn_certs(uri, *pcerts, 1); + } else { + sk_X509_pop_free(*pcerts, X509_free); + *pcerts = NULL; + } return ret; } @@ -1034,25 +1009,21 @@ static X509_STORE *load_certstore(char *input, const char *desc) X509_STORE *store = NULL; STACK_OF(X509) *certs = NULL; - if (input == NULL) - goto err; - while (input != NULL) { - char *next = next_item(input); \ + char *next = next_item(input); + int ok; - if (!load_certs_pwd(input, &certs, 1, opt_otherpass, desc) - || !(store = sk_X509_to_store(store, certs))) { - /* CMP_err("out of memory"); */ + if (!load_cert_certs(input, NULL, &certs, 1, opt_otherpass, desc)) { X509_STORE_free(store); - store = NULL; - goto err; + return NULL; } + ok = (store = sk_X509_to_store(store, certs)) != NULL; sk_X509_pop_free(certs, X509_free); certs = NULL; + if (!ok) + return NULL; input = next; } - err: - sk_X509_pop_free(certs, X509_free); return store; } @@ -1071,7 +1042,7 @@ static STACK_OF(X509) *load_certs_multifile(char *files, while (files != NULL) { char *next = next_item(files); - if (!load_certs_pwd(files, &certs, 0, pass, desc)) + if (!load_cert_certs(files, NULL, &certs, 0, pass, desc)) goto err; if (!X509_add_certs(result, certs, X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) @@ -1254,7 +1225,8 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine) } else { CMP_warn("server will not be able to handle signature-protected requests since -srv_trusted is not given"); } - if (!setup_certs(opt_srv_untrusted, "untrusted certificates", ctx, + if (!setup_certs(opt_srv_untrusted, + "untrusted certificates for mock server", ctx, (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted_certs, NULL)) goto err; @@ -1458,31 +1430,23 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) if (opt_tls_cert != NULL && opt_tls_key != NULL) { X509 *cert; STACK_OF(X509) *certs = NULL; + int ok; - if (!load_certs_pwd(opt_tls_cert, &certs, 0, opt_tls_keypass, - "TLS client certificate (optionally with chain)")) - /* - * opt_tls_keypass is needed in case opt_tls_cert is an encrypted - * PKCS#12 file - */ + if (!load_cert_certs(opt_tls_cert, &cert, &certs, 0, opt_tls_keypass, + "TLS client certificate (optionally with chain)")) + /* need opt_tls_keypass if opt_tls_cert is encrypted PKCS#12 file */ goto err; - cert = sk_X509_delete(certs, 0); - if (cert == NULL || SSL_CTX_use_certificate(ssl_ctx, cert) <= 0) { - CMP_err1("unable to use client TLS certificate file '%s'", - opt_tls_cert); - X509_free(cert); - sk_X509_pop_free(certs, X509_free); - goto err; - } - X509_free(cert); /* we do not need the handle any more */ + ok = SSL_CTX_use_certificate(ssl_ctx, cert) > 0; + X509_free(cert); /* * Any further certs and any untrusted certs are used for constructing * the chain to be provided with the TLS client cert to the TLS server. */ - if (!SSL_CTX_set0_chain(ssl_ctx, certs)) { - CMP_err("could not set TLS client cert chain"); + if (!ok || !SSL_CTX_set0_chain(ssl_ctx, certs)) { + CMP_err1("unable to use client TLS certificate file '%s'", + opt_tls_cert); sk_X509_pop_free(certs, X509_free); goto err; } @@ -1628,19 +1592,12 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) if (opt_cert != NULL) { X509 *cert; STACK_OF(X509) *certs = NULL; - int ok; + int ok = 0; - if (!load_certs_pwd(opt_cert, &certs, 0, opt_keypass, - "CMP client certificate (and optionally extra certs)")) + if (!load_cert_certs(opt_cert, &cert, &certs, 0, opt_keypass, + "CMP client certificate (optionally with chain)")) /* opt_keypass is needed if opt_cert is an encrypted PKCS#12 file */ goto err; - - cert = sk_X509_delete(certs, 0); - if (cert == NULL) { - CMP_err("no client certificate found"); - sk_X509_pop_free(certs, X509_free); - goto err; - } ok = OSSL_CMP_CTX_set1_cert(ctx, cert); X509_free(cert); @@ -1654,7 +1611,7 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) } sk_X509_pop_free(certs, X509_free); if (!ok) - goto oom; + goto err; } if (!setup_certs(opt_extracerts, "extra certificates for CMP", ctx, @@ -1690,8 +1647,6 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) } return 1; - oom: - CMP_err("out of memory"); err: return 0; } diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 77d38d9d75..760e21ccbe 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -335,7 +335,7 @@ is provided via the B<-newkey> or B<-key> options. =item B<-csr> I -CSR in PKCS#10 format to use in legacy P10CR messages. +PKCS#10 CSR in PEM or DER format to use in legacy P10CR messages. =item B<-out_trusted> I From builds at travis-ci.com Wed Sep 2 13:22:17 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 02 Sep 2020 13:22:17 +0000 Subject: Still Failing: openssl/openssl#37083 (master - 2c0e356) In-Reply-To: Message-ID: <5f4f9c893fea3_13ff304cc8968179927@travis-pro-tasks-77b6f56667-5m2n4.mail> Build Update for openssl/openssl ------------------------------------- Build: #37083 Status: Still Failing Duration: 1 hr, 20 mins, and 23 secs Commit: 2c0e356 (master) Author: Dr. David von Oheimb Message: apps/cmp.c: Clean up loading of certificates and CRLs Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12751) View the changeset: https://github.com/openssl/openssl/compare/ef0f01c0afc8...2c0e356ef7fd View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182417372?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kaduk at mit.edu Wed Sep 2 22:34:07 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Wed, 02 Sep 2020 22:34:07 +0000 Subject: [openssl] master update Message-ID: <1599086047.973653.12744.nullmailer@dev.openssl.org> The branch master has been updated via 1010e4ac9743a273d12e4f7c49959607aa4f6403 (commit) via 2b748d722b6ac560d122ea2dcf8d09fe6f03124b (commit) from 2c0e356ef7fdbb117c9294b57deb67be66db3470 (commit) - Log ----------------------------------------------------------------- commit 1010e4ac9743a273d12e4f7c49959607aa4f6403 Author: Todd Short Date: Tue Sep 1 14:50:03 2020 -0400 Fix post-condition in algorithm_do_this Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12760) commit 2b748d722b6ac560d122ea2dcf8d09fe6f03124b Author: Todd Short Date: Mon Aug 31 19:59:43 2020 -0400 Fix use of OPENSSL_realloc in provider Fix OPENSSL_realloc failure case; `provider->operation_bits` memory is lost when `OPENSSL_realloc()` returns NULL. `operation_bits_sz` is never set to the length of the allocated array. This means that operation_bits is always reallocated in `ossl_provider_set_operation_bit()`, possibly shrinking the array. In addition, it means that the `memset()` always zeros out the whole reallocated array, not just the new part. Also, because `operation_bits_sz` is always zero, the value of `*result` in `ossl_provider_test_operation_bit()` will always be zero. Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12760) ----------------------------------------------------------------------- Summary of changes: crypto/core_algorithm.c | 8 ++++---- crypto/provider_core.c | 9 ++++++--- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c index f4a20cb2d1..68d6129598 100644 --- a/crypto/core_algorithm.c +++ b/crypto/core_algorithm.c @@ -31,7 +31,7 @@ static int algorithm_do_this(OSSL_PROVIDER *provider, void *cbdata) int first_operation = 1; int last_operation = OSSL_OP__HIGHEST; int cur_operation; - int ok = 0; + int ok = 1; if (data->operation_id != 0) first_operation = last_operation = data->operation_id; @@ -77,9 +77,9 @@ static int algorithm_do_this(OSSL_PROVIDER *provider, void *cbdata) return 0; } - /* If post-condition fulfilled, set general success */ - if (ret) - ok = 1; + /* If post-condition not fulfilled, set general failure */ + if (!ret) + ok = 0; } return ok; diff --git a/crypto/provider_core.c b/crypto/provider_core.c index a714a71681..f282071e2d 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -875,14 +875,17 @@ int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum) unsigned char bit = (1 << (bitnum % 8)) & 0xFF; if (provider->operation_bits_sz <= byte) { - provider->operation_bits = OPENSSL_realloc(provider->operation_bits, - byte + 1); - if (provider->operation_bits == NULL) { + unsigned char *tmp = OPENSSL_realloc(provider->operation_bits, + byte + 1); + + if (tmp == NULL) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); return 0; } + provider->operation_bits = tmp; memset(provider->operation_bits + provider->operation_bits_sz, '\0', byte + 1 - provider->operation_bits_sz); + provider->operation_bits_sz = byte + 1; } provider->operation_bits[byte] |= bit; return 1; From builds at travis-ci.com Wed Sep 2 23:49:28 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 02 Sep 2020 23:49:28 +0000 Subject: Still Failing: openssl/openssl#37099 (master - 1010e4a) In-Reply-To: Message-ID: <5f502f85a40f3_13f7fbe2b659c444742@travis-pro-tasks-5594cffcc4-ps4w4.mail> Build Update for openssl/openssl ------------------------------------- Build: #37099 Status: Still Failing Duration: 1 hr, 14 mins, and 0 secs Commit: 1010e4a (master) Author: Todd Short Message: Fix post-condition in algorithm_do_this Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12760) View the changeset: https://github.com/openssl/openssl/compare/2c0e356ef7fd...1010e4ac9743 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182507003?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Sep 3 00:01:11 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 03 Sep 2020 00:01:11 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1599091271.439384.6624.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 80A73B9D367F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 8007C335B47F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 8007C335B47F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=211, Tests=3147, 1761 wallclock secs (12.79 usr 1.65 sys + 1580.41 cusr 161.99 csys = 1756.84 CPU) Result: FAIL Makefile:2550: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:2548: recipe for target 'tests' failed make: *** [tests] Error 2 From shane.lontis at oracle.com Thu Sep 3 00:57:31 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Thu, 03 Sep 2020 00:57:31 +0000 Subject: [openssl] master update Message-ID: <1599094651.952153.2412.nullmailer@dev.openssl.org> The branch master has been updated via 6f04bcc7e3b258f4a075279515881b13bd3fd04c (commit) from 1010e4ac9743a273d12e4f7c49959607aa4f6403 (commit) - Log ----------------------------------------------------------------- commit 6f04bcc7e3b258f4a075279515881b13bd3fd04c Author: Daniel Bevenius Date: Mon Aug 31 08:07:13 2020 +0200 Fix typo in FIPS_MODULE endif macro comment Reviewed-by: David von Oheimb Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12755) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_gen.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 1cdc8d91e8..b7a37b77a2 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -66,7 +66,7 @@ int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, else return 0; } -#endif /* FIPS_MODUKE */ +#endif /* FIPS_MODULE */ return rsa_keygen(rsa->libctx, rsa, bits, primes, e_value, cb, 0); } From openssl at openssl.org Thu Sep 3 02:02:08 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 03 Sep 2020 02:02:08 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1599098528.545959.8889.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=211, Tests=3216, 894 wallclock secs (13.66 usr 1.34 sys + 820.17 cusr 63.89 csys = 899.06 CPU) Result: FAIL Makefile:3198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3196: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Thu Sep 3 02:12:33 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 03 Sep 2020 02:12:33 +0000 Subject: Still Failing: openssl/openssl#37100 (master - 6f04bcc) In-Reply-To: Message-ID: <5f5051106c096_13fb15a779fc02231e3@travis-pro-tasks-7c7fb67665-v9rt5.mail> Build Update for openssl/openssl ------------------------------------- Build: #37100 Status: Still Failing Duration: 1 hr, 13 mins, and 46 secs Commit: 6f04bcc (master) Author: Daniel Bevenius Message: Fix typo in FIPS_MODULE endif macro comment Reviewed-by: David von Oheimb Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12755) View the changeset: https://github.com/openssl/openssl/compare/1010e4ac9743...6f04bcc7e3b2 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182517654?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Sep 3 04:59:18 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 03 Sep 2020 04:59:18 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1599109158.829030.21704.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-handshake_helper.d.tmp -MT test/ssl_test-bin-handshake_helper.o -c -o test/ssl_test-bin-handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-ssl_test.d.tmp -MT test/ssl_test-bin-ssl_test.o -c -o test/ssl_test-bin-ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-ssl_test_ctx.d.tmp -MT test/ssl_test-bin-ssl_test_ctx.o -c -o test/ssl_test-bin-ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test_ctx_test-bin-ssl_test_ctx.d.tmp -MT test/ssl_test_ctx_test-bin-ssl_test_ctx.o -c -o test/ssl_test_ctx_test-bin-ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test_ctx_test-bin-ssl_test_ctx_test.d.tmp -MT test/ssl_test_ctx_test-bin-ssl_test_ctx_test.o -c -o test/ssl_test_ctx_test-bin-ssl_test_ctx_test.o ../openssl/test/ssl_test_ctx_test.c clang -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslapitest-bin-filterprov.d.tmp -MT test/sslapitest-bin-filterprov.o -c -o test/sslapitest-bin-filterprov.o ../openssl/test/filterprov.c clang -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslapitest-bin-sslapitest.d.tmp -MT test/sslapitest-bin-sslapitest.o -c -o test/sslapitest-bin-sslapitest.o ../openssl/test/sslapitest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslapitest-bin-ssltestlib.d.tmp -MT test/sslapitest-bin-ssltestlib.o -c -o test/sslapitest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslapitest-bin-tls-provider.d.tmp -MT test/sslapitest-bin-tls-provider.o -c -o test/sslapitest-bin-tls-provider.o ../openssl/test/tls-provider.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslbuffertest-bin-sslbuffertest.d.tmp -MT test/sslbuffertest-bin-sslbuffertest.o -c -o test/sslbuffertest-bin-sslbuffertest.o ../openssl/test/sslbuffertest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslbuffertest-bin-ssltestlib.d.tmp -MT test/sslbuffertest-bin-ssltestlib.o -c -o test/sslbuffertest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslcorrupttest-bin-sslcorrupttest.d.tmp -MT test/sslcorrupttest-bin-sslcorrupttest.o -c -o test/sslcorrupttest-bin-sslcorrupttest.o ../openssl/test/sslcorrupttest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslcorrupttest-bin-ssltestlib.d.tmp -MT test/sslcorrupttest-bin-ssltestlib.o -c -o test/sslcorrupttest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssltest_old-bin-ssltest_old.d.tmp -MT test/ssltest_old-bin-ssltest_old.o -c -o test/ssltest_old-bin-ssltest_old.o ../openssl/test/ssltest_old.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/stack_test-bin-stack_test.d.tmp -MT test/stack_test-bin-stack_test.o -c -o test/stack_test-bin-stack_test.o ../openssl/test/stack_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sysdefaulttest-bin-sysdefaulttest.d.tmp -MT test/sysdefaulttest-bin-sysdefaulttest.o -c -o test/sysdefaulttest-bin-sysdefaulttest.o ../openssl/test/sysdefaulttest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/test_test-bin-test_test.d.tmp -MT test/test_test-bin-test_test.o -c -o test/test_test-bin-test_test.o ../openssl/test/test_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/threadstest-bin-threadstest.d.tmp -MT test/threadstest-bin-threadstest.o -c -o test/threadstest-bin-threadstest.o ../openssl/test/threadstest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/time_offset_test-bin-time_offset_test.d.tmp -MT test/time_offset_test-bin-time_offset_test.o -c -o test/time_offset_test-bin-time_offset_test.o ../openssl/test/time_offset_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/tls13ccstest-bin-ssltestlib.d.tmp -MT test/tls13ccstest-bin-ssltestlib.o -c -o test/tls13ccstest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/tls13ccstest-bin-tls13ccstest.d.tmp -MT test/tls13ccstest-bin-tls13ccstest.o -c -o test/tls13ccstest-bin-tls13ccstest.o ../openssl/test/tls13ccstest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/tls13encryptiontest-bin-tls13encryptiontest.d.tmp -MT test/tls13encryptiontest-bin-tls13encryptiontest.o -c -o test/tls13encryptiontest-bin-tls13encryptiontest.o ../openssl/test/tls13encryptiontest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -DOPENSSL_NO_KTLS -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/tls13secretstest-bin-packet.d.tmp -MT crypto/tls13secretstest-bin-packet.o -c -o crypto/tls13secretstest-bin-packet.o ../openssl/crypto/packet.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -DOPENSSL_NO_KTLS -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF ssl/tls13secretstest-bin-tls13_enc.d.tmp -MT ssl/tls13secretstest-bin-tls13_enc.o -c -o ssl/tls13secretstest-bin-tls13_enc.o ../openssl/ssl/tls13_enc.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -DOPENSSL_NO_KTLS -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/tls13secretstest-bin-tls13secretstest.d.tmp -MT test/tls13secretstest-bin-tls13secretstest.o -c -o test/tls13secretstest-bin-tls13secretstest.o ../openssl/test/tls13secretstest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/uitest-bin-apps_ui.d.tmp -MT apps/lib/uitest-bin-apps_ui.o -c -o apps/lib/uitest-bin-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/uitest-bin-uitest.d.tmp -MT test/uitest-bin-uitest.o -c -o test/uitest-bin-uitest.o ../openssl/test/uitest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/v3ext-bin-v3ext.d.tmp -MT test/v3ext-bin-v3ext.o -c -o test/v3ext-bin-v3ext.o ../openssl/test/v3ext.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/v3nametest-bin-v3nametest.d.tmp -MT test/v3nametest-bin-v3nametest.o -c -o test/v3nametest-bin-v3nametest.o ../openssl/test/v3nametest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/verify_extra_test-bin-verify_extra_test.d.tmp -MT test/verify_extra_test-bin-verify_extra_test.o -c -o test/verify_extra_test-bin-verify_extra_test.o ../openssl/test/verify_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/versions-bin-versions.d.tmp -MT test/versions-bin-versions.o -c -o test/versions-bin-versions.o ../openssl/test/versions.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/wpackettest-bin-wpackettest.d.tmp -MT test/wpackettest-bin-wpackettest.o -c -o test/wpackettest-bin-wpackettest.o ../openssl/test/wpackettest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509_check_cert_pkey_test-bin-x509_check_cert_pkey_test.d.tmp -MT test/x509_check_cert_pkey_test-bin-x509_check_cert_pkey_test.o -c -o test/x509_check_cert_pkey_test-bin-x509_check_cert_pkey_test.o ../openssl/test/x509_check_cert_pkey_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509_dup_cert_test-bin-x509_dup_cert_test.d.tmp -MT test/x509_dup_cert_test-bin-x509_dup_cert_test.o -c -o test/x509_dup_cert_test-bin-x509_dup_cert_test.o ../openssl/test/x509_dup_cert_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509_internal_test-bin-x509_internal_test.d.tmp -MT test/x509_internal_test-bin-x509_internal_test.o -c -o test/x509_internal_test-bin-x509_internal_test.o ../openssl/test/x509_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509_time_test-bin-x509_time_test.d.tmp -MT test/x509_time_test-bin-x509_time_test.o -c -o test/x509_time_test-bin-x509_time_test.o ../openssl/test/x509_time_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509aux-bin-x509aux.d.tmp -MT test/x509aux-bin-x509aux.o -c -o test/x509aux-bin-x509aux.o ../openssl/test/x509aux.c /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/apps/CA.pl.in > "apps/CA.pl" /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/apps/tsget.in > "apps/tsget.pl" /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/tools/c_rehash.in > "tools/c_rehash" chmod a+x apps/CA.pl /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/util/shlib_wrap.sh.in > "util/shlib_wrap.sh" chmod a+x apps/tsget.pl ar r apps/libapps.a apps/lib/libapps-lib-app_params.o apps/lib/libapps-lib-app_provider.o apps/lib/libapps-lib-app_rand.o apps/lib/libapps-lib-app_x509.o apps/lib/libapps-lib-apps.o apps/lib/libapps-lib-apps_ui.o apps/lib/libapps-lib-columns.o apps/lib/libapps-lib-fmt.o apps/lib/libapps-lib-http_server.o apps/lib/libapps-lib-names.o apps/lib/libapps-lib-opt.o apps/lib/libapps-lib-s_cb.o apps/lib/libapps-lib-s_socket.o ar: creating apps/libapps.a ranlib apps/libapps.a || echo Never mind. clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aes-x86_64.o crypto/aes/aes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-mb-x86_64.o crypto/aes/aesni-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-sha1-x86_64.o crypto/aes/aesni-sha1-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-sha256-x86_64.o crypto/aes/aesni-sha256-x86_64.s chmod a+x tools/c_rehash clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-x86_64.o crypto/aes/aesni-x86_64.s chmod a+x util/shlib_wrap.sh clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-bsaes-x86_64.o crypto/aes/bsaes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-vpaes-x86_64.o crypto/aes/vpaes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-rsaz-avx2.o crypto/bn/rsaz-avx2.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-rsaz-x86_64.o crypto/bn/rsaz-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-gf2m.o crypto/bn/x86_64-gf2m.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-mont.o crypto/bn/x86_64-mont.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-mont5.o crypto/bn/x86_64-mont5.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/camellia/libcrypto-lib-cmll-x86_64.o crypto/camellia/cmll-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/chacha/libcrypto-lib-chacha-x86_64.o crypto/chacha/chacha-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/ec/libcrypto-lib-ecp_nistz256-x86_64.o crypto/ec/ecp_nistz256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/ec/libcrypto-lib-x25519-x86_64.o crypto/ec/x25519-x86_64.s clang -Icrypto -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/libcrypto-lib-cversion.d.tmp -MT crypto/libcrypto-lib-cversion.o -c -o crypto/libcrypto-lib-cversion.o ../openssl/crypto/cversion.c clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/libcrypto-lib-x86_64cpuid.o crypto/x86_64cpuid.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/md5/libcrypto-lib-md5-x86_64.o crypto/md5/md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/modes/libcrypto-lib-aesni-gcm-x86_64.o crypto/modes/aesni-gcm-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/modes/libcrypto-lib-ghash-x86_64.o crypto/modes/ghash-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/poly1305/libcrypto-lib-poly1305-x86_64.o crypto/poly1305/poly1305-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/rc4/libcrypto-lib-rc4-md5-x86_64.o crypto/rc4/rc4-md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/rc4/libcrypto-lib-rc4-x86_64.o crypto/rc4/rc4-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-keccak1600-x86_64.o crypto/sha/keccak1600-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha1-mb-x86_64.o crypto/sha/sha1-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha1-x86_64.o crypto/sha/sha1-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha256-mb-x86_64.o crypto/sha/sha256-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha256-x86_64.o crypto/sha/sha256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha512-x86_64.o crypto/sha/sha512-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/whrlpool/libcrypto-lib-wp-x86_64.o crypto/whrlpool/wp-x86_64.s clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/encode_decode/libimplementations-lib-encoder_rsa.d.tmp -MT providers/implementations/encode_decode/libimplementations-lib-encoder_rsa.o -c -o providers/implementations/encode_decode/libimplementations-lib-encoder_rsa.o ../openssl/providers/implementations/encode_decode/encoder_rsa.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/kdfs/libimplementations-lib-x942kdf.d.tmp -MT providers/implementations/kdfs/libimplementations-lib-x942kdf.o -c -o providers/implementations/kdfs/libimplementations-lib-x942kdf.o ../openssl/providers/implementations/kdfs/x942kdf.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/signature/libimplementations-lib-dsa.d.tmp -MT providers/implementations/signature/libimplementations-lib-dsa.o -c -o providers/implementations/signature/libimplementations-lib-dsa.o ../openssl/providers/implementations/signature/dsa.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_digests_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_digests_gen.o -c -o providers/common/der/libnonfips-lib-der_digests_gen.o providers/common/der/der_digests_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_gen.o -c -o providers/common/der/libnonfips-lib-der_dsa_gen.o providers/common/der/der_dsa_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_key.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_key.o -c -o providers/common/der/libnonfips-lib-der_dsa_key.o ../openssl/providers/common/der/der_dsa_key.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_sig.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_sig.o -c -o providers/common/der/libnonfips-lib-der_dsa_sig.o ../openssl/providers/common/der/der_dsa_sig.c ../openssl/providers/implementations/kdfs/x942kdf.c:438:21: error: no previous extern declaration for non-static variable 'kdf_x942_kdf_functions' [-Werror,-Wmissing-variable-declarations] const OSSL_DISPATCH kdf_x942_kdf_functions[] = { ^ 1 error generated. Makefile:21473: recipe for target 'providers/implementations/kdfs/libimplementations-lib-x942kdf.o' failed make[1]: *** [providers/implementations/kdfs/libimplementations-lib-x942kdf.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-cms' Makefile:3129: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From shane.lontis at oracle.com Thu Sep 3 06:41:28 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Thu, 03 Sep 2020 06:41:28 +0000 Subject: [openssl] master update Message-ID: <1599115288.735835.19972.nullmailer@dev.openssl.org> The branch master has been updated via b48ca22a56553f285d91da0ac9399fd5efd54589 (commit) from 6f04bcc7e3b258f4a075279515881b13bd3fd04c (commit) - Log ----------------------------------------------------------------- commit b48ca22a56553f285d91da0ac9399fd5efd54589 Author: Jon Spillett Date: Wed Sep 2 13:13:44 2020 +1000 Avoid AIX compiler issue by making the macro argument names not match any substring Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12767) ----------------------------------------------------------------------- Summary of changes: providers/baseprov.c | 8 ++++---- providers/defltprov.c | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/providers/baseprov.c b/providers/baseprov.c index eb0e4afbd3..dcea2ad93e 100644 --- a/providers/baseprov.c +++ b/providers/baseprov.c @@ -65,9 +65,9 @@ static int base_get_params(void *provctx, OSSL_PARAM params[]) } static const OSSL_ALGORITHM base_encoder[] = { -#define ENCODER(name, fips, format, type, func_table) \ +#define ENCODER(name, _fips, _format, _type, func_table) \ { name, \ - "provider=base,fips=" fips ",format=" format ",type=" type, \ + "provider=base,fips=" _fips ",format=" _format ",type=" _type, \ (func_table) } #include "encoders.inc" @@ -76,9 +76,9 @@ static const OSSL_ALGORITHM base_encoder[] = { #undef ENCODER static const OSSL_ALGORITHM base_decoder[] = { -#define DECODER(name, fips, input, func_table) \ +#define DECODER(name, _fips, _input, func_table) \ { name, \ - "provider=base,fips=" fips ",input=" input, \ + "provider=base,fips=" _fips ",input=" _input, \ (func_table) } #include "decoders.inc" diff --git a/providers/defltprov.c b/providers/defltprov.c index 943bdc6136..855497be06 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -412,9 +412,9 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = { }; static const OSSL_ALGORITHM deflt_encoder[] = { -#define ENCODER(name, fips, format, type, func_table) \ +#define ENCODER(name, _fips, _format, _type, func_table) \ { name, \ - "provider=default,fips=" fips ",format=" format ",type=" type, \ + "provider=default,fips=" _fips ",format=" _format ",type=" _type, \ (func_table) } #include "encoders.inc" @@ -423,9 +423,9 @@ static const OSSL_ALGORITHM deflt_encoder[] = { #undef ENCODER static const OSSL_ALGORITHM deflt_decoder[] = { -#define DECODER(name, fips, input, func_table) \ +#define DECODER(name, _fips, _input, func_table) \ { name, \ - "provider=default,fips=" fips ",input=" input, \ + "provider=default,fips=" _fips ",input=" _input, \ (func_table) } #include "decoders.inc" From openssl at openssl.org Thu Sep 3 07:28:18 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 03 Sep 2020 07:28:18 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1599118098.885777.30568.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): Could not read any key of private key for CMP client certificate from signer.p12 C080B1832C7F0000:error::digital envelope routines:EVP_PBE_CipherInit:unknown cipher:../openssl/crypto/evp/evp_pbe.c:116: C080B1832C7F0000:error::PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:../openssl/crypto/pkcs12/p12_decr.c:37: C080B1832C7F0000:error::PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../openssl/crypto/pkcs12/p12_decr.c:90: C080B1832C7F0000:error::PKCS12 routines:PKCS12_parse:parse error:../openssl/crypto/pkcs12/p12_kiss.c:87: Unable to load private key for CMP client certificate cmp_main:../openssl/apps/cmp.c:2863:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2705:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2309:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:684:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 1 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. Could not open file or uri test.cert.pem for loading CMP client certificate (optionally with chain) Could not read any cert of CMP client certificate (optionally with chain) from test.cert.pem C030CB73BE7F0000:error::system library:file_open_with_libctx:No such file or directory:../openssl/crypto/store/loader_file.c:935:calling stat(test.cert.pem) cmp_main:../openssl/apps/cmp.c:2863:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2705:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2309:CMP warning: argument of -proxy option is empty string, resetting option # setup_client_ctx:../openssl/apps/cmp.c:1939:CMP warning: -subject '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf' given, which overrides the subject of 'test.cert.pem' in KUR # warn_cert_msg:../openssl/apps/cmp.c:684:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 1 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. Could not open file or uri test.cert.pem for loading CMP client certificate (optionally with chain) Could not read any cert of CMP client certificate (optionally with chain) from test.cert.pem C0A03306B37F0000:error::system library:file_open_with_libctx:No such file or directory:../openssl/crypto/store/loader_file.c:935:calling stat(test.cert.pem) cmp_main:../openssl/apps/cmp.c:2863:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2705:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2309:CMP warning: argument of -proxy option is empty string, resetting option # opt_str:../openssl/apps/cmp.c:2309:CMP warning: argument of -subject option is empty string, resetting option # opt_str:../openssl/apps/cmp.c:2309:CMP warning: argument of -secret option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:684:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 1 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ # Looks like you failed 31 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-des/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 30-test_evp.t (Wstat: 768 Tests: 86 Failed: 3) Failed tests: 12, 36, 69 Non-zero exit status: 3 30-test_evp_kdf.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=211, Tests=3248, 860 wallclock secs (13.64 usr 1.42 sys + 802.40 cusr 60.28 csys = 877.74 CPU) Result: FAIL Makefile:3132: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' Makefile:3130: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Sep 3 07:53:06 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 03 Sep 2020 07:53:06 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1599119586.152463.15964.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=211, Tests=3350, 890 wallclock secs (13.42 usr 1.20 sys + 820.24 cusr 66.11 csys = 900.97 CPU) Result: FAIL Makefile:3177: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3175: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Thu Sep 3 07:56:13 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 03 Sep 2020 07:56:13 +0000 Subject: Still Failing: openssl/openssl#37104 (master - b48ca22) In-Reply-To: Message-ID: <5f50a19d3809_13f81198d591c2423ad@travis-pro-tasks-864978b5b9-7kw4l.mail> Build Update for openssl/openssl ------------------------------------- Build: #37104 Status: Still Failing Duration: 1 hr, 13 mins, and 29 secs Commit: b48ca22 (master) Author: Jon Spillett Message: Avoid AIX compiler issue by making the macro argument names not match any substring Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12767) View the changeset: https://github.com/openssl/openssl/compare/6f04bcc7e3b2...b48ca22a5655 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182545724?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Sep 3 08:50:51 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 03 Sep 2020 08:50:51 +0000 Subject: Build failed: openssl master.36565 Message-ID: <20200903085051.1.8693B46A10A1EA82@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Thu Sep 3 08:57:12 2020 From: matt at openssl.org (Matt Caswell) Date: Thu, 03 Sep 2020 08:57:12 +0000 Subject: [openssl] master update Message-ID: <1599123432.732744.28799.nullmailer@dev.openssl.org> The branch master has been updated via 0bc193dd05fa0f5580706f34994beb74baf3d531 (commit) via 13c9843cff061304275a1723bcba137280e2e97d (commit) via 820d87bc98c254bb36c46891f3fe4e55bd47f2e7 (commit) via f27138930528e0429a88c8022276e774caa9dd50 (commit) via e08f86ddb1b4b911da55af6d7f71f00f43529e50 (commit) via 2e2084dac34170fe1f9e93975e5b3cdc30360a9c (commit) via 3fddbb264e87a8cef2903cbd7b02b8e1a39a2a99 (commit) from b48ca22a56553f285d91da0ac9399fd5efd54589 (commit) - Log ----------------------------------------------------------------- commit 0bc193dd05fa0f5580706f34994beb74baf3d531 Author: Matt Caswell Date: Mon Aug 31 14:44:17 2020 +0100 Ensure EVP_MAC_update() passes the length even if it is 0 We leave it up to the EVP_MAC implemenations what to do with an update where the data length is 0. In the TLS HMAC implemenation this is still signficant. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12732) commit 13c9843cff061304275a1723bcba137280e2e97d Author: Matt Caswell Date: Mon Aug 31 14:43:15 2020 +0100 Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() Previously it used EVP_MD_type(), which doesn't work when called inside the FIPs module. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12732) commit 820d87bc98c254bb36c46891f3fe4e55bd47f2e7 Author: Matt Caswell Date: Thu Aug 27 12:52:17 2020 +0100 Update the EVP_PKEY MAC documentation Include more information about the new HMAC parameter. Also fill in some missing documentation about the EVP_PKEY MAC bridge. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12732) commit f27138930528e0429a88c8022276e774caa9dd50 Author: Matt Caswell Date: Thu Aug 20 15:54:01 2020 +0100 Enable PKEY MAC bridge signature algs to take ctx params The underlying MAC implementations may take ctx params. Therefore we allow the bridge to pass these through. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12732) commit e08f86ddb1b4b911da55af6d7f71f00f43529e50 Author: Matt Caswell Date: Thu Aug 20 15:48:05 2020 +0100 Make ssl3_cbc_digest_record() use the real data_size Previously we passed it the data plus mac size. Now we just pass it the data size. We already know the mac size. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12732) commit 2e2084dac34170fe1f9e93975e5b3cdc30360a9c Author: Matt Caswell Date: Thu Jul 30 13:16:39 2020 +0100 Start using the provider side TLS HMAC implementation This commit just moves the TLS1 and above implementation to use the TLS HMAC implementation in the providers. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12732) commit 3fddbb264e87a8cef2903cbd7b02b8e1a39a2a99 Author: Matt Caswell Date: Thu Jul 30 12:02:06 2020 +0100 Add an HMAC implementation that is TLS aware The TLS HMAC implementation should take care to calculate the MAC in constant time in the case of MAC-Then-Encrypt where we have a variable amount of padding. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12732) ----------------------------------------------------------------------- Summary of changes: crypto/evp/mac_lib.c | 2 - crypto/md5/build.info | 4 +- doc/man3/EVP_DigestVerifyInit.pod | 2 +- doc/man3/EVP_MAC.pod | 15 ++++ doc/man7/EVP_MAC-HMAC.pod | 2 + doc/man7/EVP_MAC-Siphash.pod | 4 +- doc/man7/EVP_PKEY-HMAC.pod | 10 +-- doc/man7/EVP_SIGNATURE-HMAC.pod | 24 ++++--- doc/man7/OSSL_PROVIDER-FIPS.pod | 6 ++ doc/man7/OSSL_PROVIDER-default.pod | 8 +++ include/openssl/core_names.h | 9 +-- providers/implementations/macs/blake2_mac_impl.c | 3 + providers/implementations/macs/gmac_prov.c | 3 + providers/implementations/macs/hmac_prov.c | 91 +++++++++++++++++++++++- providers/implementations/macs/poly1305_prov.c | 3 + providers/implementations/macs/siphash_prov.c | 3 + providers/implementations/signature/mac_legacy.c | 46 ++++++++++++ ssl/build.info | 1 + ssl/record/ssl3_record.c | 46 ++++++------ ssl/s3_cbc.c | 90 ++++++++++++++--------- ssl/ssl_local.h | 5 +- 21 files changed, 290 insertions(+), 87 deletions(-) diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c index 2198c46680..79dd49ae20 100644 --- a/crypto/evp/mac_lib.c +++ b/crypto/evp/mac_lib.c @@ -112,8 +112,6 @@ int EVP_MAC_init(EVP_MAC_CTX *ctx) int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen) { - if (datalen == 0) - return 1; return ctx->meth->update(ctx->data, data, datalen); } diff --git a/crypto/md5/build.info b/crypto/md5/build.info index d4494b274d..afcf7c4426 100644 --- a/crypto/md5/build.info +++ b/crypto/md5/build.info @@ -14,7 +14,9 @@ IF[{- !$disabled{asm} -}] ENDIF ENDIF -SOURCE[../../libcrypto]=md5_dgst.c md5_one.c md5_sha1.c $MD5ASM +$COMMON=md5_dgst.c md5_one.c md5_sha1.c $MD5ASM +SOURCE[../../libcrypto]=$COMMON +SOURCE[../../providers/libimplementations.a]=$COMMON # Implementations are now spread across several libraries, so the defines # need to be applied to all affected libraries and modules. diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod index f0061f4548..f90fb2754f 100644 --- a/doc/man3/EVP_DigestVerifyInit.pod +++ b/doc/man3/EVP_DigestVerifyInit.pod @@ -93,7 +93,7 @@ Support no digests (the digest B must be NULL) Supports any digest -=item CMAC, Poly1305 and SipHash +=item CMAC, Poly1305 and Siphash Will ignore any digest provided. diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index 9e35d57c17..dc90ee5421 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -248,6 +248,21 @@ EVP_MAC_final() should produce. The allowed sizes vary between MAC implementations, but must never exceed what can be given with a B. +=item "tls-data-size" (B) + +This parameter is only supported by HMAC. If set then special handling is +activated for calculating the MAC of a received mac-then-encrypt TLS record +where variable length record padding has been used (as in the case of CBC mode +ciphersuites). The value represents the total length of the record that is +having the MAC calculated including the received MAC and the record padding. + +When used EVP_MAC_update must be called precisely twice. The first time with +the 13 bytes of TLS "header" data, and the second time with the entire record +including the MAC itself and any padding. The entire record length must equal +the value passed in the "tls-data-size" parameter. The length passed in the +B parameter to EVP_MAC_update() should be equal to the length of the +record after the MAC and any padding has been removed. + =back All these parameters should be used before the calls to any of diff --git a/doc/man7/EVP_MAC-HMAC.pod b/doc/man7/EVP_MAC-HMAC.pod index 7f0ec35b43..45ccd17211 100644 --- a/doc/man7/EVP_MAC-HMAC.pod +++ b/doc/man7/EVP_MAC-HMAC.pod @@ -36,6 +36,8 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =item "properties" (B) +=item "tls-data-size" (B) + =back The "flags" parameter is passed directly to HMAC_CTX_set_flags(). diff --git a/doc/man7/EVP_MAC-Siphash.pod b/doc/man7/EVP_MAC-Siphash.pod index d8013b3369..8b610c4383 100644 --- a/doc/man7/EVP_MAC-Siphash.pod +++ b/doc/man7/EVP_MAC-Siphash.pod @@ -2,11 +2,11 @@ =head1 NAME -EVP_MAC-Siphash - The SipHash EVP_MAC implementation +EVP_MAC-Siphash - The Siphash EVP_MAC implementation =head1 DESCRIPTION -Support for computing SipHash MACs through the B API. +Support for computing Siphash MACs through the B API. =head2 Identity diff --git a/doc/man7/EVP_PKEY-HMAC.pod b/doc/man7/EVP_PKEY-HMAC.pod index 7b6c52bb03..84b647e530 100644 --- a/doc/man7/EVP_PKEY-HMAC.pod +++ b/doc/man7/EVP_PKEY-HMAC.pod @@ -2,22 +2,22 @@ =head1 NAME -EVP_PKEY-HMAC, EVP_KEYMGMT-HMAC, EVP_PKEY-SIPHASH, EVP_KEYMGMT-SIPHASH, -EVP_PKEY-POLY1305, EVP_KEYMGMT-POLY1305, EVP_PKEY-CMAC, EVP_KEYMGMT-CMAC +EVP_PKEY-HMAC, EVP_KEYMGMT-HMAC, EVP_PKEY-Siphash, EVP_KEYMGMT-Siphash, +EVP_PKEY-Poly1305, EVP_KEYMGMT-Poly1305, EVP_PKEY-CMAC, EVP_KEYMGMT-CMAC - EVP_PKEY legacy MAC keytypes and algorithm support =head1 DESCRIPTION The B and B key types are implemented in OpenSSL's default and FIPS -providers. Additionally the B and B key types are implemented +providers. Additionally the B and B key types are implemented in the default provider. Performing MAC operations via an EVP_PKEY is considered legacy and are only available for backwards compatibility purposes and for a restricted set of algorithms. The preferred way of performing MAC operations is via the EVP_MAC APIs. See L. For further details on using EVP_PKEY based MAC keys see -L, L, -L or L. +L, L, +L or L. =head2 Common MAC parameters diff --git a/doc/man7/EVP_SIGNATURE-HMAC.pod b/doc/man7/EVP_SIGNATURE-HMAC.pod index dd74fae88c..6628d9ebc2 100644 --- a/doc/man7/EVP_SIGNATURE-HMAC.pod +++ b/doc/man7/EVP_SIGNATURE-HMAC.pod @@ -2,7 +2,7 @@ =head1 NAME -EVP_SIGNATURE-HMAC, EVP_SIGNATURE-SIPHASH, EVP_SIGNATURE-POLY1305, +EVP_SIGNATURE-HMAC, EVP_SIGNATURE-Siphash, EVP_SIGNATURE-Poly1305, EVP_SIGNATURE-CMAC - The legacy B MAC signature implementations @@ -12,21 +12,29 @@ The algorithms described here have legacy support for creating MACs using L and related functions. This is not the preferred way of creating MACs. Instead you should use the newer L functions. This mechanism is provided for backwards compatibility with older versions of -OpenSSL. +OpenSSL. -There are no parameters supported by the legacy EVP_PKEY MAC signature -algorithms. See L, L, -L or L for details about parameters that -are supported during the creation of an EVP_PKEY. +The same signature parameters can be set using EVP_PKEY_CTX_set_params() as can +be set via EVP_MAC_CTX_set_params() for the underlying EVP_MAC. See +L, L, L and +L for details. + + See L, L, L or + L for details about parameters that are supported during the + creation of an EVP_PKEY. =head1 SEE ALSO L, L, L, -L, -L, +L, +L, L, +L, +L, +L, +L, L, =head1 COPYRIGHT diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod index fc9c191855..d404716b23 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -120,6 +120,12 @@ This has the property "provider=fips,fips=no" =item DSA, see L +=item RSA, see L + +=item HMAC, see L + +=item CMAC, see L + =back =head2 Asymmetric Cipher diff --git a/doc/man7/OSSL_PROVIDER-default.pod b/doc/man7/OSSL_PROVIDER-default.pod index 0b477b56c1..a88c0be6e6 100644 --- a/doc/man7/OSSL_PROVIDER-default.pod +++ b/doc/man7/OSSL_PROVIDER-default.pod @@ -164,6 +164,14 @@ The OpenSSL default provider supports these operations and algorithms: =item RSA, see L +=item HMAC, see L + +=item SIPHASH, see L + +=item POLY1305, see L + +=item CMAC, see L + =back =head2 Asymmetric Cipher diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 3be69d5774..fc8d2cea02 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -153,10 +153,11 @@ extern "C" { * If "engine" or "properties" are specified, they should always be paired * with "cipher" or "digest". */ -#define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ -#define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ -#define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */ -#define OSSL_MAC_PARAM_SIZE "size" /* size_t */ +#define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ +#define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ +#define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */ +#define OSSL_MAC_PARAM_SIZE "size" /* size_t */ +#define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size" /* size_t */ /* Known MAC names */ #define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC" diff --git a/providers/implementations/macs/blake2_mac_impl.c b/providers/implementations/macs/blake2_mac_impl.c index b567369f58..c2f292f9bb 100644 --- a/providers/implementations/macs/blake2_mac_impl.c +++ b/providers/implementations/macs/blake2_mac_impl.c @@ -92,6 +92,9 @@ static int blake2_mac_update(void *vmacctx, { struct blake2_mac_data_st *macctx = vmacctx; + if (datalen == 0) + return 1; + return BLAKE2_UPDATE(&macctx->ctx, data, datalen); } diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c index f0c152d48f..c44dea3ec1 100644 --- a/providers/implementations/macs/gmac_prov.c +++ b/providers/implementations/macs/gmac_prov.c @@ -99,6 +99,9 @@ static int gmac_update(void *vmacctx, const unsigned char *data, EVP_CIPHER_CTX *ctx = macctx->ctx; int outlen; + if (datalen == 0) + return 1; + while (datalen > INT_MAX) { if (!EVP_EncryptUpdate(ctx, NULL, &outlen, data, INT_MAX)) return 0; diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c index b30de6c4a3..f6cb544f64 100644 --- a/providers/implementations/macs/hmac_prov.c +++ b/providers/implementations/macs/hmac_prov.c @@ -13,6 +13,8 @@ */ #include "internal/deprecated.h" +#include + #include #include #include @@ -47,8 +49,27 @@ struct hmac_data_st { void *provctx; HMAC_CTX *ctx; /* HMAC context */ PROV_DIGEST digest; + unsigned char *key; + size_t keylen; + /* Length of full TLS record including the MAC and any padding */ + size_t tls_data_size; + unsigned char tls_header[13]; + int tls_header_set; + unsigned char tls_mac_out[EVP_MAX_MD_SIZE]; + size_t tls_mac_out_size; }; +/* Defined in ssl/s3_cbc.c */ +int ssl3_cbc_digest_record(const EVP_MD *md, + unsigned char *md_out, + size_t *md_out_size, + const unsigned char header[13], + const unsigned char *data, + size_t data_size, + size_t data_plus_mac_plus_padding_size, + const unsigned char *mac_secret, + size_t mac_secret_length, char is_sslv3); + static size_t hmac_size(void *vmacctx); static void *hmac_new(void *provctx) @@ -73,6 +94,7 @@ static void hmac_free(void *vmacctx) if (macctx != NULL) { HMAC_CTX_free(macctx->ctx); ossl_prov_digest_reset(&macctx->digest); + OPENSSL_secure_clear_free(macctx->key, macctx->keylen); OPENSSL_free(macctx); } } @@ -81,15 +103,30 @@ static void *hmac_dup(void *vsrc) { struct hmac_data_st *src = vsrc; struct hmac_data_st *dst = hmac_new(src->provctx); + HMAC_CTX *ctx; if (dst == NULL) return NULL; + ctx = dst->ctx; + *dst = *src; + dst->ctx = ctx; + dst->key = NULL; + if (!HMAC_CTX_copy(dst->ctx, src->ctx) || !ossl_prov_digest_copy(&dst->digest, &src->digest)) { hmac_free(dst); return NULL; } + if (src->key != NULL) { + /* There is no "secure" OPENSSL_memdup */ + dst->key = OPENSSL_secure_malloc(src->keylen); + if (dst->key == NULL) { + hmac_free(dst); + return 0; + } + memcpy(dst->key, src->key, src->keylen); + } return dst; } @@ -107,10 +144,10 @@ static int hmac_init(void *vmacctx) int rv = 1; /* HMAC_Init_ex doesn't tolerate all zero params, so we must be careful */ - if (digest != NULL) + if (macctx->tls_data_size == 0 && digest != NULL) rv = HMAC_Init_ex(macctx->ctx, NULL, 0, digest, ossl_prov_digest_engine(&macctx->digest)); - ossl_prov_digest_reset(&macctx->digest); + return rv; } @@ -119,6 +156,32 @@ static int hmac_update(void *vmacctx, const unsigned char *data, { struct hmac_data_st *macctx = vmacctx; + if (macctx->tls_data_size > 0) { + /* We're doing a TLS HMAC */ + if (!macctx->tls_header_set) { + /* We expect the first update call to contain the TLS header */ + if (datalen != sizeof(macctx->tls_header)) + return 0; + memcpy(macctx->tls_header, data, datalen); + macctx->tls_header_set = 1; + return 1; + } + /* macctx->tls_data_size is datalen plus the padding length */ + if (macctx->tls_data_size < datalen) + return 0; + + return ssl3_cbc_digest_record(ossl_prov_digest_md(&macctx->digest), + macctx->tls_mac_out, + &macctx->tls_mac_out_size, + macctx->tls_header, + data, + datalen, + macctx->tls_data_size, + macctx->key, + macctx->keylen, + 0); + } + return HMAC_Update(macctx->ctx, data, datalen); } @@ -128,6 +191,14 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl, unsigned int hlen; struct hmac_data_st *macctx = vmacctx; + if (macctx->tls_data_size > 0) { + if (macctx->tls_mac_out_size == 0) + return 0; + if (outl != NULL) + *outl = macctx->tls_mac_out_size; + memcpy(out, macctx->tls_mac_out, macctx->tls_mac_out_size); + return 1; + } if (!HMAC_Final(macctx->ctx, out, &hlen)) return 0; *outl = hlen; @@ -158,6 +229,7 @@ static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_PROPERTIES, NULL, 0), OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0), OSSL_PARAM_int(OSSL_MAC_PARAM_FLAGS, NULL), + OSSL_PARAM_size_t(OSSL_MAC_PARAM_TLS_DATA_SIZE, NULL), OSSL_PARAM_END }; static const OSSL_PARAM *hmac_settable_ctx_params(ossl_unused void *provctx) @@ -190,12 +262,25 @@ static int hmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) if (p->data_type != OSSL_PARAM_OCTET_STRING) return 0; + if (macctx->keylen > 0) + OPENSSL_secure_clear_free(macctx->key, macctx->keylen); + /* Keep a copy of the key if we need it for TLS HMAC */ + macctx->key = OPENSSL_secure_malloc(p->data_size); + if (macctx->key == NULL) + return 0; + memcpy(macctx->key, p->data, p->data_size); + macctx->keylen = p->data_size; + if (!HMAC_Init_ex(macctx->ctx, p->data, p->data_size, ossl_prov_digest_md(&macctx->digest), NULL /* ENGINE */)) return 0; - ossl_prov_digest_reset(&macctx->digest); + } + if ((p = OSSL_PARAM_locate_const(params, + OSSL_MAC_PARAM_TLS_DATA_SIZE)) != NULL) { + if (!OSSL_PARAM_get_size_t(p, &macctx->tls_data_size)) + return 0; } return 1; } diff --git a/providers/implementations/macs/poly1305_prov.c b/providers/implementations/macs/poly1305_prov.c index 08eb81ee0d..36546eb95d 100644 --- a/providers/implementations/macs/poly1305_prov.c +++ b/providers/implementations/macs/poly1305_prov.c @@ -83,6 +83,9 @@ static int poly1305_update(void *vmacctx, const unsigned char *data, { struct poly1305_data_st *ctx = vmacctx; + if (datalen == 0) + return 1; + /* poly1305 has nothing to return in its update function */ Poly1305_Update(&ctx->poly1305, data, datalen); return 1; diff --git a/providers/implementations/macs/siphash_prov.c b/providers/implementations/macs/siphash_prov.c index 8797241e33..1bea7a2787 100644 --- a/providers/implementations/macs/siphash_prov.c +++ b/providers/implementations/macs/siphash_prov.c @@ -91,6 +91,9 @@ static int siphash_update(void *vmacctx, const unsigned char *data, { struct siphash_data_st *ctx = vmacctx; + if (datalen == 0) + return 1; + SipHash_Update(&ctx->siphash, data, datalen); return 1; } diff --git a/providers/implementations/signature/mac_legacy.c b/providers/implementations/signature/mac_legacy.c index 2b8edcad9d..3c6366756d 100644 --- a/providers/implementations/signature/mac_legacy.c +++ b/providers/implementations/signature/mac_legacy.c @@ -21,11 +21,19 @@ #include "prov/macsignature.h" static OSSL_FUNC_signature_newctx_fn mac_hmac_newctx; +static OSSL_FUNC_signature_newctx_fn mac_siphash_newctx; +static OSSL_FUNC_signature_newctx_fn mac_poly1305_newctx; +static OSSL_FUNC_signature_newctx_fn mac_cmac_newctx; static OSSL_FUNC_signature_digest_sign_init_fn mac_digest_sign_init; static OSSL_FUNC_signature_digest_sign_update_fn mac_digest_sign_update; static OSSL_FUNC_signature_digest_sign_final_fn mac_digest_sign_final; static OSSL_FUNC_signature_freectx_fn mac_freectx; static OSSL_FUNC_signature_dupctx_fn mac_dupctx; +static OSSL_FUNC_signature_set_ctx_params_fn mac_set_ctx_params; +static OSSL_FUNC_signature_settable_ctx_params_fn mac_hmac_settable_ctx_params; +static OSSL_FUNC_signature_settable_ctx_params_fn mac_siphash_settable_ctx_params; +static OSSL_FUNC_signature_settable_ctx_params_fn mac_poly1305_settable_ctx_params; +static OSSL_FUNC_signature_settable_ctx_params_fn mac_cmac_settable_ctx_params; typedef struct { OPENSSL_CTX *libctx; @@ -171,6 +179,40 @@ static void *mac_dupctx(void *vpmacctx) return NULL; } +static int mac_set_ctx_params(void *vpmacctx, const OSSL_PARAM params[]) +{ + PROV_MAC_CTX *ctx = (PROV_MAC_CTX *)vpmacctx; + + return EVP_MAC_CTX_set_params(ctx->macctx, params); +} + +static const OSSL_PARAM *mac_settable_ctx_params(void *provctx, + const char *macname) +{ + EVP_MAC *mac = EVP_MAC_fetch(PROV_LIBRARY_CONTEXT_OF(provctx), macname, + NULL); + const OSSL_PARAM *params; + + if (mac == NULL) + return NULL; + + params = EVP_MAC_settable_ctx_params(mac); + EVP_MAC_free(mac); + + return params; +} + +#define MAC_SETTABLE_CTX_PARAMS(funcname, macname) \ + static const OSSL_PARAM *mac_##funcname##_settable_ctx_params(void *provctx) \ + { \ + return mac_settable_ctx_params(provctx, macname); \ + } + +MAC_SETTABLE_CTX_PARAMS(hmac, "HMAC") +MAC_SETTABLE_CTX_PARAMS(siphash, "SIPHASH") +MAC_SETTABLE_CTX_PARAMS(poly1305, "POLY1305") +MAC_SETTABLE_CTX_PARAMS(cmac, "CMAC") + #define MAC_SIGNATURE_FUNCTIONS(funcname) \ const OSSL_DISPATCH mac_legacy_##funcname##_signature_functions[] = { \ { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))mac_##funcname##_newctx }, \ @@ -182,6 +224,10 @@ static void *mac_dupctx(void *vpmacctx) (void (*)(void))mac_digest_sign_final }, \ { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))mac_freectx }, \ { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))mac_dupctx }, \ + { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, \ + (void (*)(void))mac_set_ctx_params }, \ + { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, \ + (void (*)(void))mac_##funcname##_settable_ctx_params }, \ { 0, NULL } \ }; diff --git a/ssl/build.info b/ssl/build.info index cfcb2b1737..e5b7befbaa 100644 --- a/ssl/build.info +++ b/ssl/build.info @@ -37,3 +37,4 @@ SOURCE[../libssl]=\ DEFINE[../libssl]=$AESDEF SOURCE[../providers/libcommon.a]=record/tls_pad.c +SOURCE[../providers/libimplementations.a]=s3_cbc.c diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 634052d342..baa4f239bf 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1362,10 +1362,10 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) header[j++] = (unsigned char)(rec->length & 0xff); /* Final param == is SSLv3 */ - if (ssl3_cbc_digest_record(ssl, hash, + if (ssl3_cbc_digest_record(EVP_MD_CTX_md(hash), md, &md_size, header, rec->input, - rec->length + md_size, rec->orig_len, + rec->length, rec->orig_len, mac_sec, md_size, 1) <= 0) return 0; } else { @@ -1465,31 +1465,25 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) header[12] = (unsigned char)(rec->length & 0xff); if (!sending && !SSL_READ_ETM(ssl) && - EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && - ssl3_cbc_record_digest_supported(mac_ctx)) { - /* - * This is a CBC-encrypted record. We must avoid leaking any - * timing-side channel information about how many blocks of data we - * are hashing because that gives an attacker a timing-oracle. - */ - /* Final param == not SSLv3 */ - if (ssl3_cbc_digest_record(ssl, mac_ctx, - md, &md_size, - header, rec->input, - rec->length + md_size, rec->orig_len, - ssl->s3.read_mac_secret, - ssl->s3.read_mac_secret_size, 0) <= 0) { - EVP_MD_CTX_free(hmac); - return 0; - } - } else { - /* TODO(size_t): Convert these calls */ - if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 - || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 - || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { - EVP_MD_CTX_free(hmac); + EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && + ssl3_cbc_record_digest_supported(mac_ctx)) { + OSSL_PARAM tls_hmac_params[2], *p = tls_hmac_params; + + *p++ = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_TLS_DATA_SIZE, + &rec->orig_len); + *p++ = OSSL_PARAM_construct_end(); + + if (!EVP_PKEY_CTX_set_params(EVP_MD_CTX_pkey_ctx(mac_ctx), + tls_hmac_params)) return 0; - } + } + + /* TODO(size_t): Convert these calls */ + if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 + || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 + || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { + EVP_MD_CTX_free(hmac); + return 0; } EVP_MD_CTX_free(hmac); diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index ec1f3cf83b..4895f43568 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -7,6 +7,16 @@ * https://www.openssl.org/source/license.html */ +/* + * This file has no dependencies on the rest of libssl because it is shared + * with the providers. It contains functions for low level MAC calculations. + * Responsibility for this lies with the HMAC implementation in the + * providers. However there are legacy code paths in libssl which also need to + * do this. In time those legacy code paths can be removed and this file can be + * moved out of libssl. + */ + + /* * MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for * internal use. @@ -14,12 +24,44 @@ #include "internal/deprecated.h" #include "internal/constant_time.h" -#include "ssl_local.h" #include "internal/cryptlib.h" +#include #include #include +char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); +int ssl3_cbc_digest_record(const EVP_MD *md, + unsigned char *md_out, + size_t *md_out_size, + const unsigned char header[13], + const unsigned char *data, + size_t data_size, + size_t data_plus_mac_plus_padding_size, + const unsigned char *mac_secret, + size_t mac_secret_length, char is_sslv3); + +# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +# define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \ + *((c)++)=(unsigned char)(((l)>>32)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +# define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ + *((c)++)=(unsigned char)(((l)>>48)&0xff), \ + *((c)++)=(unsigned char)(((l)>>40)&0xff), \ + *((c)++)=(unsigned char)(((l)>>32)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + /* * MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's * length field. (SHA-384/512 have 128-bit length.) @@ -119,25 +161,21 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) * md_out_size: if non-NULL, the number of output bytes is written here. * header: the 13-byte, TLS record header. * data: the record data itself, less any preceding explicit IV. - * data_plus_mac_size: the secret, reported length of the data and MAC - * once the padding has been removed. + * data_size: the secret, reported length of the data once the MAC and padding + * has been removed. * data_plus_mac_plus_padding_size: the public length of the whole - * record, including padding. + * record, including MAC and padding. * is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS. * - * On entry: by virtue of having been through one of the remove_padding - * functions, above, we know that data_plus_mac_size is large enough to contain - * a padding byte and MAC. (If the padding was invalid, it might contain the - * padding too. ) + * On entry: we know that data is data_plus_mac_plus_padding_size in length * Returns 1 on success or 0 on error */ -int ssl3_cbc_digest_record(SSL *s, - const EVP_MD_CTX *ctx, +int ssl3_cbc_digest_record(const EVP_MD *md, unsigned char *md_out, size_t *md_out_size, const unsigned char header[13], const unsigned char *data, - size_t data_plus_mac_size, + size_t data_size, size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, size_t mac_secret_length, char is_sslv3) @@ -168,7 +206,6 @@ int ssl3_cbc_digest_record(SSL *s, size_t md_length_size = 8; char length_is_big_endian = 1; int ret = 0; - const EVP_MD *md = NULL; /* * This is a, hopefully redundant, check that allows us to forget about @@ -177,8 +214,7 @@ int ssl3_cbc_digest_record(SSL *s, if (!ossl_assert(data_plus_mac_plus_padding_size < 1024 * 1024)) return 0; - switch (EVP_MD_CTX_type(ctx)) { - case NID_md5: + if (EVP_MD_is_a(md, "MD5")) { if (MD5_Init((MD5_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_md5_final_raw; @@ -187,32 +223,28 @@ int ssl3_cbc_digest_record(SSL *s, md_size = 16; sslv3_pad_length = 48; length_is_big_endian = 0; - break; - case NID_sha1: + } else if (EVP_MD_is_a(md, "SHA1")) { if (SHA1_Init((SHA_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha1_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))SHA1_Transform; md_size = 20; - break; - case NID_sha224: + } else if (EVP_MD_is_a(md, "SHA2-224")) { if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha256_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; md_size = 224 / 8; - break; - case NID_sha256: + } else if (EVP_MD_is_a(md, "SHA2-256")) { if (SHA256_Init((SHA256_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha256_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; md_size = 32; - break; - case NID_sha384: + } else if (EVP_MD_is_a(md, "SHA2-384")) { if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha512_final_raw; @@ -221,8 +253,7 @@ int ssl3_cbc_digest_record(SSL *s, md_size = 384 / 8; md_block_size = 128; md_length_size = 16; - break; - case NID_sha512: + } else if (EVP_MD_is_a(md, "SHA2-512")) { if (SHA512_Init((SHA512_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha512_final_raw; @@ -231,8 +262,7 @@ int ssl3_cbc_digest_record(SSL *s, md_size = 64; md_block_size = 128; md_length_size = 16; - break; - default: + } else { /* * ssl3_cbc_record_digest_supported should have been called first to * check that the hash function is supported. @@ -303,7 +333,7 @@ int ssl3_cbc_digest_record(SSL *s, /* * mac_end_offset is the index just past the end of the data to be MACed. */ - mac_end_offset = data_plus_mac_size + header_length - md_size; + mac_end_offset = data_size + header_length; /* * c is the index of the 0x80 byte in the final hash block that contains * application data. @@ -463,10 +493,7 @@ int ssl3_cbc_digest_record(SSL *s, md_ctx = EVP_MD_CTX_new(); if (md_ctx == NULL) goto err; - md = ssl_evp_md_fetch(s->ctx->libctx, EVP_MD_type(EVP_MD_CTX_md(ctx)), - s->ctx->propq); - if (md == NULL) - goto err; + if (EVP_DigestInit_ex(md_ctx, md, NULL /* engine */ ) <= 0) goto err; if (is_sslv3) { @@ -494,6 +521,5 @@ int ssl3_cbc_digest_record(SSL *s, ret = 1; err: EVP_MD_CTX_free(md_ctx); - ssl_evp_md_free(md); return ret; } diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index f74f833312..49d24e6a96 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2761,13 +2761,12 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, /* s3_cbc.c */ __owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); -__owur int ssl3_cbc_digest_record(SSL *s, - const EVP_MD_CTX *ctx, +__owur int ssl3_cbc_digest_record(const EVP_MD *md, unsigned char *md_out, size_t *md_out_size, const unsigned char header[13], const unsigned char *data, - size_t data_plus_mac_size, + size_t data_size, size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, size_t mac_secret_length, char is_sslv3); From builds at travis-ci.com Thu Sep 3 11:15:02 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 03 Sep 2020 11:15:02 +0000 Subject: Still Failing: openssl/openssl#37112 (master - 0bc193d) In-Reply-To: Message-ID: <5f50d036fe90_13fc4aeeb686c460158@travis-pro-tasks-58774c87c9-wcxxp.mail> Build Update for openssl/openssl ------------------------------------- Build: #37112 Status: Still Failing Duration: 1 hr, 16 mins, and 47 secs Commit: 0bc193d (master) Author: Matt Caswell Message: Ensure EVP_MAC_update() passes the length even if it is 0 We leave it up to the EVP_MAC implemenations what to do with an update where the data length is 0. In the TLS HMAC implemenation this is still signficant. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12732) View the changeset: https://github.com/openssl/openssl/compare/b48ca22a5655...0bc193dd05fa View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182563084?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Sep 3 13:13:04 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 03 Sep 2020 13:13:04 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1599138784.663094.16872.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=211, Tests=3216, 895 wallclock secs (13.60 usr 1.18 sys + 829.53 cusr 64.11 csys = 908.42 CPU) Result: FAIL Makefile:3176: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3174: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Thu Sep 3 16:04:44 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Sep 2020 16:04:44 +0000 Subject: [openssl] master update Message-ID: <1599149084.840360.29185.nullmailer@dev.openssl.org> The branch master has been updated via d55d0935deb1a8af9cb9a76bf4ca21da47ba8184 (commit) via 5045abb2e92f9370b05f5e9c6f116fb01bf9e4fe (commit) via 7192e4dfa104f83e54c37e6acfa49fb6a3e1a5dd (commit) via 96b924105fd5069875cefcc7e0aca03e2daf1348 (commit) via 4feda976de1291d9e0d2bbb4d87b39b89dfe6dcd (commit) via 88c1d0c1daa93571570cdaac04bb9e3dae8b971f (commit) via c2150f73571fbcf150d0a7e5eaef537fd43857fa (commit) via 67b640135696d4426475fb0c455c094a6c33ee45 (commit) via 7a3068109568cefdb0d63be1d0c83251c621156e (commit) via a10847c427744fb7e7d29953dee130a52251c027 (commit) via b5275648843ace1a441521823913ccbbebb8769c (commit) via 7620d89c3f2f420ea951fb5b48f976079bfc7429 (commit) via a1447076beee138cab1cc4b277aae189defffdf4 (commit) via 63f187cfedd21550094b5d69a52f7f617545b209 (commit) via 16feca71544681cabf873fecd3f860f9853bdf07 (commit) via bd7a6f16eb52c5c022b2555810efd99006db0a02 (commit) via a9556761418c432844d95e3988b41f19b7c7b56a (commit) from 0bc193dd05fa0f5580706f34994beb74baf3d531 (commit) - Log ----------------------------------------------------------------- commit d55d0935deb1a8af9cb9a76bf4ca21da47ba8184 Author: Richard Levitte Date: Tue Sep 1 17:56:11 2020 +0200 ASN1: Make ASN1_item_verify_ctx() work with provider-native keys Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) commit 5045abb2e92f9370b05f5e9c6f116fb01bf9e4fe Author: Richard Levitte Date: Sun Aug 30 11:46:45 2020 +0200 EC: Remove one error record that shadows another In EC_GROUP_new_from_params(), ERR_R_EC_LIB was reported if group_new_from_name() returned NULL. However, this shadows a possible EC_R_INVALID_CURVE, making that harder to detect, which happens to be important to do in test/evp_test.c. This also extends key_unsupported() in test/evp_test.c to check for this error alongside the check for EC_R_UNKNOWN_GROUP. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) commit 7192e4dfa104f83e54c37e6acfa49fb6a3e1a5dd Author: Richard Levitte Date: Sun Aug 30 09:53:22 2020 +0200 TEST: Ensure that the base provider i activated when needed The fips providers can't be activated alone if encoding, decoding or STORE are going to be used. To enable this, we selectively use test/fips-and-base.cnf instead of test/fips.cnf in our test recipes. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) commit 96b924105fd5069875cefcc7e0aca03e2daf1348 Author: Richard Levitte Date: Sat Aug 29 15:08:05 2020 +0200 Revert "TEST: separate out NIST ECC tests from non-NIST" This file split turned out to be a mistake as soon as the fetching error reporting got properly sorted. This reverts commit e6ed04a9dcc2ead94e35c4a7400b9c998b5ad9ac. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) commit 4feda976de1291d9e0d2bbb4d87b39b89dfe6dcd Author: Richard Levitte Date: Sat Aug 29 20:48:51 2020 +0200 EVP: Don't report malloc failure in new_raw_key_int() On failure by EVP_PKEY_CTX_new_from_name(), this function reported ERR_R_MALLOC_FAILURE. However, that's not necessarily true, as it can fail because the algorithm isn't present. Either way, EVP_PKEY_CTX_new_from_name() records more accurate errors on its own, and one of them - EVP_R_FETCH_FAILED - is significant for test/evp_test.c. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) commit 88c1d0c1daa93571570cdaac04bb9e3dae8b971f Author: Richard Levitte Date: Sat Aug 29 20:38:25 2020 +0200 TEST: have key_unsupported() in evp_test.c look at the last error key_unsupported() looked at the first error in the queue to see if a key algorithm is supported or not. However, there are situations where the errors it looks for is preceded by others. It's much safer to look at the last recorded error. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) commit c2150f73571fbcf150d0a7e5eaef537fd43857fa Author: Richard Levitte Date: Sat Aug 29 09:40:31 2020 +0200 STORE: Stop the flood of errors The old 'file:' loader was recently changed to stop the flood of repeated nested ASN.1 errors when trying to decode a DER blob in diverse ways. That is now reproduced in ossl_store_handle_load_result() Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) commit 67b640135696d4426475fb0c455c094a6c33ee45 Author: Richard Levitte Date: Fri Aug 28 13:07:35 2020 +0200 CORE: Fix small bug in passphrase caching Passphrase caching didn't allocate memory when it got to cache an empty string, leading to a crash. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) commit 7a3068109568cefdb0d63be1d0c83251c621156e Author: Richard Levitte Date: Wed Aug 26 07:04:53 2020 +0200 STORE: Fix potential memory leak When closing an OSSL_STORE_CTX, also clear the passphrase data. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) commit a10847c427744fb7e7d29953dee130a52251c027 Author: Richard Levitte Date: Wed Aug 5 10:28:51 2020 +0200 "Downgrade" provider-native keys to legacy where needed Some sub-systems and openssl sub-commands do not yet deal cleanly with purely provider-native EVP_PKEYs. We compensate that by "downgrading" keys in select places, or ensure that the 'file:' scheme ENGINE loader is activated. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) commit b5275648843ace1a441521823913ccbbebb8769c Author: Richard Levitte Date: Sun Aug 2 16:41:04 2020 +0200 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() EVP_PKEY2PKCS8() relies on the presence of an EVP_PKEY_ASN1_METHOD, which requires "downgrading" the EVP_PKEY to have a legacy internal key. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) commit 7620d89c3f2f420ea951fb5b48f976079bfc7429 Author: Richard Levitte Date: Thu Jul 23 17:34:26 2020 +0200 TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders We want to perform the same tests with a provider implementation, and also make sure that an ENGINE implementation works as advertised. OSSL_STORE_open() / OSSL_STORE_open_wirh_libctx() work in such a way that they look for internal / engine implementations first, and only failing that, they will try to fetch a provider implementation. This ensures that when we do specify an engine, it gets exceptional priority. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) commit a1447076beee138cab1cc4b277aae189defffdf4 Author: Richard Levitte Date: Thu Jul 23 23:06:27 2020 +0200 STORE: Deprecate legacy / ENGINE functions Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) commit 63f187cfedd21550094b5d69a52f7f617545b209 Author: Richard Levitte Date: Sun Aug 2 12:46:00 2020 +0200 STORE: Add a built-in 'file:' storemgmt implementation (loader) This replaces the older 'file:' loader that is now an engine. It's still possible to use the older 'file:' loader by explicitly using the engine, and tests will remain for it as long as ENGINEs are still supported (even through deprecated). To support this storemgmt implementation, a few internal OSSL_DECODER modifications are needed: - An internal function that implements most of OSSL_DECODER_CTX_new_by_EVP_PKEY(), but operates on an already existing OSSL_DECODER_CTX instead of allocating a new one. - Allow direct creation of a OSSL_DECODER from an OSSL_ALGORITHM. It isn't attached to any provider, and is only used internally, to simply catch any DER encoded object to be passed back to the object callback with no further checking. This implementation becomes the last resort decoder, when all "normal" decodation attempts (i.e. those that are supposed to result in an OpenSSL object of some sort) have failed. Because file_store_attach() uses BIO_tell(), we must also support BIO_ctrl() as a libcrypto upcall. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) commit 16feca71544681cabf873fecd3f860f9853bdf07 Author: Richard Levitte Date: Thu Jul 23 16:56:59 2020 +0200 STORE: Move the built-in 'file:' loader to become an engine module From this point on, this engine must be specifically specified. To replace the internal EMBEDDED hack with something unique for the new module, functions to create application specific OSSL_STORE_INFO types were added. Furthermore, the following function had to be exported: ossl_do_blob_header() ossl_do_PVK_header() asn1_d2i_read_bio() Finally, evp_pkcs82pkey_int() has become public under a new name, EVP_PKCS82PKEY_with_libctx() Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) commit bd7a6f16eb52c5c022b2555810efd99006db0a02 Author: Richard Levitte Date: Fri Aug 21 13:08:18 2020 +0200 OSSL_ENCODER / OSSL_DECODER post-rename cleanup There are a few remaining spots where 'deser' wasn't changed to 'decoder' Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) commit a9556761418c432844d95e3988b41f19b7c7b56a Author: Richard Levitte Date: Thu Jul 23 16:30:38 2020 +0200 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) ----------------------------------------------------------------------- Summary of changes: Configurations/unix-Makefile.tmpl | 2 + apps/cms.c | 15 + apps/smime.c | 16 + crypto/asn1/a_d2i_fp.c | 1 + crypto/asn1/a_verify.c | 2 +- crypto/asn1/d2i_param.c | 6 +- crypto/asn1/d2i_pr.c | 4 +- crypto/ec/ec_lib.c | 2 - crypto/encode_decode/decoder_lib.c | 122 +- crypto/encode_decode/decoder_meth.c | 24 +- crypto/encode_decode/decoder_pkey.c | 46 +- crypto/encode_decode/encoder_local.h | 12 +- crypto/encode_decode/encoder_meth.c | 6 +- crypto/encode_decode/encoder_pkey.c | 9 +- crypto/err/openssl.txt | 4 + crypto/evp/evp_pkey.c | 11 +- crypto/evp/p_lib.c | 4 +- crypto/init.c | 3 + crypto/passphrase.c | 3 +- crypto/pem/pem_pkey.c | 7 +- crypto/pkcs7/pk7_lib.c | 11 + crypto/provider_core.c | 1 + crypto/store/build.info | 7 +- crypto/store/store_init.c | 3 +- crypto/store/store_lib.c | 85 +- crypto/store/store_local.h | 31 +- crypto/store/store_result.c | 43 +- crypto/x509/x_all.c | 2 +- doc/man3/OSSL_STORE_INFO.pod | 23 +- doc/man3/OSSL_STORE_LOADER.pod | 13 +- doc/man3/OSSL_STORE_SEARCH.pod | 12 +- doc/man3/OSSL_STORE_open.pod | 19 +- engines/build.info | 10 +- .../loader_file.c => engines/e_loader_attic.c | 419 +++--- engines/e_loader_attic.ec | 3 + engines/e_loader_attic.txt | 23 + engines/e_loader_attic_err.c | 73 ++ engines/e_loader_attic_err.h | 43 + include/crypto/asn1.h | 2 - include/crypto/decoder.h | 40 + include/crypto/evp.h | 2 - include/internal/asn1.h | 15 + include/openssl/core_dispatch.h | 3 + include/openssl/err.h | 5 +- include/openssl/store.h | 92 +- include/openssl/x509.h | 2 + providers/baseprov.c | 11 + providers/common/bio_prov.c | 16 +- providers/common/include/prov/bio.h | 1 + providers/common/include/prov/providercommonerr.h | 3 + providers/common/provider_err.c | 6 + providers/defltprov.c | 11 + providers/implementations/build.info | 2 +- .../implementations/encode_decode/decode_common.c | 2 +- .../implementations/include/prov/implementations.h | 2 + providers/implementations/storemgmt/build.info | 6 + providers/implementations/storemgmt/file_store.c | 920 ++++++++++++++ .../implementations/storemgmt/file_store_der2obj.c | 119 ++ .../implementations/storemgmt/file_store_local.h | 11 + providers/stores.inc | 14 + test/evp_extra_test.c | 13 + test/evp_test.c | 5 +- test/recipes/15-test_genrsa.t | 3 +- test/recipes/15-test_rsaoaep.t | 2 +- test/recipes/20-test_pkeyutl.t | 11 +- test/recipes/25-test_req.t | 30 +- test/recipes/30-test_evp.t | 8 +- test/recipes/30-test_evp_data/evppkey_ecc.txt | 932 ++++++++++++++ test/recipes/30-test_evp_data/evppkey_ecc_nist.txt | 945 -------------- test/recipes/30-test_evp_data/evppkey_ecdh.txt | 1341 ++++++++++++++++++-- .../recipes/30-test_evp_data/evppkey_ecdh_nist.txt | 1177 ----------------- test/recipes/65-test_cmp_client.t | 2 +- test/recipes/65-test_cmp_msg.t | 3 +- test/recipes/65-test_cmp_protect.t | 3 +- test/recipes/80-test_cms.t | 2 +- test/recipes/80-test_ssl_new.t | 2 +- test/recipes/80-test_ssl_old.t | 3 +- test/recipes/90-test_sslapi.t | 2 +- test/recipes/90-test_store.t | 321 ++--- util/libcrypto.num | 44 +- util/missingcrypto-internal.txt | 5 + util/missingcrypto.txt | 1 + 82 files changed, 4453 insertions(+), 2807 deletions(-) rename crypto/store/loader_file.c => engines/e_loader_attic.c (82%) create mode 100644 engines/e_loader_attic.ec create mode 100644 engines/e_loader_attic.txt create mode 100644 engines/e_loader_attic_err.c create mode 100644 engines/e_loader_attic_err.h create mode 100644 include/crypto/decoder.h create mode 100644 include/internal/asn1.h create mode 100644 providers/implementations/storemgmt/build.info create mode 100644 providers/implementations/storemgmt/file_store.c create mode 100644 providers/implementations/storemgmt/file_store_der2obj.c create mode 100644 providers/implementations/storemgmt/file_store_local.h create mode 100644 providers/stores.inc delete mode 100644 test/recipes/30-test_evp_data/evppkey_ecc_nist.txt delete mode 100644 test/recipes/30-test_evp_data/evppkey_ecdh_nist.txt diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 441f83c345..ff4803be74 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -1075,6 +1075,8 @@ errors: include/internal/o_dir.h include/internal/err.h include/internal/evp.h + include/internal/pem.h + include/internal/asn1.h include/internal/sslconf.h ); our @cryptoskipheaders = ( @sslheaders, qw( include/openssl/conf_api.h diff --git a/apps/cms.c b/apps/cms.c index bcf2f44ce5..d154f460b3 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -866,6 +866,13 @@ int cms_main(int argc, char **argv) key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); if (key == NULL) goto end; + + /* + * TODO: Remove this when CMS has full support for provider-native + * EVP_PKEYs + */ + if (EVP_PKEY_get0(key) == NULL) + goto end; } in = bio_open_default(infile, 'r', informat); @@ -1064,6 +1071,14 @@ int cms_main(int argc, char **argv) ret = 2; goto end; } + + /* + * TODO: Remove this when CMS has full support for provider-native + * EVP_PKEYs + */ + if (EVP_PKEY_get0(key) == NULL) + goto end; + for (kparam = key_first; kparam; kparam = kparam->next) { if (kparam->idx == i) { tflags |= CMS_KEY_PARAM; diff --git a/apps/smime.c b/apps/smime.c index 5ecdc019d2..dbfcdbeb5a 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -477,6 +477,14 @@ int smime_main(int argc, char **argv) key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); if (key == NULL) goto end; + + /* + * TODO: Remove this when CMS has full support for provider-native + * EVP_PKEYs + */ + if (EVP_PKEY_get0(key) == NULL) + goto end; + } in = bio_open_default(infile, 'r', informat); @@ -571,6 +579,14 @@ int smime_main(int argc, char **argv) key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); if (key == NULL) goto end; + + /* + * TODO: Remove this when CMS has full support for provider-native + * EVP_PKEYs + */ + if (EVP_PKEY_get0(key) == NULL) + goto end; + if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags)) goto end; X509_free(signer); diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c index 186e7ec413..249e6294c8 100644 --- a/crypto/asn1/a_d2i_fp.c +++ b/crypto/asn1/a_d2i_fp.c @@ -13,6 +13,7 @@ #include "internal/numbers.h" #include #include +#include "internal/asn1.h" #include "crypto/asn1.h" #ifndef NO_OLD_ASN1 diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 2b2c46a854..e3471c8141 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -163,7 +163,7 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, } /* Check public key OID matches public key type */ - if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { + if (!EVP_PKEY_is_a(pkey, OBJ_nid2sn(pknid))) { ASN1err(0, ASN1_R_WRONG_PUBLIC_KEY_TYPE); goto err; } diff --git a/crypto/asn1/d2i_param.c b/crypto/asn1/d2i_param.c index c82b4a8fa8..f0217b47f6 100644 --- a/crypto/asn1/d2i_param.c +++ b/crypto/asn1/d2i_param.c @@ -11,14 +11,14 @@ #include "internal/cryptlib.h" #include #include -#include "crypto/evp.h" +#include "internal/asn1.h" #include "crypto/asn1.h" +#include "crypto/evp.h" EVP_PKEY *d2i_KeyParams(int type, EVP_PKEY **a, const unsigned char **pp, long length) { EVP_PKEY *ret = NULL; - const unsigned char *p = *pp; if ((a == NULL) || (*a == NULL)) { if ((ret = EVP_PKEY_new()) == NULL) @@ -34,7 +34,7 @@ EVP_PKEY *d2i_KeyParams(int type, EVP_PKEY **a, const unsigned char **pp, goto err; } - if (!ret->ameth->param_decode(ret, &p, length)) + if (!ret->ameth->param_decode(ret, pp, length)) goto err; if (a != NULL) diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index a4d240e7c4..ba81782698 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -55,7 +55,7 @@ EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp, p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); if (p8 == NULL) goto err; - tmp = evp_pkcs82pkey_int(p8, libctx, propq); + tmp = EVP_PKCS82PKEY_with_libctx(p8, libctx, propq); PKCS8_PRIV_KEY_INFO_free(p8); if (tmp == NULL) goto err; @@ -122,7 +122,7 @@ EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp, ASN1err(0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); return NULL; } - ret = evp_pkcs82pkey_int(p8, libctx, propq); + ret = EVP_PKCS82PKEY_with_libctx(p8, libctx, propq); PKCS8_PRIV_KEY_INFO_free(p8); if (ret == NULL) return NULL; diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index d9298f62d0..d7752e953f 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1552,8 +1552,6 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], group = group_new_from_name(ptmp, libctx, propq); if (group != NULL) EC_GROUP_set_asn1_flag(group, encoding_flag); - else - ECerr(0, ERR_R_EC_LIB); return group; } bnctx = BN_CTX_new_ex(libctx); diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c index 5d18ef1eff..9eeff20f7c 100644 --- a/crypto/encode_decode/decoder_lib.c +++ b/crypto/encode_decode/decoder_lib.c @@ -12,6 +12,7 @@ #include #include #include "internal/passphrase.h" +#include "crypto/decoder.h" #include "encoder_local.h" #include "e_os.h" @@ -22,7 +23,7 @@ struct decoder_process_data_st { BIO *bio; /* Index of the current decoder instance to be processed */ - size_t current_deser_inst_index; + size_t current_decoder_inst_index; }; static int decoder_process(const OSSL_PARAM params[], void *arg); @@ -89,14 +90,13 @@ int OSSL_DECODER_CTX_set_input_type(OSSL_DECODER_CTX *ctx, return 1; } -int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder) +OSSL_DECODER_INSTANCE *ossl_decoder_instance_new(OSSL_DECODER *decoder, + void *decoderctx) { OSSL_DECODER_INSTANCE *decoder_inst = NULL; - const OSSL_PROVIDER *prov = NULL; OSSL_PARAM params[2]; - void *provctx = NULL; - if (!ossl_assert(ctx != NULL) || !ossl_assert(decoder != NULL)) { + if (!ossl_assert(decoder != NULL)) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); return 0; } @@ -107,12 +107,6 @@ int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder) return 0; } - if (ctx->decoder_insts == NULL - && (ctx->decoder_insts = - sk_OSSL_DECODER_INSTANCE_new_null()) == NULL) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE); - return 0; - } if ((decoder_inst = OPENSSL_zalloc(sizeof(*decoder_inst))) == NULL) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE); return 0; @@ -121,10 +115,6 @@ int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder) ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_INTERNAL_ERROR); goto err; } - decoder_inst->decoder = decoder; - - prov = OSSL_DECODER_provider(decoder_inst->decoder); - provctx = OSSL_PROVIDER_get0_provider_ctx(prov); /* Cache the input type for this encoder */ params[0] = @@ -132,25 +122,74 @@ int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder) (char **)&decoder_inst->input_type, 0); params[1] = OSSL_PARAM_construct_end(); - if (!decoder_inst->decoder->get_params(params) + if (!decoder->get_params(params) || !OSSL_PARAM_modified(¶ms[0])) goto err; - if ((decoder_inst->deserctx = decoder_inst->decoder->newctx(provctx)) - == NULL) - goto err; - - if (sk_OSSL_DECODER_INSTANCE_push(ctx->decoder_insts, decoder_inst) <= 0) - goto err; - - return 1; + decoder_inst->decoder = decoder; + decoder_inst->decoderctx = decoderctx; + return decoder_inst; err: + ossl_decoder_instance_free(decoder_inst); + return NULL; +} + +void ossl_decoder_instance_free(OSSL_DECODER_INSTANCE *decoder_inst) +{ if (decoder_inst != NULL) { if (decoder_inst->decoder != NULL) - decoder_inst->decoder->freectx(decoder_inst->deserctx); + decoder_inst->decoder->freectx(decoder_inst->decoderctx); + decoder_inst->decoderctx = NULL; OSSL_DECODER_free(decoder_inst->decoder); + decoder_inst->decoder = NULL; OPENSSL_free(decoder_inst); } +} + +int ossl_decoder_ctx_add_decoder_inst(OSSL_DECODER_CTX *ctx, + OSSL_DECODER_INSTANCE *di) +{ + if (ctx->decoder_insts == NULL + && (ctx->decoder_insts = + sk_OSSL_DECODER_INSTANCE_new_null()) == NULL) { + ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE); + return 0; + } + + return (sk_OSSL_DECODER_INSTANCE_push(ctx->decoder_insts, di) > 0); +} + +int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, + OSSL_DECODER *decoder) +{ + OSSL_DECODER_INSTANCE *decoder_inst = NULL; + const OSSL_PROVIDER *prov = NULL; + void *decoderctx = NULL; + void *provctx = NULL; + + if (!ossl_assert(ctx != NULL) || !ossl_assert(decoder != NULL)) { + ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + prov = OSSL_DECODER_provider(decoder); + provctx = OSSL_PROVIDER_get0_provider_ctx(prov); + + if ((decoderctx = decoder->newctx(provctx)) == NULL + || (decoder_inst = + ossl_decoder_instance_new(decoder, decoderctx)) == NULL) + goto err; + /* Avoid double free of decoderctx on further errors */ + decoderctx = NULL; + + if (!ossl_decoder_ctx_add_decoder_inst(ctx, decoder_inst)) + goto err; + + return 1; + err: + ossl_decoder_instance_free(decoder_inst); + if (decoderctx != NULL) + decoder->freectx(decoderctx); return 0; } @@ -344,7 +383,7 @@ int OSSL_DECODER_export(OSSL_DECODER_INSTANCE *decoder_inst, return 0; } - return decoder_inst->decoder->export_object(decoder_inst->deserctx, + return decoder_inst->decoder->export_object(decoder_inst->decoderctx, reference, reference_sz, export_cb, export_cbarg); } @@ -360,7 +399,7 @@ void *OSSL_DECODER_INSTANCE_decoder_ctx(OSSL_DECODER_INSTANCE *decoder_inst) { if (decoder_inst == NULL) return NULL; - return decoder_inst->deserctx; + return decoder_inst->decoderctx; } static int decoder_process(const OSSL_PARAM params[], void *arg) @@ -382,7 +421,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) if (params == NULL) { /* First iteration, where we prepare for what is to come */ - data->current_deser_inst_index = + data->current_decoder_inst_index = OSSL_DECODER_CTX_num_decoders(ctx); bio = data->bio; @@ -391,7 +430,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) decoder_inst = sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, - data->current_deser_inst_index); + data->current_decoder_inst_index); decoder = OSSL_DECODER_INSTANCE_decoder(decoder_inst); if (ctx->construct != NULL @@ -422,7 +461,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) * If we have no more decoders to look through at this point, * we failed */ - if (data->current_deser_inst_index == 0) + if (data->current_decoder_inst_index == 0) goto end; if ((loc = BIO_tell(bio)) < 0) { @@ -430,11 +469,11 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) goto end; } - for (i = data->current_deser_inst_index; i-- > 0;) { - OSSL_DECODER_INSTANCE *new_deser_inst = + for (i = data->current_decoder_inst_index; i-- > 0;) { + OSSL_DECODER_INSTANCE *new_decoder_inst = sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i); - OSSL_DECODER *new_deser = - OSSL_DECODER_INSTANCE_decoder(new_deser_inst); + OSSL_DECODER *new_decoder = + OSSL_DECODER_INSTANCE_decoder(new_decoder_inst); /* * If |decoder| is NULL, it means we've just started, and the caller @@ -443,7 +482,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) */ if (decoder == NULL && ctx->start_input_type != NULL && strcasecmp(ctx->start_input_type, - new_deser_inst->input_type) != 0) + new_decoder_inst->input_type) != 0) continue; /* @@ -453,7 +492,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) * value for that decoder. */ if (decoder != NULL - && !OSSL_DECODER_is_a(decoder, new_deser_inst->input_type)) + && !OSSL_DECODER_is_a(decoder, new_decoder_inst->input_type)) continue; /* @@ -471,11 +510,12 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) goto end; /* Recurse */ - new_data.current_deser_inst_index = i; - ok = new_deser->decode(new_deser_inst->deserctx, (OSSL_CORE_BIO *)bio, - decoder_process, &new_data, - ossl_pw_passphrase_callback_dec, - &new_data.ctx->pwdata); + new_data.current_decoder_inst_index = i; + ok = new_decoder->decode(new_decoder_inst->decoderctx, + (OSSL_CORE_BIO *)bio, + decoder_process, &new_data, + ossl_pw_passphrase_callback_dec, + &new_data.ctx->pwdata); if (ok) break; } diff --git a/crypto/encode_decode/decoder_meth.c b/crypto/encode_decode/decoder_meth.c index 409bb1aa54..235899b6ce 100644 --- a/crypto/encode_decode/decoder_meth.c +++ b/crypto/encode_decode/decoder_meth.c @@ -15,11 +15,9 @@ #include "internal/namemap.h" #include "internal/property.h" #include "internal/provider.h" -#include "crypto/encoder.h" +#include "crypto/decoder.h" #include "encoder_local.h" -static void OSSL_DECODER_INSTANCE_free(OSSL_DECODER_INSTANCE *instance); - /* * Decoder can have multiple names, separated with colons in a name string */ @@ -159,8 +157,8 @@ static int put_decoder_in_store(OPENSSL_CTX *libctx, void *store, } /* Create and populate a decoder method */ -static void *decoder_from_dispatch(int id, const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) +void *ossl_decoder_from_dispatch(int id, const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov) { OSSL_DECODER *decoder = NULL; const OSSL_DISPATCH *fns = algodef->implementation; @@ -236,7 +234,7 @@ static void *decoder_from_dispatch(int id, const OSSL_ALGORITHM *algodef, /* * The core fetching functionality passes the names of the implementation. * This function is responsible to getting an identity number for them, - * then call decoder_from_dispatch() with that identity number. + * then call ossl_decoder_from_dispatch() with that identity number. */ static void *construct_decoder(const OSSL_ALGORITHM *algodef, OSSL_PROVIDER *prov, void *unused) @@ -254,7 +252,7 @@ static void *construct_decoder(const OSSL_ALGORITHM *algodef, void *method = NULL; if (id != 0) - method = decoder_from_dispatch(id, algodef, prov); + method = ossl_decoder_from_dispatch(id, algodef, prov); return method; } @@ -407,8 +405,7 @@ static void decoder_do_one(OSSL_PROVIDER *provider, void *method = NULL; if (id != 0) - method = - decoder_from_dispatch(id, algodef, provider); + method = ossl_decoder_from_dispatch(id, algodef, provider); if (method != NULL) { data->user_fn(method, data->user_arg); @@ -514,10 +511,11 @@ int OSSL_DECODER_CTX_set_params(OSSL_DECODER_CTX *ctx, OSSL_DECODER_INSTANCE *decoder_inst = sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i); - if (decoder_inst->deserctx == NULL + if (decoder_inst->decoderctx == NULL || decoder_inst->decoder->set_ctx_params == NULL) continue; - if (!decoder_inst->decoder->set_ctx_params(decoder_inst->deserctx, params)) + if (!decoder_inst->decoder->set_ctx_params(decoder_inst->decoderctx, + params)) return 0; } return 1; @@ -528,8 +526,8 @@ OSSL_DECODER_INSTANCE_free(OSSL_DECODER_INSTANCE *decoder_inst) { if (decoder_inst != NULL) { if (decoder_inst->decoder->freectx != NULL) - decoder_inst->decoder->freectx(decoder_inst->deserctx); - decoder_inst->deserctx = NULL; + decoder_inst->decoder->freectx(decoder_inst->decoderctx); + decoder_inst->decoderctx = NULL; OSSL_DECODER_free(decoder_inst->decoder); decoder_inst->decoder = NULL; OPENSSL_free(decoder_inst); diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c index 0bb548abce..64ea4e2c3f 100644 --- a/crypto/encode_decode/decoder_pkey.c +++ b/crypto/encode_decode/decoder_pkey.c @@ -14,6 +14,7 @@ #include #include #include "crypto/evp.h" +#include "crypto/decoder.h" #include "encoder_local.h" int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx, @@ -63,7 +64,7 @@ static int decoder_construct_EVP_PKEY(OSSL_DECODER_INSTANCE *decoder_inst, struct decoder_EVP_PKEY_data_st *data = construct_data; OSSL_DECODER *decoder = OSSL_DECODER_INSTANCE_decoder(decoder_inst); - void *deserctx = OSSL_DECODER_INSTANCE_decoder_ctx(decoder_inst); + void *decoderctx = OSSL_DECODER_INSTANCE_decoder_ctx(decoder_inst); size_t i, end_i; /* * |object_ref| points to a provider reference to an object, its exact @@ -150,7 +151,8 @@ static int decoder_construct_EVP_PKEY(OSSL_DECODER_INSTANCE *decoder_inst, * No need to check for errors here, the value of * |import_data.keydata| is as much an indicator. */ - (void)decoder->export_object(deserctx, object_ref, object_ref_sz, + (void)decoder->export_object(decoderctx, + object_ref, object_ref_sz, &evp_keymgmt_util_try_import, &import_data); keydata = import_data.keydata; @@ -253,17 +255,16 @@ static void collect_decoder(OSSL_DECODER *decoder, void *arg) data->error_occured = 0; /* All is good now */ } -OSSL_DECODER_CTX *OSSL_DECODER_CTX_new_by_EVP_PKEY(EVP_PKEY **pkey, - const char *input_type, - OPENSSL_CTX *libctx, - const char *propquery) +int ossl_decoder_ctx_setup_for_EVP_PKEY(OSSL_DECODER_CTX *ctx, + EVP_PKEY **pkey, + OPENSSL_CTX *libctx, + const char *propquery) { - OSSL_DECODER_CTX *ctx = NULL; struct collected_data_st *data = NULL; size_t i, end_i; + int ok = 0; - if ((ctx = OSSL_DECODER_CTX_new()) == NULL - || (data = OPENSSL_zalloc(sizeof(*data))) == NULL + if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL || (data->process_data = OPENSSL_zalloc(sizeof(*data->process_data))) == NULL || (data->process_data->keymgmts @@ -274,7 +275,6 @@ OSSL_DECODER_CTX *OSSL_DECODER_CTX_new_by_EVP_PKEY(EVP_PKEY **pkey, } data->process_data->object = (void **)pkey; data->ctx = ctx; - OSSL_DECODER_CTX_set_input_type(ctx, input_type); /* First, find all keymgmts to form goals */ EVP_KEYMGMT_do_all_provided(libctx, collect_keymgmt, data); @@ -307,9 +307,6 @@ OSSL_DECODER_CTX *OSSL_DECODER_CTX_new_by_EVP_PKEY(EVP_PKEY **pkey, if (OSSL_DECODER_CTX_num_decoders(ctx) == 0) goto err; - /* Finally, collect extra decoders based on what we already have */ - (void)OSSL_DECODER_CTX_add_extra(ctx, libctx, propquery); - if (!OSSL_DECODER_CTX_set_construct(ctx, decoder_construct_EVP_PKEY) || !OSSL_DECODER_CTX_set_construct_data(ctx, data->process_data) || !OSSL_DECODER_CTX_set_cleanup(ctx, @@ -317,11 +314,32 @@ OSSL_DECODER_CTX *OSSL_DECODER_CTX_new_by_EVP_PKEY(EVP_PKEY **pkey, goto err; data->process_data = NULL; + ok = 1; err: if (data != NULL) { decoder_clean_EVP_PKEY_construct_arg(data->process_data); sk_OPENSSL_CSTRING_free(data->names); OPENSSL_free(data); } - return ctx; + return ok; +} + +OSSL_DECODER_CTX *OSSL_DECODER_CTX_new_by_EVP_PKEY(EVP_PKEY **pkey, + const char *input_type, + OPENSSL_CTX *libctx, + const char *propquery) +{ + OSSL_DECODER_CTX *ctx = NULL; + + if ((ctx = OSSL_DECODER_CTX_new()) == NULL) { + ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE); + return NULL; + } + if (OSSL_DECODER_CTX_set_input_type(ctx, input_type) + && ossl_decoder_ctx_setup_for_EVP_PKEY(ctx, pkey, libctx, propquery) + && OSSL_DECODER_CTX_add_extra(ctx, libctx, propquery)) + return ctx; + + OSSL_DECODER_CTX_free(ctx); + return NULL; } diff --git a/crypto/encode_decode/encoder_local.h b/crypto/encode_decode/encoder_local.h index 749b2688e4..e707be19ff 100644 --- a/crypto/encode_decode/encoder_local.h +++ b/crypto/encode_decode/encoder_local.h @@ -16,7 +16,7 @@ #include "internal/passphrase.h" #include "internal/refcount.h" -struct ossl_serdes_base_st { +struct ossl_endecode_base_st { OSSL_PROVIDER *prov; int id; const char *propdef; @@ -26,7 +26,7 @@ struct ossl_serdes_base_st { }; struct ossl_encoder_st { - struct ossl_serdes_base_st base; + struct ossl_endecode_base_st base; OSSL_FUNC_encoder_newctx_fn *newctx; OSSL_FUNC_encoder_freectx_fn *freectx; OSSL_FUNC_encoder_set_ctx_params_fn *set_ctx_params; @@ -36,7 +36,7 @@ struct ossl_encoder_st { }; struct ossl_decoder_st { - struct ossl_serdes_base_st base; + struct ossl_endecode_base_st base; OSSL_FUNC_decoder_newctx_fn *newctx; OSSL_FUNC_decoder_freectx_fn *freectx; OSSL_FUNC_decoder_get_params_fn *get_params; @@ -49,7 +49,7 @@ struct ossl_decoder_st { struct ossl_encoder_ctx_st { OSSL_ENCODER *encoder; - void *serctx; + void *encoderctx; int selection; @@ -69,8 +69,8 @@ struct ossl_encoder_ctx_st { }; struct ossl_decoder_instance_st { - OSSL_DECODER *decoder; /* Never NULL */ - void *deserctx; /* Never NULL */ + OSSL_DECODER *decoder; /* Never NULL */ + void *decoderctx; /* Never NULL */ const char *input_type; /* Never NULL */ }; diff --git a/crypto/encode_decode/encoder_meth.c b/crypto/encode_decode/encoder_meth.c index 81bc5c47b9..62342f511a 100644 --- a/crypto/encode_decode/encoder_meth.c +++ b/crypto/encode_decode/encoder_meth.c @@ -475,7 +475,7 @@ OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new(OSSL_ENCODER *encoder) void *provctx = ossl_provider_ctx(prov); if (OSSL_ENCODER_up_ref(encoder)) { - ctx->serctx = encoder->newctx(provctx); + ctx->encoderctx = encoder->newctx(provctx); } else { OSSL_ENCODER_free(encoder); OPENSSL_free(ctx); @@ -507,7 +507,7 @@ int OSSL_ENCODER_CTX_set_params(OSSL_ENCODER_CTX *ctx, } if (ctx->encoder != NULL && ctx->encoder->set_ctx_params != NULL) - return ctx->encoder->set_ctx_params(ctx->serctx, params); + return ctx->encoder->set_ctx_params(ctx->encoderctx, params); return 0; } @@ -515,7 +515,7 @@ void OSSL_ENCODER_CTX_free(OSSL_ENCODER_CTX *ctx) { if (ctx != NULL) { if (ctx->encoder != NULL && ctx->encoder->freectx != NULL) - ctx->encoder->freectx(ctx->serctx); + ctx->encoder->freectx(ctx->encoderctx); OSSL_ENCODER_free(ctx->encoder); ossl_pw_clear_passphrase_data(&ctx->pwdata); OPENSSL_free(ctx); diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c index 6664f589b4..176f4fab95 100644 --- a/crypto/encode_decode/encoder_pkey.c +++ b/crypto/encode_decode/encoder_pkey.c @@ -96,7 +96,8 @@ static int encoder_write_cb(const OSSL_PARAM params[], void *arg) OSSL_ENCODER_CTX *ctx = write_data->ctx; BIO *out = write_data->out; - return ctx->encoder->encode_data(ctx->serctx, params, (OSSL_CORE_BIO *)out, + return ctx->encoder->encode_data(ctx->encoderctx, params, + (OSSL_CORE_BIO *)out, ossl_pw_passphrase_callback_enc, &ctx->pwdata); } @@ -135,7 +136,7 @@ static int encoder_EVP_PKEY_to_bio(OSSL_ENCODER_CTX *ctx, BIO *out) &encoder_write_cb, &write_data); } - return ctx->encoder->encode_object(ctx->serctx, keydata, + return ctx->encoder->encode_object(ctx->encoderctx, keydata, (OSSL_CORE_BIO *)out, ossl_pw_passphrase_callback_enc, &ctx->pwdata); @@ -172,8 +173,8 @@ OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new_by_EVP_PKEY(const EVP_PKEY *pkey, * Select the encoder in two steps. First, get the names of all of * the encoders. Then determine which is the best one to use. * This has to be broken because it isn't possible to fetch the - * serialisers inside EVP_KEYMGMT_names_do_all() due to locking - * order inversions with the store lock. + * encoders inside EVP_KEYMGMT_names_do_all() due to locking order + * inversions with the store lock. */ sel_data.error = 0; sel_data.names = sk_OPENSSL_CSTRING_new_null(); diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 643bf6b278..592fb6b50a 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2936,12 +2936,15 @@ PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:178:\ PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small PROV_R_PARENT_LOCKING_NOT_ENABLED:182:parent locking not enabled PROV_R_PARENT_STRENGTH_TOO_WEAK:194:parent strength too weak +PROV_R_PATH_MUST_BE_ABSOLUTE:219:path must be absolute PROV_R_PERSONALISATION_STRING_TOO_LONG:195:personalisation string too long PROV_R_PSS_SALTLEN_TOO_SMALL:172:pss saltlen too small PROV_R_READ_KEY:159:read key PROV_R_REQUEST_TOO_LARGE_FOR_DRBG:196:request too large for drbg PROV_R_REQUIRE_CTR_MODE_CIPHER:206:require ctr mode cipher PROV_R_RESEED_ERROR:197:reseed error +PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES:222:\ + search only supported for directories PROV_R_SELF_TEST_KAT_FAILURE:215:self test kat failure PROV_R_SELF_TEST_POST_FAILURE:216:self test post failure PROV_R_TAG_NOTSET:119:tag notset @@ -2963,6 +2966,7 @@ PROV_R_UNSUPPORTED_CEK_ALG:145:unsupported cek alg PROV_R_UNSUPPORTED_KEY_SIZE:153:unsupported key size PROV_R_UNSUPPORTED_MAC_TYPE:137:unsupported mac type PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS:152:unsupported number of rounds +PROV_R_URI_AUTHORITY_UNSUPPORTED:223:uri authority unsupported PROV_R_VALUE_ERROR:138:value error PROV_R_WRONG_FINAL_BLOCK_LENGTH:107:wrong final block length PROV_R_WRONG_OUTPUT_BUFFER_SIZE:139:wrong output buffer size diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index cfe0544ed6..d435c86087 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -18,8 +18,8 @@ /* Extract a private key from a PKCS8 structure */ -EVP_PKEY *evp_pkcs82pkey_int(const PKCS8_PRIV_KEY_INFO *p8, OPENSSL_CTX *libctx, - const char *propq) +EVP_PKEY *EVP_PKCS82PKEY_with_libctx(const PKCS8_PRIV_KEY_INFO *p8, + OPENSSL_CTX *libctx, const char *propq) { EVP_PKEY *pkey = NULL; const ASN1_OBJECT *algoid; @@ -64,7 +64,7 @@ EVP_PKEY *evp_pkcs82pkey_int(const PKCS8_PRIV_KEY_INFO *p8, OPENSSL_CTX *libctx, EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8) { - return evp_pkcs82pkey_int(p8, NULL, NULL); + return EVP_PKCS82PKEY_with_libctx(p8, NULL, NULL); } /* Turn a private key into a PKCS8 structure */ @@ -77,6 +77,11 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey) return NULL; } + /* Force a key downgrade if that's possible */ + /* TODO(3.0) Is there a better way for provider-native keys? */ + if (EVP_PKEY_get0(pkey) == NULL) + return NULL; + if (pkey->ameth) { if (pkey->ameth->priv_encode) { if (!pkey->ameth->priv_encode(p8, pkey)) { diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 16c674d920..fd2a6c5abc 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -381,10 +381,8 @@ static EVP_PKEY *new_raw_key_int(OPENSSL_CTX *libctx, strtype != NULL ? strtype : OBJ_nid2sn(nidtype), propq); - if (ctx == NULL) { - EVPerr(0, ERR_R_MALLOC_FAILURE); + if (ctx == NULL) goto err; - } /* May fail if no provider available */ ERR_set_mark(); if (EVP_PKEY_key_fromdata_init(ctx) == 1) { diff --git a/crypto/init.c b/crypto/init.c index 34dd724bc5..fec178c389 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -412,8 +412,11 @@ void OPENSSL_cleanup(void) OSSL_TRACE(INIT, "OPENSSL_cleanup: engine_cleanup_int()\n"); engine_cleanup_int(); #endif + +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_store_cleanup_int()\n"); ossl_store_cleanup_int(); +#endif OSSL_TRACE(INIT, "OPENSSL_cleanup: openssl_ctx_default_deinit()\n"); openssl_ctx_default_deinit(); diff --git a/crypto/passphrase.c b/crypto/passphrase.c index ac352697db..170374f9d9 100644 --- a/crypto/passphrase.c +++ b/crypto/passphrase.c @@ -273,7 +273,8 @@ int ossl_pw_get_passphrase(char *pass, size_t pass_size, size_t *pass_len, do_cache: if (ret && data->flag_cache_passphrase) { - if (*pass_len > data->cached_passphrase_len) { + if (data->cached_passphrase == NULL + || *pass_len > data->cached_passphrase_len) { void *new_cache = OPENSSL_clear_realloc(data->cached_passphrase, data->cached_passphrase_len, diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 8aee82ea80..8b9bfe101e 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some STORE deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include "internal/cryptlib.h" #include @@ -58,11 +61,13 @@ static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x, NULL, NULL)) == NULL) goto err; #ifndef OPENSSL_NO_SECURE_HEAP - if (try_secure) { +# ifndef OPENSSL_NO_DEPRECATED_3_0 + if (try_secure) { int on = 1; if (!OSSL_STORE_ctrl(ctx, OSSL_STORE_C_USE_SECMEM, &on)) goto err; } +# endif #endif while (!OSSL_STORE_eof(ctx) diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 797d1d2c25..d891ca22e8 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -319,6 +319,17 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, ASN1_INTEGER_dup(X509_get0_serialNumber(x509)))) goto err; + /* + * TODO(3.0) Adapt for provider-native keys + * Meanwhile, we downgrade the key. + * #legacy + */ + if (!evp_pkey_downgrade(pkey)) { + PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, + PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + goto err; + } + /* lets keep the pkey around for a while */ EVP_PKEY_up_ref(pkey); p7i->pkey = pkey; diff --git a/crypto/provider_core.c b/crypto/provider_core.c index f282071e2d..754f6df1a4 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -1094,6 +1094,7 @@ static const OSSL_DISPATCH core_dispatch_[] = { { OSSL_FUNC_BIO_WRITE_EX, (void (*)(void))BIO_write_ex }, { OSSL_FUNC_BIO_GETS, (void (*)(void))BIO_gets }, { OSSL_FUNC_BIO_PUTS, (void (*)(void))BIO_puts }, + { OSSL_FUNC_BIO_CTRL, (void (*)(void))BIO_ctrl }, { OSSL_FUNC_BIO_FREE, (void (*)(void))BIO_free }, { OSSL_FUNC_BIO_VPRINTF, (void (*)(void))BIO_vprintf }, { OSSL_FUNC_BIO_VSNPRINTF, (void (*)(void))BIO_vsnprintf }, diff --git a/crypto/store/build.info b/crypto/store/build.info index 33b59f0fae..43d9e544a0 100644 --- a/crypto/store/build.info +++ b/crypto/store/build.info @@ -1,4 +1,7 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - store_err.c store_lib.c store_result.c store_strings.c store_meth.c \ - store_init.c store_register.c loader_file.c + store_err.c store_lib.c store_result.c store_strings.c store_meth.c + +IF[{- !$disabled{'deprecated-3.0'} -}] + SOURCE[../../libcrypto]=store_init.c store_register.c +ENDIF diff --git a/crypto/store/store_init.c b/crypto/store/store_init.c index b87730736d..4d434eb57b 100644 --- a/crypto/store/store_init.c +++ b/crypto/store/store_init.c @@ -14,8 +14,7 @@ static CRYPTO_ONCE store_init = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(do_store_init) { - return OPENSSL_init_crypto(0, NULL) - && ossl_store_file_loader_init(); + return OPENSSL_init_crypto(0, NULL); } int ossl_store_init_once(void) diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index d0fdb38cd8..89efe691da 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -11,6 +11,9 @@ #include #include +/* We need to use some STORE deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "e_os.h" #include @@ -80,6 +83,7 @@ OSSL_STORE_open_with_libctx(const char *uri, */ for (i = 0; loader_ctx == NULL && i < schemes_n; i++) { OSSL_TRACE1(STORE, "Looking up scheme %s\n", schemes[i]); +#ifndef OPENSSL_NO_DEPRECATED_3_0 if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL) { if (loader->open_with_libctx != NULL) loader_ctx = loader->open_with_libctx(loader, uri, libctx, propq, @@ -87,6 +91,7 @@ OSSL_STORE_open_with_libctx(const char *uri, else loader_ctx = loader->open(loader, uri, ui_method, ui_data); } +#endif if (loader == NULL && (fetched_loader = OSSL_STORE_LOADER_fetch(schemes[i], libctx, propq)) != NULL) { @@ -186,6 +191,7 @@ OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, post_process, post_process_data); } +#ifndef OPENSSL_NO_DEPRECATED_3_0 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...) { va_list args; @@ -229,6 +235,7 @@ int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args) */ return 1; } +#endif int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type) { @@ -333,12 +340,14 @@ int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search) OPENSSL_free(name_der); BN_free(number); } else { +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* legacy loader section */ if (ctx->loader->find == NULL) { ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION); return 0; } ret = ctx->loader->find(ctx->loader_ctx, search); +#endif } return ret; @@ -382,10 +391,12 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx) } v = load_data.v; } +#ifndef OPENSSL_NO_DEPRECATED_3_0 if (ctx->fetched_loader == NULL) v = ctx->loader->load(ctx->loader_ctx, ctx->pwdata._.ui_method.ui_method, ctx->pwdata._.ui_method.ui_method_data); +#endif } if (ctx->post_process != NULL && v != NULL) { @@ -424,8 +435,10 @@ int OSSL_STORE_error(OSSL_STORE_CTX *ctx) if (ctx->fetched_loader != NULL) ret = ctx->error_flag; +#ifndef OPENSSL_NO_DEPRECATED_3_0 if (ctx->fetched_loader == NULL) ret = ctx->loader->error(ctx->loader_ctx); +#endif return ret; } @@ -435,8 +448,10 @@ int OSSL_STORE_eof(OSSL_STORE_CTX *ctx) if (ctx->fetched_loader != NULL) ret = ctx->loader->p_eof(ctx->loader_ctx); +#ifndef OPENSSL_NO_DEPRECATED_3_0 if (ctx->fetched_loader == NULL) ret = ctx->loader->eof(ctx->loader_ctx); +#endif return ret; } @@ -450,12 +465,15 @@ static int ossl_store_close_it(OSSL_STORE_CTX *ctx) if (ctx->fetched_loader != NULL) ret = ctx->loader->p_close(ctx->loader_ctx); +#ifndef OPENSSL_NO_DEPRECATED_3_0 if (ctx->fetched_loader == NULL) ret = ctx->loader->close(ctx->loader_ctx); +#endif sk_OSSL_STORE_INFO_pop_free(ctx->cached_info, OSSL_STORE_INFO_free); OSSL_STORE_LOADER_free(ctx->fetched_loader); OPENSSL_free(ctx->properties); + ossl_pw_clear_passphrase_data(&ctx->pwdata); return ret; } @@ -474,7 +492,7 @@ int OSSL_STORE_close(OSSL_STORE_CTX *ctx) * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO * and will therefore be freed when the OSSL_STORE_INFO is freed. */ -static OSSL_STORE_INFO *store_info_new(int type, void *data) +OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data) { OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info)); @@ -488,7 +506,7 @@ static OSSL_STORE_INFO *store_info_new(int type, void *data) OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name) { - OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL); + OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_NAME, NULL); if (info == NULL) { ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); @@ -514,7 +532,7 @@ int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc) } OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params) { - OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params); + OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PARAMS, params); if (info == NULL) ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); @@ -523,7 +541,7 @@ OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params) OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pkey) { - OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PUBKEY, pkey); + OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PUBKEY, pkey); if (info == NULL) ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); @@ -532,7 +550,7 @@ OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pkey) OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey) { - OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey); + OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PKEY, pkey); if (info == NULL) ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); @@ -541,7 +559,7 @@ OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey) OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509) { - OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509); + OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CERT, x509); if (info == NULL) ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); @@ -550,7 +568,7 @@ OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509) OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl) { - OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl); + OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CRL, crl); if (info == NULL) ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); @@ -565,6 +583,13 @@ int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info) return info->type; } +void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info) +{ + if (info->type == type) + return info->_.data; + return NULL; +} + const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info) { if (info->type == OSSL_STORE_INFO_NAME) @@ -698,10 +723,6 @@ void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info) { if (info != NULL) { switch (info->type) { - case OSSL_STORE_INFO_EMBEDDED: - BUF_MEM_free(info->_.embedded.blob); - OPENSSL_free(info->_.embedded.pem_name); - break; case OSSL_STORE_INFO_NAME: OPENSSL_free(info->_.name.name); OPENSSL_free(info->_.name.desc); @@ -766,6 +787,7 @@ int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type) break; } } +#ifndef OPENSSL_NO_DEPRECATED_3_0 if (ctx->fetched_loader == NULL) { OSSL_STORE_SEARCH tmp_search; @@ -774,6 +796,7 @@ int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type) tmp_search.search_type = search_type; ret = ctx->loader->find(NULL, &tmp_search); } +#endif return ret; } @@ -889,44 +912,6 @@ const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion) return criterion->digest; } -/* Internal functions */ -OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name, - BUF_MEM *embedded) -{ - OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL); - - if (info == NULL) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return NULL; - } - - info->_.embedded.blob = embedded; - info->_.embedded.pem_name = - new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name); - - if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - OSSL_STORE_INFO_free(info); - info = NULL; - } - - return info; -} - -BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info) -{ - if (info->type == OSSL_STORE_INFO_EMBEDDED) - return info->_.embedded.blob; - return NULL; -} - -char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info) -{ - if (info->type == OSSL_STORE_INFO_EMBEDDED) - return info->_.embedded.pem_name; - return NULL; -} - OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme, OPENSSL_CTX *libctx, const char *propq, const UI_METHOD *ui_method, void *ui_data, @@ -942,9 +927,11 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme, scheme = "file"; OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme); +#ifndef OPENSSL_NO_DEPRECATED_3_0 if ((loader = ossl_store_get0_loader_int(scheme)) != NULL) loader_ctx = loader->attach(loader, bp, libctx, propq, ui_method, ui_data); +#endif if (loader == NULL && (fetched_loader = OSSL_STORE_LOADER_fetch(scheme, libctx, propq)) != NULL) { diff --git a/crypto/store/store_local.h b/crypto/store/store_local.h index 619e547aae..ef9815fa69 100644 --- a/crypto/store/store_local.h +++ b/crypto/store/store_local.h @@ -28,11 +28,6 @@ struct ossl_store_info_st { union { void *data; /* used internally as generic pointer */ - struct { - BUF_MEM *blob; - char *pem_name; - } embedded; /* when type == OSSL_STORE_INFO_EMBEDDED */ - struct { char *name; char *desc; @@ -45,26 +40,8 @@ struct ossl_store_info_st { X509_CRL *crl; /* when type == OSSL_STORE_INFO_CRL */ } _; }; - DEFINE_STACK_OF(OSSL_STORE_INFO) -/* - * EMBEDDED is a special type of OSSL_STORE_INFO, specially for the file - * handlers. It should never reach a calling application or any engine. - * However, it can be used by a FILE_HANDLER's try_decode function to signal - * that it has decoded the incoming blob into a new blob, and that the - * attempted decoding should be immediately restarted with the new blob, using - * the new PEM name. - */ -/* - * Because this is an internal type, we don't make it public. - */ -#define OSSL_STORE_INFO_EMBEDDED -1 -OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name, - BUF_MEM *embedded); -BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info); -char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info); - /*- * OSSL_STORE_SEARCH stuff * ----------------------- @@ -103,6 +80,7 @@ OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme); /* loader stuff */ struct ossl_store_loader_st { +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* Legacy stuff */ const char *scheme; ENGINE *engine; @@ -116,6 +94,7 @@ struct ossl_store_loader_st { OSSL_STORE_error_fn error; OSSL_STORE_close_fn close; OSSL_STORE_open_with_libctx_fn open_with_libctx; +#endif /* Provider stuff */ OSSL_PROVIDER *prov; @@ -139,6 +118,11 @@ DEFINE_LHASH_OF(OSSL_STORE_LOADER); const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme); void ossl_store_destroy_loaders_int(void); +#ifdef OPENSSL_NO_DEPRECATED_3_0 +/* struct ossl_store_loader_ctx_st is defined differently by each loader */ +typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; +#endif + /*- * OSSL_STORE_CTX stuff * --------------------- @@ -174,7 +158,6 @@ struct ossl_store_ctx_st { */ int ossl_store_init_once(void); -int ossl_store_file_loader_init(void); /*- * 'file' scheme stuff diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c index 74aeaf543b..47dd21acb9 100644 --- a/crypto/store/store_result.c +++ b/crypto/store/store_result.c @@ -83,6 +83,23 @@ static int try_crl(struct extracted_param_data_st *, OSSL_STORE_INFO **, static int try_pkcs12(struct extracted_param_data_st *, OSSL_STORE_INFO **, OSSL_STORE_CTX *, OPENSSL_CTX *, const char *); +#define SET_ERR_MARK() ERR_set_mark() +#define CLEAR_ERR_MARK() \ + do { \ + int err = ERR_peek_last_error(); \ + \ + if (ERR_GET_LIB(err) == ERR_LIB_ASN1 \ + && ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR) \ + ERR_pop_to_mark(); \ + else \ + ERR_clear_last_mark(); \ + } while(0) +#define RESET_ERR_MARK() \ + do { \ + CLEAR_ERR_MARK(); \ + SET_ERR_MARK(); \ + } while(0) + int ossl_store_handle_load_result(const OSSL_PARAM params[], void *arg) { struct ossl_load_result_data_st *cbdata = arg; @@ -123,14 +140,26 @@ int ossl_store_handle_load_result(const OSSL_PARAM params[], void *arg) * The helper functions return 0 on actual errors, otherwise 1, even if * they didn't fill out |*v|. */ - if (!try_name(&helper_data, v) - || !try_key(&helper_data, v, ctx, provider, libctx, propq) - || !try_cert(&helper_data, v, libctx, propq) - || !try_crl(&helper_data, v, libctx, propq) - || !try_pkcs12(&helper_data, v, ctx, libctx, propq)) - return 0; + SET_ERR_MARK(); + if (!try_name(&helper_data, v)) + goto err; + RESET_ERR_MARK(); + if (!try_key(&helper_data, v, ctx, provider, libctx, propq)) + goto err; + RESET_ERR_MARK(); + if (!try_cert(&helper_data, v, libctx, propq)) + goto err; + RESET_ERR_MARK(); + if (!try_crl(&helper_data, v, libctx, propq)) + goto err; + RESET_ERR_MARK(); + if (!try_pkcs12(&helper_data, v, ctx, libctx, propq)) + goto err; + CLEAR_ERR_MARK(); return (*v != NULL); + err: + return 0; } static int try_name(struct extracted_param_data_st *data, OSSL_STORE_INFO **v) @@ -302,7 +331,7 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data, derp = der; p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, der_len); if (p8info != NULL) { - pk = evp_pkcs82pkey_int(p8info, libctx, propq); + pk = EVP_PKCS82PKEY_with_libctx(p8info, libctx, propq); PKCS8_PRIV_KEY_INFO_free(p8info); } diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index a8ad292074..3e7dc42ef1 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -23,7 +23,7 @@ #include #include #include -#include "crypto/asn1.h" +#include "internal/asn1.h" #include "crypto/pkcs7.h" #include "crypto/x509.h" diff --git a/doc/man3/OSSL_STORE_INFO.pod b/doc/man3/OSSL_STORE_INFO.pod index bc965a77bd..8c811ec1f3 100644 --- a/doc/man3/OSSL_STORE_INFO.pod +++ b/doc/man3/OSSL_STORE_INFO.pod @@ -12,7 +12,8 @@ OSSL_STORE_INFO_get1_PKEY, OSSL_STORE_INFO_get1_CERT, OSSL_STORE_INFO_get1_CRL, OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free, OSSL_STORE_INFO_new_NAME, OSSL_STORE_INFO_set0_NAME_description, OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PUBKEY, -OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, OSSL_STORE_INFO_new_CRL +OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, OSSL_STORE_INFO_new_CRL, +OSSL_STORE_INFO_new, OSSL_STORE_INFO_get0_data - Functions to manipulate OSSL_STORE_INFO objects =head1 SYNOPSIS @@ -50,6 +51,9 @@ OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, OSSL_STORE_INFO_new_CRL OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); + OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data); + void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info); + =head1 DESCRIPTION These functions are primarily useful for applications to retrieve @@ -110,6 +114,19 @@ description. This description is meant to be human readable and should be used for information printout. +OSSL_STORE_INFO_new() creates a B with an arbitrary I +number and I structure. It's the responsibility of the caller to +define type numbers other than the ones defined by F<< >>, +and to handle freeing the associated data structure on their own. +I >> may cause +undefined behaviours, including crashes>. + +OSSL_STORE_INFO_get0_data() returns the data pointer that was passed to +OSSL_STORE_INFO_new() if I matches the type number in I. + +OSSL_STORE_INFO_new() and OSSL_STORE_INFO_get0_data() may be useful for +applications that define their own STORE data, but must be used with care. + =head1 SUPPORTED OBJECTS Currently supported object types are: @@ -177,13 +194,13 @@ OSSL_STORE_INFO_get1_PARAMS(), OSSL_STORE_INFO_get1_PKEY(), OSSL_STORE_INFO_get1_CERT() and OSSL_STORE_INFO_get1_CRL() all return a pointer to a duplicate of the OpenSSL object on success, NULL otherwise. -OSSL_STORE_INFO_type_string() returns a string on success, or B on +OSSL_STORE_INFO_type_string() returns a string on success, or NULL on failure. OSSL_STORE_INFO_new_NAME(), OSSL_STORE_INFO_new_PARAMS(), OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL() return a B -pointer on success, or B on failure. +pointer on success, or NULL on failure. OSSL_STORE_INFO_set0_NAME_description() returns 1 on success, or 0 on failure. diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index 4e25f79f9e..12e3748c47 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -52,8 +52,9 @@ unregister STORE loaders for different URI schemes void (*fn)(const char *name, void *data), void *data); -Legacy functions, still present to support Bs provided -by B: +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER @@ -146,11 +147,11 @@ I as arguments. OSSL_STORE_LOADER_names_do_all() traverses all names for the given I, and calls I with each name and I. -=head2 Legacy Types and Functions +=head2 Legacy Types and Functions (deprecated) These functions help applications and engines to create loaders for -schemes they support. These are all discouraged in favour of provider -implementations, see L. +schemes they support. These are all deprecated and discouraged in favour of +provider implementations, see L. B is a type template, to be defined by each loader using C. @@ -366,7 +367,7 @@ OSSL_STORE_LOADER_set_eof(), OSSL_STORE_LOADER_set_close(), OSSL_STORE_LOADER_free(), OSSL_STORE_register_loader(), OSSL_STORE_unregister_loader(), OSSL_STORE_open_fn(), OSSL_STORE_ctrl_fn(), OSSL_STORE_load_fn(), OSSL_STORE_eof_fn() and OSSL_STORE_close_fn() -were added in OpenSSL 1.1.1. +were added in OpenSSL 1.1.1, and became deprecated in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_STORE_SEARCH.pod b/doc/man3/OSSL_STORE_SEARCH.pod index 7dc84227f9..82ff05f9ef 100644 --- a/doc/man3/OSSL_STORE_SEARCH.pod +++ b/doc/man3/OSSL_STORE_SEARCH.pod @@ -139,27 +139,27 @@ OSSL_STORE_SEARCH_by_name(), OSSL_STORE_SEARCH_by_issuer_serial(), OSSL_STORE_SEARCH_by_key_fingerprint(), and OSSL_STORE_SEARCH_by_alias() -return a B pointer on success, or B on failure. +return a B pointer on success, or NULL on failure. OSSL_STORE_SEARCH_get_type() returns the criterion type of the given B. There is no error value. OSSL_STORE_SEARCH_get0_name() returns a B pointer on success, -or B when the given B was of a different type. +or NULL when the given B was of a different type. OSSL_STORE_SEARCH_get0_serial() returns a B pointer on success, -or B when the given B was of a different type. +or NULL when the given B was of a different type. OSSL_STORE_SEARCH_get0_bytes() returns a B pointer and -sets B<*length> to the strings length on success, or B when the given +sets I<*length> to the strings length on success, or NULL when the given B was of a different type. OSSL_STORE_SEARCH_get0_string() returns a B pointer on success, -or B when the given B was of a different type. +or NULL when the given B was of a different type. OSSL_STORE_SEARCH_get0_digest() returns a B pointer. -B is a valid value and means that the store loader default will +NULL is a valid value and means that the store loader default will be used when applicable. =head1 SEE ALSO diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod index 0f7bf9c0d3..4269dea20a 100644 --- a/doc/man3/OSSL_STORE_open.pod +++ b/doc/man3/OSSL_STORE_open.pod @@ -27,18 +27,23 @@ OSSL_STORE_error, OSSL_STORE_close const UI_METHOD *ui_method, void *ui_data, OSSL_STORE_post_process_info_fn post_process, void *post_process_data); - int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); + OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); int OSSL_STORE_error(OSSL_STORE_CTX *ctx); int OSSL_STORE_close(OSSL_STORE_CTX *ctx); +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + + int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); + =head1 DESCRIPTION These functions help the application to fetch supported objects (see L for information on which those are) -from a given URI (see L for more information on -the supported URI schemes). +from a given URI. The general method to do so is to "open" the URI using OSSL_STORE_open(), read each available and supported object using OSSL_STORE_load() as long as OSSL_STORE_eof() hasn't been reached, and finish it off with OSSL_STORE_close(). @@ -110,12 +115,6 @@ by OSSL_STORE_open() and frees all other information that was stored in the B, as well as the B itself. If I is NULL it does nothing. -=head1 SUPPORTED SCHEMES - -The basic supported scheme is B. -Any other scheme can be added dynamically, using -OSSL_STORE_register_loader(). - =head1 NOTES A string without a scheme prefix (that is, a non-URI string) is @@ -171,6 +170,8 @@ was introduced in OpenSSL 1.1.1h. OSSL_STORE_open_with_libctx() was added in OpenSSL 3.0. +OSSL_STORE_ctrl() and OSSL_STORE_vctrl() were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/engines/build.info b/engines/build.info index 3bfe1dc057..4e83dbf9bc 100644 --- a/engines/build.info +++ b/engines/build.info @@ -70,7 +70,7 @@ IF[{- !$disabled{"engine"} -}] ENDIF ENDIF - MODULES{noinst,engine}=ossltest dasync + MODULES{noinst,engine}=ossltest dasync loader_attic SOURCE[dasync]=e_dasync.c DEPEND[dasync]=../libcrypto INCLUDE[dasync]=../include @@ -86,6 +86,14 @@ IF[{- !$disabled{"engine"} -}] SOURCE[ossltest]=ossltest.ld GENERATE[ossltest.ld]=../util/engines.num ENDIF + + SOURCE[loader_attic]=e_loader_attic.c + DEPEND[loader_attic]=../libcrypto + INCLUDE[loader_attic]=../include + IF[{- defined $target{shared_defflag} -}] + SOURCE[loader_attic]=loader_attic.ld + GENERATE[loader_attic.ld]=../util/engines.num + ENDIF ENDIF GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl GENERATE[e_padlock-x86_64.s]=asm/e_padlock-x86_64.pl diff --git a/crypto/store/loader_file.c b/engines/e_loader_attic.c similarity index 82% rename from crypto/store/loader_file.c rename to engines/e_loader_attic.c index 25ce9ba92e..581bfb0285 100644 --- a/crypto/store/loader_file.c +++ b/engines/e_loader_attic.c @@ -7,10 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* THIS ENGINE IS FOR TESTING PURPOSES ONLY. */ + /* We need to use some engine deprecated APIs */ #define OPENSSL_SUPPRESS_DEPRECATED -#include "e_os.h" +/* #include "e_os.h" */ #include #include #include @@ -21,25 +23,26 @@ #include #include #include -#include "internal/pem.h" #include /* For the PKCS8 stuff o.O */ #include /* For d2i_RSAPrivateKey */ #include #include #include +#include #include /* For the PKCS8 stuff o.O */ -#include "crypto/asn1.h" -#include "crypto/ctype.h" +#include "internal/asn1.h" /* For asn1_d2i_read_bio */ +#include "internal/pem.h" /* For PVK and "blob" PEM headers */ #include "internal/o_dir.h" #include "internal/cryptlib.h" -#include "crypto/store.h" -#include "crypto/evp.h" -#include "store_local.h" + +#include "e_loader_attic_err.c" DEFINE_STACK_OF(X509) +DEFINE_STACK_OF(OSSL_STORE_INFO) #ifdef _WIN32 # define stat _stat +# define strncasecmp _strnicmp #endif #ifndef S_ISDIR @@ -59,7 +62,7 @@ static char *file_get_pass(const UI_METHOD *ui_method, char *pass, char *prompt = NULL; if (ui == NULL) { - OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE); + ATTICerr(0, ERR_R_MALLOC_FAILURE); return NULL; } @@ -68,21 +71,20 @@ static char *file_get_pass(const UI_METHOD *ui_method, char *pass, UI_add_user_data(ui, data); if ((prompt = UI_construct_prompt(ui, desc, info)) == NULL) { - OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE); + ATTICerr(0, ERR_R_MALLOC_FAILURE); pass = NULL; } else if (!UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD, pass, 0, maxsize - 1)) { - OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB); + ATTICerr(0, ERR_R_UI_LIB); pass = NULL; } else { switch (UI_process(ui)) { case -2: - OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, - OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED); + ATTICerr(0, ATTIC_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED); pass = NULL; break; case -1: - OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB); + ATTICerr(0, ERR_R_UI_LIB); pass = NULL; break; default: @@ -126,6 +128,91 @@ static int file_get_pem_pass(char *buf, int num, int w, void *data) return pass == NULL ? 0 : strlen(pass); } +/* + * Check if |str| ends with |suffix| preceded by a space, and if it does, + * return the index of that space. If there is no such suffix in |str|, + * return -1. + * For |str| == "FOO BAR" and |suffix| == "BAR", the returned value is 3. + */ +static int check_suffix(const char *str, const char *suffix) +{ + int str_len = strlen(str); + int suffix_len = strlen(suffix) + 1; + const char *p = NULL; + + if (suffix_len >= str_len) + return -1; + p = str + str_len - suffix_len; + if (*p != ' ' + || strcmp(p + 1, suffix) != 0) + return -1; + return p - str; +} + +/* + * EMBEDDED is a special type of OSSL_STORE_INFO, specially for the file + * handlers, so we define it internally. This uses the possibility to + * create an OSSL_STORE_INFO with a generic data pointer and arbitrary + * type number. + * + * This is used by a FILE_HANDLER's try_decode function to signal that it + * has decoded the incoming blob into a new blob, and that the attempted + * decoding should be immediately restarted with the new blob, using the + * new PEM name. + */ +/* Negative numbers are never used for public OSSL_STORE_INFO types */ +#define STORE_INFO_EMBEDDED -1 + +/* This is the embedded data */ +struct embedded_st { + BUF_MEM *blob; + char *pem_name; +}; + +/* Helper functions */ +static struct embedded_st *get0_EMBEDDED(OSSL_STORE_INFO *info) +{ + return OSSL_STORE_INFO_get0_data(STORE_INFO_EMBEDDED, info); +} + +static void store_info_free(OSSL_STORE_INFO *info) +{ + struct embedded_st *data; + + if (info != NULL && (data = get0_EMBEDDED(info)) != NULL) { + BUF_MEM_free(data->blob); + OPENSSL_free(data->pem_name); + OPENSSL_free(data); + } + OSSL_STORE_INFO_free(info); +} + +static OSSL_STORE_INFO *new_EMBEDDED(const char *new_pem_name, + BUF_MEM *embedded) +{ + OSSL_STORE_INFO *info = NULL; + struct embedded_st *data = NULL; + + if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL + || (info = OSSL_STORE_INFO_new(STORE_INFO_EMBEDDED, data)) == NULL) { + ATTICerr(0, ERR_R_MALLOC_FAILURE); + OPENSSL_free(data); + return NULL; + } + + data->pem_name = + new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name); + + if (new_pem_name != NULL && data->pem_name == NULL) { + ATTICerr(0, ERR_R_MALLOC_FAILURE); + store_info_free(info); + info = NULL; + } + data->blob = embedded; + + return info; +} + /*- * The file scheme decoders * ------------------------ @@ -243,13 +330,11 @@ static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name, if ((pass = file_get_pass(ui_method, tpass, PEM_BUFSIZE, "PKCS12 import pass phrase", uri, ui_data)) == NULL) { - OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12, - OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR); + ATTICerr(0, ATTIC_R_PASSPHRASE_CALLBACK_ERROR); goto p12_end; } if (!PKCS12_verify_mac(p12, pass, strlen(pass))) { - OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12, - OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC); + ATTICerr(0, ATTIC_R_ERROR_VERIFYING_PKCS12_MAC); goto p12_end; } } @@ -293,11 +378,11 @@ static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name, EVP_PKEY_free(pkey); X509_free(cert); sk_X509_pop_free(chain, X509_free); - OSSL_STORE_INFO_free(osi_pkey); - OSSL_STORE_INFO_free(osi_cert); - OSSL_STORE_INFO_free(osi_ca); + store_info_free(osi_pkey); + store_info_free(osi_cert); + store_info_free(osi_ca); if (!ok) { - sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free); + sk_OSSL_STORE_INFO_pop_free(ctx, store_info_free); ctx = NULL; } *pctx = ctx; @@ -325,7 +410,7 @@ static void destroy_ctx_PKCS12(void **pctx) { STACK_OF(OSSL_STORE_INFO) *ctx = *pctx; - sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free); + sk_OSSL_STORE_INFO_pop_free(ctx, store_info_free); *pctx = NULL; } @@ -375,16 +460,14 @@ static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name, *matchcount = 1; if ((mem = BUF_MEM_new()) == NULL) { - OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, - ERR_R_MALLOC_FAILURE); + ATTICerr(0, ERR_R_MALLOC_FAILURE); goto nop8; } if ((pass = file_get_pass(ui_method, kbuf, PEM_BUFSIZE, "PKCS8 decrypt pass phrase", uri, ui_data)) == NULL) { - OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, - OSSL_STORE_R_BAD_PASSWORD_READ); + ATTICerr(0, ATTIC_R_BAD_PASSWORD_READ); goto nop8; } @@ -397,10 +480,9 @@ static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name, mem->max = mem->length = (size_t)new_data_len; X509_SIG_free(p8); - store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem); + store_info = new_EMBEDDED(PEM_STRING_PKCS8INF, mem); if (store_info == NULL) { - OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, - ERR_R_MALLOC_FAILURE); + ATTICerr(0, ERR_R_MALLOC_FAILURE); goto nop8; } @@ -421,7 +503,6 @@ static FILE_HANDLER PKCS8Encrypted_handler = { * encoded ones and old style PEM ones (with the key type is encoded into * the PEM name). */ -int pem_check_suffix(const char *pem_str, const char *suffix); static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name, const char *pem_header, const unsigned char *blob, @@ -443,16 +524,19 @@ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name, *matchcount = 1; if (p8inf != NULL) - pkey = evp_pkcs82pkey_int(p8inf, libctx, propq); + pkey = EVP_PKCS82PKEY_with_libctx(p8inf, libctx, propq); PKCS8_PRIV_KEY_INFO_free(p8inf); } else { int slen; + int pkey_id; - if ((slen = pem_check_suffix(pem_name, "PRIVATE KEY")) > 0 + if ((slen = check_suffix(pem_name, "PRIVATE KEY")) > 0 && (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name, - slen)) != NULL) { + slen)) != NULL + && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, + ameth)) { *matchcount = 1; - pkey = d2i_PrivateKey_ex(ameth->pkey_id, NULL, &blob, len, + pkey = d2i_PrivateKey_ex(pkey_id, NULL, &blob, len, libctx, propq); } } @@ -473,17 +557,19 @@ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name, EVP_PKEY_ASN1_METHOD *ameth2 = NULL; EVP_PKEY *tmp_pkey = NULL; const unsigned char *tmp_blob = blob; + int pkey_id, pkey_flags; - if (!asn1meths(curengine, &ameth2, NULL, nids[i])) - continue; - if (ameth2 == NULL - || ameth2->pkey_flags & ASN1_PKEY_ALIAS) + if (!asn1meths(curengine, &ameth2, NULL, nids[i]) + || !EVP_PKEY_asn1_get0_info(&pkey_id, NULL, + &pkey_flags, NULL, NULL, + ameth2) + || (pkey_flags & ASN1_PKEY_ALIAS) != 0) continue; ERR_set_mark(); /* prevent flooding error queue */ - tmp_pkey = - d2i_PrivateKey_ex(ameth2->pkey_id, NULL, - &tmp_blob, len, libctx, propq); + tmp_pkey = d2i_PrivateKey_ex(pkey_id, NULL, + &tmp_blob, len, + libctx, propq); if (tmp_pkey != NULL) { if (pkey != NULL) EVP_PKEY_free(tmp_pkey); @@ -501,13 +587,16 @@ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name, for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { EVP_PKEY *tmp_pkey = NULL; const unsigned char *tmp_blob = blob; + int pkey_id, pkey_flags; ameth = EVP_PKEY_asn1_get0(i); - if (ameth->pkey_flags & ASN1_PKEY_ALIAS) + if (!EVP_PKEY_asn1_get0_info(&pkey_id, NULL, &pkey_flags, NULL, + NULL, ameth) + || (pkey_flags & ASN1_PKEY_ALIAS) != 0) continue; ERR_set_mark(); /* prevent flooding error queue */ - tmp_pkey = d2i_PrivateKey_ex(ameth->pkey_id, NULL, &tmp_blob, len, + tmp_pkey = d2i_PrivateKey_ex(pkey_id, NULL, &tmp_blob, len, libctx, propq); if (tmp_pkey != NULL) { if (pkey != NULL) @@ -590,69 +679,58 @@ static OSSL_STORE_INFO *try_decode_params(const char *pem_name, const char *propq) { OSSL_STORE_INFO *store_info = NULL; - int slen = 0; EVP_PKEY *pkey = NULL; const EVP_PKEY_ASN1_METHOD *ameth = NULL; - int ok = 0; if (pem_name != NULL) { - if ((slen = pem_check_suffix(pem_name, "PARAMETERS")) == 0) - return NULL; - *matchcount = 1; - } + int slen; + int pkey_id; - if (slen > 0) { - if ((pkey = EVP_PKEY_new()) == NULL) { - OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB); - return NULL; + if ((slen = check_suffix(pem_name, "PARAMETERS")) > 0 + && (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name, slen)) != NULL + && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, + ameth)) { + *matchcount = 1; + pkey = d2i_KeyParams(pkey_id, NULL, &blob, len); } - - - if (EVP_PKEY_set_type_str(pkey, pem_name, slen) - && (ameth = EVP_PKEY_get0_asn1(pkey)) != NULL - && ameth->param_decode != NULL - && ameth->param_decode(pkey, &blob, len)) - ok = 1; } else { int i; - EVP_PKEY *tmp_pkey = NULL; for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { + EVP_PKEY *tmp_pkey = NULL; const unsigned char *tmp_blob = blob; - - if (tmp_pkey == NULL && (tmp_pkey = EVP_PKEY_new()) == NULL) { - OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB); - break; - } + int pkey_id, pkey_flags; ameth = EVP_PKEY_asn1_get0(i); - if (ameth->pkey_flags & ASN1_PKEY_ALIAS) + if (!EVP_PKEY_asn1_get0_info(&pkey_id, NULL, &pkey_flags, NULL, + NULL, ameth) + || (pkey_flags & ASN1_PKEY_ALIAS) != 0) continue; ERR_set_mark(); /* prevent flooding error queue */ - if (EVP_PKEY_set_type(tmp_pkey, ameth->pkey_id) - && (ameth = EVP_PKEY_get0_asn1(tmp_pkey)) != NULL - && ameth->param_decode != NULL - && ameth->param_decode(tmp_pkey, &tmp_blob, len)) { + tmp_pkey = d2i_KeyParams(pkey_id, NULL, &tmp_blob, len); + + if (tmp_pkey != NULL) { if (pkey != NULL) EVP_PKEY_free(tmp_pkey); else pkey = tmp_pkey; - tmp_pkey = NULL; (*matchcount)++; } ERR_pop_to_mark(); } - EVP_PKEY_free(tmp_pkey); - if (*matchcount == 1) { - ok = 1; + if (*matchcount > 1) { + EVP_PKEY_free(pkey); + pkey = NULL; } } + if (pkey == NULL) + /* No match */ + return NULL; - if (ok) - store_info = OSSL_STORE_INFO_new_PARAMS(pkey); + store_info = OSSL_STORE_INFO_new_PARAMS(pkey); if (store_info == NULL) EVP_PKEY_free(pkey); @@ -824,6 +902,7 @@ struct ossl_store_loader_ctx_st { /* Expected object type. May be unspecified */ int expected_type; + OPENSSL_CTX *libctx; char *propq; }; @@ -898,7 +977,7 @@ static OSSL_STORE_LOADER_CTX *file_open_with_libctx } else if (uri[7] == '/') { p = &uri[7]; } else { - OSSL_STOREerr(0, OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED); + ATTICerr(0, ATTIC_R_URI_AUTHORITY_UNSUPPORTED); return NULL; } } @@ -907,7 +986,7 @@ static OSSL_STORE_LOADER_CTX *file_open_with_libctx #ifdef _WIN32 /* Windows file: URIs with a drive letter start with a / */ if (p[0] == '/' && p[2] == ':' && p[3] == '/') { - char c = ossl_tolower(p[1]); + char c = tolower(p[1]); if (c >= 'a' && c <= 'z') { p++; @@ -926,7 +1005,7 @@ static OSSL_STORE_LOADER_CTX *file_open_with_libctx * be absolute. So says RFC 8089 */ if (path_data[i].check_absolute && path_data[i].path[0] != '/') { - OSSL_STOREerr(0, OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE); + ATTICerr(0, ATTIC_R_PATH_MUST_BE_ABSOLUTE); ERR_add_error_data(1, path_data[i].path); return NULL; } @@ -947,12 +1026,12 @@ static OSSL_STORE_LOADER_CTX *file_open_with_libctx ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx == NULL) { - OSSL_STOREerr(0, ERR_R_MALLOC_FAILURE); + ATTICerr(0, ERR_R_MALLOC_FAILURE); return NULL; } ctx->uri = OPENSSL_strdup(uri); if (ctx->uri == NULL) { - OSSL_STOREerr(0, ERR_R_MALLOC_FAILURE); + ATTICerr(0, ERR_R_MALLOC_FAILURE); goto err; } @@ -962,11 +1041,7 @@ static OSSL_STORE_LOADER_CTX *file_open_with_libctx ctx->_.dir.last_errno = errno; if (ctx->_.dir.last_entry == NULL) { if (ctx->_.dir.last_errno != 0) { - char errbuf[256]; - OSSL_STOREerr(0, ERR_R_SYS_LIB); - errno = ctx->_.dir.last_errno; - if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) - ERR_add_error_data(1, errbuf); + ERR_raise(ERR_LIB_SYS, ctx->_.dir.last_errno); goto err; } ctx->_.dir.end_reached = 1; @@ -979,7 +1054,7 @@ static OSSL_STORE_LOADER_CTX *file_open_with_libctx if (propq != NULL) { ctx->propq = OPENSSL_strdup(propq); if (ctx->propq == NULL) { - OSSL_STOREerr(0, ERR_R_MALLOC_FAILURE); + ATTICerr(0, ERR_R_MALLOC_FAILURE); goto err; } } @@ -1005,17 +1080,11 @@ static OSSL_STORE_LOADER_CTX *file_attach { OSSL_STORE_LOADER_CTX *ctx = NULL; - if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { - OSSL_STOREerr(0, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (propq != NULL) { - ctx->propq = OPENSSL_strdup(propq); - if (ctx->propq == NULL) { - OSSL_STOREerr(0, ERR_R_MALLOC_FAILURE); - goto err; - } + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL + || (propq != NULL && (ctx->propq = OPENSSL_strdup(propq)) == NULL)) { + ATTICerr(0, ERR_R_MALLOC_FAILURE); + OSSL_STORE_LOADER_CTX_free(ctx); + return NULL; } ctx->libctx = libctx; ctx->flags |= FILE_FLAG_ATTACHED; @@ -1048,7 +1117,7 @@ static int file_ctrl(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args) ctx->flags |= FILE_FLAG_SECMEM; break; default: - OSSL_STOREerr(0, ERR_R_PASSED_INVALID_ARGUMENT); + ATTICerr(0, ERR_R_PASSED_INVALID_ARGUMENT); ret = 0; break; } @@ -1082,8 +1151,7 @@ static int file_find(OSSL_STORE_LOADER_CTX *ctx, return 1; if (ctx->type != is_dir) { - OSSL_STOREerr(OSSL_STORE_F_FILE_FIND, - OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES); + ATTICerr(0, ATTIC_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES); return 0; } @@ -1094,8 +1162,7 @@ static int file_find(OSSL_STORE_LOADER_CTX *ctx, } if (ctx != NULL) - OSSL_STOREerr(OSSL_STORE_F_FILE_FIND, - OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE); + ATTICerr(0, ATTIC_R_UNSUPPORTED_SEARCH_TYPE); return 0; } @@ -1120,8 +1187,7 @@ static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx, * OSSL_NELEM(file_handlers)); if (matching_handlers == NULL) { - OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD_TRY_DECODE, - ERR_R_MALLOC_FAILURE); + ATTICerr(0, ERR_R_MALLOC_FAILURE); goto err; } @@ -1157,8 +1223,8 @@ static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx, if ((*matchcount += try_matchcount) > 1) { /* more than one match => ambiguous, kill any result */ - OSSL_STORE_INFO_free(result); - OSSL_STORE_INFO_free(tmp_result); + store_info_free(result); + store_info_free(tmp_result); if (handler->destroy_ctx != NULL) handler->destroy_ctx(&handler_ctx); handler_ctx = NULL; @@ -1183,13 +1249,18 @@ static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx, BUF_MEM_free(new_mem); if (result != NULL - && (t = OSSL_STORE_INFO_get_type(result)) == OSSL_STORE_INFO_EMBEDDED) { - pem_name = new_pem_name = - ossl_store_info_get0_EMBEDDED_pem_name(result); - new_mem = ossl_store_info_get0_EMBEDDED_buffer(result); + && (t = OSSL_STORE_INFO_get_type(result)) == STORE_INFO_EMBEDDED) { + struct embedded_st *embedded = get0_EMBEDDED(result); + + /* "steal" the embedded data */ + pem_name = new_pem_name = embedded->pem_name; + new_mem = embedded->blob; data = (unsigned char *)new_mem->data; len = new_mem->length; - OPENSSL_free(result); + embedded->pem_name = NULL; + embedded->blob = NULL; + + store_info_free(result); result = NULL; goto again; } @@ -1380,7 +1451,7 @@ static int file_name_to_uri(OSSL_STORE_LOADER_CTX *ctx, const char *name, *data = OPENSSL_zalloc(calculated_length); if (*data == NULL) { - OSSL_STOREerr(OSSL_STORE_F_FILE_NAME_TO_URI, ERR_R_MALLOC_FAILURE); + ATTICerr(0, ERR_R_MALLOC_FAILURE); return 0; } @@ -1431,9 +1502,9 @@ static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name) * Last, check that the rest of the extension is a decimal number, at * least one digit long. */ - if (!ossl_isdigit(*p)) + if (!isdigit(*p)) return 0; - while (ossl_isdigit(*p)) + while (isdigit(*p)) p++; #ifdef __VMS @@ -1469,13 +1540,9 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, if (ctx->_.dir.last_entry == NULL) { if (!ctx->_.dir.end_reached) { - char errbuf[256]; assert(ctx->_.dir.last_errno != 0); - OSSL_STOREerr(0, ERR_R_SYS_LIB); - errno = ctx->_.dir.last_errno; + ERR_raise(ERR_LIB_SYS, ctx->_.dir.last_errno); ctx->errcnt++; - if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) - ERR_add_error_data(1, errbuf); } return NULL; } @@ -1499,7 +1566,7 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, if (newname != NULL && (result = OSSL_STORE_INFO_new_NAME(newname)) == NULL) { OPENSSL_free(newname); - OSSL_STOREerr(0, ERR_R_OSSL_STORE_LIB); + ATTICerr(0, ERR_R_OSSL_STORE_LIB); return NULL; } } while (result == NULL && !file_eof(ctx)); @@ -1558,14 +1625,14 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, } if (matchcount > 1) { - OSSL_STOREerr(0, OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE); + ATTICerr(0, ATTIC_R_AMBIGUOUS_CONTENT_TYPE); } else if (matchcount == 1) { /* * If there are other errors on the stack, they already show * what the problem is. */ if (ERR_peek_error() == 0) { - OSSL_STOREerr(0, OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE); + ATTICerr(0, ATTIC_R_UNSUPPORTED_CONTENT_TYPE); if (pem_name != NULL) ERR_add_error_data(3, "PEM type is '", pem_name, "'"); } @@ -1581,14 +1648,14 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, /* We bail out on ambiguity */ if (matchcount > 1) { - OSSL_STORE_INFO_free(result); + store_info_free(result); return NULL; } if (result != NULL && ctx->expected_type != 0 && ctx->expected_type != OSSL_STORE_INFO_get_type(result)) { - OSSL_STORE_INFO_free(result); + store_info_free(result); goto again; } } @@ -1637,31 +1704,87 @@ static int file_close(OSSL_STORE_LOADER_CTX *ctx) return 1; } -static OSSL_STORE_LOADER file_loader = - { - "file", - NULL, - file_open, - file_attach, - file_ctrl, - file_expect, - file_find, - file_load, - file_eof, - file_error, - file_close, - file_open_with_libctx, - }; - -static void store_file_loader_deinit(void) +/*- + * ENGINE management + */ + +static const char *loader_attic_id = "loader_attic"; +static const char *loader_attic_name = "'file:' loader"; + +static OSSL_STORE_LOADER *loader_attic = NULL; + +static int loader_attic_init(ENGINE *e) { - ossl_store_unregister_loader_int(file_loader.scheme); + return 1; } -int ossl_store_file_loader_init(void) + +static int loader_attic_finish(ENGINE *e) { - int ret = ossl_store_register_loader_int(&file_loader); + return 1; +} - OPENSSL_atexit(store_file_loader_deinit); - return ret; + +static int loader_attic_destroy(ENGINE *e) +{ + OSSL_STORE_LOADER *loader = OSSL_STORE_unregister_loader("file"); + + if (loader == NULL) + return 0; + + ERR_unload_ATTIC_strings(); + OSSL_STORE_LOADER_free(loader); + return 1; +} + +static int bind_loader_attic(ENGINE *e) +{ + + /* Ensure the ATTIC error handdling is set up on best effort basis */ + ERR_load_ATTIC_strings(); + + if (/* Create the OSSL_STORE_LOADER */ + (loader_attic = OSSL_STORE_LOADER_new(e, "file")) == NULL + || !OSSL_STORE_LOADER_set_open_with_libctx(loader_attic, + file_open_with_libctx) + || !OSSL_STORE_LOADER_set_open(loader_attic, file_open) + || !OSSL_STORE_LOADER_set_attach(loader_attic, file_attach) + || !OSSL_STORE_LOADER_set_ctrl(loader_attic, file_ctrl) + || !OSSL_STORE_LOADER_set_expect(loader_attic, file_expect) + || !OSSL_STORE_LOADER_set_find(loader_attic, file_find) + || !OSSL_STORE_LOADER_set_load(loader_attic, file_load) + || !OSSL_STORE_LOADER_set_eof(loader_attic, file_eof) + || !OSSL_STORE_LOADER_set_error(loader_attic, file_error) + || !OSSL_STORE_LOADER_set_close(loader_attic, file_close) + /* Init the engine itself */ + || !ENGINE_set_id(e, loader_attic_id) + || !ENGINE_set_name(e, loader_attic_name) + || !ENGINE_set_destroy_function(e, loader_attic_destroy) + || !ENGINE_set_init_function(e, loader_attic_init) + || !ENGINE_set_finish_function(e, loader_attic_finish) + /* Finally, register the method with libcrypto */ + || !OSSL_STORE_register_loader(loader_attic)) { + OSSL_STORE_LOADER_free(loader_attic); + loader_attic = NULL; + ATTICerr(0, ATTIC_R_INIT_FAILED); + return 0; + } + + return 1; +} + +#ifdef OPENSSL_NO_DYNAMIC_ENGINE +# error "Only allowed as dynamically shared object" +#endif + +static int bind_helper(ENGINE *e, const char *id) +{ + if (id && (strcmp(id, loader_attic_id) != 0)) + return 0; + if (!bind_loader_attic(e)) + return 0; + return 1; } + +IMPLEMENT_DYNAMIC_CHECK_FN() + IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) diff --git a/engines/e_loader_attic.ec b/engines/e_loader_attic.ec new file mode 100644 index 0000000000..525a689fe5 --- /dev/null +++ b/engines/e_loader_attic.ec @@ -0,0 +1,3 @@ +# The INPUT HEADER is scanned for declarations +# LIBNAME INPUT HEADER ERROR-TABLE FILE +L ATTIC e_loader_attic_err.h e_loader_attic_err.c diff --git a/engines/e_loader_attic.txt b/engines/e_loader_attic.txt new file mode 100644 index 0000000000..db1a996a33 --- /dev/null +++ b/engines/e_loader_attic.txt @@ -0,0 +1,23 @@ +# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Function codes + +#Reason codes +ATTIC_R_AMBIGUOUS_CONTENT_TYPE:100:ambiguous content type +ATTIC_R_BAD_PASSWORD_READ:101:bad password read +ATTIC_R_ERROR_VERIFYING_PKCS12_MAC:102:error verifying pkcs12 mac +ATTIC_R_INIT_FAILED:103:init failed +ATTIC_R_PASSPHRASE_CALLBACK_ERROR:104:passphrase callback error +ATTIC_R_PATH_MUST_BE_ABSOLUTE:105:path must be absolute +ATTIC_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES:106:\ + search only supported for directories +ATTIC_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED:107:\ + ui process interrupted or cancelled +ATTIC_R_UNSUPPORTED_CONTENT_TYPE:108:unsupported content type +ATTIC_R_UNSUPPORTED_SEARCH_TYPE:109:unsupported search type +ATTIC_R_URI_AUTHORITY_UNSUPPORTED:110:uri authority unsupported diff --git a/engines/e_loader_attic_err.c b/engines/e_loader_attic_err.c new file mode 100644 index 0000000000..2bc4e854c8 --- /dev/null +++ b/engines/e_loader_attic_err.c @@ -0,0 +1,73 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "e_loader_attic_err.h" + +#ifndef OPENSSL_NO_ERR + +static ERR_STRING_DATA ATTIC_str_reasons[] = { + {ERR_PACK(0, 0, ATTIC_R_AMBIGUOUS_CONTENT_TYPE), "ambiguous content type"}, + {ERR_PACK(0, 0, ATTIC_R_BAD_PASSWORD_READ), "bad password read"}, + {ERR_PACK(0, 0, ATTIC_R_ERROR_VERIFYING_PKCS12_MAC), + "error verifying pkcs12 mac"}, + {ERR_PACK(0, 0, ATTIC_R_INIT_FAILED), "init failed"}, + {ERR_PACK(0, 0, ATTIC_R_PASSPHRASE_CALLBACK_ERROR), + "passphrase callback error"}, + {ERR_PACK(0, 0, ATTIC_R_PATH_MUST_BE_ABSOLUTE), "path must be absolute"}, + {ERR_PACK(0, 0, ATTIC_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES), + "search only supported for directories"}, + {ERR_PACK(0, 0, ATTIC_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED), + "ui process interrupted or cancelled"}, + {ERR_PACK(0, 0, ATTIC_R_UNSUPPORTED_CONTENT_TYPE), + "unsupported content type"}, + {ERR_PACK(0, 0, ATTIC_R_UNSUPPORTED_SEARCH_TYPE), + "unsupported search type"}, + {ERR_PACK(0, 0, ATTIC_R_URI_AUTHORITY_UNSUPPORTED), + "uri authority unsupported"}, + {0, NULL} +}; + +#endif + +static int lib_code = 0; +static int error_loaded = 0; + +static int ERR_load_ATTIC_strings(void) +{ + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); + + if (!error_loaded) { +#ifndef OPENSSL_NO_ERR + ERR_load_strings(lib_code, ATTIC_str_reasons); +#endif + error_loaded = 1; + } + return 1; +} + +static void ERR_unload_ATTIC_strings(void) +{ + if (error_loaded) { +#ifndef OPENSSL_NO_ERR + ERR_unload_strings(lib_code, ATTIC_str_reasons); +#endif + error_loaded = 0; + } +} + +static void ERR_ATTIC_error(int function, int reason, char *file, int line) +{ + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); + ERR_raise(lib_code, reason); + ERR_set_debug(file, line, NULL); +} diff --git a/engines/e_loader_attic_err.h b/engines/e_loader_attic_err.h new file mode 100644 index 0000000000..115e0ea6f6 --- /dev/null +++ b/engines/e_loader_attic_err.h @@ -0,0 +1,43 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ATTICERR_H +# define OPENSSL_ATTICERR_H +# pragma once + +# include +# include + + +# define ATTICerr(f, r) ERR_ATTIC_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) + + +/* + * ATTIC function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# endif + +/* + * ATTIC reason codes. + */ +# define ATTIC_R_AMBIGUOUS_CONTENT_TYPE 100 +# define ATTIC_R_BAD_PASSWORD_READ 101 +# define ATTIC_R_ERROR_VERIFYING_PKCS12_MAC 102 +# define ATTIC_R_INIT_FAILED 103 +# define ATTIC_R_PASSPHRASE_CALLBACK_ERROR 104 +# define ATTIC_R_PATH_MUST_BE_ABSOLUTE 105 +# define ATTIC_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 106 +# define ATTIC_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 107 +# define ATTIC_R_UNSUPPORTED_CONTENT_TYPE 108 +# define ATTIC_R_UNSUPPORTED_SEARCH_TYPE 109 +# define ATTIC_R_URI_AUTHORITY_UNSUPPORTED 110 + +#endif diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h index 041642f022..624df3cb05 100644 --- a/include/crypto/asn1.h +++ b/include/crypto/asn1.h @@ -124,5 +124,3 @@ struct asn1_pctx_st { unsigned long oid_flags; unsigned long str_flags; } /* ASN1_PCTX */ ; - -int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); diff --git a/include/crypto/decoder.h b/include/crypto/decoder.h new file mode 100644 index 0000000000..b465752971 --- /dev/null +++ b/include/crypto/decoder.h @@ -0,0 +1,40 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_DECODER_H +# define OSSL_CRYPTO_DECODER_H + +# include + +OSSL_DECODER *ossl_decoder_fetch_by_number(OPENSSL_CTX *libctx, + int id, + const char *properties); + +/* + * These are specially made for the 'file:' provider-native loader, which + * uses this to install a DER to anything decoder, which doesn't do much + * except read a DER blob and pass it on as a provider object abstraction + * (provider-object(7)). + */ +void *ossl_decoder_from_dispatch(int id, const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov); + +OSSL_DECODER_INSTANCE * +ossl_decoder_instance_new(OSSL_DECODER *decoder, void *decoderctx); +void ossl_decoder_instance_free(OSSL_DECODER_INSTANCE *decoder_inst); +int ossl_decoder_ctx_add_decoder_inst(OSSL_DECODER_CTX *ctx, + OSSL_DECODER_INSTANCE *di); + +int ossl_decoder_ctx_setup_for_EVP_PKEY(OSSL_DECODER_CTX *ctx, + EVP_PKEY **pkey, + OPENSSL_CTX *libctx, + const char *propquery); + +#endif + diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 634eb86425..b00634234c 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -763,8 +763,6 @@ int pkcs5_pbkdf2_hmac_with_libctx(const char *pass, int passlen, int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); -EVP_PKEY *evp_pkcs82pkey_int(const PKCS8_PRIV_KEY_INFO *p8, OPENSSL_CTX *libctx, - const char *propq); EVP_MD_CTX *evp_md_ctx_new_with_libctx(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, OPENSSL_CTX *libctx, const char *propq); diff --git a/include/internal/asn1.h b/include/internal/asn1.h new file mode 100644 index 0000000000..8448786919 --- /dev/null +++ b/include/internal/asn1.h @@ -0,0 +1,15 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_ASN1_H +# define OSSL_INTERNAL_ASN1_H + +int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); + +#endif diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h index b21fe559f7..ac83f88cc4 100644 --- a/include/openssl/core_dispatch.h +++ b/include/openssl/core_dispatch.h @@ -137,6 +137,7 @@ OSSL_CORE_MAKE_FUNC(void, #define OSSL_FUNC_BIO_VSNPRINTF 46 #define OSSL_FUNC_BIO_PUTS 47 #define OSSL_FUNC_BIO_GETS 48 +#define OSSL_FUNC_BIO_CTRL 49 OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_file, (const char *filename, @@ -153,6 +154,8 @@ OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO *bio, const char *format, va_list args)) OSSL_CORE_MAKE_FUNC(int, BIO_vsnprintf, (char *buf, size_t n, const char *fmt, va_list args)) +OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO *bio, + int cmd, long num, void *ptr)) #define OSSL_FUNC_SELF_TEST_CB 100 OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb, diff --git a/include/openssl/err.h b/include/openssl/err.h index 497436d2c5..3e3b64b158 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -113,8 +113,8 @@ struct err_state_st { # define ERR_LIB_CRMF 56 # define ERR_LIB_PROV 57 # define ERR_LIB_CMP 58 -# define ERR_LIB_OSSL_ENCODER 59 -# define ERR_LIB_OSSL_DECODER 60 +# define ERR_LIB_OSSL_ENCODER 59 +# define ERR_LIB_OSSL_DECODER 60 # define ERR_LIB_HTTP 61 # define ERR_LIB_USER 128 @@ -304,6 +304,7 @@ static ossl_inline int ERR_FATAL_ERROR(unsigned long errcode) # define ERR_R_UI_LIB ERR_LIB_UI/* 40 */ # define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ # define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */ +# define ERR_R_OSSL_DECODER_LIB ERR_LIB_OSSL_DECODER/* 60 */ /* * global reason codes, range 64..99 (sub-system specific codes start at 100) diff --git a/include/openssl/store.h b/include/openssl/store.h index 9a2b423371..8fc035c2e3 100644 --- a/include/openssl/store.h +++ b/include/openssl/store.h @@ -69,8 +69,12 @@ OSSL_STORE_open_with_libctx(const char *uri, * determine which loader is used), except for common commands (see below). * Each command takes different arguments. */ -int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); -int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args); +DEPRECATEDIN_3_0(int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, + ... /* args */)) +DEPRECATEDIN_3_0(int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, + va_list args)) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 /* * Common ctrl commands that different loaders may choose to support. @@ -80,6 +84,8 @@ int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args); /* Where custom commands start */ # define OSSL_STORE_C_CUSTOM_START 100 +# endif + /* * Read one data item (a key, a cert, a CRL) that is supported by the OSSL_STORE * functionality, given a context. @@ -151,6 +157,7 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, const char *scheme, * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO * and will therefore be freed when the OSSL_STORE_INFO is freed. */ +OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data); OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params); @@ -163,6 +170,7 @@ OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); * Functions to try to extract data from a OSSL_STORE_INFO. */ int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info); +void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info); const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info); char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info); const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info); @@ -269,6 +277,8 @@ void OSSL_STORE_LOADER_names_do_all(const OSSL_STORE_LOADER *loader, * scheme. */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 + /* struct ossl_store_loader_ctx_st is defined differently by each loader */ typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn) @@ -295,42 +305,58 @@ typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); -OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); -int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, - OSSL_STORE_open_fn open_function); -int OSSL_STORE_LOADER_set_open_with_libctx - (OSSL_STORE_LOADER *loader, - OSSL_STORE_open_with_libctx_fn open_with_libctx_function); -int OSSL_STORE_LOADER_set_attach(OSSL_STORE_LOADER *loader, - OSSL_STORE_attach_fn attach_function); -int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, - OSSL_STORE_ctrl_fn ctrl_function); -int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, - OSSL_STORE_expect_fn expect_function); -int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, - OSSL_STORE_find_fn find_function); -int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader, - OSSL_STORE_load_fn load_function); -int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader, - OSSL_STORE_eof_fn eof_function); -int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader, - OSSL_STORE_error_fn error_function); -int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, - OSSL_STORE_close_fn close_function); - -const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader); -const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); - -int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); -OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); +# endif + +DEPRECATEDIN_3_0(OSSL_STORE_LOADER *OSSL_STORE_LOADER_new + (ENGINE *e, const char *scheme)) +DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_open + (OSSL_STORE_LOADER *loader, + OSSL_STORE_open_fn open_function)) +DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_open_with_libctx + (OSSL_STORE_LOADER *loader, + OSSL_STORE_open_with_libctx_fn open_with_libctx_function)) +DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_attach + (OSSL_STORE_LOADER *loader, + OSSL_STORE_attach_fn attach_function)) +DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_ctrl + (OSSL_STORE_LOADER *loader, + OSSL_STORE_ctrl_fn ctrl_function)) +DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_expect + (OSSL_STORE_LOADER *loader, + OSSL_STORE_expect_fn expect_function)) +DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_find + (OSSL_STORE_LOADER *loader, + OSSL_STORE_find_fn find_function)) +DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_load + (OSSL_STORE_LOADER *loader, + OSSL_STORE_load_fn load_function)) +DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_eof + (OSSL_STORE_LOADER *loader, + OSSL_STORE_eof_fn eof_function)) +DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_error + (OSSL_STORE_LOADER *loader, + OSSL_STORE_error_fn error_function)) +DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_close + (OSSL_STORE_LOADER *loader, + OSSL_STORE_close_fn close_function)) + +DEPRECATEDIN_3_0(const ENGINE *OSSL_STORE_LOADER_get0_engine + (const OSSL_STORE_LOADER *loader)) +DEPRECATEDIN_3_0(const char * OSSL_STORE_LOADER_get0_scheme + (const OSSL_STORE_LOADER *loader)) + +DEPRECATEDIN_3_0(int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader)) +DEPRECATEDIN_3_0(OSSL_STORE_LOADER *OSSL_STORE_unregister_loader + (const char *scheme)) /*- * Functions to list STORE loaders * ------------------------------- */ -int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER - *loader, void *do_arg), - void *do_arg); +DEPRECATEDIN_3_0(int OSSL_STORE_do_all_loaders + (void (*do_function)(const OSSL_STORE_LOADER *loader, + void *do_arg), + void *do_arg)) # ifdef __cplusplus } diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 9aef28c954..d243fda94c 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1035,6 +1035,8 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); +EVP_PKEY *EVP_PKCS82PKEY_with_libctx(const PKCS8_PRIV_KEY_INFO *p8, + OPENSSL_CTX *libctx, const char *propq); PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey); int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, diff --git a/providers/baseprov.c b/providers/baseprov.c index dcea2ad93e..38d9090bb3 100644 --- a/providers/baseprov.c +++ b/providers/baseprov.c @@ -86,6 +86,15 @@ static const OSSL_ALGORITHM base_decoder[] = { }; #undef DECODER +static const OSSL_ALGORITHM base_store[] = { +#define STORE(name, fips, func_table) \ + { name, "provider=base,fips=" fips, (func_table) }, + +#include "stores.inc" + { NULL, NULL, NULL } +#undef STORE +}; + static const OSSL_ALGORITHM *base_query(void *provctx, int operation_id, int *no_cache) { @@ -95,6 +104,8 @@ static const OSSL_ALGORITHM *base_query(void *provctx, int operation_id, return base_encoder; case OSSL_OP_DECODER: return base_decoder; + case OSSL_OP_STORE: + return base_store; } return NULL; } diff --git a/providers/common/bio_prov.c b/providers/common/bio_prov.c index fc1f8b2b26..c049795cd1 100644 --- a/providers/common/bio_prov.c +++ b/providers/common/bio_prov.c @@ -18,6 +18,7 @@ static OSSL_FUNC_BIO_read_ex_fn *c_bio_read_ex = NULL; static OSSL_FUNC_BIO_write_ex_fn *c_bio_write_ex = NULL; static OSSL_FUNC_BIO_gets_fn *c_bio_gets = NULL; static OSSL_FUNC_BIO_puts_fn *c_bio_puts = NULL; +static OSSL_FUNC_BIO_ctrl_fn *c_bio_ctrl = NULL; static OSSL_FUNC_BIO_free_fn *c_bio_free = NULL; static OSSL_FUNC_BIO_vprintf_fn *c_bio_vprintf = NULL; @@ -49,6 +50,10 @@ int ossl_prov_bio_from_dispatch(const OSSL_DISPATCH *fns) if (c_bio_puts == NULL) c_bio_puts = OSSL_FUNC_BIO_puts(fns); break; + case OSSL_FUNC_BIO_CTRL: + if (c_bio_ctrl == NULL) + c_bio_ctrl = OSSL_FUNC_BIO_ctrl(fns); + break; case OSSL_FUNC_BIO_FREE: if (c_bio_free == NULL) c_bio_free = OSSL_FUNC_BIO_free(fns); @@ -107,6 +112,13 @@ int ossl_prov_bio_puts(OSSL_CORE_BIO *bio, const char *str) return c_bio_puts(bio, str); } +int ossl_prov_bio_ctrl(OSSL_CORE_BIO *bio, int cmd, long num, void *ptr) +{ + if (c_bio_ctrl == NULL) + return -1; + return c_bio_ctrl(bio, cmd, num, ptr); +} + int ossl_prov_bio_free(OSSL_CORE_BIO *bio) { if (c_bio_free == NULL) @@ -151,9 +163,7 @@ static int bio_core_write_ex(BIO *bio, const char *data, size_t data_len, static long bio_core_ctrl(BIO *bio, int cmd, long num, void *ptr) { - /* We don't support this */ - assert(0); - return 0; + return ossl_prov_bio_ctrl(BIO_get_data(bio), cmd, num, ptr); } static int bio_core_gets(BIO *bio, char *buf, int size) diff --git a/providers/common/include/prov/bio.h b/providers/common/include/prov/bio.h index 3cef89ce18..9dd9f44bad 100644 --- a/providers/common/include/prov/bio.h +++ b/providers/common/include/prov/bio.h @@ -22,6 +22,7 @@ int ossl_prov_bio_write_ex(OSSL_CORE_BIO *bio, const void *data, size_t data_len size_t *written); int ossl_prov_bio_gets(OSSL_CORE_BIO *bio, char *buf, int size); int ossl_prov_bio_puts(OSSL_CORE_BIO *bio, const char *str); +int ossl_prov_bio_ctrl(OSSL_CORE_BIO *bio, int cmd, long num, void *ptr); int ossl_prov_bio_free(OSSL_CORE_BIO *bio); int ossl_prov_bio_vprintf(OSSL_CORE_BIO *bio, const char *format, va_list ap); int ossl_prov_bio_printf(OSSL_CORE_BIO *bio, const char *format, ...); diff --git a/providers/common/include/prov/providercommonerr.h b/providers/common/include/prov/providercommonerr.h index 4c356fc5c6..82eea21049 100644 --- a/providers/common/include/prov/providercommonerr.h +++ b/providers/common/include/prov/providercommonerr.h @@ -139,12 +139,14 @@ int ERR_load_PROV_strings(void); # define PROV_R_OUTPUT_BUFFER_TOO_SMALL 106 # define PROV_R_PARENT_LOCKING_NOT_ENABLED 182 # define PROV_R_PARENT_STRENGTH_TOO_WEAK 194 +# define PROV_R_PATH_MUST_BE_ABSOLUTE 219 # define PROV_R_PERSONALISATION_STRING_TOO_LONG 195 # define PROV_R_PSS_SALTLEN_TOO_SMALL 172 # define PROV_R_READ_KEY 159 # define PROV_R_REQUEST_TOO_LARGE_FOR_DRBG 196 # define PROV_R_REQUIRE_CTR_MODE_CIPHER 206 # define PROV_R_RESEED_ERROR 197 +# define PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 222 # define PROV_R_SELF_TEST_KAT_FAILURE 215 # define PROV_R_SELF_TEST_POST_FAILURE 216 # define PROV_R_TAG_NOTSET 119 @@ -165,6 +167,7 @@ int ERR_load_PROV_strings(void); # define PROV_R_UNSUPPORTED_KEY_SIZE 153 # define PROV_R_UNSUPPORTED_MAC_TYPE 137 # define PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS 152 +# define PROV_R_URI_AUTHORITY_UNSUPPORTED 223 # define PROV_R_VALUE_ERROR 138 # define PROV_R_WRONG_FINAL_BLOCK_LENGTH 107 # define PROV_R_WRONG_OUTPUT_BUFFER_SIZE 139 diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index 3ea41f3c25..6d6a254dd6 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -149,6 +149,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "parent locking not enabled"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PARENT_STRENGTH_TOO_WEAK), "parent strength too weak"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PATH_MUST_BE_ABSOLUTE), + "path must be absolute"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PERSONALISATION_STRING_TOO_LONG), "personalisation string too long"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PSS_SALTLEN_TOO_SMALL), @@ -159,6 +161,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_REQUIRE_CTR_MODE_CIPHER), "require ctr mode cipher"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_RESEED_ERROR), "reseed error"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES), + "search only supported for directories"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SELF_TEST_KAT_FAILURE), "self test kat failure"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SELF_TEST_POST_FAILURE), @@ -196,6 +200,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "unsupported mac type"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS), "unsupported number of rounds"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_URI_AUTHORITY_UNSUPPORTED), + "uri authority unsupported"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_VALUE_ERROR), "value error"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, diff --git a/providers/defltprov.c b/providers/defltprov.c index 855497be06..beaf60bb1e 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -433,6 +433,15 @@ static const OSSL_ALGORITHM deflt_decoder[] = { }; #undef DECODER +static const OSSL_ALGORITHM deflt_store[] = { +#define STORE(name, fips, func_table) \ + { name, "provider=default,fips=" fips, (func_table) }, + +#include "stores.inc" + { NULL, NULL, NULL } +#undef STORE +}; + static const OSSL_ALGORITHM *deflt_query(void *provctx, int operation_id, int *no_cache) { @@ -461,6 +470,8 @@ static const OSSL_ALGORITHM *deflt_query(void *provctx, int operation_id, return deflt_encoder; case OSSL_OP_DECODER: return deflt_decoder; + case OSSL_OP_STORE: + return deflt_store; } return NULL; } diff --git a/providers/implementations/build.info b/providers/implementations/build.info index 54392cf68b..fe67e59401 100644 --- a/providers/implementations/build.info +++ b/providers/implementations/build.info @@ -1,2 +1,2 @@ SUBDIRS=digests ciphers rands macs kdfs exchange keymgmt signature asymciphers \ - encode_decode + encode_decode storemgmt diff --git a/providers/implementations/encode_decode/decode_common.c b/providers/implementations/encode_decode/decode_common.c index 2277c150c1..798d8f10b2 100644 --- a/providers/implementations/encode_decode/decode_common.c +++ b/providers/implementations/encode_decode/decode_common.c @@ -15,7 +15,7 @@ #include #include "internal/pem.h" /* For internal PVK and "blob" functions */ #include "internal/cryptlib.h" -#include "crypto/asn1.h" +#include "internal/asn1.h" #include "internal/passphrase.h" #include "prov/bio.h" /* ossl_prov_bio_printf() */ #include "prov/providercommonerr.h" /* PROV_R_READ_KEY */ diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index 1b8642415f..7060a4b839 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -385,3 +385,5 @@ extern const OSSL_DISPATCH der_to_rsapss_decoder_functions[]; extern const OSSL_DISPATCH msblob_to_rsa_decoder_functions[]; extern const OSSL_DISPATCH pvk_to_rsa_decoder_functions[]; extern const OSSL_DISPATCH pem_to_der_decoder_functions[]; + +extern const OSSL_DISPATCH file_store_functions[]; diff --git a/providers/implementations/storemgmt/build.info b/providers/implementations/storemgmt/build.info new file mode 100644 index 0000000000..89939cce54 --- /dev/null +++ b/providers/implementations/storemgmt/build.info @@ -0,0 +1,6 @@ +# We make separate GOAL variables for each algorithm, to make it easy to +# switch each to the Legacy provider when needed. + +$STORE_GOAL=../../libimplementations.a + +SOURCE[$STORE_GOAL]=file_store.c file_store_der2obj.c diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c new file mode 100644 index 0000000000..70dbac600b --- /dev/null +++ b/providers/implementations/storemgmt/file_store.c @@ -0,0 +1,920 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "e_os.h" /* To get strncasecmp() on Windows */ +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include /* The OSSL_STORE_INFO type numbers */ +#include "internal/o_dir.h" +#include "internal/pem.h" /* For PVK and "blob" PEM headers */ +#include "crypto/decoder.h" +#include "prov/implementations.h" +#include "prov/bio.h" +#include "prov/provider_ctx.h" +#include "prov/providercommonerr.h" +#include "file_store_local.h" + +DEFINE_STACK_OF(X509) +DEFINE_STACK_OF(OSSL_STORE_INFO) + +#ifdef _WIN32 +# define stat _stat +#endif + +#ifndef S_ISDIR +# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) +#endif + +static OSSL_FUNC_store_open_fn file_open; +static OSSL_FUNC_store_attach_fn file_attach; +static OSSL_FUNC_store_settable_ctx_params_fn file_settable_ctx_params; +static OSSL_FUNC_store_set_ctx_params_fn file_set_ctx_params; +static OSSL_FUNC_store_load_fn file_load; +static OSSL_FUNC_store_eof_fn file_eof; +static OSSL_FUNC_store_close_fn file_close; + +/* + * This implementation makes full use of OSSL_DECODER, and then some. + * It uses its own internal decoder implementation that reads DER and + * passes that on to the data callback; this decoder is created with + * internal OpenSSL functions, thereby bypassing the need for a surrounding + * provider. This is ok, since this is a local decoder, not meant for + * public consumption. It also uses the libcrypto internal decoder + * setup function ossl_decoder_ctx_setup_for_EVP_PKEY(), to allow the + * last resort decoder to be added first (and thereby be executed last). + * Finally, it sets up its own construct and cleanup functions. + * + * Essentially, that makes this implementation a kind of glorified decoder. + */ + +struct file_ctx_st { + void *provctx; + char *uri; /* The URI we currently try to load */ + enum { + IS_FILE = 0, /* Read file and pass results */ + IS_DIR /* Pass directory entry names */ + } type; + + /* Flag bits */ + unsigned int flag_attached:1; + unsigned int flag_buffered:1; + + union { + /* Used with |IS_FILE| */ + struct { + BIO *file; + + OSSL_DECODER_CTX *decoderctx; + char *input_type; + char *propq; /* The properties we got as a parameter */ + } file; + + /* Used with |IS_DIR| */ + struct { + OPENSSL_DIR_CTX *ctx; + int end_reached; + + /* + * When a search expression is given, these are filled in. + * |search_name| contains the file basename to look for. + * The string is exactly 8 characters long. + */ + char search_name[9]; + + /* + * The directory reading utility we have combines opening with + * reading the first name. To make sure we can detect the end + * at the right time, we read early and cache the name. + */ + const char *last_entry; + int last_errno; + } dir; + } _; + + /* Expected object type. May be unspecified */ + int expected_type; +}; + +static void free_file_ctx(struct file_ctx_st *ctx) +{ + if (ctx == NULL) + return; + + OPENSSL_free(ctx->uri); + if (ctx->type != IS_DIR) { + OSSL_DECODER_CTX_free(ctx->_.file.decoderctx); + OPENSSL_free(ctx->_.file.propq); + OPENSSL_free(ctx->_.file.input_type); + } + OPENSSL_free(ctx); +} + +static struct file_ctx_st *new_file_ctx(int type, const char *uri, + void *provctx) +{ + struct file_ctx_st *ctx = NULL; + + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) != NULL + && (uri == NULL || (ctx->uri = OPENSSL_strdup(uri)) != NULL)) { + ctx->type = type; + ctx->provctx = provctx; + return ctx; + } + free_file_ctx(ctx); + return NULL; +} + +static OSSL_DECODER_CONSTRUCT file_load_construct; +static OSSL_DECODER_CLEANUP file_load_cleanup; + +/*- + * Opening / attaching streams and directories + * ------------------------------------------- + */ + +/* + * Function to service both file_open() and file_attach() + * + * + */ +static struct file_ctx_st *file_open_stream(BIO *source, const char *uri, + const char *input_type, + void *provctx) +{ + struct file_ctx_st *ctx; + + if ((ctx = new_file_ctx(IS_FILE, uri, provctx)) == NULL + || (input_type != NULL + && (ctx->_.file.input_type = + OPENSSL_strdup(input_type)) == NULL)) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + goto err; + } + + ctx->_.file.file = source; + + return ctx; + err: + free_file_ctx(ctx); + return NULL; +} + +static void *file_open_dir(const char *path, const char *uri, void *provctx) +{ + struct file_ctx_st *ctx; + + if ((ctx = new_file_ctx(IS_DIR, uri, provctx)) == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + goto err; + } + + ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path); + ctx->_.dir.last_errno = errno; + if (ctx->_.dir.last_entry == NULL) { + if (ctx->_.dir.last_errno != 0) { + ERR_raise_data(ERR_LIB_SYS, ctx->_.dir.last_errno, + "Calling OPENSSL_DIR_read(\"%s\")", path); + goto err; + } + ctx->_.dir.end_reached = 1; + } + return ctx; + err: + file_close(ctx); + return NULL; +} + +static void *file_open(void *provctx, const char *uri) +{ + struct file_ctx_st *ctx = NULL; + struct stat st; + struct { + const char *path; + unsigned int check_absolute:1; + } path_data[2]; + size_t path_data_n = 0, i; + const char *path; + BIO *bio; + + ERR_set_mark(); + + /* + * First step, just take the URI as is. + */ + path_data[path_data_n].check_absolute = 0; + path_data[path_data_n++].path = uri; + + /* + * Second step, if the URI appears to start with the 'file' scheme, + * extract the path and make that the second path to check. + * There's a special case if the URI also contains an authority, then + * the full URI shouldn't be used as a path anywhere. + */ + if (strncasecmp(uri, "file:", 5) == 0) { + const char *p = &uri[5]; + + if (strncmp(&uri[5], "//", 2) == 0) { + path_data_n--; /* Invalidate using the full URI */ + if (strncasecmp(&uri[7], "localhost/", 10) == 0) { + p = &uri[16]; + } else if (uri[7] == '/') { + p = &uri[7]; + } else { + ERR_clear_last_mark(); + ERR_raise(ERR_LIB_PROV, PROV_R_URI_AUTHORITY_UNSUPPORTED); + return NULL; + } + } + + path_data[path_data_n].check_absolute = 1; +#ifdef _WIN32 + /* Windows file: URIs with a drive letter start with a / */ + if (p[0] == '/' && p[2] == ':' && p[3] == '/') { + char c = tolower(p[1]); + + if (c >= 'a' && c <= 'z') { + p++; + /* We know it's absolute, so no need to check */ + path_data[path_data_n].check_absolute = 0; + } + } +#endif + path_data[path_data_n++].path = p; + } + + + for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) { + /* + * If the scheme "file" was an explicit part of the URI, the path must + * be absolute. So says RFC 8089 + */ + if (path_data[i].check_absolute && path_data[i].path[0] != '/') { + ERR_clear_last_mark(); + ERR_raise_data(ERR_LIB_PROV, PROV_R_PATH_MUST_BE_ABSOLUTE, + "Given path=%s", path_data[i].path); + return NULL; + } + + if (stat(path_data[i].path, &st) < 0) { + ERR_raise_data(ERR_LIB_SYS, errno, + "calling stat(%s)", + path_data[i].path); + } else { + path = path_data[i].path; + } + } + if (path == NULL) { + ERR_clear_last_mark(); + return NULL; + } + + /* Successfully found a working path, clear possible collected errors */ + ERR_pop_to_mark(); + + if (S_ISDIR(st.st_mode)) + ctx = file_open_dir(path, uri, provctx); + else if ((bio = BIO_new_file(path, "rb")) == NULL + || (ctx = file_open_stream(bio, uri, NULL, provctx)) == NULL) + BIO_free_all(bio); + + return ctx; +} + +/* + * Attached input streams must be treated very very carefully to avoid + * nasty surprises. + * + * This implementation tries to support input streams that can't be reset, + * such as standard input. However, OSSL_DECODER assumes resettable streams, + * and because the PEM decoder may read quite a bit of the input file to skip + * past any non-PEM text that precedes the PEM block, we may need to detect + * if the input stream is a PEM file early. + * + * If the input stream supports BIO_tell(), we assume that it also supports + * BIO_seek(), making it a resettable stream and therefore safe to fully + * unleash OSSL_DECODER. + * + * If the input stream doesn't support BIO_tell(), we must assume that we + * have a non-resettable stream, and must tread carefully. We do so by + * trying to detect if the input is PEM, MSBLOB or PVK, and if not, we + * assume that it's DER. + * + * To detect if an input stream is PEM, MSBLOB or PVK, we use the buffer BIO + * filter, which allows us a 4KiB resettable read-ahead. We *hope* that 4KiB + * will be enough to find the start of the PEM block. + * + * It should be possible to use this same technique to detect other file + * types as well. + * + * An alternative technique would be to have an endlessly caching BIO filter. + * That would take away the need for all the detection here, and simply leave + * it for OSSL_DECODER to find out on its own while supporting its demand for + * resettable input streams. + * That's a possible future development. + */ + +# define INPUT_TYPE_ANY NULL +# define INPUT_TYPE_DER "DER" +# define INPUT_TYPE_PEM "PEM" +# define INPUT_TYPE_MSBLOB "MSBLOB" +# define INPUT_TYPE_PVK "PVK" + +void *file_attach(void *provctx, OSSL_CORE_BIO *cin) +{ + BIO *new_bio = bio_new_from_core_bio(provctx, cin); + BIO *new_bio_tmp = NULL; + BIO *buff = NULL; + char peekbuf[4096] = { 0, }; + int loc; + const char *input_type = NULL; + unsigned int flag_attached = 1; + unsigned int flag_buffered = 0; + struct file_ctx_st *ctx = NULL; + + if (new_bio == NULL) + return 0; + + /* Try to get the current position */ + loc = BIO_tell(new_bio); + + if ((buff = BIO_new(BIO_f_buffer())) == NULL + || (new_bio_tmp = BIO_push(buff, new_bio)) == NULL) + goto err; + + /* Assumption, if we can't detect PEM */ + input_type = INPUT_TYPE_DER; + flag_buffered = 1; + new_bio = new_bio_tmp; + + if (BIO_buffer_peek(new_bio, peekbuf, sizeof(peekbuf) - 1) > 0) { +#ifndef OPENSSL_NO_DSA + const unsigned char *p = NULL; + unsigned int magic = 0, bitlen = 0; + int isdss = 0, ispub = -1; +# ifndef OPENSSL_NO_RC4 + unsigned int saltlen = 0, keylen = 0; +# endif +#endif + + peekbuf[sizeof(peekbuf) - 1] = '\0'; + if (strstr(peekbuf, "-----BEGIN ") != NULL) + input_type = INPUT_TYPE_PEM; +#ifndef OPENSSL_NO_DSA + else if (p = (unsigned char *)peekbuf, + ossl_do_blob_header(&p, sizeof(peekbuf), &magic, &bitlen, + &isdss, &ispub)) + input_type = INPUT_TYPE_MSBLOB; +# ifndef OPENSSL_NO_RC4 + else if (p = (unsigned char *)peekbuf, + ossl_do_PVK_header(&p, sizeof(peekbuf), 0, &saltlen, &keylen)) + input_type = INPUT_TYPE_PVK; +# endif +#endif + } + + /* + * After peeking, we know that the underlying source BIO has moved ahead + * from its earlier position and that if it supports BIO_tell(), that + * should be a number that differs from |loc|. Otherwise, we will get + * the same value, which may one of: + * + * - zero (the source BIO doesn't support BIO_tell() / BIO_seek() / + * BIO_reset()) + * - -1 (the underlying operating system / C library routines do not + * support BIO_tell() / BIO_seek() / BIO_reset()) + * + * If it turns out that the source BIO does support BIO_tell(), we pop + * the buffer BIO filter and mark this input as |INPUT_TYPE_ANY|, which + * fully unleashes OSSL_DECODER to do its thing. + */ + if (BIO_tell(new_bio) != loc) { + /* In this case, anything goes */ + input_type = INPUT_TYPE_ANY; + + /* Restore the source BIO like it was when entering this function */ + new_bio = BIO_pop(buff); + BIO_free(buff); + (void)BIO_seek(new_bio, loc); + + flag_buffered = 0; + } + + if ((ctx = file_open_stream(new_bio, NULL, input_type, provctx)) == NULL) + goto err; + + ctx->flag_attached = flag_attached; + ctx->flag_buffered = flag_buffered; + + return ctx; + err: + if (flag_buffered) { + new_bio = BIO_pop(buff); + BIO_free(buff); + } + BIO_free(new_bio); /* Removes the provider BIO filter */ + return NULL; +} + +/*- + * Setting parameters + * ------------------ + */ + +static const OSSL_PARAM *file_settable_ctx_params(void *provctx) +{ + static const OSSL_PARAM known_settable_ctx_params[] = { + OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_int(OSSL_STORE_PARAM_EXPECT, NULL), + OSSL_PARAM_octet_string(OSSL_STORE_PARAM_SUBJECT, NULL, 0), + OSSL_PARAM_END + }; + return known_settable_ctx_params; +} + +static int file_set_ctx_params(void *loaderctx, const OSSL_PARAM params[]) +{ + struct file_ctx_st *ctx = loaderctx; + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_PROPERTIES); + if (p != NULL) { + OPENSSL_free(ctx->_.file.propq); + ctx->_.file.propq = NULL; + if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.propq, 0)) + return 0; + } + p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_EXPECT); + if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->expected_type)) + return 0; + p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT); + if (p != NULL) { + const unsigned char *der = NULL; + size_t der_len = 0; + X509_NAME *x509_name; + unsigned long hash; + + if (ctx->type != IS_DIR) { + ERR_raise(ERR_LIB_PROV, + PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES); + return 0; + } + + if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&der, &der_len) + || (x509_name = d2i_X509_NAME(NULL, &der, der_len)) == NULL) + return 0; + hash = X509_NAME_hash(x509_name); + BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name), + "%08lx", hash); + X509_NAME_free(x509_name); + } + return 1; +} + +/*- + * Loading an object from a stream + * ------------------------------- + */ + +struct file_load_data_st { + OSSL_CALLBACK *object_cb; + void *object_cbarg; +}; + +static int file_load_construct(OSSL_DECODER_INSTANCE *decoder_inst, + const OSSL_PARAM *params, void *construct_data) +{ + struct file_load_data_st *data = construct_data; + + /* + * At some point, we may find it justifiable to recognise PKCS#12 and + * handle it specially here, making |file_load()| return pass its + * contents one piece at ta time, like |e_loader_attic.c| does. + * + * However, that currently means parsing them out, which converts the + * DER encoded PKCS#12 into a bunch of EVP_PKEYs and X509s, just to + * have to re-encode them into DER to create an object abstraction for + * each of them. + * It's much simpler (less churn) to pass on the object abstraction we + * get to the load_result callback and leave it to that one to do the + * work. If that's libcrypto code, we know that it has much better + * possibilities to handle the EVP_PKEYs and X509s without the extra + * churn. + */ + + return data->object_cb(params, data->object_cbarg); +} + +void file_load_cleanup(void *construct_data) +{ + /* Nothing to do */ +} + +static int file_setup_decoders(struct file_ctx_st *ctx) +{ + EVP_PKEY *dummy; /* for OSSL_DECODER_CTX_new_by_EVP_PKEY() */ + OPENSSL_CTX *libctx = PROV_CTX_get0_library_context(ctx->provctx); + OSSL_DECODER *to_obj = NULL; /* Last resort decoder */ + OSSL_DECODER_INSTANCE *to_obj_inst = NULL; + OSSL_DECODER_CLEANUP *old_cleanup = NULL; + void *old_construct_data = NULL; + int ok = 0; + + /* Setup for this session, so only if not already done */ + if (ctx->_.file.decoderctx == NULL) { + if ((ctx->_.file.decoderctx = OSSL_DECODER_CTX_new()) == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + goto err; + } + + /* Make sure the input type is set */ + if (!OSSL_DECODER_CTX_set_input_type(ctx->_.file.decoderctx, + ctx->_.file.input_type)) { + ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB); + goto err; + } + + /* + * Create the internal last resort decoder implementation together + * with a "decoder instance". + * The decoder doesn't need any identification or to be attached to + * any provider, since it's only used locally. + */ + to_obj = ossl_decoder_from_dispatch(0, &der_to_obj_algorithm, NULL); + if (to_obj == NULL) + goto err; + to_obj_inst = ossl_decoder_instance_new(to_obj, ctx->provctx); + if (to_obj_inst == NULL) + goto err; + + if (!ossl_decoder_ctx_add_decoder_inst(ctx->_.file.decoderctx, + to_obj_inst)) { + ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB); + goto err; + } + + /* + * OSSL_DECODER_INSTANCE shouldn't be freed from this point on. + * That's going to happen whenever the OSSL_DECODER_CTX is freed. + */ + to_obj_inst = NULL; + + /* + * Add on the usual decoder context for keys, with a dummy object. + * Since we're setting up our own constructor, we don't need to care + * more than that... + */ + if (!ossl_decoder_ctx_setup_for_EVP_PKEY(ctx->_.file.decoderctx, &dummy, + libctx, ctx->_.file.propq) + || !OSSL_DECODER_CTX_add_extra(ctx->_.file.decoderctx, + libctx, ctx->_.file.propq)) { + ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB); + goto err; + } + + /* + * Then we throw away the installed finalizer data, and install our + * own instead. + */ + old_cleanup = OSSL_DECODER_CTX_get_cleanup(ctx->_.file.decoderctx); + old_construct_data = + OSSL_DECODER_CTX_get_construct_data(ctx->_.file.decoderctx); + if (old_cleanup != NULL) + old_cleanup(old_construct_data); + + /* + * Set the hooks. + */ + if (!OSSL_DECODER_CTX_set_construct(ctx->_.file.decoderctx, + file_load_construct) + || !OSSL_DECODER_CTX_set_cleanup(ctx->_.file.decoderctx, + file_load_cleanup)) { + ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB); + goto err; + } + } + + ok = 1; + err: + OSSL_DECODER_free(to_obj); + return ok; +} + +static int file_load_file(struct file_ctx_st *ctx, + OSSL_CALLBACK *object_cb, void *object_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) +{ + struct file_load_data_st data; + + /* Setup the decoders (one time shot per session */ + + if (!file_setup_decoders(ctx)) + return 0; + + /* Setup for this object */ + + data.object_cb = object_cb; + data.object_cbarg = object_cbarg; + OSSL_DECODER_CTX_set_construct_data(ctx->_.file.decoderctx, &data); + OSSL_DECODER_CTX_set_passphrase_cb(ctx->_.file.decoderctx, pw_cb, pw_cbarg); + + /* Launch */ + + return OSSL_DECODER_from_bio(ctx->_.file.decoderctx, ctx->_.file.file); +} + +/*- + * Loading a name object from a directory + * -------------------------------------- + */ + +static int ends_with_dirsep(const char *uri) +{ + if (*uri != '\0') + uri += strlen(uri) - 1; +#if defined(__VMS) + if (*uri == ']' || *uri == '>' || *uri == ':') + return 1; +#elif defined(_WIN32) + if (*uri == '\\') + return 1; +#endif + return *uri == '/'; +} + +static char *file_name_to_uri(struct file_ctx_st *ctx, const char *name) +{ + char *data = NULL; + + assert(name != NULL); + { + const char *pathsep = ends_with_dirsep(ctx->uri) ? "" : "/"; + long calculated_length = strlen(ctx->uri) + strlen(pathsep) + + strlen(name) + 1 /* \0 */; + + data = OPENSSL_zalloc(calculated_length); + if (data == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return NULL; + } + + OPENSSL_strlcat(data, ctx->uri, calculated_length); + OPENSSL_strlcat(data, pathsep, calculated_length); + OPENSSL_strlcat(data, name, calculated_length); + } + return data; +} + +static int file_name_check(struct file_ctx_st *ctx, const char *name) +{ + const char *p = NULL; + + /* If there are no search criteria, all names are accepted */ + if (ctx->_.dir.search_name[0] == '\0') + return 1; + + /* If the expected type isn't supported, no name is accepted */ + if (ctx->expected_type != 0 + && ctx->expected_type != OSSL_STORE_INFO_CERT + && ctx->expected_type != OSSL_STORE_INFO_CRL) + return 0; + + /* + * First, check the basename + */ + if (strncasecmp(name, ctx->_.dir.search_name, + sizeof(ctx->_.dir.search_name) - 1) != 0 + || name[sizeof(ctx->_.dir.search_name) - 1] != '.') + return 0; + p = &name[sizeof(ctx->_.dir.search_name)]; + + /* + * Then, if the expected type is a CRL, check that the extension starts + * with 'r' + */ + if (*p == 'r') { + p++; + if (ctx->expected_type != 0 + && ctx->expected_type != OSSL_STORE_INFO_CRL) + return 0; + } else if (ctx->expected_type == OSSL_STORE_INFO_CRL) { + return 0; + } + + /* + * Last, check that the rest of the extension is a decimal number, at + * least one digit long. + */ + if (!isdigit(*p)) + return 0; + while (isdigit(*p)) + p++; + +#ifdef __VMS + /* + * One extra step here, check for a possible generation number. + */ + if (*p == ';') + for (p++; *p != '\0'; p++) + if (!ossl_isdigit(*p)) + break; +#endif + + /* + * If we've reached the end of the string at this point, we've successfully + * found a fitting file name. + */ + return *p == '\0'; +} + +static int file_load_dir_entry(struct file_ctx_st *ctx, + OSSL_CALLBACK *object_cb, void *object_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) +{ + /* Prepare as much as possible in advance */ + static const int object_type = OSSL_OBJECT_NAME; + OSSL_PARAM object[] = { + OSSL_PARAM_int(OSSL_OBJECT_PARAM_TYPE, (int *)&object_type), + OSSL_PARAM_utf8_string(OSSL_OBJECT_PARAM_DATA, NULL, 0), + OSSL_PARAM_END + }; + char *newname = NULL; + int ok; + + /* Loop until we get an error or until we have a suitable name */ + do { + if (ctx->_.dir.last_entry == NULL) { + if (!ctx->_.dir.end_reached) { + assert(ctx->_.dir.last_errno != 0); + ERR_raise(ERR_LIB_SYS, ctx->_.dir.last_errno); + } + /* file_eof() will tell if EOF was reached */ + return 0; + } + + /* flag acceptable names */ + if (ctx->_.dir.last_entry[0] != '.' + && file_name_check(ctx, ctx->_.dir.last_entry)) { + + /* If we can't allocate the new name, we fail */ + if ((newname = + file_name_to_uri(ctx, ctx->_.dir.last_entry)) == NULL) + return 0; + } + + /* + * On the first call (with a NULL context), OPENSSL_DIR_read() + * cares about the second argument. On the following calls, it + * only cares that it isn't NULL. Therefore, we can safely give + * it our URI here. + */ + ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, ctx->uri); + ctx->_.dir.last_errno = errno; + if (ctx->_.dir.last_entry == NULL && ctx->_.dir.last_errno == 0) + ctx->_.dir.end_reached = 1; + } while (newname == NULL); + + object[1].data = newname; + object[1].data_size = strlen(newname); + ok = object_cb(object, object_cbarg); + OPENSSL_free(newname); + return ok; +} + +/*- + * Loading, local dispatcher + * ------------------------- + */ + +static int file_load(void *loaderctx, + OSSL_CALLBACK *object_cb, void *object_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) +{ + struct file_ctx_st *ctx = loaderctx; + + switch (ctx->type) { + case IS_FILE: + return file_load_file(ctx, object_cb, object_cbarg, pw_cb, pw_cbarg); + case IS_DIR: + return + file_load_dir_entry(ctx, object_cb, object_cbarg, pw_cb, pw_cbarg); + default: + break; + } + + /* ctx->type has an unexpected value */ + assert(0); + return 0; +} + +/*- + * Eof detection and closing + * ------------------------- + */ + +static int file_eof(void *loaderctx) +{ + struct file_ctx_st *ctx = loaderctx; + + switch (ctx->type) { + case IS_DIR: + return ctx->_.dir.end_reached; + case IS_FILE: + /* + * BIO_pending() checks any filter BIO. + * BIO_eof() checks the source BIO. + */ + return !BIO_pending(ctx->_.file.file) + && BIO_eof(ctx->_.file.file); + } + + /* ctx->type has an unexpected value */ + assert(0); + return 1; +} + +static int file_close_dir(struct file_ctx_st *ctx) +{ + if (ctx->_.dir.ctx != NULL) + OPENSSL_DIR_end(&ctx->_.dir.ctx); + free_file_ctx(ctx); + return 1; +} + +static int file_close_stream(struct file_ctx_st *ctx) +{ + if (ctx->flag_buffered) { + /* + * file_attach() pushed a BIO_f_buffer() on top of the regular BIO. + * Drop it. + */ + BIO *buff = ctx->_.file.file; + + /* Detach buff */ + ctx->_.file.file = BIO_pop(ctx->_.file.file); + + BIO_free(buff); + } + + /* + * If it was attached, we only free the top, as that's the provider BIO + * filter. Otherwise, it was entirely allocated by this implementation, + * and can safely be completely freed. + */ + if (ctx->flag_attached) + BIO_free(ctx->_.file.file); + else + BIO_free_all(ctx->_.file.file); + + /* To avoid double free */ + ctx->_.file.file = NULL; + + free_file_ctx(ctx); + return 1; +} + +static int file_close(void *loaderctx) +{ + struct file_ctx_st *ctx = loaderctx; + + switch (ctx->type) { + case IS_DIR: + return file_close_dir(ctx); + case IS_FILE: + return file_close_stream(ctx); + } + + /* ctx->type has an unexpected value */ + assert(0); + return 1; +} + +const OSSL_DISPATCH file_store_functions[] = { + { OSSL_FUNC_STORE_OPEN, (void (*)(void))file_open }, + { OSSL_FUNC_STORE_ATTACH, (void (*)(void))file_attach }, + { OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS, + (void (*)(void))file_settable_ctx_params }, + { OSSL_FUNC_STORE_SET_CTX_PARAMS, (void (*)(void))file_set_ctx_params }, + { OSSL_FUNC_STORE_LOAD, (void (*)(void))file_load }, + { OSSL_FUNC_STORE_EOF, (void (*)(void))file_eof }, + { OSSL_FUNC_STORE_CLOSE, (void (*)(void))file_close }, + { 0, NULL }, +}; diff --git a/providers/implementations/storemgmt/file_store_der2obj.c b/providers/implementations/storemgmt/file_store_der2obj.c new file mode 100644 index 0000000000..c7388a9d14 --- /dev/null +++ b/providers/implementations/storemgmt/file_store_der2obj.c @@ -0,0 +1,119 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This is a decoder that's completely internal to the 'file:' store + * implementation. Only code in file_store.c know about this one. Because + * of this close relationship, we can cut certain corners, such as making + * assumptions about the "provider context", which is currently simply the + * provider context that the file_store.c code operates within. + * + * All this does is to read DER from the input if it can, and passes it on + * to the data callback as an object abstraction, leaving it to the callback + * to figure out what it actually is. + * + * This MUST be made the last decoder in a chain, leaving it to other more + * specialized decoders to recognise and process their stuff first. + */ + +#include +#include +#include +#include +#include +#include +#include "internal/asn1.h" +#include "prov/bio.h" +#include "file_store_local.h" + +/* + * newctx and freectx are not strictly necessary. However, the method creator, + * ossl_decoder_from_dispatch(), demands that they exist, so we make sure to + * oblige. + */ + +static OSSL_FUNC_decoder_newctx_fn der2obj_newctx; +static OSSL_FUNC_decoder_freectx_fn der2obj_freectx; + +static void *der2obj_newctx(void *provctx) +{ + return provctx; +} + +static void der2obj_freectx(void *vctx) +{ +} + +static OSSL_FUNC_decoder_gettable_params_fn der2obj_gettable_params; +static OSSL_FUNC_decoder_get_params_fn der2obj_get_params; +static OSSL_FUNC_decoder_decode_fn der2obj_decode; + +static const OSSL_PARAM *der2obj_gettable_params(void *provctx) +{ + static const OSSL_PARAM gettables[] = { + { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, + OSSL_PARAM_END, + }; + + return gettables; +} + +static int der2obj_get_params(OSSL_PARAM params[]) +{ + OSSL_PARAM *p; + + p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_TYPE); + if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "DER")) + return 0; + + return 1; +} + +static int der2obj_decode(void *provctx, OSSL_CORE_BIO *cin, + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) +{ + /* + * We're called from file_store.c, so we know that OSSL_CORE_BIO is a + * BIO in this case. + */ + BIO *in = (BIO *)cin; + BUF_MEM *mem = NULL; + int ok = (asn1_d2i_read_bio(in, &mem) >= 0); + + if (ok) { + OSSL_PARAM params[3]; + int object_type = OSSL_OBJECT_UNKNOWN; + + params[0] = + OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); + params[1] = + OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, + mem->data, mem->length); + params[2] = OSSL_PARAM_construct_end(); + + ok = data_cb(params, data_cbarg); + OPENSSL_free(mem->data); + OPENSSL_free(mem); + } + return ok; +} + +static const OSSL_DISPATCH der_to_obj_decoder_functions[] = { + { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))der2obj_newctx }, + { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))der2obj_freectx }, + { OSSL_FUNC_DECODER_GETTABLE_PARAMS, + (void (*)(void))der2obj_gettable_params }, + { OSSL_FUNC_DECODER_GET_PARAMS, (void (*)(void))der2obj_get_params }, + { OSSL_FUNC_DECODER_DECODE, (void (*)(void))der2obj_decode }, + { 0, NULL } +}; + +const OSSL_ALGORITHM der_to_obj_algorithm = + { "obj", NULL, der_to_obj_decoder_functions }; diff --git a/providers/implementations/storemgmt/file_store_local.h b/providers/implementations/storemgmt/file_store_local.h new file mode 100644 index 0000000000..a95f5fe87c --- /dev/null +++ b/providers/implementations/storemgmt/file_store_local.h @@ -0,0 +1,11 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +extern const OSSL_ALGORITHM der_to_obj_algorithm; + diff --git a/providers/stores.inc b/providers/stores.inc new file mode 100644 index 0000000000..ecf3ca123b --- /dev/null +++ b/providers/stores.inc @@ -0,0 +1,14 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef STORE +# error Macro STORE undefined +#endif + +STORE("file", "yes", file_store_functions) diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index bae6f2339b..f62e26c290 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -33,6 +33,14 @@ #include "internal/sizes.h" #include "crypto/evp.h" +#ifndef OPENSSL_NO_SM2 +/* + * TODO(3.0) remove when provider SM2 keymgmt is implemented and + * EVP_PKEY_set_alias_type() works with provider-native keys. + */ +# define TMP_SM2_HACK +#endif + static OPENSSL_CTX *testctx = NULL; /* @@ -881,6 +889,11 @@ static int test_EVP_SM2_verify(void) if (!TEST_true(pkey != NULL)) goto done; +#ifdef TMP_SM2_HACK + if (!TEST_ptr(EVP_PKEY_get0(pkey))) + goto done; +#endif + if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))) goto done; diff --git a/test/evp_test.c b/test/evp_test.c index 238bbaf3d5..52e1dd2e51 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -3253,7 +3253,7 @@ static void free_key_list(KEY_LIST *lst) */ static int key_unsupported(void) { - long err = ERR_peek_error(); + long err = ERR_peek_last_error(); if (ERR_GET_LIB(err) == ERR_LIB_EVP && (ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM @@ -3268,7 +3268,8 @@ static int key_unsupported(void) * disabled). */ if (ERR_GET_LIB(err) == ERR_LIB_EC - && ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP) { + && (ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP + || ERR_GET_REASON(err) == EC_R_INVALID_CURVE)) { ERR_clear_error(); return 1; } diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t index 90880be9fc..ffa334f15e 100644 --- a/test/recipes/15-test_genrsa.t +++ b/test/recipes/15-test_genrsa.t @@ -117,10 +117,9 @@ ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA', } unless ($no_fips) { - my $provconf = srctop_file("test", "fips.cnf"); + my $provconf = srctop_file("test", "fips-and-base.cnf"); my $provpath = bldtop_dir("providers"); my @prov = ( "-provider-path", $provpath, - "-provider", "base", "-config", $provconf); my $infile = bldtop_file('providers', platform->dso('fips')); diff --git a/test/recipes/15-test_rsaoaep.t b/test/recipes/15-test_rsaoaep.t index 60d9b44f4f..59646bd223 100644 --- a/test/recipes/15-test_rsaoaep.t +++ b/test/recipes/15-test_rsaoaep.t @@ -27,7 +27,7 @@ plan tests => + 9; my @prov = ( ); -my $provconf = srctop_file("test", "fips.cnf"); +my $provconf = srctop_file("test", "fips-and-base.cnf"); my $provpath = bldtop_dir("providers"); my $msg_file = data_file("plain_text"); my $enc1_file = "enc1.bin"; diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t index 543038cab9..3c135630f7 100644 --- a/test/recipes/20-test_pkeyutl.t +++ b/test/recipes/20-test_pkeyutl.t @@ -24,14 +24,21 @@ SKIP: { skip "Skipping tests that require EC, SM2 or SM3", 2 if disabled("ec") || disabled("sm2") || disabled("sm3"); + # TODO(3.0) Remove this when we have a SM2 keymgmt and decoder + my @tmp_sm2_hack = qw(-engine loader_attic) + unless disabled('dynamic-engine') || disabled('deprecated-3.0'); + skip "Skipping tests that require dynamic enginess (temporary meaasure)", 2 + unless @tmp_sm2_hack; + # SM2 - ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign', + ok_nofips(run(app(([ 'openssl', 'pkeyutl', @tmp_sm2_hack, '-sign', '-in', srctop_file('test', 'certs', 'sm2.pem'), '-inkey', srctop_file('test', 'certs', 'sm2.key'), '-out', 'sm2.sig', '-rawin', '-digest', 'sm3', '-pkeyopt', 'distid:someid']))), "Sign a piece of data using SM2"); - ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', + ok_nofips(run(app(([ 'openssl', 'pkeyutl', @tmp_sm2_hack, + '-verify', '-certin', '-in', srctop_file('test', 'certs', 'sm2.pem'), '-inkey', srctop_file('test', 'certs', 'sm2.pem'), '-sigfile', 'sm2.sig', '-rawin', diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index 8d26be2bf0..544d32963c 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -29,6 +29,14 @@ if (disabled("rsa")) { note("There should not be more that at most 80 per line"); } +# TODO(3.0) This should be removed as soon as missing support is added +# Identified problems: +# - SM2 lacks provider-native keymgmt and decoder +# - ED25519, ED448, X25519 and X448 signature implementations do not +# respond to the "algorithm-id" parameter request. +my @tmp_loader_hack = qw(-engine loader_attic) + unless disabled('dynamic-engine') || disabled('deprecated-3.0'); + # Check for duplicate -addext parameters, and one "working" case. my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem", "-config", srctop_file("test", "test.cnf"), @req_new ); @@ -135,15 +143,15 @@ subtest "generating certificate requests with Ed25519" => sub { SKIP: { skip "Ed25519 is not supported by this OpenSSL build", 2 - if disabled("ec"); + if disabled("ec") || !@tmp_loader_hack; - ok(run(app(["openssl", "req", + ok(run(app(["openssl", "req", @tmp_loader_hack, "-config", srctop_file("test", "test.cnf"), "-new", "-out", "testreq-ed25519.pem", "-utf8", "-key", srctop_file("test", "tested25519.pem")])), "Generating request"); - ok(run(app(["openssl", "req", + ok(run(app(["openssl", "req", @tmp_loader_hack, "-config", srctop_file("test", "test.cnf"), "-verify", "-in", "testreq-ed25519.pem", "-noout"])), "Verifying signature on request"); @@ -155,15 +163,15 @@ subtest "generating certificate requests with Ed448" => sub { SKIP: { skip "Ed448 is not supported by this OpenSSL build", 2 - if disabled("ec"); + if disabled("ec") || !@tmp_loader_hack; - ok(run(app(["openssl", "req", + ok(run(app(["openssl", "req", @tmp_loader_hack, "-config", srctop_file("test", "test.cnf"), "-new", "-out", "testreq-ed448.pem", "-utf8", "-key", srctop_file("test", "tested448.pem")])), "Generating request"); - ok(run(app(["openssl", "req", + ok(run(app(["openssl", "req", @tmp_loader_hack, "-config", srctop_file("test", "test.cnf"), "-verify", "-in", "testreq-ed448.pem", "-noout"])), "Verifying signature on request"); @@ -187,28 +195,28 @@ subtest "generating SM2 certificate requests" => sub { SKIP: { skip "SM2 is not supported by this OpenSSL build", 4 - if disabled("sm2"); - ok(run(app(["openssl", "req", + if disabled("sm2") || !@tmp_loader_hack; + ok(run(app(["openssl", "req", @tmp_loader_hack, "-config", srctop_file("test", "test.cnf"), "-new", "-key", srctop_file("test", "certs", "sm2.key"), "-sigopt", "distid:1234567812345678", "-out", "testreq-sm2.pem", "-sm3"])), "Generating SM2 certificate request"); - ok(run(app(["openssl", "req", + ok(run(app(["openssl", "req", @tmp_loader_hack, "-config", srctop_file("test", "test.cnf"), "-verify", "-in", "testreq-sm2.pem", "-noout", "-vfyopt", "distid:1234567812345678", "-sm3"])), "Verifying signature on SM2 certificate request"); - ok(run(app(["openssl", "req", + ok(run(app(["openssl", "req", @tmp_loader_hack, "-config", srctop_file("test", "test.cnf"), "-new", "-key", srctop_file("test", "certs", "sm2.key"), "-sigopt", "hexdistid:DEADBEEF", "-out", "testreq-sm2.pem", "-sm3"])), "Generating SM2 certificate request with hex id"); - ok(run(app(["openssl", "req", + ok(run(app(["openssl", "req", @tmp_loader_hack, "-config", srctop_file("test", "test.cnf"), "-verify", "-in", "testreq-sm2.pem", "-noout", "-vfyopt", "hexdistid:DEADBEEF", "-sm3"])), diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index 3978fa4835..c80fdd9a87 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -29,7 +29,7 @@ my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf'; my @configs = ( $defaultcnf ); # Only add the FIPS config if the FIPS module has been built -push @configs, 'fips.cnf' unless $no_fips; +push @configs, 'fips-and-base.cnf' unless $no_fips; # A list of tests that run with both the default and fips provider. my @files = qw( @@ -47,8 +47,8 @@ my @files = qw( evpmd_sha.txt evppbe_pbkdf2.txt evppkey_dsa.txt - evppkey_ecc_nist.txt - evppkey_ecdh_nist.txt + evppkey_ecc.txt + evppkey_ecdh.txt evppkey_ecdsa.txt evppkey_ecx.txt evppkey_ffdhe.txt @@ -93,8 +93,6 @@ my @defltfiles = qw( evpmd_whirlpool.txt evppbe_scrypt.txt evppbe_pkcs12.txt - evppkey_ecc.txt - evppkey_ecdh.txt evppkey_brainpool.txt evppkey_kdf_scrypt.txt evppkey_kdf_tls1_prf.txt diff --git a/test/recipes/30-test_evp_data/evppkey_ecc.txt b/test/recipes/30-test_evp_data/evppkey_ecc.txt index ea24f9d433..f0ae1081c4 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecc.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecc.txt @@ -1164,6 +1164,46 @@ Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR Reason=point at infinity +Title=prime192v1 curve tests + +PrivateKey=ALICE_cf_prime192v1 +-----BEGIN PRIVATE KEY----- +MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhQFYLaobJ47BVWWZv/ByY8Ti69m/U9 +TeI= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_prime192v1_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEHYbt14KzucSpmKMrlDx1IGz/a28nDs21OjKgx3BK +PZ78UrllIr69kgrYUKsRg4sd +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_prime192v1:ALICE_cf_prime192v1_PUB + +PrivateKey=BOB_cf_prime192v1 +-----BEGIN PRIVATE KEY----- +MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhsbmKHAtygIqirkmUXSbniDJOx0/fI +CWM= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_prime192v1_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEJA+FQcXq5Axzv8pLDslxq1QVt1hjN2i0TgoO6Yxp +bAekMot69VorE8ibSzgJixXJ +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_prime192v1:BOB_cf_prime192v1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_prime192v1 +PeerKey=BOB_cf_prime192v1_PUB +SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 + +# ECDH Bob with Alice peer +Derive=BOB_cf_prime192v1 +PeerKey=ALICE_cf_prime192v1_PUB +SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 + Title=prime192v2 curve tests PrivateKey=ALICE_cf_prime192v2 @@ -1364,6 +1404,46 @@ Derive=BOB_cf_prime239v3 PeerKey=ALICE_cf_prime239v3_PUB SharedSecret=4dcc2c67c5993162ed71ebb33077bbb85395b0d3eec2311aa404e45901a0 +Title=prime256v1 curve tests + +PrivateKey=ALICE_cf_prime256v1 +-----BEGIN PRIVATE KEY----- +MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDZE0NZiGAFJX6JQxumKTFRT+XFCQqJ +gHCUxmU2fRcn9Q== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_prime256v1_PUB +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5kDOrX6kmk1/jHfEdMBluFos6dyCbzKVOX3v2aa2 +y5IhlhTKtCJdydX+XWLDXWW9sbtIRNP94R3iOOpRPBqpGg== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_prime256v1:ALICE_cf_prime256v1_PUB + +PrivateKey=BOB_cf_prime256v1 +-----BEGIN PRIVATE KEY----- +MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCAxJgV1dLJw/o2Dmh1fIY1KpBd88WCP +23wZzR8DzhyCrA== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_prime256v1_PUB +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5J6yA+j0zrGi6RilUhjrcL7OUMzYTwpnw5DdRXr0 +creHgE03EFV//7xqadB4BDwFIGM9MV2sE6qREEomWhZFeg== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_prime256v1:BOB_cf_prime256v1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_prime256v1 +PeerKey=BOB_cf_prime256v1_PUB +SharedSecret=ee63690b553dcd9bccb066137725f0489395a83f4d280f309339d606c969734a + +# ECDH Bob with Alice peer +Derive=BOB_cf_prime256v1 +PeerKey=ALICE_cf_prime256v1_PUB +SharedSecret=ee63690b553dcd9bccb066137725f0489395a83f4d280f309339d606c969734a + Title=secp112r1 curve tests PrivateKey=ALICE_cf_secp112r1 @@ -1762,6 +1842,46 @@ Derive=BOB_cf_secp224k1 PeerKey=ALICE_cf_secp224k1_PUB SharedSecret=6f7b9d16c9c1d3a5c84b6028f2a4fed9ae8e02455e678a27243bcc48 +Title=secp224r1 curve tests + +PrivateKey=ALICE_cf_secp224r1 +-----BEGIN PRIVATE KEY----- +MDoCAQAwEAYHKoZIzj0CAQYFK4EEACEEIzAhAgEBBBzeo7Y0HMfrIqKNm3r997jcfVAa4osa0AR2 +JA28 +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_secp224r1_PUB +-----BEGIN PUBLIC KEY----- +ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAExZc6o84XjBGLOosGj2t0QctgiyzF3NcVgy+DeW7stkVs +yS2tRzMPBpwnApRzoRsdJR99sb3eM2s= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_secp224r1:ALICE_cf_secp224r1_PUB + +PrivateKey=BOB_cf_secp224r1 +-----BEGIN PRIVATE KEY----- +MDoCAQAwEAYHKoZIzj0CAQYFK4EEACEEIzAhAgEBBBy2LsqxHhdlSiAmMYKQAEmjJWT22T42GYKo +ZvXM +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_secp224r1_PUB +-----BEGIN PUBLIC KEY----- +ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAE71Eh6hwTKUrmyl2PdkY787GwxiohIcaqB4eK2Mwg6tU4 +LeJHWcgY18CgPKCaeldUgnkMcJzKj20= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_secp224r1:BOB_cf_secp224r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_secp224r1 +PeerKey=BOB_cf_secp224r1_PUB +SharedSecret=29d8b75934d74d5153bbb94e0370437c63ecc30bf3d2800ed1cb7eb5 + +# ECDH Bob with Alice peer +Derive=BOB_cf_secp224r1 +PeerKey=ALICE_cf_secp224r1_PUB +SharedSecret=29d8b75934d74d5153bbb94e0370437c63ecc30bf3d2800ed1cb7eb5 + Title=secp256k1 curve tests PrivateKey=ALICE_cf_secp256k1 @@ -1802,6 +1922,90 @@ Derive=BOB_cf_secp256k1 PeerKey=ALICE_cf_secp256k1_PUB SharedSecret=a4745cc4d19cabb9e5cb0abdd5c604cab2846a4638ad844ed9175f3cadda2da1 +Title=secp384r1 curve tests + +PrivateKey=ALICE_cf_secp384r1 +-----BEGIN PRIVATE KEY----- +ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDAp1ErG6wVjuJs90qVbUBxNpQK1wtV4ieX1 +bIU/4HssZK6WjOOTyYguyEBCOf/rUnw= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_secp384r1_PUB +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEx5rt+yujIuPoIXpHGmExKSi/P+58sGYoqgdpdOJUXzn2 +Rc4alCpSxVJeC55xvwaFHc3pzNyRGwnhPmN6oU/KMP6XjBvR4wq35mr/Sym5s0B2blAzkJU37idq +nTi3xGHx +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_secp384r1:ALICE_cf_secp384r1_PUB + +PrivateKey=BOB_cf_secp384r1 +-----BEGIN PRIVATE KEY----- +ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDAUjVgPpiI+xXye0nfRhc8+12hLdWY4fpsO +Jq2MCp+W85xJwtXsEPrHj1XFnKVpM4c= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_secp384r1_PUB +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE+JUBXRSHixH0TrcvYvIzep7+/WNpEhWdCPsLMygigW5j +pzP30MF41GnQYgfJu5wI/gu1C/jFTv1X6Dgmla3JxBYlPeD+1L0lEMT3evmHKMM/BFe3WKBuXyhP +ilrNtfee +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_secp384r1:BOB_cf_secp384r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_secp384r1 +PeerKey=BOB_cf_secp384r1_PUB +SharedSecret=b3cfe488126e2731fb7c19f82e94fcc05e1dd303649a9257e858030b795c2d344a054b0c44a24fd7f5821f531a9b8cfb + +# ECDH Bob with Alice peer +Derive=BOB_cf_secp384r1 +PeerKey=ALICE_cf_secp384r1_PUB +SharedSecret=b3cfe488126e2731fb7c19f82e94fcc05e1dd303649a9257e858030b795c2d344a054b0c44a24fd7f5821f531a9b8cfb + +Title=secp521r1 curve tests + +PrivateKey=ALICE_cf_secp521r1 +-----BEGIN PRIVATE KEY----- +MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIBsYIcUKeN2evB626LCdYWH/xzUiEDCdRP +rEENsC8//dowKnOCtlLtawh0DXTIZ/HhpUREuaoffdsmYb6+Oq1TRjc= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_secp521r1_PUB +-----BEGIN PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBufYxJf/4Ds6g7LlFRVS62ljm3xApV2T79hfWH8Lv +iroIaCFjLBIfOVDF8jvj2PO1ar3yCLiSA2RiLZz1Y+tv/tcATHE0nS7l3SfGiGmEnVycEnhgqlKM +UM3kpdd7eNkQn5/GO8KAPQqA/sOnvTavg5S01t0ub+PY/w0Y6oBgthaUAW0= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_secp521r1:ALICE_cf_secp521r1_PUB + +PrivateKey=BOB_cf_secp521r1 +-----BEGIN PRIVATE KEY----- +MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIB+3/adZnNwr6GFUzZpi8So7pC/5FYQ0+0 +lMmoUjGvy8DNADcHaPpW68hX/M+z7LrK0Jpnonb9JSEXlgjOPVe4Ea8= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_secp521r1_PUB +-----BEGIN PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBLq2fjyCalnvr24tjaz87ijIWlLMoCH7Hmyq1t2l8 +PFbyBIZbngDC0gwFM5ZI582QSWlW79G3clJP9VxlJOsms50BYBYgd6o2JF4w8AnShVXxFSJU1py4 +klCDNhTFybRHFXpujfuUeNnFxAGIUb4edJ0fAqqc7kkERhYe8EPEZYMKp3Q= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_secp521r1:BOB_cf_secp521r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_secp521r1 +PeerKey=BOB_cf_secp521r1_PUB +SharedSecret=01dd4aa9037bb4ad298b420998dcd32b3a9af1cda8b7919e372aeb4e54ccfb4d2409a340ed896bfbc5dd462f8d96b8784bc17b29db3ca04700e6ec752f9bec777695 + +# ECDH Bob with Alice peer +Derive=BOB_cf_secp521r1 +PeerKey=ALICE_cf_secp521r1_PUB +SharedSecret=01dd4aa9037bb4ad298b420998dcd32b3a9af1cda8b7919e372aeb4e54ccfb4d2409a340ed896bfbc5dd462f8d96b8784bc17b29db3ca04700e6ec752f9bec777695 + Title=sect113r1 curve tests PrivateKey=ALICE_cf_sect113r1 @@ -2076,6 +2280,76 @@ Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR Reason=point at infinity +Title=sect163k1 curve tests + +PrivateKey=ALICE_cf_sect163k1 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUB905PYfmej8LzbzX6Bg51GJzXQjQ= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect163k1_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBfvs5A1hD8YySP9O2ub8GEUfotVuBpfRx4GIHdAfx8wV +1UVeTRnyAlWU +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect163k1:ALICE_cf_sect163k1_PUB + +PrivateKey=BOB_cf_sect163k1 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUCHPtCjJ4/K8ylQBcLlb5VE0bkaUE= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect163k1_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBvgfX1mTRlt6Z4TE1D1MNWo4loH4AoeYa6oowK104LKk +nsdg7isQ8XBD +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect163k1:BOB_cf_sect163k1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect163k1 +PeerKey=BOB_cf_sect163k1_PUB +SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect163k1 +PeerKey=ALICE_cf_sect163k1_PUB +SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect163k1 +PeerKey=BOB_cf_sect163k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect163k1 +PeerKey=ALICE_cf_sect163k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77 + +PublicKey=MALICE_cf_sect163k1_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAB +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect163k1 +PeerKey=MALICE_cf_sect163k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect163k1 +PeerKey=MALICE_cf_sect163k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + Title=sect163r1 curve tests PrivateKey=ALICE_cf_sect163r1 @@ -2146,6 +2420,76 @@ Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR Reason=point at infinity +Title=sect163r2 curve tests + +PrivateKey=ALICE_cf_sect163r2 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBjCs/M3N31jsAueYrOq21vdETwAI= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect163r2_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBd8Z1/HpA+89hF4I98EST3svWns3BAEbhWmL/fgxk2uu +YwVrmqhgqH/C +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect163r2:ALICE_cf_sect163r2_PUB + +PrivateKey=BOB_cf_sect163r2 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBsiouT9Df+mwHWrpPg1JSrY9nqlI= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect163r2_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBULqBZ+nhLhDEMYY8NEEzZ126MdxAcFXWv8zmPEH9505 +8vT5zU3aq6HV +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect163r2:BOB_cf_sect163r2_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect163r2 +PeerKey=BOB_cf_sect163r2_PUB +SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect163r2 +PeerKey=ALICE_cf_sect163r2_PUB +SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect163r2 +PeerKey=BOB_cf_sect163r2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect163r2 +PeerKey=ALICE_cf_sect163r2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f + +PublicKey=MALICE_cf_sect163r2_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJbhbrfiSdZPSHD +ZtqJwDlp802l +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect163r2 +PeerKey=MALICE_cf_sect163r2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect163r2 +PeerKey=MALICE_cf_sect163r2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + Title=sect193r1 curve tests PrivateKey=ALICE_cf_sect193r1 @@ -2286,6 +2630,150 @@ Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR Reason=point at infinity +Title=sect233k1 curve tests + +PrivateKey=ALICE_cf_sect233k1 +-----BEGIN PRIVATE KEY----- +MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB0z/3heNFjJL+2sAT/38yRsN3kt2iXz7u+y +Gua8Kw== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect233k1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEALQyn0zJmOrHm4S2EIjxRe899PadBnfpYjLKWGvpAIzf +MEG861Nv1IYJkmkO1xlfNHeeRtqFgsQVFKZh +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect233k1:ALICE_cf_sect233k1_PUB + +PrivateKey=BOB_cf_sect233k1 +-----BEGIN PRIVATE KEY----- +MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB1I0ucrC4d9i6Z+0cbar5r7uKpF5iiQkSJA +DFMTUA== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect233k1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAatdqazxSghJ568CBFyMXhEvVeAiLewOY/jk9H5DAOB4 +ufNGbdd131KLaKPivB38a6n5Y+2BVSJangow +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect233k1:BOB_cf_sect233k1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect233k1 +PeerKey=BOB_cf_sect233k1_PUB +SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect233k1 +PeerKey=ALICE_cf_sect233k1_PUB +SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect233k1 +PeerKey=BOB_cf_sect233k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect233k1 +PeerKey=ALICE_cf_sect233k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d + +PublicKey=MALICE_cf_sect233k1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect233k1 +PeerKey=MALICE_cf_sect233k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect233k1 +PeerKey=MALICE_cf_sect233k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + +Title=sect233r1 curve tests + +PrivateKey=ALICE_cf_sect233r1 +-----BEGIN PRIVATE KEY----- +MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ATcy7zVpIsJ9rl5EIDmzRz5wxjrDIQyDm +HP3Pt8Y= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect233r1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAQMQHiJ44LiCnZkEg1zyww1h+idTbsw8E07P33WUAUfD +NeQ4hWEhTXPnytIbEhFKpnd3j/FbyZnJqxh8 +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect233r1:ALICE_cf_sect233r1_PUB + +PrivateKey=BOB_cf_sect233r1 +-----BEGIN PRIVATE KEY----- +MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ALpOlFn4OfiIAkRAZGOsn7L6W3XoQBSV8 +mQVC2pw= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect233r1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAJQw+NWqFJXYw4dVMovzvw76OYnYOTaDaEPNW8ECAQbl +TzzbBSTp5iqM13mP0/Bo4OO66NS3lA9e/GTO +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect233r1:BOB_cf_sect233r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect233r1 +PeerKey=BOB_cf_sect233r1_PUB +SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect233r1 +PeerKey=ALICE_cf_sect233r1_PUB +SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect233r1 +PeerKey=BOB_cf_sect233r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect233r1 +PeerKey=ALICE_cf_sect233r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612 + +PublicKey=MALICE_cf_sect233r1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4 +Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4 +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect233r1 +PeerKey=MALICE_cf_sect233r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect233r1 +PeerKey=MALICE_cf_sect233r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + Title=sect239k1 curve tests PrivateKey=ALICE_cf_sect239k1 @@ -2358,6 +2846,450 @@ Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR Reason=point at infinity +Title=sect283k1 curve tests + +PrivateKey=ALICE_cf_sect283k1 +-----BEGIN PRIVATE KEY----- +MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQAY1Mi9rST7PiP1t03qYRczV/kSZ+VjQu8 +5EFCgxyvkaLManw= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect283k1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBMjBO8WoxHS/vz8po52WZGxS+RK5yolrUe6tfbAMA3Sd +5/JjBDVjOz95vM4gUnqzUWHN5nKBQtj6HiU9Q/R+zqg98OiQKTyA +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect283k1:ALICE_cf_sect283k1_PUB + +PrivateKey=BOB_cf_sect283k1 +-----BEGIN PRIVATE KEY----- +MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQBCZC8Is+YSjgXJBBDioEl6gu14QpGHllD +1J6957vBTPSQdH0= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect283k1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAGEQKZVHYAlvtjHrFyZVm12qUb5j+T5/WNoC962+kwUM +QkBYA5BpuG8Knlugq1iB31whPAgRCZfdLKHpHRPJSfXvKyUIdeUm +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect283k1:BOB_cf_sect283k1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect283k1 +PeerKey=BOB_cf_sect283k1_PUB +SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect283k1 +PeerKey=ALICE_cf_sect283k1_PUB +SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect283k1 +PeerKey=BOB_cf_sect283k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect283k1 +PeerKey=ALICE_cf_sect283k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169 + +PublicKey=MALICE_cf_sect283k1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect283k1 +PeerKey=MALICE_cf_sect283k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect283k1 +PeerKey=MALICE_cf_sect283k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + +Title=sect283r1 curve tests + +PrivateKey=ALICE_cf_sect283r1 +-----BEGIN PRIVATE KEY----- +MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQCQ5pqKvPxDysd1pi2Bv8Z11cFhsRZfuaf +4Pi0hpGr4ubZcHE= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect283r1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBcsrGDgO7pbGybQX/00gRHtQq3+X9XrGb7Uzv9Nabwc/ +kntnBMF0I2KU+aaTjQx1GVtmNf7CvFwPLEBnfKjJAjekjsGyIqoq +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect283r1:ALICE_cf_sect283r1_PUB + +PrivateKey=BOB_cf_sect283r1 +-----BEGIN PRIVATE KEY----- +MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQDxItnY3cDCrX/jGnVuAKDPaySZCr3E83Q +UdFnP6YIykt7+Pg= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect283r1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBJ2C9BCkX0YRfs2ufgUKvreUXFWp2AGK+iHlZB4N3LqO +PKpmAkrAeCMty6mw2mEnOR5HA1d4Ee+z7/NJgJJ80Ra9bFnreOW3 +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect283r1:BOB_cf_sect283r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect283r1 +PeerKey=BOB_cf_sect283r1_PUB +SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect283r1 +PeerKey=ALICE_cf_sect283r1_PUB +SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect283r1 +PeerKey=BOB_cf_sect283r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect283r1 +PeerKey=ALICE_cf_sect283r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8 + +PublicKey=MALICE_cf_sect283r1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAByvMnFeSsevoGYMIn7b4NaL9IgowRCTKF8CCrhdEKu3pubP2 +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect283r1 +PeerKey=MALICE_cf_sect283r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect283r1 +PeerKey=MALICE_cf_sect283r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + +Title=sect409k1 curve tests + +PrivateKey=ALICE_cf_sect409k1 +-----BEGIN PRIVATE KEY----- +MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMOthcLahkXFgM0wjOzm767D1A72sFRGlhb +bVH+EB7z2WpIcPX4OD+M4Y1pf/a7wSaoSAo= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect409k1_PUB +-----BEGIN PUBLIC KEY----- +MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAbiYYpeFgCMsZFMzQaiwMJDrC+mCMT7KmhYtD5EMMgLW +5OvhaqYdpRf49A8LOtVcRT7J5gGcMrXQgmQeS3FenA5owWnB2NIgrTNf5d8AAEtrOupsJ4c3kL6e +aAzayZ1+UCEj8skbC9U= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect409k1:ALICE_cf_sect409k1_PUB + +PrivateKey=BOB_cf_sect409k1 +-----BEGIN PRIVATE KEY----- +MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMO43ldQllTewdZwffH4OEXdzBrLwabKsn4 +6/hjgIAaYda/pt4yCEQLMp18QgtfMey5ENI= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect409k1_PUB +-----BEGIN PUBLIC KEY----- +MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAVTQj6hRizVmOx4Z6vroN/zMkmAY+QhkQ0CnFeJ0AydY +Fv+f+/420vMC1Mhqsc9VzPMmIAH6ZrgGKDsd4Ce9JUtYE0rVhGeiG2RaN1U5RlhVK4avkWhFlyQ5 +vuu4aApQiWE3yQd9v/I= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect409k1:BOB_cf_sect409k1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect409k1 +PeerKey=BOB_cf_sect409k1_PUB +SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect409k1 +PeerKey=ALICE_cf_sect409k1_PUB +SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect409k1 +PeerKey=BOB_cf_sect409k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect409k1 +PeerKey=ALICE_cf_sect409k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee + +PublicKey=MALICE_cf_sect409k1_PUB +-----BEGIN PUBLIC KEY----- +MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAA= +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect409k1 +PeerKey=MALICE_cf_sect409k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect409k1 +PeerKey=MALICE_cf_sect409k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + +Title=sect409r1 curve tests + +PrivateKey=ALICE_cf_sect409r1 +-----BEGIN PRIVATE KEY----- +MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQAxSC9lST5dtfXQI1Ug9VMMoue3GGni5ON ++gieyXK2KKbd29KAPs4/AOd8kX2wQDsZPO7E +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect409r1_PUB +-----BEGIN PUBLIC KEY----- +MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEASAvXAM15DJerAu1JttpBuMJK1/fEfFohu2iEpt3r7Ui +iQoER6HUsWiw1hhcJyTv7WzpJQHFWrOlJMe/KjmQa/CygSc65YHDzG27oUL+KGdQUGc79ZRSwl/q +fGZqa3D+bDVMwrhmZto= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect409r1:ALICE_cf_sect409r1_PUB + +PrivateKey=BOB_cf_sect409r1 +-----BEGIN PRIVATE KEY----- +MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQARen+1P3JQzBgOv0pUYwsZTPRVLpqqDAU +7mKL2lk9eH7zSGmtNoMvP2m1S2dBnXxFY/bV +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect409r1_PUB +-----BEGIN PUBLIC KEY----- +MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAbDUw066TtdfOpDvrlKosEyqUNEG7rY+AKvDqKw+HOzf +sUTYee6cEf71oqJ1sCKPQiYzlwCu/HLQeWPxISE6Uo+53kkeJml2xpMBwoE25Gq/DSS61dR7SRTZ ++sUmumbIuGzbrjtMRmw= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect409r1:BOB_cf_sect409r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect409r1 +PeerKey=BOB_cf_sect409r1_PUB +SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect409r1 +PeerKey=ALICE_cf_sect409r1_PUB +SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect409r1 +PeerKey=BOB_cf_sect409r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect409r1 +PeerKey=ALICE_cf_sect409r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad + +PublicKey=MALICE_cf_sect409r1_PUB +-----BEGIN PUBLIC KEY----- +MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAACZNffkdo7i7yL5tKKfU8tdk6su0K185XwbJkn96JWVDPZXZ3My +bFKKSOJ7hyrM8Lwl1e8= +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect409r1 +PeerKey=MALICE_cf_sect409r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect409r1 +PeerKey=MALICE_cf_sect409r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + +Title=sect571k1 curve tests + +PrivateKey=ALICE_cf_sect571k1 +-----BEGIN PRIVATE KEY----- +MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgB4agvk7Qdf9bVb9aMVdtXL0MuVw6dTleB +zrpPMYty/piI5GWkQEGVp4OJSjF1BGgWmtYSYlV0oI8jJ7hfWTjVGfVWix4ipb8= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect571k1_PUB +-----BEGIN PUBLIC KEY----- +MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDUZq0ZrgYpTXNpOptjExaur0K9FAYHv1j9cvAptwX +dcmQf3VqekMkGZCfNdqNeqCajG3QHRkBHe4FZhWr3FXi8whvvr463lUDf+t46un1kE6FTYfhILGa +sBZm7OdfkarYd9TXBbmnkFA+XkyPlkM1+6daM3/WmnegK+TYghFDXLgwiyF8s0ElllF7z38Gmc4= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect571k1:ALICE_cf_sect571k1_PUB + +PrivateKey=BOB_cf_sect571k1 +-----BEGIN PRIVATE KEY----- +MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgA3pINxGOI7L9M+Mil+bm/udPwI4xu7ubJ +p3aoOepTXW94laf8wjFLcQnRUwH87Vbq9VLQEfCAFvr2vZoBc+5asnNuDhRNNeQ= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect571k1_PUB +-----BEGIN PUBLIC KEY----- +MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDZRr5GCSq2uzGxmWNB+bED7zye18Rr/KehwXrbn1r +rKtR8fe+dg2V15FieC3qZe/wCpMtyp79VmEabGi6iGLlAN/rUE81URsA/K7GVpmklslV5gmwryR0 +3E7jGKPFesun9iNtmpgM18P9y3aJd4Qr4hMlwW2Nyw187l6QB/W2e/i+8vKXFTLHlz5WLAyAcpA= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect571k1:BOB_cf_sect571k1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect571k1 +PeerKey=BOB_cf_sect571k1_PUB +SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect571k1 +PeerKey=ALICE_cf_sect571k1_PUB +SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect571k1 +PeerKey=BOB_cf_sect571k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect571k1 +PeerKey=ALICE_cf_sect571k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2 + +PublicKey=MALICE_cf_sect571k1_PUB +-----BEGIN PUBLIC KEY----- +MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE= +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect571k1 +PeerKey=MALICE_cf_sect571k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect571k1 +PeerKey=MALICE_cf_sect571k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + +Title=sect571r1 curve tests + +PrivateKey=ALICE_cf_sect571r1 +-----BEGIN PRIVATE KEY----- +MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAxfL2/gUsmJonvDMR95Azq1ySgXMlKSRk ++PL+WaS92ZyOo45HaC7RpH5sdkf4b948u6y1BXOxGZuORXy6lgbgZ1Zx2UgL3cI= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect571r1_PUB +-----BEGIN PUBLIC KEY----- +MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBK5L9ccIWacU2A1srZ35opPu6kcbEOsBPmvj/rlMS +fFrdMOcagOYfcD0/ouYHPhvkHbr9k87IlQJfnV6ZNRA4PmWSp/FjkNwETm/fqTCUQHti/qqnKH7R +Ed4fYROLFGvz+PX6E20SryOt1vrmoRyC7Z5FVmgMVOQQ1AaBNAHi3+IPtKx41YdXdbqHJxuI5jE= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect571r1:ALICE_cf_sect571r1_PUB + +PrivateKey=BOB_cf_sect571r1 +-----BEGIN PRIVATE KEY----- +MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAzcRvASPpWi0ybpOGlj0Lozz01C2a5oDA +G5alib1EmZKcpVULxJXn75FQlTKpkUEuWUgA4yk5X5DTiScUuh4LDhaF3AFhsEY= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect571r1_PUB +-----BEGIN PUBLIC KEY----- +MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQH3dnL22NajtqDWTX6qD14w1BOlpHFBUPTr24VySlh +kiiBlOF95u7hFr/hSb7gm/3f+IVKyE18Sh2kR4KaxWcPWKY5xKTiqiICT7hCistuzNRt8gR+kNOT +c1rETMV6ZruZinwzEWWWjwJf6612oy2HG3CX3B8Rm+a3sS0q6IzowEwqmDv6v9bMTFk8bsCv0Fk= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect571r1:BOB_cf_sect571r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect571r1 +PeerKey=BOB_cf_sect571r1_PUB +SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect571r1 +PeerKey=ALICE_cf_sect571r1_PUB +SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect571r1 +PeerKey=BOB_cf_sect571r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect571r1 +PeerKey=ALICE_cf_sect571r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0 + +PublicKey=MALICE_cf_sect571r1_PUB +-----BEGIN PUBLIC KEY----- +MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHMtVWZAwgtd1zmgWN/9WC +aNQcWRNUKesEHXqhJVkC5jYsSACodKsLYFNrWEYM0gwG8DQONZSn93G+38EM45tkaZsIRDt2HEM= +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect571r1 +PeerKey=MALICE_cf_sect571r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect571r1 +PeerKey=MALICE_cf_sect571r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR +Reason=point at infinity + Title=wap-wsg-idm-ecid-wtls10 curve tests PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls10 diff --git a/test/recipes/30-test_evp_data/evppkey_ecc_nist.txt b/test/recipes/30-test_evp_data/evppkey_ecc_nist.txt deleted file mode 100644 index ffaa04233e..0000000000 --- a/test/recipes/30-test_evp_data/evppkey_ecc_nist.txt +++ /dev/null @@ -1,945 +0,0 @@ -# -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# Tests start with one of these keywords -# Cipher Decrypt Derive Digest Encoding KDF MAC PBE -# PrivPubKeyPair Sign Verify VerifyRecover -# and continue until a blank line. Lines starting with a pound sign are ignored. - -Title=prime192v1 curve tests - -PrivateKey=ALICE_cf_prime192v1 ------BEGIN PRIVATE KEY----- -MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhQFYLaobJ47BVWWZv/ByY8Ti69m/U9 -TeI= ------END PRIVATE KEY----- - -PublicKey=ALICE_cf_prime192v1_PUB ------BEGIN PUBLIC KEY----- -MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEHYbt14KzucSpmKMrlDx1IGz/a28nDs21OjKgx3BK -PZ78UrllIr69kgrYUKsRg4sd ------END PUBLIC KEY----- - -PrivPubKeyPair=ALICE_cf_prime192v1:ALICE_cf_prime192v1_PUB - -PrivateKey=BOB_cf_prime192v1 ------BEGIN PRIVATE KEY----- -MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhsbmKHAtygIqirkmUXSbniDJOx0/fI -CWM= ------END PRIVATE KEY----- - -PublicKey=BOB_cf_prime192v1_PUB ------BEGIN PUBLIC KEY----- -MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEJA+FQcXq5Axzv8pLDslxq1QVt1hjN2i0TgoO6Yxp -bAekMot69VorE8ibSzgJixXJ ------END PUBLIC KEY----- - -PrivPubKeyPair=BOB_cf_prime192v1:BOB_cf_prime192v1_PUB - -# ECDH Alice with Bob peer -Derive=ALICE_cf_prime192v1 -PeerKey=BOB_cf_prime192v1_PUB -SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 - -# ECDH Bob with Alice peer -Derive=BOB_cf_prime192v1 -PeerKey=ALICE_cf_prime192v1_PUB -SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 - -Title=prime256v1 curve tests - -PrivateKey=ALICE_cf_prime256v1 ------BEGIN PRIVATE KEY----- -MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDZE0NZiGAFJX6JQxumKTFRT+XFCQqJ -gHCUxmU2fRcn9Q== ------END PRIVATE KEY----- - -PublicKey=ALICE_cf_prime256v1_PUB ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5kDOrX6kmk1/jHfEdMBluFos6dyCbzKVOX3v2aa2 -y5IhlhTKtCJdydX+XWLDXWW9sbtIRNP94R3iOOpRPBqpGg== ------END PUBLIC KEY----- - -PrivPubKeyPair=ALICE_cf_prime256v1:ALICE_cf_prime256v1_PUB - -PrivateKey=BOB_cf_prime256v1 ------BEGIN PRIVATE KEY----- -MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCAxJgV1dLJw/o2Dmh1fIY1KpBd88WCP -23wZzR8DzhyCrA== ------END PRIVATE KEY----- - -PublicKey=BOB_cf_prime256v1_PUB ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5J6yA+j0zrGi6RilUhjrcL7OUMzYTwpnw5DdRXr0 -creHgE03EFV//7xqadB4BDwFIGM9MV2sE6qREEomWhZFeg== ------END PUBLIC KEY----- - -PrivPubKeyPair=BOB_cf_prime256v1:BOB_cf_prime256v1_PUB - -# ECDH Alice with Bob peer -Derive=ALICE_cf_prime256v1 -PeerKey=BOB_cf_prime256v1_PUB -SharedSecret=ee63690b553dcd9bccb066137725f0489395a83f4d280f309339d606c969734a - -# ECDH Bob with Alice peer -Derive=BOB_cf_prime256v1 -PeerKey=ALICE_cf_prime256v1_PUB -SharedSecret=ee63690b553dcd9bccb066137725f0489395a83f4d280f309339d606c969734a - -Title=secp224r1 curve tests - -PrivateKey=ALICE_cf_secp224r1 ------BEGIN PRIVATE KEY----- -MDoCAQAwEAYHKoZIzj0CAQYFK4EEACEEIzAhAgEBBBzeo7Y0HMfrIqKNm3r997jcfVAa4osa0AR2 -JA28 ------END PRIVATE KEY----- - -PublicKey=ALICE_cf_secp224r1_PUB ------BEGIN PUBLIC KEY----- -ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAExZc6o84XjBGLOosGj2t0QctgiyzF3NcVgy+DeW7stkVs -yS2tRzMPBpwnApRzoRsdJR99sb3eM2s= ------END PUBLIC KEY----- - -PrivPubKeyPair=ALICE_cf_secp224r1:ALICE_cf_secp224r1_PUB - -PrivateKey=BOB_cf_secp224r1 ------BEGIN PRIVATE KEY----- -MDoCAQAwEAYHKoZIzj0CAQYFK4EEACEEIzAhAgEBBBy2LsqxHhdlSiAmMYKQAEmjJWT22T42GYKo -ZvXM ------END PRIVATE KEY----- - -PublicKey=BOB_cf_secp224r1_PUB ------BEGIN PUBLIC KEY----- -ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAE71Eh6hwTKUrmyl2PdkY787GwxiohIcaqB4eK2Mwg6tU4 -LeJHWcgY18CgPKCaeldUgnkMcJzKj20= ------END PUBLIC KEY----- - -PrivPubKeyPair=BOB_cf_secp224r1:BOB_cf_secp224r1_PUB - -# ECDH Alice with Bob peer -Derive=ALICE_cf_secp224r1 -PeerKey=BOB_cf_secp224r1_PUB -SharedSecret=29d8b75934d74d5153bbb94e0370437c63ecc30bf3d2800ed1cb7eb5 - -# ECDH Bob with Alice peer -Derive=BOB_cf_secp224r1 -PeerKey=ALICE_cf_secp224r1_PUB -SharedSecret=29d8b75934d74d5153bbb94e0370437c63ecc30bf3d2800ed1cb7eb5 - -Title=secp384r1 curve tests - -PrivateKey=ALICE_cf_secp384r1 ------BEGIN PRIVATE KEY----- -ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDAp1ErG6wVjuJs90qVbUBxNpQK1wtV4ieX1 -bIU/4HssZK6WjOOTyYguyEBCOf/rUnw= ------END PRIVATE KEY----- - -PublicKey=ALICE_cf_secp384r1_PUB ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEx5rt+yujIuPoIXpHGmExKSi/P+58sGYoqgdpdOJUXzn2 -Rc4alCpSxVJeC55xvwaFHc3pzNyRGwnhPmN6oU/KMP6XjBvR4wq35mr/Sym5s0B2blAzkJU37idq -nTi3xGHx ------END PUBLIC KEY----- - -PrivPubKeyPair=ALICE_cf_secp384r1:ALICE_cf_secp384r1_PUB - -PrivateKey=BOB_cf_secp384r1 ------BEGIN PRIVATE KEY----- -ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDAUjVgPpiI+xXye0nfRhc8+12hLdWY4fpsO -Jq2MCp+W85xJwtXsEPrHj1XFnKVpM4c= ------END PRIVATE KEY----- - -PublicKey=BOB_cf_secp384r1_PUB ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE+JUBXRSHixH0TrcvYvIzep7+/WNpEhWdCPsLMygigW5j -pzP30MF41GnQYgfJu5wI/gu1C/jFTv1X6Dgmla3JxBYlPeD+1L0lEMT3evmHKMM/BFe3WKBuXyhP -ilrNtfee ------END PUBLIC KEY----- - -PrivPubKeyPair=BOB_cf_secp384r1:BOB_cf_secp384r1_PUB - -# ECDH Alice with Bob peer -Derive=ALICE_cf_secp384r1 -PeerKey=BOB_cf_secp384r1_PUB -SharedSecret=b3cfe488126e2731fb7c19f82e94fcc05e1dd303649a9257e858030b795c2d344a054b0c44a24fd7f5821f531a9b8cfb - -# ECDH Bob with Alice peer -Derive=BOB_cf_secp384r1 -PeerKey=ALICE_cf_secp384r1_PUB -SharedSecret=b3cfe488126e2731fb7c19f82e94fcc05e1dd303649a9257e858030b795c2d344a054b0c44a24fd7f5821f531a9b8cfb - -Title=secp521r1 curve tests - -PrivateKey=ALICE_cf_secp521r1 ------BEGIN PRIVATE KEY----- -MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIBsYIcUKeN2evB626LCdYWH/xzUiEDCdRP -rEENsC8//dowKnOCtlLtawh0DXTIZ/HhpUREuaoffdsmYb6+Oq1TRjc= ------END PRIVATE KEY----- - -PublicKey=ALICE_cf_secp521r1_PUB ------BEGIN PUBLIC KEY----- -MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBufYxJf/4Ds6g7LlFRVS62ljm3xApV2T79hfWH8Lv -iroIaCFjLBIfOVDF8jvj2PO1ar3yCLiSA2RiLZz1Y+tv/tcATHE0nS7l3SfGiGmEnVycEnhgqlKM -UM3kpdd7eNkQn5/GO8KAPQqA/sOnvTavg5S01t0ub+PY/w0Y6oBgthaUAW0= ------END PUBLIC KEY----- - -PrivPubKeyPair=ALICE_cf_secp521r1:ALICE_cf_secp521r1_PUB - -PrivateKey=BOB_cf_secp521r1 ------BEGIN PRIVATE KEY----- -MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIB+3/adZnNwr6GFUzZpi8So7pC/5FYQ0+0 -lMmoUjGvy8DNADcHaPpW68hX/M+z7LrK0Jpnonb9JSEXlgjOPVe4Ea8= ------END PRIVATE KEY----- - -PublicKey=BOB_cf_secp521r1_PUB ------BEGIN PUBLIC KEY----- -MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBLq2fjyCalnvr24tjaz87ijIWlLMoCH7Hmyq1t2l8 -PFbyBIZbngDC0gwFM5ZI582QSWlW79G3clJP9VxlJOsms50BYBYgd6o2JF4w8AnShVXxFSJU1py4 -klCDNhTFybRHFXpujfuUeNnFxAGIUb4edJ0fAqqc7kkERhYe8EPEZYMKp3Q= ------END PUBLIC KEY----- - -PrivPubKeyPair=BOB_cf_secp521r1:BOB_cf_secp521r1_PUB - -# ECDH Alice with Bob peer -Derive=ALICE_cf_secp521r1 -PeerKey=BOB_cf_secp521r1_PUB -SharedSecret=01dd4aa9037bb4ad298b420998dcd32b3a9af1cda8b7919e372aeb4e54ccfb4d2409a340ed896bfbc5dd462f8d96b8784bc17b29db3ca04700e6ec752f9bec777695 - -# ECDH Bob with Alice peer -Derive=BOB_cf_secp521r1 -PeerKey=ALICE_cf_secp521r1_PUB -SharedSecret=01dd4aa9037bb4ad298b420998dcd32b3a9af1cda8b7919e372aeb4e54ccfb4d2409a340ed896bfbc5dd462f8d96b8784bc17b29db3ca04700e6ec752f9bec777695 - -Title=sect163k1 curve tests - -PrivateKey=ALICE_cf_sect163k1 ------BEGIN PRIVATE KEY----- -MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUB905PYfmej8LzbzX6Bg51GJzXQjQ= ------END PRIVATE KEY----- - -PublicKey=ALICE_cf_sect163k1_PUB ------BEGIN PUBLIC KEY----- -MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBfvs5A1hD8YySP9O2ub8GEUfotVuBpfRx4GIHdAfx8wV -1UVeTRnyAlWU ------END PUBLIC KEY----- - -PrivPubKeyPair=ALICE_cf_sect163k1:ALICE_cf_sect163k1_PUB - -PrivateKey=BOB_cf_sect163k1 ------BEGIN PRIVATE KEY----- -MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUCHPtCjJ4/K8ylQBcLlb5VE0bkaUE= ------END PRIVATE KEY----- - -PublicKey=BOB_cf_sect163k1_PUB ------BEGIN PUBLIC KEY----- -MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBvgfX1mTRlt6Z4TE1D1MNWo4loH4AoeYa6oowK104LKk -nsdg7isQ8XBD ------END PUBLIC KEY----- - -PrivPubKeyPair=BOB_cf_sect163k1:BOB_cf_sect163k1_PUB - -# ECDH Alice with Bob peer -Derive=ALICE_cf_sect163k1 -PeerKey=BOB_cf_sect163k1_PUB -SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b - -# ECDH Bob with Alice peer -Derive=BOB_cf_sect163k1 -PeerKey=ALICE_cf_sect163k1_PUB -SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b - -# ECC CDH Alice with Bob peer -Derive=ALICE_cf_sect163k1 -PeerKey=BOB_cf_sect163k1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77 - -# ECC CDH Bob with Alice peer -Derive=BOB_cf_sect163k1 -PeerKey=ALICE_cf_sect163k1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77 - -PublicKey=MALICE_cf_sect163k1_PUB ------BEGIN PUBLIC KEY----- -MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAB ------END PUBLIC KEY----- - -# ECC CDH Bob with Malice peer -Derive=BOB_cf_sect163k1 -PeerKey=MALICE_cf_sect163k1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -# ECC CDH Alice with Malice peer -Derive=ALICE_cf_sect163k1 -PeerKey=MALICE_cf_sect163k1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -Title=sect163r2 curve tests - -PrivateKey=ALICE_cf_sect163r2 ------BEGIN PRIVATE KEY----- -MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBjCs/M3N31jsAueYrOq21vdETwAI= ------END PRIVATE KEY----- - -PublicKey=ALICE_cf_sect163r2_PUB ------BEGIN PUBLIC KEY----- -MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBd8Z1/HpA+89hF4I98EST3svWns3BAEbhWmL/fgxk2uu -YwVrmqhgqH/C ------END PUBLIC KEY----- - -PrivPubKeyPair=ALICE_cf_sect163r2:ALICE_cf_sect163r2_PUB - -PrivateKey=BOB_cf_sect163r2 ------BEGIN PRIVATE KEY----- -MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBsiouT9Df+mwHWrpPg1JSrY9nqlI= ------END PRIVATE KEY----- - -PublicKey=BOB_cf_sect163r2_PUB ------BEGIN PUBLIC KEY----- -MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBULqBZ+nhLhDEMYY8NEEzZ126MdxAcFXWv8zmPEH9505 -8vT5zU3aq6HV ------END PUBLIC KEY----- - -PrivPubKeyPair=BOB_cf_sect163r2:BOB_cf_sect163r2_PUB - -# ECDH Alice with Bob peer -Derive=ALICE_cf_sect163r2 -PeerKey=BOB_cf_sect163r2_PUB -SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d - -# ECDH Bob with Alice peer -Derive=BOB_cf_sect163r2 -PeerKey=ALICE_cf_sect163r2_PUB -SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d - -# ECC CDH Alice with Bob peer -Derive=ALICE_cf_sect163r2 -PeerKey=BOB_cf_sect163r2_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f - -# ECC CDH Bob with Alice peer -Derive=BOB_cf_sect163r2 -PeerKey=ALICE_cf_sect163r2_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f - -PublicKey=MALICE_cf_sect163r2_PUB ------BEGIN PUBLIC KEY----- -MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJbhbrfiSdZPSHD -ZtqJwDlp802l ------END PUBLIC KEY----- - -# ECC CDH Bob with Malice peer -Derive=BOB_cf_sect163r2 -PeerKey=MALICE_cf_sect163r2_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -# ECC CDH Alice with Malice peer -Derive=ALICE_cf_sect163r2 -PeerKey=MALICE_cf_sect163r2_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -Title=sect233k1 curve tests - -PrivateKey=ALICE_cf_sect233k1 ------BEGIN PRIVATE KEY----- -MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB0z/3heNFjJL+2sAT/38yRsN3kt2iXz7u+y -Gua8Kw== ------END PRIVATE KEY----- - -PublicKey=ALICE_cf_sect233k1_PUB ------BEGIN PUBLIC KEY----- -MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEALQyn0zJmOrHm4S2EIjxRe899PadBnfpYjLKWGvpAIzf -MEG861Nv1IYJkmkO1xlfNHeeRtqFgsQVFKZh ------END PUBLIC KEY----- - -PrivPubKeyPair=ALICE_cf_sect233k1:ALICE_cf_sect233k1_PUB - -PrivateKey=BOB_cf_sect233k1 ------BEGIN PRIVATE KEY----- -MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB1I0ucrC4d9i6Z+0cbar5r7uKpF5iiQkSJA -DFMTUA== ------END PRIVATE KEY----- - -PublicKey=BOB_cf_sect233k1_PUB ------BEGIN PUBLIC KEY----- -MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAatdqazxSghJ568CBFyMXhEvVeAiLewOY/jk9H5DAOB4 -ufNGbdd131KLaKPivB38a6n5Y+2BVSJangow ------END PUBLIC KEY----- - -PrivPubKeyPair=BOB_cf_sect233k1:BOB_cf_sect233k1_PUB - -# ECDH Alice with Bob peer -Derive=ALICE_cf_sect233k1 -PeerKey=BOB_cf_sect233k1_PUB -SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 - -# ECDH Bob with Alice peer -Derive=BOB_cf_sect233k1 -PeerKey=ALICE_cf_sect233k1_PUB -SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 - -# ECC CDH Alice with Bob peer -Derive=ALICE_cf_sect233k1 -PeerKey=BOB_cf_sect233k1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d - -# ECC CDH Bob with Alice peer -Derive=BOB_cf_sect233k1 -PeerKey=ALICE_cf_sect233k1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d - -PublicKey=MALICE_cf_sect233k1_PUB ------BEGIN PUBLIC KEY----- -MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ------END PUBLIC KEY----- - -# ECC CDH Bob with Malice peer -Derive=BOB_cf_sect233k1 -PeerKey=MALICE_cf_sect233k1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -# ECC CDH Alice with Malice peer -Derive=ALICE_cf_sect233k1 -PeerKey=MALICE_cf_sect233k1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -Title=sect233r1 curve tests - -PrivateKey=ALICE_cf_sect233r1 ------BEGIN PRIVATE KEY----- -MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ATcy7zVpIsJ9rl5EIDmzRz5wxjrDIQyDm -HP3Pt8Y= ------END PRIVATE KEY----- - -PublicKey=ALICE_cf_sect233r1_PUB ------BEGIN PUBLIC KEY----- -MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAQMQHiJ44LiCnZkEg1zyww1h+idTbsw8E07P33WUAUfD -NeQ4hWEhTXPnytIbEhFKpnd3j/FbyZnJqxh8 ------END PUBLIC KEY----- - -PrivPubKeyPair=ALICE_cf_sect233r1:ALICE_cf_sect233r1_PUB - -PrivateKey=BOB_cf_sect233r1 ------BEGIN PRIVATE KEY----- -MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ALpOlFn4OfiIAkRAZGOsn7L6W3XoQBSV8 -mQVC2pw= ------END PRIVATE KEY----- - -PublicKey=BOB_cf_sect233r1_PUB ------BEGIN PUBLIC KEY----- -MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAJQw+NWqFJXYw4dVMovzvw76OYnYOTaDaEPNW8ECAQbl -TzzbBSTp5iqM13mP0/Bo4OO66NS3lA9e/GTO ------END PUBLIC KEY----- - -PrivPubKeyPair=BOB_cf_sect233r1:BOB_cf_sect233r1_PUB - -# ECDH Alice with Bob peer -Derive=ALICE_cf_sect233r1 -PeerKey=BOB_cf_sect233r1_PUB -SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 - -# ECDH Bob with Alice peer -Derive=BOB_cf_sect233r1 -PeerKey=ALICE_cf_sect233r1_PUB -SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 - -# ECC CDH Alice with Bob peer -Derive=ALICE_cf_sect233r1 -PeerKey=BOB_cf_sect233r1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612 - -# ECC CDH Bob with Alice peer -Derive=BOB_cf_sect233r1 -PeerKey=ALICE_cf_sect233r1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612 - -PublicKey=MALICE_cf_sect233r1_PUB ------BEGIN PUBLIC KEY----- -MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4 -Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4 ------END PUBLIC KEY----- - -# ECC CDH Bob with Malice peer -Derive=BOB_cf_sect233r1 -PeerKey=MALICE_cf_sect233r1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -# ECC CDH Alice with Malice peer -Derive=ALICE_cf_sect233r1 -PeerKey=MALICE_cf_sect233r1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -Title=sect283k1 curve tests - -PrivateKey=ALICE_cf_sect283k1 ------BEGIN PRIVATE KEY----- -MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQAY1Mi9rST7PiP1t03qYRczV/kSZ+VjQu8 -5EFCgxyvkaLManw= ------END PRIVATE KEY----- - -PublicKey=ALICE_cf_sect283k1_PUB ------BEGIN PUBLIC KEY----- -MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBMjBO8WoxHS/vz8po52WZGxS+RK5yolrUe6tfbAMA3Sd -5/JjBDVjOz95vM4gUnqzUWHN5nKBQtj6HiU9Q/R+zqg98OiQKTyA ------END PUBLIC KEY----- - -PrivPubKeyPair=ALICE_cf_sect283k1:ALICE_cf_sect283k1_PUB - -PrivateKey=BOB_cf_sect283k1 ------BEGIN PRIVATE KEY----- -MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQBCZC8Is+YSjgXJBBDioEl6gu14QpGHllD -1J6957vBTPSQdH0= ------END PRIVATE KEY----- - -PublicKey=BOB_cf_sect283k1_PUB ------BEGIN PUBLIC KEY----- -MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAGEQKZVHYAlvtjHrFyZVm12qUb5j+T5/WNoC962+kwUM -QkBYA5BpuG8Knlugq1iB31whPAgRCZfdLKHpHRPJSfXvKyUIdeUm ------END PUBLIC KEY----- - -PrivPubKeyPair=BOB_cf_sect283k1:BOB_cf_sect283k1_PUB - -# ECDH Alice with Bob peer -Derive=ALICE_cf_sect283k1 -PeerKey=BOB_cf_sect283k1_PUB -SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c - -# ECDH Bob with Alice peer -Derive=BOB_cf_sect283k1 -PeerKey=ALICE_cf_sect283k1_PUB -SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c - -# ECC CDH Alice with Bob peer -Derive=ALICE_cf_sect283k1 -PeerKey=BOB_cf_sect283k1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169 - -# ECC CDH Bob with Alice peer -Derive=BOB_cf_sect283k1 -PeerKey=ALICE_cf_sect283k1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169 - -PublicKey=MALICE_cf_sect283k1_PUB ------BEGIN PUBLIC KEY----- -MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB ------END PUBLIC KEY----- - -# ECC CDH Bob with Malice peer -Derive=BOB_cf_sect283k1 -PeerKey=MALICE_cf_sect283k1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -# ECC CDH Alice with Malice peer -Derive=ALICE_cf_sect283k1 -PeerKey=MALICE_cf_sect283k1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -Title=sect283r1 curve tests - -PrivateKey=ALICE_cf_sect283r1 ------BEGIN PRIVATE KEY----- -MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQCQ5pqKvPxDysd1pi2Bv8Z11cFhsRZfuaf -4Pi0hpGr4ubZcHE= ------END PRIVATE KEY----- - -PublicKey=ALICE_cf_sect283r1_PUB ------BEGIN PUBLIC KEY----- -MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBcsrGDgO7pbGybQX/00gRHtQq3+X9XrGb7Uzv9Nabwc/ -kntnBMF0I2KU+aaTjQx1GVtmNf7CvFwPLEBnfKjJAjekjsGyIqoq ------END PUBLIC KEY----- - -PrivPubKeyPair=ALICE_cf_sect283r1:ALICE_cf_sect283r1_PUB - -PrivateKey=BOB_cf_sect283r1 ------BEGIN PRIVATE KEY----- -MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQDxItnY3cDCrX/jGnVuAKDPaySZCr3E83Q -UdFnP6YIykt7+Pg= ------END PRIVATE KEY----- - -PublicKey=BOB_cf_sect283r1_PUB ------BEGIN PUBLIC KEY----- -MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBJ2C9BCkX0YRfs2ufgUKvreUXFWp2AGK+iHlZB4N3LqO -PKpmAkrAeCMty6mw2mEnOR5HA1d4Ee+z7/NJgJJ80Ra9bFnreOW3 ------END PUBLIC KEY----- - -PrivPubKeyPair=BOB_cf_sect283r1:BOB_cf_sect283r1_PUB - -# ECDH Alice with Bob peer -Derive=ALICE_cf_sect283r1 -PeerKey=BOB_cf_sect283r1_PUB -SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 - -# ECDH Bob with Alice peer -Derive=BOB_cf_sect283r1 -PeerKey=ALICE_cf_sect283r1_PUB -SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 - -# ECC CDH Alice with Bob peer -Derive=ALICE_cf_sect283r1 -PeerKey=BOB_cf_sect283r1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8 - -# ECC CDH Bob with Alice peer -Derive=BOB_cf_sect283r1 -PeerKey=ALICE_cf_sect283r1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8 - -PublicKey=MALICE_cf_sect283r1_PUB ------BEGIN PUBLIC KEY----- -MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAByvMnFeSsevoGYMIn7b4NaL9IgowRCTKF8CCrhdEKu3pubP2 ------END PUBLIC KEY----- - -# ECC CDH Bob with Malice peer -Derive=BOB_cf_sect283r1 -PeerKey=MALICE_cf_sect283r1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -# ECC CDH Alice with Malice peer -Derive=ALICE_cf_sect283r1 -PeerKey=MALICE_cf_sect283r1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -Title=sect409k1 curve tests - -PrivateKey=ALICE_cf_sect409k1 ------BEGIN PRIVATE KEY----- -MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMOthcLahkXFgM0wjOzm767D1A72sFRGlhb -bVH+EB7z2WpIcPX4OD+M4Y1pf/a7wSaoSAo= ------END PRIVATE KEY----- - -PublicKey=ALICE_cf_sect409k1_PUB ------BEGIN PUBLIC KEY----- -MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAbiYYpeFgCMsZFMzQaiwMJDrC+mCMT7KmhYtD5EMMgLW -5OvhaqYdpRf49A8LOtVcRT7J5gGcMrXQgmQeS3FenA5owWnB2NIgrTNf5d8AAEtrOupsJ4c3kL6e -aAzayZ1+UCEj8skbC9U= ------END PUBLIC KEY----- - -PrivPubKeyPair=ALICE_cf_sect409k1:ALICE_cf_sect409k1_PUB - -PrivateKey=BOB_cf_sect409k1 ------BEGIN PRIVATE KEY----- -MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMO43ldQllTewdZwffH4OEXdzBrLwabKsn4 -6/hjgIAaYda/pt4yCEQLMp18QgtfMey5ENI= ------END PRIVATE KEY----- - -PublicKey=BOB_cf_sect409k1_PUB ------BEGIN PUBLIC KEY----- -MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAVTQj6hRizVmOx4Z6vroN/zMkmAY+QhkQ0CnFeJ0AydY -Fv+f+/420vMC1Mhqsc9VzPMmIAH6ZrgGKDsd4Ce9JUtYE0rVhGeiG2RaN1U5RlhVK4avkWhFlyQ5 -vuu4aApQiWE3yQd9v/I= ------END PUBLIC KEY----- - -PrivPubKeyPair=BOB_cf_sect409k1:BOB_cf_sect409k1_PUB - -# ECDH Alice with Bob peer -Derive=ALICE_cf_sect409k1 -PeerKey=BOB_cf_sect409k1_PUB -SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 - -# ECDH Bob with Alice peer -Derive=BOB_cf_sect409k1 -PeerKey=ALICE_cf_sect409k1_PUB -SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 - -# ECC CDH Alice with Bob peer -Derive=ALICE_cf_sect409k1 -PeerKey=BOB_cf_sect409k1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee - -# ECC CDH Bob with Alice peer -Derive=BOB_cf_sect409k1 -PeerKey=ALICE_cf_sect409k1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee - -PublicKey=MALICE_cf_sect409k1_PUB ------BEGIN PUBLIC KEY----- -MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAA= ------END PUBLIC KEY----- - -# ECC CDH Bob with Malice peer -Derive=BOB_cf_sect409k1 -PeerKey=MALICE_cf_sect409k1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -# ECC CDH Alice with Malice peer -Derive=ALICE_cf_sect409k1 -PeerKey=MALICE_cf_sect409k1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -Title=sect409r1 curve tests - -PrivateKey=ALICE_cf_sect409r1 ------BEGIN PRIVATE KEY----- -MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQAxSC9lST5dtfXQI1Ug9VMMoue3GGni5ON -+gieyXK2KKbd29KAPs4/AOd8kX2wQDsZPO7E ------END PRIVATE KEY----- - -PublicKey=ALICE_cf_sect409r1_PUB ------BEGIN PUBLIC KEY----- -MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEASAvXAM15DJerAu1JttpBuMJK1/fEfFohu2iEpt3r7Ui -iQoER6HUsWiw1hhcJyTv7WzpJQHFWrOlJMe/KjmQa/CygSc65YHDzG27oUL+KGdQUGc79ZRSwl/q -fGZqa3D+bDVMwrhmZto= ------END PUBLIC KEY----- - -PrivPubKeyPair=ALICE_cf_sect409r1:ALICE_cf_sect409r1_PUB - -PrivateKey=BOB_cf_sect409r1 ------BEGIN PRIVATE KEY----- -MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQARen+1P3JQzBgOv0pUYwsZTPRVLpqqDAU -7mKL2lk9eH7zSGmtNoMvP2m1S2dBnXxFY/bV ------END PRIVATE KEY----- - -PublicKey=BOB_cf_sect409r1_PUB ------BEGIN PUBLIC KEY----- -MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAbDUw066TtdfOpDvrlKosEyqUNEG7rY+AKvDqKw+HOzf -sUTYee6cEf71oqJ1sCKPQiYzlwCu/HLQeWPxISE6Uo+53kkeJml2xpMBwoE25Gq/DSS61dR7SRTZ -+sUmumbIuGzbrjtMRmw= ------END PUBLIC KEY----- - -PrivPubKeyPair=BOB_cf_sect409r1:BOB_cf_sect409r1_PUB - -# ECDH Alice with Bob peer -Derive=ALICE_cf_sect409r1 -PeerKey=BOB_cf_sect409r1_PUB -SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 - -# ECDH Bob with Alice peer -Derive=BOB_cf_sect409r1 -PeerKey=ALICE_cf_sect409r1_PUB -SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 - -# ECC CDH Alice with Bob peer -Derive=ALICE_cf_sect409r1 -PeerKey=BOB_cf_sect409r1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad - -# ECC CDH Bob with Alice peer -Derive=BOB_cf_sect409r1 -PeerKey=ALICE_cf_sect409r1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad - -PublicKey=MALICE_cf_sect409r1_PUB ------BEGIN PUBLIC KEY----- -MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAACZNffkdo7i7yL5tKKfU8tdk6su0K185XwbJkn96JWVDPZXZ3My -bFKKSOJ7hyrM8Lwl1e8= ------END PUBLIC KEY----- - -# ECC CDH Bob with Malice peer -Derive=BOB_cf_sect409r1 -PeerKey=MALICE_cf_sect409r1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -# ECC CDH Alice with Malice peer -Derive=ALICE_cf_sect409r1 -PeerKey=MALICE_cf_sect409r1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -Title=sect571k1 curve tests - -PrivateKey=ALICE_cf_sect571k1 ------BEGIN PRIVATE KEY----- -MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgB4agvk7Qdf9bVb9aMVdtXL0MuVw6dTleB -zrpPMYty/piI5GWkQEGVp4OJSjF1BGgWmtYSYlV0oI8jJ7hfWTjVGfVWix4ipb8= ------END PRIVATE KEY----- - -PublicKey=ALICE_cf_sect571k1_PUB ------BEGIN PUBLIC KEY----- -MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDUZq0ZrgYpTXNpOptjExaur0K9FAYHv1j9cvAptwX -dcmQf3VqekMkGZCfNdqNeqCajG3QHRkBHe4FZhWr3FXi8whvvr463lUDf+t46un1kE6FTYfhILGa -sBZm7OdfkarYd9TXBbmnkFA+XkyPlkM1+6daM3/WmnegK+TYghFDXLgwiyF8s0ElllF7z38Gmc4= ------END PUBLIC KEY----- - -PrivPubKeyPair=ALICE_cf_sect571k1:ALICE_cf_sect571k1_PUB - -PrivateKey=BOB_cf_sect571k1 ------BEGIN PRIVATE KEY----- -MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgA3pINxGOI7L9M+Mil+bm/udPwI4xu7ubJ -p3aoOepTXW94laf8wjFLcQnRUwH87Vbq9VLQEfCAFvr2vZoBc+5asnNuDhRNNeQ= ------END PRIVATE KEY----- - -PublicKey=BOB_cf_sect571k1_PUB ------BEGIN PUBLIC KEY----- -MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDZRr5GCSq2uzGxmWNB+bED7zye18Rr/KehwXrbn1r -rKtR8fe+dg2V15FieC3qZe/wCpMtyp79VmEabGi6iGLlAN/rUE81URsA/K7GVpmklslV5gmwryR0 -3E7jGKPFesun9iNtmpgM18P9y3aJd4Qr4hMlwW2Nyw187l6QB/W2e/i+8vKXFTLHlz5WLAyAcpA= ------END PUBLIC KEY----- - -PrivPubKeyPair=BOB_cf_sect571k1:BOB_cf_sect571k1_PUB - -# ECDH Alice with Bob peer -Derive=ALICE_cf_sect571k1 -PeerKey=BOB_cf_sect571k1_PUB -SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c - -# ECDH Bob with Alice peer -Derive=BOB_cf_sect571k1 -PeerKey=ALICE_cf_sect571k1_PUB -SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c - -# ECC CDH Alice with Bob peer -Derive=ALICE_cf_sect571k1 -PeerKey=BOB_cf_sect571k1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2 - -# ECC CDH Bob with Alice peer -Derive=BOB_cf_sect571k1 -PeerKey=ALICE_cf_sect571k1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2 - -PublicKey=MALICE_cf_sect571k1_PUB ------BEGIN PUBLIC KEY----- -MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE= ------END PUBLIC KEY----- - -# ECC CDH Bob with Malice peer -Derive=BOB_cf_sect571k1 -PeerKey=MALICE_cf_sect571k1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -# ECC CDH Alice with Malice peer -Derive=ALICE_cf_sect571k1 -PeerKey=MALICE_cf_sect571k1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -Title=sect571r1 curve tests - -PrivateKey=ALICE_cf_sect571r1 ------BEGIN PRIVATE KEY----- -MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAxfL2/gUsmJonvDMR95Azq1ySgXMlKSRk -+PL+WaS92ZyOo45HaC7RpH5sdkf4b948u6y1BXOxGZuORXy6lgbgZ1Zx2UgL3cI= ------END PRIVATE KEY----- - -PublicKey=ALICE_cf_sect571r1_PUB ------BEGIN PUBLIC KEY----- -MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBK5L9ccIWacU2A1srZ35opPu6kcbEOsBPmvj/rlMS -fFrdMOcagOYfcD0/ouYHPhvkHbr9k87IlQJfnV6ZNRA4PmWSp/FjkNwETm/fqTCUQHti/qqnKH7R -Ed4fYROLFGvz+PX6E20SryOt1vrmoRyC7Z5FVmgMVOQQ1AaBNAHi3+IPtKx41YdXdbqHJxuI5jE= ------END PUBLIC KEY----- - -PrivPubKeyPair=ALICE_cf_sect571r1:ALICE_cf_sect571r1_PUB - -PrivateKey=BOB_cf_sect571r1 ------BEGIN PRIVATE KEY----- -MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAzcRvASPpWi0ybpOGlj0Lozz01C2a5oDA -G5alib1EmZKcpVULxJXn75FQlTKpkUEuWUgA4yk5X5DTiScUuh4LDhaF3AFhsEY= ------END PRIVATE KEY----- - -PublicKey=BOB_cf_sect571r1_PUB ------BEGIN PUBLIC KEY----- -MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQH3dnL22NajtqDWTX6qD14w1BOlpHFBUPTr24VySlh -kiiBlOF95u7hFr/hSb7gm/3f+IVKyE18Sh2kR4KaxWcPWKY5xKTiqiICT7hCistuzNRt8gR+kNOT -c1rETMV6ZruZinwzEWWWjwJf6612oy2HG3CX3B8Rm+a3sS0q6IzowEwqmDv6v9bMTFk8bsCv0Fk= ------END PUBLIC KEY----- - -PrivPubKeyPair=BOB_cf_sect571r1:BOB_cf_sect571r1_PUB - -# ECDH Alice with Bob peer -Derive=ALICE_cf_sect571r1 -PeerKey=BOB_cf_sect571r1_PUB -SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 - -# ECDH Bob with Alice peer -Derive=BOB_cf_sect571r1 -PeerKey=ALICE_cf_sect571r1_PUB -SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 - -# ECC CDH Alice with Bob peer -Derive=ALICE_cf_sect571r1 -PeerKey=BOB_cf_sect571r1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0 - -# ECC CDH Bob with Alice peer -Derive=BOB_cf_sect571r1 -PeerKey=ALICE_cf_sect571r1_PUB -Ctrl=ecdh_cofactor_mode:1 -SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0 - -PublicKey=MALICE_cf_sect571r1_PUB ------BEGIN PUBLIC KEY----- -MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHMtVWZAwgtd1zmgWN/9WC -aNQcWRNUKesEHXqhJVkC5jYsSACodKsLYFNrWEYM0gwG8DQONZSn93G+38EM45tkaZsIRDt2HEM= ------END PUBLIC KEY----- - -# ECC CDH Bob with Malice peer -Derive=BOB_cf_sect571r1 -PeerKey=MALICE_cf_sect571r1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - -# ECC CDH Alice with Malice peer -Derive=ALICE_cf_sect571r1 -PeerKey=MALICE_cf_sect571r1_PUB -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity - diff --git a/test/recipes/30-test_evp_data/evppkey_ecdh.txt b/test/recipes/30-test_evp_data/evppkey_ecdh.txt index f60df1d259..35b507896e 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecdh.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecdh.txt @@ -17,6 +17,53 @@ # Private keys used for PKEY operations. +# EC P-256 key + +PrivateKey=P-256 +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiocvtiiTxNH/xbnw ++RdYBp+DUuCPoFpJ+NuSbLVyhyWhRANCAAQsFQ9CnOcPIWwlLPXgYs4fY5zV0WXH ++JQkBywnGX14szuSDpXNtmTpkNzwz+oNlOKo5q+dDlgFbmUxBJJbn+bJ +-----END PRIVATE KEY----- + +# EC public key for above + +PublicKey=P-256-PUBLIC +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUPQpznDyFsJSz14GLOH2Oc1dFl +x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ== +-----END PUBLIC KEY----- + +PrivPubKeyPair = P-256:P-256-PUBLIC + +# Additional EC key for ECDH +PrivateKey=P-256-Peer +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/URzu1TDNwUFWZ3i +dLISAZpEY0vfJ2pLB7f+Xnjyl2OhRANCAAQgBuXhSgeKpz+4piXlYSVLvy0NT+wK +uZWUI3LqUUCV07wg+RLLMY8yNK9kjqcgZDs/cB+bet64nQq+dNnvtpxG +-----END PRIVATE KEY----- + +PublicKey=P-256-Peer-PUBLIC +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIAbl4UoHiqc/uKYl5WElS78tDU/s +CrmVlCNy6lFAldO8IPkSyzGPMjSvZI6nIGQ7P3Afm3reuJ0KvnTZ77acRg== +-----END PUBLIC KEY----- + +PrivPubKeyPair = P-256-Peer:P-256-Peer-PUBLIC + +Title = ECDH tests + + +Derive=P-256 +PeerKey=P-256-Peer-PUBLIC +SharedSecret=E3CC07DFBDDE76A1139811DB9FF5FAF9D17EF39944F1E77D1F6A208524BF7B1B + + +Derive=P-256-Peer +PeerKey=P-256-PUBLIC +SharedSecret=E3CC07DFBDDE76A1139811DB9FF5FAF9D17EF39944F1E77D1F6A208524BF7B1B + Title = ECDH tests (with random keys) # TEST CURVE secp112r1 @@ -423,6 +470,52 @@ Derive=BOB_secp224k1 PeerKey=ALICE_secp224k1_PUB SharedSecret=80b65e65fe29c779213dd31189d371ff57b0b2bf08c6458ed142399a +# TEST CURVE secp224r1 + +PrivateKey=ALICE_secp224r1 +-----BEGIN PRIVATE KEY----- +MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBxLKkXFJXYqGUlTsmgjlesi +kwqejrekrkSTbehyoTwDOgAEUcEh0Ggy/rD+Nj9JQozzI+qzPtiU7b2D2HtdCa4h +fbVPXngcRH2B2xN8W+dcHoIxrxO2UFXy4xo= +-----END PRIVATE KEY----- + +PublicKey=ALICE_secp224r1_PUB +-----BEGIN PUBLIC KEY----- +ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEUcEh0Ggy/rD+Nj9JQozzI+qzPtiU7b2D +2HtdCa4hfbVPXngcRH2B2xN8W+dcHoIxrxO2UFXy4xo= +-----END PUBLIC KEY----- + +PrivPubKeyPair = ALICE_secp224r1:ALICE_secp224r1_PUB + + +PrivateKey=BOB_secp224r1 +-----BEGIN PRIVATE KEY----- +MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBzOHGGUR3fZYg3GSaUN6pxo +NQtAlOzM3UclEhMzoTwDOgAEdwFklK/YoDRU6bM7X2ulNLwqx9TUETMFUM6VV9DB +4YcvAzv6pQgVwYEU7IahmSKpX19chbPt2I0= +-----END PRIVATE KEY----- + +PublicKey=BOB_secp224r1_PUB +-----BEGIN PUBLIC KEY----- +ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEdwFklK/YoDRU6bM7X2ulNLwqx9TUETMF +UM6VV9DB4YcvAzv6pQgVwYEU7IahmSKpX19chbPt2I0= +-----END PUBLIC KEY----- + +PrivPubKeyPair = BOB_secp224r1:BOB_secp224r1_PUB + + +# ECDH Alice with Bob peer + +Derive=ALICE_secp224r1 +PeerKey=BOB_secp224r1_PUB +SharedSecret=34ea06d16d82f0d1725de47f3639ac0c23db7d7ed68f01488539a2a5 + +# ECDH Bob with Alice peer + +Derive=BOB_secp224r1 +PeerKey=ALICE_secp224r1_PUB +SharedSecret=34ea06d16d82f0d1725de47f3639ac0c23db7d7ed68f01488539a2a5 + # TEST CURVE secp256k1 PrivateKey=ALICE_secp256k1 @@ -469,6 +562,158 @@ Derive=BOB_secp256k1 PeerKey=ALICE_secp256k1_PUB SharedSecret=af43b52790082fd87afb1d14b883c12d12bb9e554080d1f8e527920676e31f3e +# TEST CURVE secp384r1 + +PrivateKey=ALICE_secp384r1 +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCxE7Q4m1dsK7M3Otxo +cgY/ejX9JOKKdAtSnRiU4bnK3eFmALkMN7XIveQnWLB1PEKhZANiAAQaUsvUFr/u +ISpAmYqYZIme4VassCtb0tNGU97s3qt4ozcogZ4z+fIzXZ4YXqfGoEa57+uQDgqr ++jNOTji7Gxopt6AqZ9EvwuVaCuunUi0pcx6cc8IuUfrwMwSFovV/7sM= +-----END PRIVATE KEY----- + +PublicKey=ALICE_secp384r1_PUB +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGlLL1Ba/7iEqQJmKmGSJnuFWrLArW9LT +RlPe7N6reKM3KIGeM/nyM12eGF6nxqBGue/rkA4Kq/ozTk44uxsaKbegKmfRL8Ll +Wgrrp1ItKXMenHPCLlH68DMEhaL1f+7D +-----END PUBLIC KEY----- + +PrivPubKeyPair = ALICE_secp384r1:ALICE_secp384r1_PUB + + +PrivateKey=BOB_secp384r1 +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBRiGXRsb5sUq0b3/dg +Z+pA9kbrSivBMCUCXVwxno1d/30hI/Yy0Z5PWwbBgwTFprWhZANiAASp1FeUOBJF +mzQCNbGiOz8He0kF+KIf24UGYVO5MC7u5rV9hpoYsbcgmwxALskPN18os2ygK1Pn +f/h+WALIsG2RknSTbiyvBYkoIhJV9cflvEDpMeaWSLF7qJ5YjEIf9PM= +-----END PRIVATE KEY----- + +PublicKey=BOB_secp384r1_PUB +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEqdRXlDgSRZs0AjWxojs/B3tJBfiiH9uF +BmFTuTAu7ua1fYaaGLG3IJsMQC7JDzdfKLNsoCtT53/4flgCyLBtkZJ0k24srwWJ +KCISVfXH5bxA6THmlkixe6ieWIxCH/Tz +-----END PUBLIC KEY----- + +PrivPubKeyPair = BOB_secp384r1:BOB_secp384r1_PUB + + +# ECDH Alice with Bob peer + +Derive=ALICE_secp384r1 +PeerKey=BOB_secp384r1_PUB +SharedSecret=2006ed49acbb991b8fbf8a15c3f263542496eaefe1e2952591b72fb929463eac7a403a5419cebbfb73734918eaed59fd + +# ECDH Bob with Alice peer + +Derive=BOB_secp384r1 +PeerKey=ALICE_secp384r1_PUB +SharedSecret=2006ed49acbb991b8fbf8a15c3f263542496eaefe1e2952591b72fb929463eac7a403a5419cebbfb73734918eaed59fd + +# TEST CURVE secp521r1 + +PrivateKey=ALICE_secp521r1 +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAFBIz3FLAuX8VCWzM +wu1f/tm8pf1QqnsdLqaIWCQAJa2W5ldpJTYfkj1gGxM44AD3qHnkXISvNLwwuxI1 +hr2+pOGhgYkDgYYABACWlOOFYk/p3AS2LxEQWBuMm6uIjo3XArjh1QrsLcUc5hhi +82CIz6kKwKjCnYRDHq4iv1x63rVEzGGhQOM1g+cRVwHSpfbBpaxK7bMLkVFOOavv +OdcdyRHaHsvxw2pREmdS/GwtfgT8odQrG06KMIwVeL+H08fGJSbPX0Zock0DOPCp +aw== +-----END PRIVATE KEY----- + +PublicKey=ALICE_secp521r1_PUB +-----BEGIN PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAlpTjhWJP6dwEti8REFgbjJuriI6N +1wK44dUK7C3FHOYYYvNgiM+pCsCowp2EQx6uIr9cet61RMxhoUDjNYPnEVcB0qX2 +waWsSu2zC5FRTjmr7znXHckR2h7L8cNqURJnUvxsLX4E/KHUKxtOijCMFXi/h9PH +xiUmz19GaHJNAzjwqWs= +-----END PUBLIC KEY----- + +PrivPubKeyPair = ALICE_secp521r1:ALICE_secp521r1_PUB + + +PrivateKey=BOB_secp521r1 +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA9C/sMWveRlHPr9P5 +cc3U+1L2/zB0VtHewKSQRWZ67SmS4+m7uXTqUVSLRHiQEgQid0cg77gSxXPlmV+z +y0f3zd+hgYkDgYYABAE18N3SwDGtea3IOqUdh3j0JtnMeP41i/agEBlxK8/iEBXc +Q61mkIrQIKcabRhoylEugXHiyNnqNQOD4DUa0bTKzAHtJ4UqqbEVno6byRmcUQwb +mvG89eS8GLEmk5X/O2atHU4yIGTuTRQWn/BTJUCS+OgJz4FZdadscc5Z640EZqSD +iw== +-----END PRIVATE KEY----- + +PublicKey=BOB_secp521r1_PUB +-----BEGIN PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBNfDd0sAxrXmtyDqlHYd49CbZzHj+ +NYv2oBAZcSvP4hAV3EOtZpCK0CCnGm0YaMpRLoFx4sjZ6jUDg+A1GtG0yswB7SeF +KqmxFZ6Om8kZnFEMG5rxvPXkvBixJpOV/ztmrR1OMiBk7k0UFp/wUyVAkvjoCc+B +WXWnbHHOWeuNBGakg4s= +-----END PUBLIC KEY----- + +PrivPubKeyPair = BOB_secp521r1:BOB_secp521r1_PUB + + +# ECDH Alice with Bob peer + +Derive=ALICE_secp521r1 +PeerKey=BOB_secp521r1_PUB +SharedSecret=018c8f33e544a0fa8854dcd96bdba75b7687d1c42b2ff1bf0a06d49c424fee96d8a7f3af3119dcbfabc1c147477c50f7c72971956f9bb17ddec6d02b2187f06cf4be + +# ECDH Bob with Alice peer + +Derive=BOB_secp521r1 +PeerKey=ALICE_secp521r1_PUB +SharedSecret=018c8f33e544a0fa8854dcd96bdba75b7687d1c42b2ff1bf0a06d49c424fee96d8a7f3af3119dcbfabc1c147477c50f7c72971956f9bb17ddec6d02b2187f06cf4be + +# TEST CURVE prime192v1 + +PrivateKey=ALICE_prime192v1 +-----BEGIN PRIVATE KEY----- +MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBjxfXvSFNqD2UzFVN1L +bQrPlzop7dxQq/ehNAMyAATibpGuYzCjkT1tWLYEogpKz74WqhvbQtZPkCYQCin1 +cmZuNW+BZ0jyVEpGlpnZPMg= +-----END PRIVATE KEY----- + +PublicKey=ALICE_prime192v1_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE4m6RrmMwo5E9bVi2BKIKSs++Fqob +20LWT5AmEAop9XJmbjVvgWdI8lRKRpaZ2TzI +-----END PUBLIC KEY----- + +PrivPubKeyPair = ALICE_prime192v1:ALICE_prime192v1_PUB + + +PrivateKey=BOB_prime192v1 +-----BEGIN PRIVATE KEY----- +MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhewaqXNZlYyqnmuEEE +Y/oUXe3/jpzhmyGhNAMyAASkpwNJEP/1FuuWKCDDUm26iyqrs+zKwayZnaF77YC6 +qCtgia7yNcSl9tlWHh3gQgw= +-----END PRIVATE KEY----- + +PublicKey=BOB_prime192v1_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEpKcDSRD/9Rbrliggw1Jtuosqq7Ps +ysGsmZ2he+2AuqgrYImu8jXEpfbZVh4d4EIM +-----END PUBLIC KEY----- + +PrivPubKeyPair = BOB_prime192v1:BOB_prime192v1_PUB + + +# ECDH Alice with Bob peer + +Derive=ALICE_prime192v1 +PeerKey=BOB_prime192v1_PUB +SharedSecret=be2a779b587f8f5d7c9d8f006e0a6d0e996c9c63c255f861 + +# ECDH Bob with Alice peer + +Derive=BOB_prime192v1 +PeerKey=ALICE_prime192v1_PUB +SharedSecret=be2a779b587f8f5d7c9d8f006e0a6d0e996c9c63c255f861 + # TEST CURVE prime192v2 PrivateKey=ALICE_prime192v2 @@ -699,6 +944,52 @@ Derive=BOB_prime239v3 PeerKey=ALICE_prime239v3_PUB SharedSecret=78e80ae760061178bd005e9e3634333971468bc6d3f82baee238c5ed32f9 +# TEST CURVE prime256v1 + +PrivateKey=ALICE_prime256v1 +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQglUPDk8gQ8lMj38V7 +0jPBZDfQUx5pNOVSKOMTqlh04POhRANCAARq87w+K0q9b1mzJGh309kjNvYTS02m +YkHKxAewiZwmt/5w+5uywz/+0130SdAWbXtECjaHUK94YEHzp0G/PCl5 +-----END PRIVATE KEY----- + +PublicKey=ALICE_prime256v1_PUB +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEavO8PitKvW9ZsyRod9PZIzb2E0tN +pmJBysQHsImcJrf+cPubssM//tNd9EnQFm17RAo2h1CveGBB86dBvzwpeQ== +-----END PUBLIC KEY----- + +PrivPubKeyPair = ALICE_prime256v1:ALICE_prime256v1_PUB + + +PrivateKey=BOB_prime256v1 +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgNsLfn/sRZfm9ZcM7 +xURiUHT7+w8Jgk9SbwTVDjpLYYmhRANCAASRmyKNgUbADGxkIOAVh9T7IXv2ZDT6 +I5YMW6wOs27VMOAD0AiNLrv7sW1TdqxkUtF17/GFpLvFOuZcbdX4p3i/ +-----END PRIVATE KEY----- + +PublicKey=BOB_prime256v1_PUB +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkZsijYFGwAxsZCDgFYfU+yF79mQ0 ++iOWDFusDrNu1TDgA9AIjS67+7FtU3asZFLRde/xhaS7xTrmXG3V+Kd4vw== +-----END PUBLIC KEY----- + +PrivPubKeyPair = BOB_prime256v1:BOB_prime256v1_PUB + + +# ECDH Alice with Bob peer + +Derive=ALICE_prime256v1 +PeerKey=BOB_prime256v1_PUB +SharedSecret=390021fbca00d959c1adaf7e9cedef0e65a582489eab9adbe739ef66bf82adb4 + +# ECDH Bob with Alice peer + +Derive=BOB_prime256v1 +PeerKey=ALICE_prime256v1_PUB +SharedSecret=390021fbca00d959c1adaf7e9cedef0e65a582489eab9adbe739ef66bf82adb4 + # TEST CURVE sect113r1 PrivateKey=ALICE_sect113r1 @@ -875,189 +1166,685 @@ Derive=BOB_sect131r2 PeerKey=ALICE_sect131r2_PUB SharedSecret=03cbec3a3050c7f13d4801ad692d61c417 +# TEST CURVE sect163k1 + +PrivateKey=ALICE_sect163k1 +-----BEGIN PRIVATE KEY----- +MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUBxkeGOXE86PAijpk8trN/ +f3kl4UmhLgMsAAQD1hrDCJ2MSFKZ6Q11cTllX/l5HY0Hg5XZCxMFC84AaczwPtNJ +YNCxfCk= +-----END PRIVATE KEY----- + +PublicKey=ALICE_sect163k1_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEA9YawwidjEhSmekNdXE5ZV/5eR2NB4OV +2QsTBQvOAGnM8D7TSWDQsXwp +-----END PUBLIC KEY----- + +PrivPubKeyPair = ALICE_sect163k1:ALICE_sect163k1_PUB + + +PrivateKey=BOB_sect163k1 +-----BEGIN PRIVATE KEY----- +MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUCUJ5kItSfXidHXsgokcS7 +nzPFbOShLgMsAAQGrYNJ1qgdb3A9ISOmTujfS+WYFKwBXXrJEluAkeNh3jXnDq8X ++XBB0k8= +-----END PRIVATE KEY----- + +PublicKey=BOB_sect163k1_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBq2DSdaoHW9wPSEjpk7o30vlmBSsAV16 +yRJbgJHjYd415w6vF/lwQdJP +-----END PUBLIC KEY----- + +PrivPubKeyPair = BOB_sect163k1:BOB_sect163k1_PUB + + +# ECDH Alice with Bob peer + +Derive=ALICE_sect163k1 +PeerKey=BOB_sect163k1_PUB +SharedSecret=07bfdf00759b383aa7741ae4634400f8ddf2047092 + +# ECDH Bob with Alice peer + +Derive=BOB_sect163k1 +PeerKey=ALICE_sect163k1_PUB +SharedSecret=07bfdf00759b383aa7741ae4634400f8ddf2047092 + # TEST CURVE sect163r1 -PrivateKey=ALICE_sect163r1 +PrivateKey=ALICE_sect163r1 +-----BEGIN PRIVATE KEY----- +MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAIETDBKAgEBBBUBl9zmlPmFF5v9h1IIENAx +1b8tj0+hLgMsAAQE3j8Jn58CCtEDwvOZ5DwgYGBYvIECz1zN8UwPfTFSdXjTWQcr +9gWxNMA= +-----END PRIVATE KEY----- + +PublicKey=ALICE_sect163r1_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEBN4/CZ+fAgrRA8LzmeQ8IGBgWLyBAs9c +zfFMD30xUnV401kHK/YFsTTA +-----END PUBLIC KEY----- + +PrivPubKeyPair = ALICE_sect163r1:ALICE_sect163r1_PUB + + +PrivateKey=BOB_sect163r1 +-----BEGIN PRIVATE KEY----- +MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAIETDBKAgEBBBUA/nzN5yCavvZlXyDGEihW +rwG360+hLgMsAAQDt6XZHfzXABSTnGhzfoPtfdLZgaoGhBdeWz+318vNmC6AMJP+ +PntHzsA= +-----END PRIVATE KEY----- + +PublicKey=BOB_sect163r1_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEA7el2R381wAUk5xoc36D7X3S2YGqBoQX +Xls/t9fLzZgugDCT/j57R87A +-----END PUBLIC KEY----- + +PrivPubKeyPair = BOB_sect163r1:BOB_sect163r1_PUB + + +# ECDH Alice with Bob peer + +Derive=ALICE_sect163r1 +PeerKey=BOB_sect163r1_PUB +SharedSecret=02355c765bbc07fcc44bb1496e490912f6df56e6d4 + +# ECDH Bob with Alice peer + +Derive=BOB_sect163r1 +PeerKey=ALICE_sect163r1_PUB +SharedSecret=02355c765bbc07fcc44bb1496e490912f6df56e6d4 + +# TEST CURVE sect163r2 + +PrivateKey=ALICE_sect163r2 +-----BEGIN PRIVATE KEY----- +MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDjH2G7BkPTBM4VtljaQr8 +sXVLNOqhLgMsAAQHHqWxJWR2KrHCPp/PSjZIdK88ET0A323/UOTxhYHwsLpR7rp3 +ahq1lQ8= +-----END PRIVATE KEY----- + +PublicKey=ALICE_sect163r2_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBx6lsSVkdiqxwj6fz0o2SHSvPBE9AN9t +/1Dk8YWB8LC6Ue66d2oatZUP +-----END PUBLIC KEY----- + +PrivPubKeyPair = ALICE_sect163r2:ALICE_sect163r2_PUB + + +PrivateKey=BOB_sect163r2 +-----BEGIN PRIVATE KEY----- +MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUBXOM9Tm6sKXUlRLlW0HgC +NTDxW2ihLgMsAAQGxa8xRcC+TIcDgGtehDVEV1PoBokBwtILj16NPYC0aBZI8/nF +F4jhgmc= +-----END PRIVATE KEY----- + +PublicKey=BOB_sect163r2_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBsWvMUXAvkyHA4BrXoQ1RFdT6AaJAcLS +C49ejT2AtGgWSPP5xReI4YJn +-----END PUBLIC KEY----- + +PrivPubKeyPair = BOB_sect163r2:BOB_sect163r2_PUB + + +# ECDH Alice with Bob peer + +Derive=ALICE_sect163r2 +PeerKey=BOB_sect163r2_PUB +SharedSecret=040df54e6df412790ef5c0fafbbfcba5136b872951 + +# ECDH Bob with Alice peer + +Derive=BOB_sect163r2 +PeerKey=ALICE_sect163r2_PUB +SharedSecret=040df54e6df412790ef5c0fafbbfcba5136b872951 + +# TEST CURVE sect193r1 + +PrivateKey=ALICE_sect193r1 +-----BEGIN PRIVATE KEY----- +MG8CAQAwEAYHKoZIzj0CAQYFK4EEABgEWDBWAgEBBBkAEQlofBlvj8zDK5o4CCfA +aOQOmlAyTimBoTYDNAAEAKBcyRBxQDZTvpPM39ZVXYQS5aJwZfUnNwBn5T26m15R +M4MLnYGdklcAM8oMOML999w= +-----END PRIVATE KEY----- + +PublicKey=ALICE_sect193r1_PUB +-----BEGIN PUBLIC KEY----- +MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAKBcyRBxQDZTvpPM39ZVXYQS5aJwZfUn +NwBn5T26m15RM4MLnYGdklcAM8oMOML999w= +-----END PUBLIC KEY----- + +PrivPubKeyPair = ALICE_sect193r1:ALICE_sect193r1_PUB + + +PrivateKey=BOB_sect193r1 +-----BEGIN PRIVATE KEY----- +MG8CAQAwEAYHKoZIzj0CAQYFK4EEABgEWDBWAgEBBBkAnxvYLKZaw4Rj24WTRBfg +iar5vp3R3pCJoTYDNAAEAXw0PWt3PtZT5v9aH0o6WnFtFGOBNEUpYQE/jBjzUHIC +qMNZTHy9gT2R9yc0GBZ/Dic= +-----END PRIVATE KEY----- + +PublicKey=BOB_sect193r1_PUB +-----BEGIN PUBLIC KEY----- +MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAXw0PWt3PtZT5v9aH0o6WnFtFGOBNEUp +YQE/jBjzUHICqMNZTHy9gT2R9yc0GBZ/Dic= +-----END PUBLIC KEY----- + +PrivPubKeyPair = BOB_sect193r1:BOB_sect193r1_PUB + + +# ECDH Alice with Bob peer + +Derive=ALICE_sect193r1 +PeerKey=BOB_sect193r1_PUB +SharedSecret=00458b4c5ad122de5a377bea0adf1ab87bcb961b24ed764f47 + +# ECDH Bob with Alice peer + +Derive=BOB_sect193r1 +PeerKey=ALICE_sect193r1_PUB +SharedSecret=00458b4c5ad122de5a377bea0adf1ab87bcb961b24ed764f47 + +# TEST CURVE sect193r2 + +PrivateKey=ALICE_sect193r2 +-----BEGIN PRIVATE KEY----- +MG8CAQAwEAYHKoZIzj0CAQYFK4EEABkEWDBWAgEBBBkAj54XQW+b3bnX9duvqaa+ +lPTNcvOlxRAvoTYDNAAEAHhW6xjH4TNPs/e12tsZcsGD+a92kAWkwQFc4m1ISx4o +mtNyCVI7FXV5zNnaGWVACT4= +-----END PRIVATE KEY----- + +PublicKey=ALICE_sect193r2_PUB +-----BEGIN PUBLIC KEY----- +MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAHhW6xjH4TNPs/e12tsZcsGD+a92kAWk +wQFc4m1ISx4omtNyCVI7FXV5zNnaGWVACT4= +-----END PUBLIC KEY----- + +PrivPubKeyPair = ALICE_sect193r2:ALICE_sect193r2_PUB + + +PrivateKey=BOB_sect193r2 +-----BEGIN PRIVATE KEY----- +MG8CAQAwEAYHKoZIzj0CAQYFK4EEABkEWDBWAgEBBBkAvMiVR0abk6pHoeOIBESL +fB9B4gsZJjLsoTYDNAAEADtKDcwL660+Mm11Vl254GI3TnD+fragdwF+wY5qlMu5 +VtrUDMHuAP0q3eGQUsrzNo0= +-----END PRIVATE KEY----- + +PublicKey=BOB_sect193r2_PUB +-----BEGIN PUBLIC KEY----- +MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEADtKDcwL660+Mm11Vl254GI3TnD+frag +dwF+wY5qlMu5VtrUDMHuAP0q3eGQUsrzNo0= +-----END PUBLIC KEY----- + +PrivPubKeyPair = BOB_sect193r2:BOB_sect193r2_PUB + + +# ECDH Alice with Bob peer + +Derive=ALICE_sect193r2 +PeerKey=BOB_sect193r2_PUB +SharedSecret=019d1f316d204a9cd1b9632cebb4accddb204158be3e435891 + +# ECDH Bob with Alice peer + +Derive=BOB_sect193r2 +PeerKey=ALICE_sect193r2_PUB +SharedSecret=019d1f316d204a9cd1b9632cebb4accddb204158be3e435891 + +# TEST CURVE sect233k1 + +PrivateKey=ALICE_sect233k1 +-----BEGIN PRIVATE KEY----- +MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB1aR7qaKm1vmZWK2bGsJ1rX +mH6BpTkW4t1L4zSf/KFAAz4ABADcDiv+bTvPVViqYLNz06VO5wodry+sGi6fnJIr +QQCTfZ9d5whiIsbY5Thlcm7I0A/cIGoShA/6LumOVA== +-----END PRIVATE KEY----- + +PublicKey=ALICE_sect233k1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEANwOK/5tO89VWKpgs3PTpU7nCh2vL6wa +Lp+ckitBAJN9n13nCGIixtjlOGVybsjQD9wgahKED/ou6Y5U +-----END PUBLIC KEY----- + +PrivPubKeyPair = ALICE_sect233k1:ALICE_sect233k1_PUB + + +PrivateKey=BOB_sect233k1 +-----BEGIN PRIVATE KEY----- +MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0oa5BrzYxm6mn51Xyphn6X +OUjKc9oMDHCowAyHTaFAAz4ABAGKiFuFJVQeymHYRVnt2LNF2MSaTMcL9JGSPn2z +OwBis5MS4kgEFakWQl7KpGiy3vS89wmpblvHLJ/+IQ== +-----END PRIVATE KEY----- + +PublicKey=BOB_sect233k1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAYqIW4UlVB7KYdhFWe3Ys0XYxJpMxwv0 +kZI+fbM7AGKzkxLiSAQVqRZCXsqkaLLe9Lz3CaluW8csn/4h +-----END PUBLIC KEY----- + +PrivPubKeyPair = BOB_sect233k1:BOB_sect233k1_PUB + + +# ECDH Alice with Bob peer + +Derive=ALICE_sect233k1 +PeerKey=BOB_sect233k1_PUB +SharedSecret=00a5e5f2e992f4360d530dd365d14f5c6013212e14f4ea258c91c71f1512 + +# ECDH Bob with Alice peer + +Derive=BOB_sect233k1 +PeerKey=ALICE_sect233k1_PUB +SharedSecret=00a5e5f2e992f4360d530dd365d14f5c6013212e14f4ea258c91c71f1512 + +# TEST CURVE sect233r1 + +PrivateKey=ALICE_sect233r1 +-----BEGIN PRIVATE KEY----- +MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AEN6fePR2gizyXzU6kIgU +Gijp5+IQAXoNBfKnVeChQAM+AAQB0kEwu2fwQWo1v1j7XQ8uJT3iMwRC8w+cxgxx +GQ4B/FyjrhIUpEDWaMqfV23McZ6WdbIUe3MZ7K5pG38= +-----END PRIVATE KEY----- + +PublicKey=ALICE_sect233r1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAdJBMLtn8EFqNb9Y+10PLiU94jMEQvMP +nMYMcRkOAfxco64SFKRA1mjKn1dtzHGelnWyFHtzGeyuaRt/ +-----END PUBLIC KEY----- + +PrivPubKeyPair = ALICE_sect233r1:ALICE_sect233r1_PUB + + +PrivateKey=BOB_sect233r1 +-----BEGIN PRIVATE KEY----- +MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AXHWOeS6fG0XCH3FnHDuS +IcELUeDG+AYNNeLVZd6hQAM+AAQAYRRYH017uxcaMPF3GOsL4bvodW1yZLEtL3pm +CkcAfqJI/4niCr8uHKh0gBa2JBjBWMV1u8Mpf60uvok= +-----END PRIVATE KEY----- + +PublicKey=BOB_sect233r1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAGEUWB9Ne7sXGjDxdxjrC+G76HVtcmSx +LS96ZgpHAH6iSP+J4gq/LhyodIAWtiQYwVjFdbvDKX+tLr6J +-----END PUBLIC KEY----- + +PrivPubKeyPair = BOB_sect233r1:BOB_sect233r1_PUB + + +# ECDH Alice with Bob peer + +Derive=ALICE_sect233r1 +PeerKey=BOB_sect233r1_PUB +SharedSecret=01625f3fcd367ee7cd74c67cca02dccfce6c3b19ef07e358ed943d17a8e2 + +# ECDH Bob with Alice peer + +Derive=BOB_sect233r1 +PeerKey=ALICE_sect233r1_PUB +SharedSecret=01625f3fcd367ee7cd74c67cca02dccfce6c3b19ef07e358ed943d17a8e2 + +# TEST CURVE sect239k1 + +PrivateKey=ALICE_sect239k1 +-----BEGIN PRIVATE KEY----- +MH4CAQAwEAYHKoZIzj0CAQYFK4EEAAMEZzBlAgEBBB4MhpuQTtDeLBboZgiW11d/ +KBlgUL4YvTjZ8zg4HR2hQAM+AAQafRD6X3L/7c/FN69KuA04a4bhxHZezmz1G15m +tltwl8zlWsR5+GNToxV0OBLbStAQbXxqBa2Gg83B0oc= +-----END PRIVATE KEY----- + +PublicKey=ALICE_sect239k1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEGn0Q+l9y/+3PxTevSrgNOGuG4cR2Xs5s +9RteZrZbcJfM5VrEefhjU6MVdDgS20rQEG18agWthoPNwdKH +-----END PUBLIC KEY----- + +PrivPubKeyPair = ALICE_sect239k1:ALICE_sect239k1_PUB + + +PrivateKey=BOB_sect239k1 +-----BEGIN PRIVATE KEY----- +MH4CAQAwEAYHKoZIzj0CAQYFK4EEAAMEZzBlAgEBBB4FBG477KvylisppUFwbDl/ +SRGnX5FFmfw/xWIiEMehQAM+AAQFii094UX6F5m8Dk0eI/DhF3+IDUu7h81hTdyZ +xxET0IokxFkTUf/re9WPA7LxPOCuiIPZUNVCRxRWSuU= +-----END PRIVATE KEY----- + +PublicKey=BOB_sect239k1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEBYotPeFF+heZvA5NHiPw4Rd/iA1Lu4fN +YU3cmccRE9CKJMRZE1H/63vVjwOy8TzgroiD2VDVQkcUVkrl +-----END PUBLIC KEY----- + +PrivPubKeyPair = BOB_sect239k1:BOB_sect239k1_PUB + + +# ECDH Alice with Bob peer + +Derive=ALICE_sect239k1 +PeerKey=BOB_sect239k1_PUB +SharedSecret=4d1c9a8ae73f754d0a593d6e426114f4f67d7c8082ccc4e04a72b0d2aff8 + +# ECDH Bob with Alice peer + +Derive=BOB_sect239k1 +PeerKey=ALICE_sect239k1_PUB +SharedSecret=4d1c9a8ae73f754d0a593d6e426114f4f67d7c8082ccc4e04a72b0d2aff8 + +# TEST CURVE sect283k1 + +PrivateKey=ALICE_sect283k1 +-----BEGIN PRIVATE KEY----- +MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAGhnsmZ2UDKV3QKmq3k+ +33LQ6n5aCYvKXcMgiZlBS/RrVgIRoUwDSgAEBSgpOw5TMTc4O8HHhw5atJl5mrnW +uC6oWVYRYpD1IMvPNTRsAYo4SYRmPIfgzVv/ESVcHVaD1lPNo+eq0HN1qhvRX+4r +mGO7 +-----END PRIVATE KEY----- + +PublicKey=ALICE_sect283k1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBSgpOw5TMTc4O8HHhw5atJl5mrnWuC6o +WVYRYpD1IMvPNTRsAYo4SYRmPIfgzVv/ESVcHVaD1lPNo+eq0HN1qhvRX+4rmGO7 +-----END PUBLIC KEY----- + +PrivPubKeyPair = ALICE_sect283k1:ALICE_sect283k1_PUB + + +PrivateKey=BOB_sect283k1 +-----BEGIN PRIVATE KEY----- +MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAAJXIwfWjYbiM5jEcNw8 +8/1kbEnhVjWGivO7zDPts7AuKSMkoUwDSgAEA5Ause5pdH6ks7PdyPeoPbYAkz6V +D5v8KTV1b97PiYmZNDeoBY78FQyHRSvdSo+oRew2RacpaCAntRoiWHyN1nAdDSzj +CN/m +-----END PRIVATE KEY----- + +PublicKey=BOB_sect283k1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEA5Ause5pdH6ks7PdyPeoPbYAkz6VD5v8 +KTV1b97PiYmZNDeoBY78FQyHRSvdSo+oRew2RacpaCAntRoiWHyN1nAdDSzjCN/m +-----END PUBLIC KEY----- + +PrivPubKeyPair = BOB_sect283k1:BOB_sect283k1_PUB + + +# ECDH Alice with Bob peer + +Derive=ALICE_sect283k1 +PeerKey=BOB_sect283k1_PUB +SharedSecret=02f2e682c2f60d7261624f3661a5e85fca920443b72aa4dd5a540082e65e552302d8f825 + +# ECDH Bob with Alice peer + +Derive=BOB_sect283k1 +PeerKey=ALICE_sect283k1_PUB +SharedSecret=02f2e682c2f60d7261624f3661a5e85fca920443b72aa4dd5a540082e65e552302d8f825 + +# TEST CURVE sect283r1 + +PrivateKey=ALICE_sect283r1 +-----BEGIN PRIVATE KEY----- +MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAi4Jrhu19kt7H8jw1FO7 +VzCxh6p0pI0ogl3q9ev5NFkufZkZoUwDSgAEAHx6cwnWw+9l3oZHpx+R8nu7SLqU +S40TU2uL0W6VTNANIvcJB1b++3okH0FJgFAahbaotafYTyfqCoY11VaxnVqU5/aE +7jsD +-----END PRIVATE KEY----- + +PublicKey=ALICE_sect283r1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAHx6cwnWw+9l3oZHpx+R8nu7SLqUS40T +U2uL0W6VTNANIvcJB1b++3okH0FJgFAahbaotafYTyfqCoY11VaxnVqU5/aE7jsD +-----END PUBLIC KEY----- + +PrivPubKeyPair = ALICE_sect283r1:ALICE_sect283r1_PUB + + +PrivateKey=BOB_sect283r1 +-----BEGIN PRIVATE KEY----- +MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkACD04gJaVfVxK/Dpbxjq +rzZWc6B76a23MK/IQD1jMlGPQzzxoUwDSgAEA13mIYMvik12DBp8JkdETMB1ewOw +22C/xhnzLEHmgrG0ewxeANVAoIZy2uv5t0VUJIp4PYdLNaqIguN+9v6U78O4lass +Iq5I +-----END PRIVATE KEY----- + +PublicKey=BOB_sect283r1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEA13mIYMvik12DBp8JkdETMB1ewOw22C/ +xhnzLEHmgrG0ewxeANVAoIZy2uv5t0VUJIp4PYdLNaqIguN+9v6U78O4lassIq5I +-----END PUBLIC KEY----- + +PrivPubKeyPair = BOB_sect283r1:BOB_sect283r1_PUB + + +# ECDH Alice with Bob peer + +Derive=ALICE_sect283r1 +PeerKey=BOB_sect283r1_PUB +SharedSecret=05778bc1afcf38d7dddb2150cacbfe4d38dc588968fd8b2e859c28ae2629d3435f89f6cc + +# ECDH Bob with Alice peer + +Derive=BOB_sect283r1 +PeerKey=ALICE_sect283r1_PUB +SharedSecret=05778bc1afcf38d7dddb2150cacbfe4d38dc588968fd8b2e859c28ae2629d3435f89f6cc + +# TEST CURVE sect409k1 + +PrivateKey=ALICE_sect409k1 -----BEGIN PRIVATE KEY----- -MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAIETDBKAgEBBBUBl9zmlPmFF5v9h1IIENAx -1b8tj0+hLgMsAAQE3j8Jn58CCtEDwvOZ5DwgYGBYvIECz1zN8UwPfTFSdXjTWQcr -9gWxNMA= +MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMg1vV7wiPe1ovX+ukz +VfwPZoqvyj/vdif04Opi9PcjV5mPBEZgSFBg8hbutNxZJdVLrxShbANqAAQACe1I +J5ilSk1pPLvbcjEZIE6abC9LZ9WmHuNJxM9LAW1OuLvJGi72AsGYUOGpX0WGmK6C +AYaqZb2Qeedq/yUIljDHYi66J+26owYl7lOMpRzZ9U2QDJrZ7TYuxeMUui6re0B+ +JuZdYw== -----END PRIVATE KEY----- -PublicKey=ALICE_sect163r1_PUB +PublicKey=ALICE_sect409k1_PUB -----BEGIN PUBLIC KEY----- -MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEBN4/CZ+fAgrRA8LzmeQ8IGBgWLyBAs9c -zfFMD30xUnV401kHK/YFsTTA +MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAntSCeYpUpNaTy723IxGSBOmmwvS2fV +ph7jScTPSwFtTri7yRou9gLBmFDhqV9FhpiuggGGqmW9kHnnav8lCJYwx2Iuuift +uqMGJe5TjKUc2fVNkAya2e02LsXjFLouq3tAfibmXWM= -----END PUBLIC KEY----- -PrivPubKeyPair = ALICE_sect163r1:ALICE_sect163r1_PUB +PrivPubKeyPair = ALICE_sect409k1:ALICE_sect409k1_PUB -PrivateKey=BOB_sect163r1 +PrivateKey=BOB_sect409k1 -----BEGIN PRIVATE KEY----- -MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAIETDBKAgEBBBUA/nzN5yCavvZlXyDGEihW -rwG360+hLgMsAAQDt6XZHfzXABSTnGhzfoPtfdLZgaoGhBdeWz+318vNmC6AMJP+ -PntHzsA= +MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMIYBGZZcZz4qCdhAV9 +vqpfe8vV+vJEhjawR52JUV1rumWEBPAx0o6E+gaxHBr5hzVGkIKhbANqAAQAAQKK +s60CTUUkltsT+lIBukjz850pkGGLltJ4eaZn4k9AtN/lFTCq6Vgqe2sDrjA3b45q +AdWjf1vRaP0wawJ13SjApJmyXg5hQks6d0Zqz2OHYhGEGiM159VtTlStK067dVe1 +fGVDeg== -----END PRIVATE KEY----- -PublicKey=BOB_sect163r1_PUB +PublicKey=BOB_sect409k1_PUB -----BEGIN PUBLIC KEY----- -MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEA7el2R381wAUk5xoc36D7X3S2YGqBoQX -Xls/t9fLzZgugDCT/j57R87A +MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAECirOtAk1FJJbbE/pSAbpI8/OdKZBh +i5bSeHmmZ+JPQLTf5RUwqulYKntrA64wN2+OagHVo39b0Wj9MGsCdd0owKSZsl4O +YUJLOndGas9jh2IRhBojNefVbU5UrStOu3VXtXxlQ3o= -----END PUBLIC KEY----- -PrivPubKeyPair = BOB_sect163r1:BOB_sect163r1_PUB +PrivPubKeyPair = BOB_sect409k1:BOB_sect409k1_PUB # ECDH Alice with Bob peer -Derive=ALICE_sect163r1 -PeerKey=BOB_sect163r1_PUB -SharedSecret=02355c765bbc07fcc44bb1496e490912f6df56e6d4 +Derive=ALICE_sect409k1 +PeerKey=BOB_sect409k1_PUB +SharedSecret=01523ec40ad40226a57281a4c423801ae9495dcf736eddd667023b1390977d018ce79313fb99c503f39cbee80f5c1968f3bd02e0 # ECDH Bob with Alice peer -Derive=BOB_sect163r1 -PeerKey=ALICE_sect163r1_PUB -SharedSecret=02355c765bbc07fcc44bb1496e490912f6df56e6d4 +Derive=BOB_sect409k1 +PeerKey=ALICE_sect409k1_PUB +SharedSecret=01523ec40ad40226a57281a4c423801ae9495dcf736eddd667023b1390977d018ce79313fb99c503f39cbee80f5c1968f3bd02e0 -# TEST CURVE sect193r1 +# TEST CURVE sect409r1 -PrivateKey=ALICE_sect193r1 +PrivateKey=ALICE_sect409r1 -----BEGIN PRIVATE KEY----- -MG8CAQAwEAYHKoZIzj0CAQYFK4EEABgEWDBWAgEBBBkAEQlofBlvj8zDK5o4CCfA -aOQOmlAyTimBoTYDNAAEAKBcyRBxQDZTvpPM39ZVXYQS5aJwZfUnNwBn5T26m15R -M4MLnYGdklcAM8oMOML999w= +MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAYTMsTpey51D2ULnd +pN+AAWnJLy9pTerziakhjii8OyWKpUVfpDFNneCCd2oQTDcPX5vdoWwDagAEAYfk +3ZejxpVYCG7dYHTVhhcqILEyTYoQa4YehGPxKcbmgpqW4Wev1tEDVI3JIowICYGU +owHXXzgDXoJeR79wgb7ySAlXJXgQ8Ficr7i0CaqyAuIpFw9FWJT3jheFwnbpDTvI +eIozlf4= -----END PRIVATE KEY----- -PublicKey=ALICE_sect193r1_PUB +PublicKey=ALICE_sect409r1_PUB -----BEGIN PUBLIC KEY----- -MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAKBcyRBxQDZTvpPM39ZVXYQS5aJwZfUn -NwBn5T26m15RM4MLnYGdklcAM8oMOML999w= +MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAYfk3ZejxpVYCG7dYHTVhhcqILEyTYoQ +a4YehGPxKcbmgpqW4Wev1tEDVI3JIowICYGUowHXXzgDXoJeR79wgb7ySAlXJXgQ +8Ficr7i0CaqyAuIpFw9FWJT3jheFwnbpDTvIeIozlf4= -----END PUBLIC KEY----- -PrivPubKeyPair = ALICE_sect193r1:ALICE_sect193r1_PUB +PrivPubKeyPair = ALICE_sect409r1:ALICE_sect409r1_PUB -PrivateKey=BOB_sect193r1 +PrivateKey=BOB_sect409r1 -----BEGIN PRIVATE KEY----- -MG8CAQAwEAYHKoZIzj0CAQYFK4EEABgEWDBWAgEBBBkAnxvYLKZaw4Rj24WTRBfg -iar5vp3R3pCJoTYDNAAEAXw0PWt3PtZT5v9aH0o6WnFtFGOBNEUpYQE/jBjzUHIC -qMNZTHy9gT2R9yc0GBZ/Dic= +MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAsCs1nRgwW97TdKIH +PRcsqmK1e8TIZ00e6rqLb3nD4sIe+Gw/fGhSUER9akQ7lAluEUnfoWwDagAEAfM2 +fvBEic+7jV4oC+v8GfsunD9Zp9rzNgMp3dJ+ZU7r6Bp+ZH3dL9Uvv8kUiB89UlDl +LwBm/W6TlzGuh1FnzXYKVnhnXpzSlRZQsPCceKukbV46Asl8O23b2+DPJgQBGbMf +WsgK+KA= -----END PRIVATE KEY----- -PublicKey=BOB_sect193r1_PUB +PublicKey=BOB_sect409r1_PUB -----BEGIN PUBLIC KEY----- -MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAXw0PWt3PtZT5v9aH0o6WnFtFGOBNEUp -YQE/jBjzUHICqMNZTHy9gT2R9yc0GBZ/Dic= +MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAfM2fvBEic+7jV4oC+v8GfsunD9Zp9rz +NgMp3dJ+ZU7r6Bp+ZH3dL9Uvv8kUiB89UlDlLwBm/W6TlzGuh1FnzXYKVnhnXpzS +lRZQsPCceKukbV46Asl8O23b2+DPJgQBGbMfWsgK+KA= -----END PUBLIC KEY----- -PrivPubKeyPair = BOB_sect193r1:BOB_sect193r1_PUB +PrivPubKeyPair = BOB_sect409r1:BOB_sect409r1_PUB # ECDH Alice with Bob peer -Derive=ALICE_sect193r1 -PeerKey=BOB_sect193r1_PUB -SharedSecret=00458b4c5ad122de5a377bea0adf1ab87bcb961b24ed764f47 +Derive=ALICE_sect409r1 +PeerKey=BOB_sect409r1_PUB +SharedSecret=019dc849870dc6f79978aca8e1fc6aa6836c8fcb25bbfe3d5ab41ea53eae2c7329952280efb30f9097a31a774191e476dbd842d5 # ECDH Bob with Alice peer -Derive=BOB_sect193r1 -PeerKey=ALICE_sect193r1_PUB -SharedSecret=00458b4c5ad122de5a377bea0adf1ab87bcb961b24ed764f47 +Derive=BOB_sect409r1 +PeerKey=ALICE_sect409r1_PUB +SharedSecret=019dc849870dc6f79978aca8e1fc6aa6836c8fcb25bbfe3d5ab41ea53eae2c7329952280efb30f9097a31a774191e476dbd842d5 -# TEST CURVE sect193r2 +# TEST CURVE sect571k1 -PrivateKey=ALICE_sect193r2 +PrivateKey=ALICE_sect571k1 -----BEGIN PRIVATE KEY----- -MG8CAQAwEAYHKoZIzj0CAQYFK4EEABkEWDBWAgEBBBkAj54XQW+b3bnX9duvqaa+ -lPTNcvOlxRAvoTYDNAAEAHhW6xjH4TNPs/e12tsZcsGD+a92kAWkwQFc4m1ISx4o -mtNyCVI7FXV5zNnaGWVACT4= +MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIARO8hI8j6TZ556/d +RcdGYvdblnALD2XZCKu2c3C5yQIeA8Tidi+f8n6cCnb5FtJNTYKqP8tRfHlwAZtW +/giXi/4yF5K2twS3oYGVA4GSAAQAtiuUbz7v6njhujnDhanD4iV84K0LQd9wP1+k +v0Bn833nKtFrZComgrip2SwUaEYOE6IcPyCJ48vWOKvIR6fU11tWwsFRPU0Cct0S +qVbANAJzwL1umwuKNPblJ6ZEwcBdgw7hWFL6sh+0ayAQ3a8zOizhViJPCnaKR/Oo +AtaUpCWLSTHDF1gK4/kmlwEx+8o= -----END PRIVATE KEY----- -PublicKey=ALICE_sect193r2_PUB +PublicKey=ALICE_sect571k1_PUB -----BEGIN PUBLIC KEY----- -MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAHhW6xjH4TNPs/e12tsZcsGD+a92kAWk -wQFc4m1ISx4omtNyCVI7FXV5zNnaGWVACT4= +MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAtiuUbz7v6njhujnDhanD4iV84K0L +Qd9wP1+kv0Bn833nKtFrZComgrip2SwUaEYOE6IcPyCJ48vWOKvIR6fU11tWwsFR +PU0Cct0SqVbANAJzwL1umwuKNPblJ6ZEwcBdgw7hWFL6sh+0ayAQ3a8zOizhViJP +CnaKR/OoAtaUpCWLSTHDF1gK4/kmlwEx+8o= -----END PUBLIC KEY----- -PrivPubKeyPair = ALICE_sect193r2:ALICE_sect193r2_PUB +PrivPubKeyPair = ALICE_sect571k1:ALICE_sect571k1_PUB -PrivateKey=BOB_sect193r2 +PrivateKey=BOB_sect571k1 -----BEGIN PRIVATE KEY----- -MG8CAQAwEAYHKoZIzj0CAQYFK4EEABkEWDBWAgEBBBkAvMiVR0abk6pHoeOIBESL -fB9B4gsZJjLsoTYDNAAEADtKDcwL660+Mm11Vl254GI3TnD+fragdwF+wY5qlMu5 -VtrUDMHuAP0q3eGQUsrzNo0= +MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAVZT4tnX9dMWS6Vd +YCoYRl9o/j/Hz7KGqF4Ujk9n9b4+mXbJ37tobpjnpNqKlJfI04w80JPp+NxpoBR3 +8p1bcc9iL4Smh48YoYGVA4GSAAQARzAx9yVkHL8pbe1myosILIhhLLURYRDHmopO +IijLQmTATV9pYO7CrFBPBjaKNRjPpw/cVOs89X9Jdzx/bolkGqVAsjLN1tsCrqET +31F4mpnfsPwcM6zbp6lE4N2gL5cakKMmyPNM4d3m8xl1f6e56LBYfaxOaqcYzbXC +Q/Aiij13H06qKhuFM4iiB/0D164= -----END PRIVATE KEY----- -PublicKey=BOB_sect193r2_PUB +PublicKey=BOB_sect571k1_PUB -----BEGIN PUBLIC KEY----- -MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEADtKDcwL660+Mm11Vl254GI3TnD+frag -dwF+wY5qlMu5VtrUDMHuAP0q3eGQUsrzNo0= +MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQARzAx9yVkHL8pbe1myosILIhhLLUR +YRDHmopOIijLQmTATV9pYO7CrFBPBjaKNRjPpw/cVOs89X9Jdzx/bolkGqVAsjLN +1tsCrqET31F4mpnfsPwcM6zbp6lE4N2gL5cakKMmyPNM4d3m8xl1f6e56LBYfaxO +aqcYzbXCQ/Aiij13H06qKhuFM4iiB/0D164= -----END PUBLIC KEY----- -PrivPubKeyPair = BOB_sect193r2:BOB_sect193r2_PUB +PrivPubKeyPair = BOB_sect571k1:BOB_sect571k1_PUB # ECDH Alice with Bob peer -Derive=ALICE_sect193r2 -PeerKey=BOB_sect193r2_PUB -SharedSecret=019d1f316d204a9cd1b9632cebb4accddb204158be3e435891 +Derive=ALICE_sect571k1 +PeerKey=BOB_sect571k1_PUB +SharedSecret=05a423515fcc91b3171c83edd5c4085ff729a8ff0a3fa1578ebf769523ded0f5c1e387cf63109f2fbd95e117345b788b4577fdc6b6e727230bfc73eae0d4e851cb6f6e616eddb13e # ECDH Bob with Alice peer -Derive=BOB_sect193r2 -PeerKey=ALICE_sect193r2_PUB -SharedSecret=019d1f316d204a9cd1b9632cebb4accddb204158be3e435891 +Derive=BOB_sect571k1 +PeerKey=ALICE_sect571k1_PUB +SharedSecret=05a423515fcc91b3171c83edd5c4085ff729a8ff0a3fa1578ebf769523ded0f5c1e387cf63109f2fbd95e117345b788b4577fdc6b6e727230bfc73eae0d4e851cb6f6e616eddb13e -# TEST CURVE sect239k1 +# TEST CURVE sect571r1 -PrivateKey=ALICE_sect239k1 +PrivateKey=ALICE_sect571r1 -----BEGIN PRIVATE KEY----- -MH4CAQAwEAYHKoZIzj0CAQYFK4EEAAMEZzBlAgEBBB4MhpuQTtDeLBboZgiW11d/ -KBlgUL4YvTjZ8zg4HR2hQAM+AAQafRD6X3L/7c/FN69KuA04a4bhxHZezmz1G15m -tltwl8zlWsR5+GNToxV0OBLbStAQbXxqBa2Gg83B0oc= +MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIArsi//Zp9veeURYV +zGYHn4MlNIxNt6U6vtmTPS/NaoiaavxbOimpHgxYPCjpoPYhM33Z2VBh7pl2aoRW +3GBepLFLoF8oiQaLoYGVA4GSAAQDRG2b7KCUKbGDTWVgW0qqNC3oYcz4f/AwTHmo +US1mzdRZj/Sf6IU+7mITGnQ6lg1EkTas/X6TK1hNMV7tAjSeowdN75wzd8YF32SF +HMIcWew5g56oF961qv3IvICZnRAOmWyGHeHdYwHxMBSBPNgua42QGoJz6J6dYAUe +vE+F3N29p/tRBGNzMFIqoDdW+NA= -----END PRIVATE KEY----- -PublicKey=ALICE_sect239k1_PUB +PublicKey=ALICE_sect571r1_PUB -----BEGIN PUBLIC KEY----- -MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEGn0Q+l9y/+3PxTevSrgNOGuG4cR2Xs5s -9RteZrZbcJfM5VrEefhjU6MVdDgS20rQEG18agWthoPNwdKH +MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQDRG2b7KCUKbGDTWVgW0qqNC3oYcz4 +f/AwTHmoUS1mzdRZj/Sf6IU+7mITGnQ6lg1EkTas/X6TK1hNMV7tAjSeowdN75wz +d8YF32SFHMIcWew5g56oF961qv3IvICZnRAOmWyGHeHdYwHxMBSBPNgua42QGoJz +6J6dYAUevE+F3N29p/tRBGNzMFIqoDdW+NA= -----END PUBLIC KEY----- -PrivPubKeyPair = ALICE_sect239k1:ALICE_sect239k1_PUB +PrivPubKeyPair = ALICE_sect571r1:ALICE_sect571r1_PUB -PrivateKey=BOB_sect239k1 +PrivateKey=BOB_sect571r1 -----BEGIN PRIVATE KEY----- -MH4CAQAwEAYHKoZIzj0CAQYFK4EEAAMEZzBlAgEBBB4FBG477KvylisppUFwbDl/ -SRGnX5FFmfw/xWIiEMehQAM+AAQFii094UX6F5m8Dk0eI/DhF3+IDUu7h81hTdyZ -xxET0IokxFkTUf/re9WPA7LxPOCuiIPZUNVCRxRWSuU= +MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAYj65N5XJTQusn+h +Z9xj/dgZ4qR1GDC1Ij7jYuow+TvGrG2wz/WT76/lLNtlCLfDW2kODDUmDAJeK/e+ +VMO7suJTXGnrGFHioYGVA4GSAAQGxykYFxqz7jZxcBbiPLYfJEhXlf2SYmMKve74 +trOT+qjIm35+uUAcg2krOzH7X/8wH6bVSn/UKG/k27wZrAnWzZ5XKd8QI70H8aHv +LgrCoMoqOno+h6J4TgvlDq7FIGZ8fvDaM7YJ8dHPX5FC8Vyphu82TcNdnNATBqom +6WDWc7RTFZ4sijL5ywVhovwJ1gA= -----END PRIVATE KEY----- -PublicKey=BOB_sect239k1_PUB +PublicKey=BOB_sect571r1_PUB -----BEGIN PUBLIC KEY----- -MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEBYotPeFF+heZvA5NHiPw4Rd/iA1Lu4fN -YU3cmccRE9CKJMRZE1H/63vVjwOy8TzgroiD2VDVQkcUVkrl +MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQGxykYFxqz7jZxcBbiPLYfJEhXlf2S +YmMKve74trOT+qjIm35+uUAcg2krOzH7X/8wH6bVSn/UKG/k27wZrAnWzZ5XKd8Q +I70H8aHvLgrCoMoqOno+h6J4TgvlDq7FIGZ8fvDaM7YJ8dHPX5FC8Vyphu82TcNd +nNATBqom6WDWc7RTFZ4sijL5ywVhovwJ1gA= -----END PUBLIC KEY----- -PrivPubKeyPair = BOB_sect239k1:BOB_sect239k1_PUB +PrivPubKeyPair = BOB_sect571r1:BOB_sect571r1_PUB # ECDH Alice with Bob peer -Derive=ALICE_sect239k1 -PeerKey=BOB_sect239k1_PUB -SharedSecret=4d1c9a8ae73f754d0a593d6e426114f4f67d7c8082ccc4e04a72b0d2aff8 +Derive=ALICE_sect571r1 +PeerKey=BOB_sect571r1_PUB +SharedSecret=004b397e564055e2c7d87648183c948655ccb0ebb20bd441f9b11635cf461cb5815ff060eab33091b9f7aed67bec8ba1bb7b22437ece3c92c7cf76124408fb951595dfb4a512b2ae # ECDH Bob with Alice peer -Derive=BOB_sect239k1 -PeerKey=ALICE_sect239k1_PUB -SharedSecret=4d1c9a8ae73f754d0a593d6e426114f4f67d7c8082ccc4e04a72b0d2aff8 +Derive=BOB_sect571r1 +PeerKey=ALICE_sect571r1_PUB +SharedSecret=004b397e564055e2c7d87648183c948655ccb0ebb20bd441f9b11635cf461cb5815ff060eab33091b9f7aed67bec8ba1bb7b22437ece3c92c7cf76124408fb951595dfb4a512b2ae # TEST CURVE c2pnb163v1 @@ -2309,3 +3096,375 @@ SharedSecret=c75a8283a73312de82c8f99d41a9173a43b8f921e8161dd140131b36 Derive=BOB_wap-wsg-idm-ecid-wtls12 PeerKey=ALICE_wap-wsg-idm-ecid-wtls12_PUB SharedSecret=c75a8283a73312de82c8f99d41a9173a43b8f921e8161dd140131b36 + + +Title = ECDH KATs (from RFC 5114, 5903, 7027) + +# Keys and shared secrets from RFC 5114 +PrivateKey=PRIME192V1_RFC5114 +-----BEGIN PRIVATE KEY----- +MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBgyP6MWnY6cZZP1lHa8 +FCAAq1vg4knENCahNAMyAATNRkiez9bBBeez0yVm4rEi4kmrqt2HBhJoiHtId99R +3U3D1v0R8KJvj9OEQxeRbpo= +-----END PRIVATE KEY----- + +PublicKey=PRIME192V1_RFC5114-PUBLIC +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEzUZIns/WwQXns9MlZuKxIuJJq6rd +hwYSaIh7SHffUd1Nw9b9EfCib4/ThEMXkW6a +-----END PUBLIC KEY----- + +PrivPubKeyPair = PRIME192V1_RFC5114:PRIME192V1_RFC5114-PUBLIC + + +PrivateKey=PRIME192V1_RFC5114-Peer +-----BEGIN PRIVATE KEY----- +MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhjH5W7SmdjLJxHbu6a +tpWrJAoEmTB/z2KhNAMyAARRmhIWgOAEVGa6Id8u7kf1lztQBXfvE9X/YTq01kzu +OiCHW9sQ+VP2swygcsYKpX8= +-----END PRIVATE KEY----- + +PublicKey=PRIME192V1_RFC5114-Peer-PUBLIC +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEUZoSFoDgBFRmuiHfLu5H9Zc7UAV3 +7xPV/2E6tNZM7jogh1vbEPlT9rMMoHLGCqV/ +-----END PUBLIC KEY----- + +PrivPubKeyPair = PRIME192V1_RFC5114-Peer:PRIME192V1_RFC5114-Peer-PUBLIC + + + +Derive=PRIME192V1_RFC5114 +PeerKey=PRIME192V1_RFC5114-Peer-PUBLIC +SharedSecret=AD420182633F8526BFE954ACDA376F05E5FF4F837F54FEBE + +Derive=PRIME192V1_RFC5114-Peer +PeerKey=PRIME192V1_RFC5114-PUBLIC +SharedSecret=AD420182633F8526BFE954ACDA376F05E5FF4F837F54FEBE + +PrivateKey=SECP224R1_RFC5114 +-----BEGIN PRIVATE KEY----- +MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBy1WOtsKI2nB7u0+PuuKrnp +y2LjvFx1c+IuJtN/oTwDOgAESd/vMJ+BSIwwTP9as+5aIVQ2fceDMVDgpR8+608r +XuRXYsT2VMGgxn9Uz4iwFrUbzj18Io1XrbQ= +-----END PRIVATE KEY----- + +PublicKey=SECP224R1_RFC5114-PUBLIC +-----BEGIN PUBLIC KEY----- +ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAESd/vMJ+BSIwwTP9as+5aIVQ2fceDMVDg +pR8+608rXuRXYsT2VMGgxn9Uz4iwFrUbzj18Io1XrbQ= +-----END PUBLIC KEY----- + +PrivPubKeyPair = SECP224R1_RFC5114:SECP224R1_RFC5114-PUBLIC + + +PrivateKey=SECP224R1_RFC5114-Peer +-----BEGIN PRIVATE KEY----- +MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBysOxrdPZdw5vanCO6fO44K +s7SA6fJ/hciLXm0YoTwDOgAEazrJao0M3mpVmb6AMu3xDBYtCorSGVBtzUKiB9SR +vpnCE6fRyjcG3r/jBfNhr8uzPiYJyLFhitU= +-----END PRIVATE KEY----- + +PublicKey=SECP224R1_RFC5114-Peer-PUBLIC +-----BEGIN PUBLIC KEY----- +ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEazrJao0M3mpVmb6AMu3xDBYtCorSGVBt +zUKiB9SRvpnCE6fRyjcG3r/jBfNhr8uzPiYJyLFhitU= +-----END PUBLIC KEY----- + +PrivPubKeyPair = SECP224R1_RFC5114-Peer:SECP224R1_RFC5114-Peer-PUBLIC + + + + +Derive=SECP224R1_RFC5114 +PeerKey=SECP224R1_RFC5114-Peer-PUBLIC +SharedSecret=52272F50F46F4EDC9151569092F46DF2D96ECC3B6DC1714A4EA949FA + + +Derive=SECP224R1_RFC5114-Peer +PeerKey=SECP224R1_RFC5114-PUBLIC +SharedSecret=52272F50F46F4EDC9151569092F46DF2D96ECC3B6DC1714A4EA949FA + +PrivateKey=PRIME256V1_RFC5114 +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQggUJkFF8vVvLpao4z +ehKEmT+vQypavOWehntykdUHo6+hRANCAAQq9QLzvolS8sm1qNQWDQnpcWW+ULxC +rkpejTtLqDrrFesPr0yphsTThoGg+YctedVnlb1L/25t48D1AV7OXv2F +-----END PRIVATE KEY----- + +PublicKey=PRIME256V1_RFC5114-PUBLIC +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKvUC876JUvLJtajUFg0J6XFlvlC8 +Qq5KXo07S6g66xXrD69MqYbE04aBoPmHLXnVZ5W9S/9ubePA9QFezl79hQ== +-----END PUBLIC KEY----- + +PrivPubKeyPair = PRIME256V1_RFC5114:PRIME256V1_RFC5114-PUBLIC + + +PrivateKey=PRIME256V1_RFC5114-Peer +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgLOF4jsGX4JbblaIA +zAqyahnOa8ytViuO7htZN2HPf0GhRANCAASxIN5Ko2SSeVNG6N5sLIZGrgaq6ief +p3WzqwcV9s5RsJ8bfuziDXte2OxoX6Pwcdg3JwJwkqhBE4XDTd5XCLK2 +-----END PRIVATE KEY----- + +PublicKey=PRIME256V1_RFC5114-Peer-PUBLIC +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsSDeSqNkknlTRujebCyGRq4Gquon +n6d1s6sHFfbOUbCfG37s4g17XtjsaF+j8HHYNycCcJKoQROFw03eVwiytg== +-----END PUBLIC KEY----- + +PrivPubKeyPair = PRIME256V1_RFC5114-Peer:PRIME256V1_RFC5114-Peer-PUBLIC + + + + +Derive=PRIME256V1_RFC5114 +PeerKey=PRIME256V1_RFC5114-Peer-PUBLIC +SharedSecret=DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788 + + +Derive=PRIME256V1_RFC5114-Peer +PeerKey=PRIME256V1_RFC5114-PUBLIC +SharedSecret=DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788 + +PrivateKey=SECP384R1_RFC5114 +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDSczXqcWZK8kTdFOn9 +EmBxXf2KeWVXHEjXCe56eWKhVtcGqQy8td8phvBf6tuTdvGhZANiAAR5MUjxeHY0 +1dpMbZB0QX0F4FerYvggVNEO5rBAPWJ5VH5qjqnR/XdCfQFv4nqLjGbGxBKUMx0j +5vSA9PtM1AUEyUc5LpT0w/BrjzmLsp5CNo96aFkj3jtnus7SFKGh0Sg= +-----END PRIVATE KEY----- + +PublicKey=SECP384R1_RFC5114-PUBLIC +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEeTFI8Xh2NNXaTG2QdEF9BeBXq2L4IFTR +DuawQD1ieVR+ao6p0f13Qn0Bb+J6i4xmxsQSlDMdI+b0gPT7TNQFBMlHOS6U9MPw +a485i7KeQjaPemhZI947Z7rO0hShodEo +-----END PUBLIC KEY----- + +PrivPubKeyPair = SECP384R1_RFC5114:SECP384R1_RFC5114-PUBLIC + + +PrivateKey=SECP384R1_RFC5114-Peer +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBS0Xkf20tw+JwPANRW +wvcCO2ElJiw2p98fgCMRIczj05vlLgDBlKQTLEpsdovNlNKhZANiAARc1Cq5xBtT +R/dLjU77cIs9WzbbZZFTWbRKvBdke2uZmXidcqhIZa4vIj8StaGrwSDhcUWP6qk5 +qqOov6xGtAS9j21bNIwPpNgM7KFjVsqTMkC96HI0Fajs4DWw7fNnVd4= +-----END PRIVATE KEY----- + +PublicKey=SECP384R1_RFC5114-Peer-PUBLIC +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEXNQqucQbU0f3S41O+3CLPVs222WRU1m0 +SrwXZHtrmZl4nXKoSGWuLyI/ErWhq8Eg4XFFj+qpOaqjqL+sRrQEvY9tWzSMD6TY +DOyhY1bKkzJAvehyNBWo7OA1sO3zZ1Xe +-----END PUBLIC KEY----- + +PrivPubKeyPair = SECP384R1_RFC5114-Peer:SECP384R1_RFC5114-Peer-PUBLIC + + + + +Derive=SECP384R1_RFC5114 +PeerKey=SECP384R1_RFC5114-Peer-PUBLIC +SharedSecret=5EA1FC4AF7256D2055981B110575E0A8CAE53160137D904C59D926EB1B8456E427AA8A4540884C37DE159A58028ABC0E + + +Derive=SECP384R1_RFC5114-Peer +PeerKey=SECP384R1_RFC5114-PUBLIC +SharedSecret=5EA1FC4AF7256D2055981B110575E0A8CAE53160137D904C59D926EB1B8456E427AA8A4540884C37DE159A58028ABC0E + +PrivateKey=SECP521R1_RFC5114 +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBE/gtqCVzXj2XJ2aD +srdCd7rSczXqcWZK8kMMxPM0WblmnueLP/ubhoMBXTRNy/72+5r0xsRwviVFFs08 +Gh+0c2KhgYkDgYYABAHrs03XVyGr+K3J2+0XiJy7l2XZCnxg8s7wB7sPKybhSIH9 +RELmidYcst0EbuMOP/0g+aRbvfZBPVg6Lb9Zkk/TXAD2tjLRlMA4jiLYQ35VjFUq +4ZWt/RU/ktdJCDUbL4xO2pTtsJFtG1PAILXuyu0aX8OKIz5IMFh7su40ibO0KlqG +pA== +-----END PRIVATE KEY----- + +PublicKey=SECP521R1_RFC5114-PUBLIC +-----BEGIN PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB67NN11chq/itydvtF4icu5dl2Qp8 +YPLO8Ae7Dysm4UiB/URC5onWHLLdBG7jDj/9IPmkW732QT1YOi2/WZJP01wA9rYy +0ZTAOI4i2EN+VYxVKuGVrf0VP5LXSQg1Gy+MTtqU7bCRbRtTwCC17srtGl/DiiM+ +SDBYe7LuNImztCpahqQ= +-----END PUBLIC KEY----- + +PrivPubKeyPair = SECP521R1_RFC5114:SECP521R1_RFC5114-PUBLIC + + +PrivateKey=SECP521R1_RFC5114-Peer +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAzuNIDYZFoX0knyd2 +0ouuYWlS0Xkf20tw98M3hzKqGyKShEi80dwkltQ1sBBIBm6+T3KQPDYbGp3BGT3C +ydCJG5ahgYkDgYYABAEOv6/G6F4I0kv//MGkUR2w5jS+6xtt7IxZOa5EdmIBr2IA +QwupfIrGoOnwizPOfp/utbpO5eDYFRDCQpW4oI0CNQCkpuwwDfniV7A3K156v+8J +NDZxmneIfrsLGM+Ambn0IStuMKFBnBjgKdNoY8ydRI9Nuk0qDmBxG+VykV+9T+8m +lQ== +-----END PRIVATE KEY----- + +PublicKey=SECP521R1_RFC5114-Peer-PUBLIC +-----BEGIN PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBDr+vxuheCNJL//zBpFEdsOY0vusb +beyMWTmuRHZiAa9iAEMLqXyKxqDp8Iszzn6f7rW6TuXg2BUQwkKVuKCNAjUApKbs +MA354lewNyteer/vCTQ2cZp3iH67CxjPgJm59CErbjChQZwY4CnTaGPMnUSPTbpN +Kg5gcRvlcpFfvU/vJpU= +-----END PUBLIC KEY----- + +PrivPubKeyPair = SECP521R1_RFC5114-Peer:SECP521R1_RFC5114-Peer-PUBLIC + + + + +Derive=SECP521R1_RFC5114 +PeerKey=SECP521R1_RFC5114-Peer-PUBLIC +SharedSecret=00CDEA89621CFA46B132F9E4CFE2261CDE2D4368EB5656634C7CC98C7A00CDE54ED1866A0DD3E6126C9D2F845DAFF82CEB1DA08F5D87521BB0EBECA77911169C20CC + + +Derive=SECP521R1_RFC5114-Peer +PeerKey=SECP521R1_RFC5114-PUBLIC +SharedSecret=00CDEA89621CFA46B132F9E4CFE2261CDE2D4368EB5656634C7CC98C7A00CDE54ED1866A0DD3E6126C9D2F845DAFF82CEB1DA08F5D87521BB0EBECA77911169C20CC + +# Keys and shared secrets from RFC 5903 +PrivateKey=PRIME256V1_RFC5903 +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgyI8B9RDZrD9wopLa +ojFt5UTpqriv6EBJxiqcV4YtFDOhRANCAATa0LZTlCIc+bBR4f7KV4fQmN/mN/yQ +ue+UXQw3clgRgFJxoEYc24JS1h8cRW+j5Zqx9FszrM9fWDieBXe4mQuz +-----END PRIVATE KEY----- + +PublicKey=PRIME256V1_RFC5903-PUBLIC +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2tC2U5QiHPmwUeH+yleH0Jjf5jf8 +kLnvlF0MN3JYEYBScaBGHNuCUtYfHEVvo+WasfRbM6zPX1g4ngV3uJkLsw== +-----END PUBLIC KEY----- + +PrivPubKeyPair = PRIME256V1_RFC5903:PRIME256V1_RFC5903-PUBLIC + + +PrivateKey=PRIME256V1_RFC5903-Peer +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgxu+cXXiuASoBEWSs +s5fOIIhoXY8Gv5vgsoOrRkdr7lOhRANCAATRLftSicjU+BIItwJwOYw0IpaXCgvM +t0xzb8dVRJS/Y1b788o2bMI+gVeFTBPFjWqsI/BGraMPg1PnTzMDmHKr +-----END PRIVATE KEY----- + +PublicKey=PRIME256V1_RFC5903-Peer-PUBLIC +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0S37UonI1PgSCLcCcDmMNCKWlwoL +zLdMc2/HVUSUv2NW+/PKNmzCPoFXhUwTxY1qrCPwRq2jD4NT508zA5hyqw== +-----END PUBLIC KEY----- + +PrivPubKeyPair = PRIME256V1_RFC5903-Peer:PRIME256V1_RFC5903-Peer-PUBLIC + + + + +Derive=PRIME256V1_RFC5903 +PeerKey=PRIME256V1_RFC5903-Peer-PUBLIC +SharedSecret=D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE + + +Derive=PRIME256V1_RFC5903-Peer +PeerKey=PRIME256V1_RFC5903-PUBLIC +SharedSecret=D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE + +PrivateKey=SECP384R1_RFC5903 +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAJnzxwNNSixpmITXOj +daZ/diTvfGs8DxYGR7Z0FNzmVeNbU4BB5knuP674lng6sZShZANiAARmeELX0YCs +LN5vdPN1UfVXVcdkXCDvc+MWNP5ytMVe5t46yAistL20yIcyrulfQaqUgu0fwO65 +yvxJhGJcz8I/ZQMhSeDhRK2gJBgVNaDzjuufz/PCyUfa5ptMY0VzqBw= +-----END PRIVATE KEY----- + +PublicKey=SECP384R1_RFC5903-PUBLIC +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZnhC19GArCzeb3TzdVH1V1XHZFwg73Pj +FjT+crTFXubeOsgIrLS9tMiHMq7pX0GqlILtH8Duucr8SYRiXM/CP2UDIUng4USt +oCQYFTWg847rn8/zwslH2uabTGNFc6gc +-----END PUBLIC KEY----- + +PrivPubKeyPair = SECP384R1_RFC5903:SECP384R1_RFC5903-PUBLIC + + +PrivateKey=SECP384R1_RFC5903-Peer +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBBywd5tL24XUeEZyX7 +7DyUMPq0bMjcUGCFXMm9oKopQuAwgxKRa47Slg5L1Vp0SPyhZANiAATlWNvvU+7N +49P8z8GuoIqJqYdHXRL9lQ2Dz6QXMrxQnQ0axDoDNt75b9pB0HdKNXHc++x6rPMZ +ZHIWnoOEMDZ/Zu6+PG5wxBbdXwxodZ3R//g/pAFCIJ3/XqrZbbnmOGw= +-----END PRIVATE KEY----- + +PublicKey=SECP384R1_RFC5903-Peer-PUBLIC +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE5Vjb71PuzePT/M/BrqCKiamHR10S/ZUN +g8+kFzK8UJ0NGsQ6Azbe+W/aQdB3SjVx3PvseqzzGWRyFp6DhDA2f2buvjxucMQW +3V8MaHWd0f/4P6QBQiCd/16q2W255jhs +-----END PUBLIC KEY----- + +PrivPubKeyPair = SECP384R1_RFC5903-Peer:SECP384R1_RFC5903-Peer-PUBLIC + + + +Derive=SECP384R1_RFC5903 +PeerKey=SECP384R1_RFC5903-Peer-PUBLIC +SharedSecret=11187331C279962D93D604243FD592CB9D0A926F422E47187521287E7156C5C4D603135569B9E9D09CF5D4A270F59746 + + +Derive=SECP384R1_RFC5903-Peer +PeerKey=SECP384R1_RFC5903-PUBLIC +SharedSecret=11187331C279962D93D604243FD592CB9D0A926F422E47187521287E7156C5C4D603135569B9E9D09CF5D4A270F59746 + +PrivateKey=SECP521R1_RFC5903 +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAN63pMZqJ9Nq9s+9B +GqzMpRI8YayrV7U5Pc5HYIFyoJWqhaMP4cKVLGdx2Te6l3f1lXsmObqwckYvaMJ6 +VzgtSlKhgYkDgYYABAAVQX6E2/KMCtPCeHEzSdx98VPIl6GJG9mLq0NXyey+4eO/ +QuALjjgK6uV8LRB1ZJQYhZQq9af0YBcjxBldF2ztPgF8riC2ZB0u62lXhtjJRhRi +OdCZ4Y4dWlFMc518tKEK2KeIAVrEBdd5ncdee31bbPImGmp/FQdDi/Ab62yjkm+V +gg== +-----END PRIVATE KEY----- + +PublicKey=SECP521R1_RFC5903-PUBLIC +-----BEGIN PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAFUF+hNvyjArTwnhxM0ncffFTyJeh +iRvZi6tDV8nsvuHjv0LgC444CurlfC0QdWSUGIWUKvWn9GAXI8QZXRds7T4BfK4g +tmQdLutpV4bYyUYUYjnQmeGOHVpRTHOdfLShCtiniAFaxAXXeZ3HXnt9W2zyJhpq +fxUHQ4vwG+tso5JvlYI= +-----END PUBLIC KEY----- + +PrivPubKeyPair = SECP521R1_RFC5903:SECP521R1_RFC5903-PUBLIC + + +PrivateKey=SECP521R1_RFC5903-Peer +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBRbqZqEevQ3k/3Q6H +LnzfoWvjD9x4D5e8zD8Hg4AgHpxnfWALNDdXo72/KjFj5ML4acynRYqkpO/8MR9c +sVFoXrmhgYkDgYYABADQs5daxLeZ9b6hbV4T6a+XHV6bmEyfOXKLXlc5c1ohm5fD +VkNq3G6VuwNS9r5kpsKRLU7y0EM87SthcWQAEtlGDwFcaCJjg5VuO9Bm55e2I8J8 +4OrC9VGhDCxyTZhSB3uHIgtlNsXECKHSrruOhtZ4rknLVwkfRzIpZXmrRPzRfw/F +ag== +-----END PRIVATE KEY----- + +PublicKey=SECP521R1_RFC5903-Peer-PUBLIC +-----BEGIN PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA0LOXWsS3mfW+oW1eE+mvlx1em5hM +nzlyi15XOXNaIZuXw1ZDatxulbsDUva+ZKbCkS1O8tBDPO0rYXFkABLZRg8BXGgi +Y4OVbjvQZueXtiPCfODqwvVRoQwsck2YUgd7hyILZTbFxAih0q67jobWeK5Jy1cJ +H0cyKWV5q0T80X8PxWo= +-----END PUBLIC KEY----- + +PrivPubKeyPair = SECP521R1_RFC5903-Peer:SECP521R1_RFC5903-Peer-PUBLIC + + +Derive=SECP521R1_RFC5903 +PeerKey=SECP521R1_RFC5903-Peer-PUBLIC +SharedSecret=01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3DDEA + + +Derive=SECP521R1_RFC5903-Peer +PeerKey=SECP521R1_RFC5903-PUBLIC +SharedSecret=01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3DDEA diff --git a/test/recipes/30-test_evp_data/evppkey_ecdh_nist.txt b/test/recipes/30-test_evp_data/evppkey_ecdh_nist.txt deleted file mode 100644 index d7dec1d0e7..0000000000 --- a/test/recipes/30-test_evp_data/evppkey_ecdh_nist.txt +++ /dev/null @@ -1,1177 +0,0 @@ -# -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# Tests start with one of these keywords -# Cipher Decrypt Derive Digest Encoding KDF MAC PBE -# PrivPubKeyPair Sign Verify VerifyRecover -# and continue until a blank line. Lines starting with a pound sign are ignored. - - -# Public key algorithm tests - -# Private keys used for PKEY operations. - - -# EC P-256 key - -PrivateKey=P-256 ------BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiocvtiiTxNH/xbnw -+RdYBp+DUuCPoFpJ+NuSbLVyhyWhRANCAAQsFQ9CnOcPIWwlLPXgYs4fY5zV0WXH -+JQkBywnGX14szuSDpXNtmTpkNzwz+oNlOKo5q+dDlgFbmUxBJJbn+bJ ------END PRIVATE KEY----- - -# EC public key for above - -PublicKey=P-256-PUBLIC ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUPQpznDyFsJSz14GLOH2Oc1dFl -x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ== ------END PUBLIC KEY----- - -PrivPubKeyPair = P-256:P-256-PUBLIC - -# Additional EC key for ECDH -PrivateKey=P-256-Peer ------BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/URzu1TDNwUFWZ3i -dLISAZpEY0vfJ2pLB7f+Xnjyl2OhRANCAAQgBuXhSgeKpz+4piXlYSVLvy0NT+wK -uZWUI3LqUUCV07wg+RLLMY8yNK9kjqcgZDs/cB+bet64nQq+dNnvtpxG ------END PRIVATE KEY----- - -PublicKey=P-256-Peer-PUBLIC ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIAbl4UoHiqc/uKYl5WElS78tDU/s -CrmVlCNy6lFAldO8IPkSyzGPMjSvZI6nIGQ7P3Afm3reuJ0KvnTZ77acRg== ------END PUBLIC KEY----- - -PrivPubKeyPair = P-256-Peer:P-256-Peer-PUBLIC - -Title = ECDH tests - - -Derive=P-256 -PeerKey=P-256-Peer-PUBLIC -SharedSecret=E3CC07DFBDDE76A1139811DB9FF5FAF9D17EF39944F1E77D1F6A208524BF7B1B - - -Derive=P-256-Peer -PeerKey=P-256-PUBLIC -SharedSecret=E3CC07DFBDDE76A1139811DB9FF5FAF9D17EF39944F1E77D1F6A208524BF7B1B - -# TEST CURVE secp224r1 - -PrivateKey=ALICE_secp224r1 ------BEGIN PRIVATE KEY----- -MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBxLKkXFJXYqGUlTsmgjlesi -kwqejrekrkSTbehyoTwDOgAEUcEh0Ggy/rD+Nj9JQozzI+qzPtiU7b2D2HtdCa4h -fbVPXngcRH2B2xN8W+dcHoIxrxO2UFXy4xo= ------END PRIVATE KEY----- - -PublicKey=ALICE_secp224r1_PUB ------BEGIN PUBLIC KEY----- -ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEUcEh0Ggy/rD+Nj9JQozzI+qzPtiU7b2D -2HtdCa4hfbVPXngcRH2B2xN8W+dcHoIxrxO2UFXy4xo= ------END PUBLIC KEY----- - -PrivPubKeyPair = ALICE_secp224r1:ALICE_secp224r1_PUB - - -PrivateKey=BOB_secp224r1 ------BEGIN PRIVATE KEY----- -MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBzOHGGUR3fZYg3GSaUN6pxo -NQtAlOzM3UclEhMzoTwDOgAEdwFklK/YoDRU6bM7X2ulNLwqx9TUETMFUM6VV9DB -4YcvAzv6pQgVwYEU7IahmSKpX19chbPt2I0= ------END PRIVATE KEY----- - -PublicKey=BOB_secp224r1_PUB ------BEGIN PUBLIC KEY----- -ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEdwFklK/YoDRU6bM7X2ulNLwqx9TUETMF -UM6VV9DB4YcvAzv6pQgVwYEU7IahmSKpX19chbPt2I0= ------END PUBLIC KEY----- - -PrivPubKeyPair = BOB_secp224r1:BOB_secp224r1_PUB - - -# ECDH Alice with Bob peer - -Derive=ALICE_secp224r1 -PeerKey=BOB_secp224r1_PUB -SharedSecret=34ea06d16d82f0d1725de47f3639ac0c23db7d7ed68f01488539a2a5 - -# ECDH Bob with Alice peer - -Derive=BOB_secp224r1 -PeerKey=ALICE_secp224r1_PUB -SharedSecret=34ea06d16d82f0d1725de47f3639ac0c23db7d7ed68f01488539a2a5 - -# TEST CURVE secp384r1 - -PrivateKey=ALICE_secp384r1 ------BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCxE7Q4m1dsK7M3Otxo -cgY/ejX9JOKKdAtSnRiU4bnK3eFmALkMN7XIveQnWLB1PEKhZANiAAQaUsvUFr/u -ISpAmYqYZIme4VassCtb0tNGU97s3qt4ozcogZ4z+fIzXZ4YXqfGoEa57+uQDgqr -+jNOTji7Gxopt6AqZ9EvwuVaCuunUi0pcx6cc8IuUfrwMwSFovV/7sM= ------END PRIVATE KEY----- - -PublicKey=ALICE_secp384r1_PUB ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGlLL1Ba/7iEqQJmKmGSJnuFWrLArW9LT -RlPe7N6reKM3KIGeM/nyM12eGF6nxqBGue/rkA4Kq/ozTk44uxsaKbegKmfRL8Ll -Wgrrp1ItKXMenHPCLlH68DMEhaL1f+7D ------END PUBLIC KEY----- - -PrivPubKeyPair = ALICE_secp384r1:ALICE_secp384r1_PUB - - -PrivateKey=BOB_secp384r1 ------BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBRiGXRsb5sUq0b3/dg -Z+pA9kbrSivBMCUCXVwxno1d/30hI/Yy0Z5PWwbBgwTFprWhZANiAASp1FeUOBJF -mzQCNbGiOz8He0kF+KIf24UGYVO5MC7u5rV9hpoYsbcgmwxALskPN18os2ygK1Pn -f/h+WALIsG2RknSTbiyvBYkoIhJV9cflvEDpMeaWSLF7qJ5YjEIf9PM= ------END PRIVATE KEY----- - -PublicKey=BOB_secp384r1_PUB ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEqdRXlDgSRZs0AjWxojs/B3tJBfiiH9uF -BmFTuTAu7ua1fYaaGLG3IJsMQC7JDzdfKLNsoCtT53/4flgCyLBtkZJ0k24srwWJ -KCISVfXH5bxA6THmlkixe6ieWIxCH/Tz ------END PUBLIC KEY----- - -PrivPubKeyPair = BOB_secp384r1:BOB_secp384r1_PUB - - -# ECDH Alice with Bob peer - -Derive=ALICE_secp384r1 -PeerKey=BOB_secp384r1_PUB -SharedSecret=2006ed49acbb991b8fbf8a15c3f263542496eaefe1e2952591b72fb929463eac7a403a5419cebbfb73734918eaed59fd - -# ECDH Bob with Alice peer - -Derive=BOB_secp384r1 -PeerKey=ALICE_secp384r1_PUB -SharedSecret=2006ed49acbb991b8fbf8a15c3f263542496eaefe1e2952591b72fb929463eac7a403a5419cebbfb73734918eaed59fd - -# TEST CURVE secp521r1 - -PrivateKey=ALICE_secp521r1 ------BEGIN PRIVATE KEY----- -MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAFBIz3FLAuX8VCWzM -wu1f/tm8pf1QqnsdLqaIWCQAJa2W5ldpJTYfkj1gGxM44AD3qHnkXISvNLwwuxI1 -hr2+pOGhgYkDgYYABACWlOOFYk/p3AS2LxEQWBuMm6uIjo3XArjh1QrsLcUc5hhi -82CIz6kKwKjCnYRDHq4iv1x63rVEzGGhQOM1g+cRVwHSpfbBpaxK7bMLkVFOOavv -OdcdyRHaHsvxw2pREmdS/GwtfgT8odQrG06KMIwVeL+H08fGJSbPX0Zock0DOPCp -aw== ------END PRIVATE KEY----- - -PublicKey=ALICE_secp521r1_PUB ------BEGIN PUBLIC KEY----- -MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAlpTjhWJP6dwEti8REFgbjJuriI6N -1wK44dUK7C3FHOYYYvNgiM+pCsCowp2EQx6uIr9cet61RMxhoUDjNYPnEVcB0qX2 -waWsSu2zC5FRTjmr7znXHckR2h7L8cNqURJnUvxsLX4E/KHUKxtOijCMFXi/h9PH -xiUmz19GaHJNAzjwqWs= ------END PUBLIC KEY----- - -PrivPubKeyPair = ALICE_secp521r1:ALICE_secp521r1_PUB - - -PrivateKey=BOB_secp521r1 ------BEGIN PRIVATE KEY----- -MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA9C/sMWveRlHPr9P5 -cc3U+1L2/zB0VtHewKSQRWZ67SmS4+m7uXTqUVSLRHiQEgQid0cg77gSxXPlmV+z -y0f3zd+hgYkDgYYABAE18N3SwDGtea3IOqUdh3j0JtnMeP41i/agEBlxK8/iEBXc -Q61mkIrQIKcabRhoylEugXHiyNnqNQOD4DUa0bTKzAHtJ4UqqbEVno6byRmcUQwb -mvG89eS8GLEmk5X/O2atHU4yIGTuTRQWn/BTJUCS+OgJz4FZdadscc5Z640EZqSD -iw== ------END PRIVATE KEY----- - -PublicKey=BOB_secp521r1_PUB ------BEGIN PUBLIC KEY----- -MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBNfDd0sAxrXmtyDqlHYd49CbZzHj+ -NYv2oBAZcSvP4hAV3EOtZpCK0CCnGm0YaMpRLoFx4sjZ6jUDg+A1GtG0yswB7SeF -KqmxFZ6Om8kZnFEMG5rxvPXkvBixJpOV/ztmrR1OMiBk7k0UFp/wUyVAkvjoCc+B -WXWnbHHOWeuNBGakg4s= ------END PUBLIC KEY----- - -PrivPubKeyPair = BOB_secp521r1:BOB_secp521r1_PUB - - -# ECDH Alice with Bob peer - -Derive=ALICE_secp521r1 -PeerKey=BOB_secp521r1_PUB -SharedSecret=018c8f33e544a0fa8854dcd96bdba75b7687d1c42b2ff1bf0a06d49c424fee96d8a7f3af3119dcbfabc1c147477c50f7c72971956f9bb17ddec6d02b2187f06cf4be - -# ECDH Bob with Alice peer - -Derive=BOB_secp521r1 -PeerKey=ALICE_secp521r1_PUB -SharedSecret=018c8f33e544a0fa8854dcd96bdba75b7687d1c42b2ff1bf0a06d49c424fee96d8a7f3af3119dcbfabc1c147477c50f7c72971956f9bb17ddec6d02b2187f06cf4be - -# TEST CURVE prime192v1 - -PrivateKey=ALICE_prime192v1 ------BEGIN PRIVATE KEY----- -MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBjxfXvSFNqD2UzFVN1L -bQrPlzop7dxQq/ehNAMyAATibpGuYzCjkT1tWLYEogpKz74WqhvbQtZPkCYQCin1 -cmZuNW+BZ0jyVEpGlpnZPMg= ------END PRIVATE KEY----- - -PublicKey=ALICE_prime192v1_PUB ------BEGIN PUBLIC KEY----- -MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE4m6RrmMwo5E9bVi2BKIKSs++Fqob -20LWT5AmEAop9XJmbjVvgWdI8lRKRpaZ2TzI ------END PUBLIC KEY----- - -PrivPubKeyPair = ALICE_prime192v1:ALICE_prime192v1_PUB - - -PrivateKey=BOB_prime192v1 ------BEGIN PRIVATE KEY----- -MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhewaqXNZlYyqnmuEEE -Y/oUXe3/jpzhmyGhNAMyAASkpwNJEP/1FuuWKCDDUm26iyqrs+zKwayZnaF77YC6 -qCtgia7yNcSl9tlWHh3gQgw= ------END PRIVATE KEY----- - -PublicKey=BOB_prime192v1_PUB ------BEGIN PUBLIC KEY----- -MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEpKcDSRD/9Rbrliggw1Jtuosqq7Ps -ysGsmZ2he+2AuqgrYImu8jXEpfbZVh4d4EIM ------END PUBLIC KEY----- - -PrivPubKeyPair = BOB_prime192v1:BOB_prime192v1_PUB - - -# ECDH Alice with Bob peer - -Derive=ALICE_prime192v1 -PeerKey=BOB_prime192v1_PUB -SharedSecret=be2a779b587f8f5d7c9d8f006e0a6d0e996c9c63c255f861 - -# ECDH Bob with Alice peer - -Derive=BOB_prime192v1 -PeerKey=ALICE_prime192v1_PUB -SharedSecret=be2a779b587f8f5d7c9d8f006e0a6d0e996c9c63c255f861 - -# TEST CURVE prime256v1 - -PrivateKey=ALICE_prime256v1 ------BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQglUPDk8gQ8lMj38V7 -0jPBZDfQUx5pNOVSKOMTqlh04POhRANCAARq87w+K0q9b1mzJGh309kjNvYTS02m -YkHKxAewiZwmt/5w+5uywz/+0130SdAWbXtECjaHUK94YEHzp0G/PCl5 ------END PRIVATE KEY----- - -PublicKey=ALICE_prime256v1_PUB ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEavO8PitKvW9ZsyRod9PZIzb2E0tN -pmJBysQHsImcJrf+cPubssM//tNd9EnQFm17RAo2h1CveGBB86dBvzwpeQ== ------END PUBLIC KEY----- - -PrivPubKeyPair = ALICE_prime256v1:ALICE_prime256v1_PUB - - -PrivateKey=BOB_prime256v1 ------BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgNsLfn/sRZfm9ZcM7 -xURiUHT7+w8Jgk9SbwTVDjpLYYmhRANCAASRmyKNgUbADGxkIOAVh9T7IXv2ZDT6 -I5YMW6wOs27VMOAD0AiNLrv7sW1TdqxkUtF17/GFpLvFOuZcbdX4p3i/ ------END PRIVATE KEY----- - -PublicKey=BOB_prime256v1_PUB ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkZsijYFGwAxsZCDgFYfU+yF79mQ0 -+iOWDFusDrNu1TDgA9AIjS67+7FtU3asZFLRde/xhaS7xTrmXG3V+Kd4vw== ------END PUBLIC KEY----- - -PrivPubKeyPair = BOB_prime256v1:BOB_prime256v1_PUB - - -# ECDH Alice with Bob peer - -Derive=ALICE_prime256v1 -PeerKey=BOB_prime256v1_PUB -SharedSecret=390021fbca00d959c1adaf7e9cedef0e65a582489eab9adbe739ef66bf82adb4 - -# ECDH Bob with Alice peer - -Derive=BOB_prime256v1 -PeerKey=ALICE_prime256v1_PUB -SharedSecret=390021fbca00d959c1adaf7e9cedef0e65a582489eab9adbe739ef66bf82adb4 - -# TEST CURVE sect163k1 - -PrivateKey=ALICE_sect163k1 ------BEGIN PRIVATE KEY----- -MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUBxkeGOXE86PAijpk8trN/ -f3kl4UmhLgMsAAQD1hrDCJ2MSFKZ6Q11cTllX/l5HY0Hg5XZCxMFC84AaczwPtNJ -YNCxfCk= ------END PRIVATE KEY----- - -PublicKey=ALICE_sect163k1_PUB ------BEGIN PUBLIC KEY----- -MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEA9YawwidjEhSmekNdXE5ZV/5eR2NB4OV -2QsTBQvOAGnM8D7TSWDQsXwp ------END PUBLIC KEY----- - -PrivPubKeyPair = ALICE_sect163k1:ALICE_sect163k1_PUB - - -PrivateKey=BOB_sect163k1 ------BEGIN PRIVATE KEY----- -MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUCUJ5kItSfXidHXsgokcS7 -nzPFbOShLgMsAAQGrYNJ1qgdb3A9ISOmTujfS+WYFKwBXXrJEluAkeNh3jXnDq8X -+XBB0k8= ------END PRIVATE KEY----- - -PublicKey=BOB_sect163k1_PUB ------BEGIN PUBLIC KEY----- -MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBq2DSdaoHW9wPSEjpk7o30vlmBSsAV16 -yRJbgJHjYd415w6vF/lwQdJP ------END PUBLIC KEY----- - -PrivPubKeyPair = BOB_sect163k1:BOB_sect163k1_PUB - - -# ECDH Alice with Bob peer - -Derive=ALICE_sect163k1 -PeerKey=BOB_sect163k1_PUB -SharedSecret=07bfdf00759b383aa7741ae4634400f8ddf2047092 - -# ECDH Bob with Alice peer - -Derive=BOB_sect163k1 -PeerKey=ALICE_sect163k1_PUB -SharedSecret=07bfdf00759b383aa7741ae4634400f8ddf2047092 - -# TEST CURVE sect163r2 - -PrivateKey=ALICE_sect163r2 ------BEGIN PRIVATE KEY----- -MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDjH2G7BkPTBM4VtljaQr8 -sXVLNOqhLgMsAAQHHqWxJWR2KrHCPp/PSjZIdK88ET0A323/UOTxhYHwsLpR7rp3 -ahq1lQ8= ------END PRIVATE KEY----- - -PublicKey=ALICE_sect163r2_PUB ------BEGIN PUBLIC KEY----- -MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBx6lsSVkdiqxwj6fz0o2SHSvPBE9AN9t -/1Dk8YWB8LC6Ue66d2oatZUP ------END PUBLIC KEY----- - -PrivPubKeyPair = ALICE_sect163r2:ALICE_sect163r2_PUB - - -PrivateKey=BOB_sect163r2 ------BEGIN PRIVATE KEY----- -MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUBXOM9Tm6sKXUlRLlW0HgC -NTDxW2ihLgMsAAQGxa8xRcC+TIcDgGtehDVEV1PoBokBwtILj16NPYC0aBZI8/nF -F4jhgmc= ------END PRIVATE KEY----- - -PublicKey=BOB_sect163r2_PUB ------BEGIN PUBLIC KEY----- -MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBsWvMUXAvkyHA4BrXoQ1RFdT6AaJAcLS -C49ejT2AtGgWSPP5xReI4YJn ------END PUBLIC KEY----- - -PrivPubKeyPair = BOB_sect163r2:BOB_sect163r2_PUB - - -# ECDH Alice with Bob peer - -Derive=ALICE_sect163r2 -PeerKey=BOB_sect163r2_PUB -SharedSecret=040df54e6df412790ef5c0fafbbfcba5136b872951 - -# ECDH Bob with Alice peer - -Derive=BOB_sect163r2 -PeerKey=ALICE_sect163r2_PUB -SharedSecret=040df54e6df412790ef5c0fafbbfcba5136b872951 - -# TEST CURVE sect233k1 - -PrivateKey=ALICE_sect233k1 ------BEGIN PRIVATE KEY----- -MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB1aR7qaKm1vmZWK2bGsJ1rX -mH6BpTkW4t1L4zSf/KFAAz4ABADcDiv+bTvPVViqYLNz06VO5wodry+sGi6fnJIr -QQCTfZ9d5whiIsbY5Thlcm7I0A/cIGoShA/6LumOVA== ------END PRIVATE KEY----- - -PublicKey=ALICE_sect233k1_PUB ------BEGIN PUBLIC KEY----- -MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEANwOK/5tO89VWKpgs3PTpU7nCh2vL6wa -Lp+ckitBAJN9n13nCGIixtjlOGVybsjQD9wgahKED/ou6Y5U ------END PUBLIC KEY----- - -PrivPubKeyPair = ALICE_sect233k1:ALICE_sect233k1_PUB - - -PrivateKey=BOB_sect233k1 ------BEGIN PRIVATE KEY----- -MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0oa5BrzYxm6mn51Xyphn6X -OUjKc9oMDHCowAyHTaFAAz4ABAGKiFuFJVQeymHYRVnt2LNF2MSaTMcL9JGSPn2z -OwBis5MS4kgEFakWQl7KpGiy3vS89wmpblvHLJ/+IQ== ------END PRIVATE KEY----- - -PublicKey=BOB_sect233k1_PUB ------BEGIN PUBLIC KEY----- -MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAYqIW4UlVB7KYdhFWe3Ys0XYxJpMxwv0 -kZI+fbM7AGKzkxLiSAQVqRZCXsqkaLLe9Lz3CaluW8csn/4h ------END PUBLIC KEY----- - -PrivPubKeyPair = BOB_sect233k1:BOB_sect233k1_PUB - - -# ECDH Alice with Bob peer - -Derive=ALICE_sect233k1 -PeerKey=BOB_sect233k1_PUB -SharedSecret=00a5e5f2e992f4360d530dd365d14f5c6013212e14f4ea258c91c71f1512 - -# ECDH Bob with Alice peer - -Derive=BOB_sect233k1 -PeerKey=ALICE_sect233k1_PUB -SharedSecret=00a5e5f2e992f4360d530dd365d14f5c6013212e14f4ea258c91c71f1512 - -# TEST CURVE sect233r1 - -PrivateKey=ALICE_sect233r1 ------BEGIN PRIVATE KEY----- -MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AEN6fePR2gizyXzU6kIgU -Gijp5+IQAXoNBfKnVeChQAM+AAQB0kEwu2fwQWo1v1j7XQ8uJT3iMwRC8w+cxgxx -GQ4B/FyjrhIUpEDWaMqfV23McZ6WdbIUe3MZ7K5pG38= ------END PRIVATE KEY----- - -PublicKey=ALICE_sect233r1_PUB ------BEGIN PUBLIC KEY----- -MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAdJBMLtn8EFqNb9Y+10PLiU94jMEQvMP -nMYMcRkOAfxco64SFKRA1mjKn1dtzHGelnWyFHtzGeyuaRt/ ------END PUBLIC KEY----- - -PrivPubKeyPair = ALICE_sect233r1:ALICE_sect233r1_PUB - - -PrivateKey=BOB_sect233r1 ------BEGIN PRIVATE KEY----- -MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AXHWOeS6fG0XCH3FnHDuS -IcELUeDG+AYNNeLVZd6hQAM+AAQAYRRYH017uxcaMPF3GOsL4bvodW1yZLEtL3pm -CkcAfqJI/4niCr8uHKh0gBa2JBjBWMV1u8Mpf60uvok= ------END PRIVATE KEY----- - -PublicKey=BOB_sect233r1_PUB ------BEGIN PUBLIC KEY----- -MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAGEUWB9Ne7sXGjDxdxjrC+G76HVtcmSx -LS96ZgpHAH6iSP+J4gq/LhyodIAWtiQYwVjFdbvDKX+tLr6J ------END PUBLIC KEY----- - -PrivPubKeyPair = BOB_sect233r1:BOB_sect233r1_PUB - - -# ECDH Alice with Bob peer - -Derive=ALICE_sect233r1 -PeerKey=BOB_sect233r1_PUB -SharedSecret=01625f3fcd367ee7cd74c67cca02dccfce6c3b19ef07e358ed943d17a8e2 - -# ECDH Bob with Alice peer - -Derive=BOB_sect233r1 -PeerKey=ALICE_sect233r1_PUB -SharedSecret=01625f3fcd367ee7cd74c67cca02dccfce6c3b19ef07e358ed943d17a8e2 - -# TEST CURVE sect283k1 - -PrivateKey=ALICE_sect283k1 ------BEGIN PRIVATE KEY----- -MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAGhnsmZ2UDKV3QKmq3k+ -33LQ6n5aCYvKXcMgiZlBS/RrVgIRoUwDSgAEBSgpOw5TMTc4O8HHhw5atJl5mrnW -uC6oWVYRYpD1IMvPNTRsAYo4SYRmPIfgzVv/ESVcHVaD1lPNo+eq0HN1qhvRX+4r -mGO7 ------END PRIVATE KEY----- - -PublicKey=ALICE_sect283k1_PUB ------BEGIN PUBLIC KEY----- -MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBSgpOw5TMTc4O8HHhw5atJl5mrnWuC6o -WVYRYpD1IMvPNTRsAYo4SYRmPIfgzVv/ESVcHVaD1lPNo+eq0HN1qhvRX+4rmGO7 ------END PUBLIC KEY----- - -PrivPubKeyPair = ALICE_sect283k1:ALICE_sect283k1_PUB - - -PrivateKey=BOB_sect283k1 ------BEGIN PRIVATE KEY----- -MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAAJXIwfWjYbiM5jEcNw8 -8/1kbEnhVjWGivO7zDPts7AuKSMkoUwDSgAEA5Ause5pdH6ks7PdyPeoPbYAkz6V -D5v8KTV1b97PiYmZNDeoBY78FQyHRSvdSo+oRew2RacpaCAntRoiWHyN1nAdDSzj -CN/m ------END PRIVATE KEY----- - -PublicKey=BOB_sect283k1_PUB ------BEGIN PUBLIC KEY----- -MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEA5Ause5pdH6ks7PdyPeoPbYAkz6VD5v8 -KTV1b97PiYmZNDeoBY78FQyHRSvdSo+oRew2RacpaCAntRoiWHyN1nAdDSzjCN/m ------END PUBLIC KEY----- - -PrivPubKeyPair = BOB_sect283k1:BOB_sect283k1_PUB - - -# ECDH Alice with Bob peer - -Derive=ALICE_sect283k1 -PeerKey=BOB_sect283k1_PUB -SharedSecret=02f2e682c2f60d7261624f3661a5e85fca920443b72aa4dd5a540082e65e552302d8f825 - -# ECDH Bob with Alice peer - -Derive=BOB_sect283k1 -PeerKey=ALICE_sect283k1_PUB -SharedSecret=02f2e682c2f60d7261624f3661a5e85fca920443b72aa4dd5a540082e65e552302d8f825 - -# TEST CURVE sect283r1 - -PrivateKey=ALICE_sect283r1 ------BEGIN PRIVATE KEY----- -MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAi4Jrhu19kt7H8jw1FO7 -VzCxh6p0pI0ogl3q9ev5NFkufZkZoUwDSgAEAHx6cwnWw+9l3oZHpx+R8nu7SLqU -S40TU2uL0W6VTNANIvcJB1b++3okH0FJgFAahbaotafYTyfqCoY11VaxnVqU5/aE -7jsD ------END PRIVATE KEY----- - -PublicKey=ALICE_sect283r1_PUB ------BEGIN PUBLIC KEY----- -MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAHx6cwnWw+9l3oZHpx+R8nu7SLqUS40T -U2uL0W6VTNANIvcJB1b++3okH0FJgFAahbaotafYTyfqCoY11VaxnVqU5/aE7jsD ------END PUBLIC KEY----- - -PrivPubKeyPair = ALICE_sect283r1:ALICE_sect283r1_PUB - - -PrivateKey=BOB_sect283r1 ------BEGIN PRIVATE KEY----- -MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkACD04gJaVfVxK/Dpbxjq -rzZWc6B76a23MK/IQD1jMlGPQzzxoUwDSgAEA13mIYMvik12DBp8JkdETMB1ewOw -22C/xhnzLEHmgrG0ewxeANVAoIZy2uv5t0VUJIp4PYdLNaqIguN+9v6U78O4lass -Iq5I ------END PRIVATE KEY----- - -PublicKey=BOB_sect283r1_PUB ------BEGIN PUBLIC KEY----- -MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEA13mIYMvik12DBp8JkdETMB1ewOw22C/ -xhnzLEHmgrG0ewxeANVAoIZy2uv5t0VUJIp4PYdLNaqIguN+9v6U78O4lassIq5I ------END PUBLIC KEY----- - -PrivPubKeyPair = BOB_sect283r1:BOB_sect283r1_PUB - - -# ECDH Alice with Bob peer - -Derive=ALICE_sect283r1 -PeerKey=BOB_sect283r1_PUB -SharedSecret=05778bc1afcf38d7dddb2150cacbfe4d38dc588968fd8b2e859c28ae2629d3435f89f6cc - -# ECDH Bob with Alice peer - -Derive=BOB_sect283r1 -PeerKey=ALICE_sect283r1_PUB -SharedSecret=05778bc1afcf38d7dddb2150cacbfe4d38dc588968fd8b2e859c28ae2629d3435f89f6cc - -# TEST CURVE sect409k1 - -PrivateKey=ALICE_sect409k1 ------BEGIN PRIVATE KEY----- -MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMg1vV7wiPe1ovX+ukz -VfwPZoqvyj/vdif04Opi9PcjV5mPBEZgSFBg8hbutNxZJdVLrxShbANqAAQACe1I -J5ilSk1pPLvbcjEZIE6abC9LZ9WmHuNJxM9LAW1OuLvJGi72AsGYUOGpX0WGmK6C -AYaqZb2Qeedq/yUIljDHYi66J+26owYl7lOMpRzZ9U2QDJrZ7TYuxeMUui6re0B+ -JuZdYw== ------END PRIVATE KEY----- - -PublicKey=ALICE_sect409k1_PUB ------BEGIN PUBLIC KEY----- -MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAntSCeYpUpNaTy723IxGSBOmmwvS2fV -ph7jScTPSwFtTri7yRou9gLBmFDhqV9FhpiuggGGqmW9kHnnav8lCJYwx2Iuuift -uqMGJe5TjKUc2fVNkAya2e02LsXjFLouq3tAfibmXWM= ------END PUBLIC KEY----- - -PrivPubKeyPair = ALICE_sect409k1:ALICE_sect409k1_PUB - - -PrivateKey=BOB_sect409k1 ------BEGIN PRIVATE KEY----- -MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMIYBGZZcZz4qCdhAV9 -vqpfe8vV+vJEhjawR52JUV1rumWEBPAx0o6E+gaxHBr5hzVGkIKhbANqAAQAAQKK -s60CTUUkltsT+lIBukjz850pkGGLltJ4eaZn4k9AtN/lFTCq6Vgqe2sDrjA3b45q -AdWjf1vRaP0wawJ13SjApJmyXg5hQks6d0Zqz2OHYhGEGiM159VtTlStK067dVe1 -fGVDeg== ------END PRIVATE KEY----- - -PublicKey=BOB_sect409k1_PUB ------BEGIN PUBLIC KEY----- -MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAECirOtAk1FJJbbE/pSAbpI8/OdKZBh -i5bSeHmmZ+JPQLTf5RUwqulYKntrA64wN2+OagHVo39b0Wj9MGsCdd0owKSZsl4O -YUJLOndGas9jh2IRhBojNefVbU5UrStOu3VXtXxlQ3o= ------END PUBLIC KEY----- - -PrivPubKeyPair = BOB_sect409k1:BOB_sect409k1_PUB - - -# ECDH Alice with Bob peer - -Derive=ALICE_sect409k1 -PeerKey=BOB_sect409k1_PUB -SharedSecret=01523ec40ad40226a57281a4c423801ae9495dcf736eddd667023b1390977d018ce79313fb99c503f39cbee80f5c1968f3bd02e0 - -# ECDH Bob with Alice peer - -Derive=BOB_sect409k1 -PeerKey=ALICE_sect409k1_PUB -SharedSecret=01523ec40ad40226a57281a4c423801ae9495dcf736eddd667023b1390977d018ce79313fb99c503f39cbee80f5c1968f3bd02e0 - -# TEST CURVE sect409r1 - -PrivateKey=ALICE_sect409r1 ------BEGIN PRIVATE KEY----- -MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAYTMsTpey51D2ULnd -pN+AAWnJLy9pTerziakhjii8OyWKpUVfpDFNneCCd2oQTDcPX5vdoWwDagAEAYfk -3ZejxpVYCG7dYHTVhhcqILEyTYoQa4YehGPxKcbmgpqW4Wev1tEDVI3JIowICYGU -owHXXzgDXoJeR79wgb7ySAlXJXgQ8Ficr7i0CaqyAuIpFw9FWJT3jheFwnbpDTvI -eIozlf4= ------END PRIVATE KEY----- - -PublicKey=ALICE_sect409r1_PUB ------BEGIN PUBLIC KEY----- -MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAYfk3ZejxpVYCG7dYHTVhhcqILEyTYoQ -a4YehGPxKcbmgpqW4Wev1tEDVI3JIowICYGUowHXXzgDXoJeR79wgb7ySAlXJXgQ -8Ficr7i0CaqyAuIpFw9FWJT3jheFwnbpDTvIeIozlf4= ------END PUBLIC KEY----- - -PrivPubKeyPair = ALICE_sect409r1:ALICE_sect409r1_PUB - - -PrivateKey=BOB_sect409r1 ------BEGIN PRIVATE KEY----- -MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAsCs1nRgwW97TdKIH -PRcsqmK1e8TIZ00e6rqLb3nD4sIe+Gw/fGhSUER9akQ7lAluEUnfoWwDagAEAfM2 -fvBEic+7jV4oC+v8GfsunD9Zp9rzNgMp3dJ+ZU7r6Bp+ZH3dL9Uvv8kUiB89UlDl -LwBm/W6TlzGuh1FnzXYKVnhnXpzSlRZQsPCceKukbV46Asl8O23b2+DPJgQBGbMf -WsgK+KA= ------END PRIVATE KEY----- - -PublicKey=BOB_sect409r1_PUB ------BEGIN PUBLIC KEY----- -MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAfM2fvBEic+7jV4oC+v8GfsunD9Zp9rz -NgMp3dJ+ZU7r6Bp+ZH3dL9Uvv8kUiB89UlDlLwBm/W6TlzGuh1FnzXYKVnhnXpzS -lRZQsPCceKukbV46Asl8O23b2+DPJgQBGbMfWsgK+KA= ------END PUBLIC KEY----- - -PrivPubKeyPair = BOB_sect409r1:BOB_sect409r1_PUB - - -# ECDH Alice with Bob peer - -Derive=ALICE_sect409r1 -PeerKey=BOB_sect409r1_PUB -SharedSecret=019dc849870dc6f79978aca8e1fc6aa6836c8fcb25bbfe3d5ab41ea53eae2c7329952280efb30f9097a31a774191e476dbd842d5 - -# ECDH Bob with Alice peer - -Derive=BOB_sect409r1 -PeerKey=ALICE_sect409r1_PUB -SharedSecret=019dc849870dc6f79978aca8e1fc6aa6836c8fcb25bbfe3d5ab41ea53eae2c7329952280efb30f9097a31a774191e476dbd842d5 - -# TEST CURVE sect571k1 - -PrivateKey=ALICE_sect571k1 ------BEGIN PRIVATE KEY----- -MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIARO8hI8j6TZ556/d -RcdGYvdblnALD2XZCKu2c3C5yQIeA8Tidi+f8n6cCnb5FtJNTYKqP8tRfHlwAZtW -/giXi/4yF5K2twS3oYGVA4GSAAQAtiuUbz7v6njhujnDhanD4iV84K0LQd9wP1+k -v0Bn833nKtFrZComgrip2SwUaEYOE6IcPyCJ48vWOKvIR6fU11tWwsFRPU0Cct0S -qVbANAJzwL1umwuKNPblJ6ZEwcBdgw7hWFL6sh+0ayAQ3a8zOizhViJPCnaKR/Oo -AtaUpCWLSTHDF1gK4/kmlwEx+8o= ------END PRIVATE KEY----- - -PublicKey=ALICE_sect571k1_PUB ------BEGIN PUBLIC KEY----- -MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAtiuUbz7v6njhujnDhanD4iV84K0L -Qd9wP1+kv0Bn833nKtFrZComgrip2SwUaEYOE6IcPyCJ48vWOKvIR6fU11tWwsFR -PU0Cct0SqVbANAJzwL1umwuKNPblJ6ZEwcBdgw7hWFL6sh+0ayAQ3a8zOizhViJP -CnaKR/OoAtaUpCWLSTHDF1gK4/kmlwEx+8o= ------END PUBLIC KEY----- - -PrivPubKeyPair = ALICE_sect571k1:ALICE_sect571k1_PUB - - -PrivateKey=BOB_sect571k1 ------BEGIN PRIVATE KEY----- -MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAVZT4tnX9dMWS6Vd -YCoYRl9o/j/Hz7KGqF4Ujk9n9b4+mXbJ37tobpjnpNqKlJfI04w80JPp+NxpoBR3 -8p1bcc9iL4Smh48YoYGVA4GSAAQARzAx9yVkHL8pbe1myosILIhhLLURYRDHmopO -IijLQmTATV9pYO7CrFBPBjaKNRjPpw/cVOs89X9Jdzx/bolkGqVAsjLN1tsCrqET -31F4mpnfsPwcM6zbp6lE4N2gL5cakKMmyPNM4d3m8xl1f6e56LBYfaxOaqcYzbXC -Q/Aiij13H06qKhuFM4iiB/0D164= ------END PRIVATE KEY----- - -PublicKey=BOB_sect571k1_PUB ------BEGIN PUBLIC KEY----- -MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQARzAx9yVkHL8pbe1myosILIhhLLUR -YRDHmopOIijLQmTATV9pYO7CrFBPBjaKNRjPpw/cVOs89X9Jdzx/bolkGqVAsjLN -1tsCrqET31F4mpnfsPwcM6zbp6lE4N2gL5cakKMmyPNM4d3m8xl1f6e56LBYfaxO -aqcYzbXCQ/Aiij13H06qKhuFM4iiB/0D164= ------END PUBLIC KEY----- - -PrivPubKeyPair = BOB_sect571k1:BOB_sect571k1_PUB - - -# ECDH Alice with Bob peer - -Derive=ALICE_sect571k1 -PeerKey=BOB_sect571k1_PUB -SharedSecret=05a423515fcc91b3171c83edd5c4085ff729a8ff0a3fa1578ebf769523ded0f5c1e387cf63109f2fbd95e117345b788b4577fdc6b6e727230bfc73eae0d4e851cb6f6e616eddb13e - -# ECDH Bob with Alice peer - -Derive=BOB_sect571k1 -PeerKey=ALICE_sect571k1_PUB -SharedSecret=05a423515fcc91b3171c83edd5c4085ff729a8ff0a3fa1578ebf769523ded0f5c1e387cf63109f2fbd95e117345b788b4577fdc6b6e727230bfc73eae0d4e851cb6f6e616eddb13e - -# TEST CURVE sect571r1 - -PrivateKey=ALICE_sect571r1 ------BEGIN PRIVATE KEY----- -MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIArsi//Zp9veeURYV -zGYHn4MlNIxNt6U6vtmTPS/NaoiaavxbOimpHgxYPCjpoPYhM33Z2VBh7pl2aoRW -3GBepLFLoF8oiQaLoYGVA4GSAAQDRG2b7KCUKbGDTWVgW0qqNC3oYcz4f/AwTHmo -US1mzdRZj/Sf6IU+7mITGnQ6lg1EkTas/X6TK1hNMV7tAjSeowdN75wzd8YF32SF -HMIcWew5g56oF961qv3IvICZnRAOmWyGHeHdYwHxMBSBPNgua42QGoJz6J6dYAUe -vE+F3N29p/tRBGNzMFIqoDdW+NA= ------END PRIVATE KEY----- - -PublicKey=ALICE_sect571r1_PUB ------BEGIN PUBLIC KEY----- -MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQDRG2b7KCUKbGDTWVgW0qqNC3oYcz4 -f/AwTHmoUS1mzdRZj/Sf6IU+7mITGnQ6lg1EkTas/X6TK1hNMV7tAjSeowdN75wz -d8YF32SFHMIcWew5g56oF961qv3IvICZnRAOmWyGHeHdYwHxMBSBPNgua42QGoJz -6J6dYAUevE+F3N29p/tRBGNzMFIqoDdW+NA= ------END PUBLIC KEY----- - -PrivPubKeyPair = ALICE_sect571r1:ALICE_sect571r1_PUB - - -PrivateKey=BOB_sect571r1 ------BEGIN PRIVATE KEY----- -MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAYj65N5XJTQusn+h -Z9xj/dgZ4qR1GDC1Ij7jYuow+TvGrG2wz/WT76/lLNtlCLfDW2kODDUmDAJeK/e+ -VMO7suJTXGnrGFHioYGVA4GSAAQGxykYFxqz7jZxcBbiPLYfJEhXlf2SYmMKve74 -trOT+qjIm35+uUAcg2krOzH7X/8wH6bVSn/UKG/k27wZrAnWzZ5XKd8QI70H8aHv -LgrCoMoqOno+h6J4TgvlDq7FIGZ8fvDaM7YJ8dHPX5FC8Vyphu82TcNdnNATBqom -6WDWc7RTFZ4sijL5ywVhovwJ1gA= ------END PRIVATE KEY----- - -PublicKey=BOB_sect571r1_PUB ------BEGIN PUBLIC KEY----- -MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQGxykYFxqz7jZxcBbiPLYfJEhXlf2S -YmMKve74trOT+qjIm35+uUAcg2krOzH7X/8wH6bVSn/UKG/k27wZrAnWzZ5XKd8Q -I70H8aHvLgrCoMoqOno+h6J4TgvlDq7FIGZ8fvDaM7YJ8dHPX5FC8Vyphu82TcNd -nNATBqom6WDWc7RTFZ4sijL5ywVhovwJ1gA= ------END PUBLIC KEY----- - -PrivPubKeyPair = BOB_sect571r1:BOB_sect571r1_PUB - - -# ECDH Alice with Bob peer - -Derive=ALICE_sect571r1 -PeerKey=BOB_sect571r1_PUB -SharedSecret=004b397e564055e2c7d87648183c948655ccb0ebb20bd441f9b11635cf461cb5815ff060eab33091b9f7aed67bec8ba1bb7b22437ece3c92c7cf76124408fb951595dfb4a512b2ae - -# ECDH Bob with Alice peer - -Derive=BOB_sect571r1 -PeerKey=ALICE_sect571r1_PUB -SharedSecret=004b397e564055e2c7d87648183c948655ccb0ebb20bd441f9b11635cf461cb5815ff060eab33091b9f7aed67bec8ba1bb7b22437ece3c92c7cf76124408fb951595dfb4a512b2ae - - -Title = ECDH KATs (from RFC 5114, 5903, 7027) - -# Keys and shared secrets from RFC 5114 -PrivateKey=PRIME192V1_RFC5114 ------BEGIN PRIVATE KEY----- -MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBgyP6MWnY6cZZP1lHa8 -FCAAq1vg4knENCahNAMyAATNRkiez9bBBeez0yVm4rEi4kmrqt2HBhJoiHtId99R -3U3D1v0R8KJvj9OEQxeRbpo= ------END PRIVATE KEY----- - -PublicKey=PRIME192V1_RFC5114-PUBLIC ------BEGIN PUBLIC KEY----- -MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEzUZIns/WwQXns9MlZuKxIuJJq6rd -hwYSaIh7SHffUd1Nw9b9EfCib4/ThEMXkW6a ------END PUBLIC KEY----- - -PrivPubKeyPair = PRIME192V1_RFC5114:PRIME192V1_RFC5114-PUBLIC - - -PrivateKey=PRIME192V1_RFC5114-Peer ------BEGIN PRIVATE KEY----- -MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhjH5W7SmdjLJxHbu6a -tpWrJAoEmTB/z2KhNAMyAARRmhIWgOAEVGa6Id8u7kf1lztQBXfvE9X/YTq01kzu -OiCHW9sQ+VP2swygcsYKpX8= ------END PRIVATE KEY----- - -PublicKey=PRIME192V1_RFC5114-Peer-PUBLIC ------BEGIN PUBLIC KEY----- -MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEUZoSFoDgBFRmuiHfLu5H9Zc7UAV3 -7xPV/2E6tNZM7jogh1vbEPlT9rMMoHLGCqV/ ------END PUBLIC KEY----- - -PrivPubKeyPair = PRIME192V1_RFC5114-Peer:PRIME192V1_RFC5114-Peer-PUBLIC - - - -Derive=PRIME192V1_RFC5114 -PeerKey=PRIME192V1_RFC5114-Peer-PUBLIC -SharedSecret=AD420182633F8526BFE954ACDA376F05E5FF4F837F54FEBE - -Derive=PRIME192V1_RFC5114-Peer -PeerKey=PRIME192V1_RFC5114-PUBLIC -SharedSecret=AD420182633F8526BFE954ACDA376F05E5FF4F837F54FEBE - -PrivateKey=SECP224R1_RFC5114 ------BEGIN PRIVATE KEY----- -MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBy1WOtsKI2nB7u0+PuuKrnp -y2LjvFx1c+IuJtN/oTwDOgAESd/vMJ+BSIwwTP9as+5aIVQ2fceDMVDgpR8+608r -XuRXYsT2VMGgxn9Uz4iwFrUbzj18Io1XrbQ= ------END PRIVATE KEY----- - -PublicKey=SECP224R1_RFC5114-PUBLIC ------BEGIN PUBLIC KEY----- -ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAESd/vMJ+BSIwwTP9as+5aIVQ2fceDMVDg -pR8+608rXuRXYsT2VMGgxn9Uz4iwFrUbzj18Io1XrbQ= ------END PUBLIC KEY----- - -PrivPubKeyPair = SECP224R1_RFC5114:SECP224R1_RFC5114-PUBLIC - - -PrivateKey=SECP224R1_RFC5114-Peer ------BEGIN PRIVATE KEY----- -MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBysOxrdPZdw5vanCO6fO44K -s7SA6fJ/hciLXm0YoTwDOgAEazrJao0M3mpVmb6AMu3xDBYtCorSGVBtzUKiB9SR -vpnCE6fRyjcG3r/jBfNhr8uzPiYJyLFhitU= ------END PRIVATE KEY----- - -PublicKey=SECP224R1_RFC5114-Peer-PUBLIC ------BEGIN PUBLIC KEY----- -ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEazrJao0M3mpVmb6AMu3xDBYtCorSGVBt -zUKiB9SRvpnCE6fRyjcG3r/jBfNhr8uzPiYJyLFhitU= ------END PUBLIC KEY----- - -PrivPubKeyPair = SECP224R1_RFC5114-Peer:SECP224R1_RFC5114-Peer-PUBLIC - - - - -Derive=SECP224R1_RFC5114 -PeerKey=SECP224R1_RFC5114-Peer-PUBLIC -SharedSecret=52272F50F46F4EDC9151569092F46DF2D96ECC3B6DC1714A4EA949FA - - -Derive=SECP224R1_RFC5114-Peer -PeerKey=SECP224R1_RFC5114-PUBLIC -SharedSecret=52272F50F46F4EDC9151569092F46DF2D96ECC3B6DC1714A4EA949FA - -PrivateKey=PRIME256V1_RFC5114 ------BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQggUJkFF8vVvLpao4z -ehKEmT+vQypavOWehntykdUHo6+hRANCAAQq9QLzvolS8sm1qNQWDQnpcWW+ULxC -rkpejTtLqDrrFesPr0yphsTThoGg+YctedVnlb1L/25t48D1AV7OXv2F ------END PRIVATE KEY----- - -PublicKey=PRIME256V1_RFC5114-PUBLIC ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKvUC876JUvLJtajUFg0J6XFlvlC8 -Qq5KXo07S6g66xXrD69MqYbE04aBoPmHLXnVZ5W9S/9ubePA9QFezl79hQ== ------END PUBLIC KEY----- - -PrivPubKeyPair = PRIME256V1_RFC5114:PRIME256V1_RFC5114-PUBLIC - - -PrivateKey=PRIME256V1_RFC5114-Peer ------BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgLOF4jsGX4JbblaIA -zAqyahnOa8ytViuO7htZN2HPf0GhRANCAASxIN5Ko2SSeVNG6N5sLIZGrgaq6ief -p3WzqwcV9s5RsJ8bfuziDXte2OxoX6Pwcdg3JwJwkqhBE4XDTd5XCLK2 ------END PRIVATE KEY----- - -PublicKey=PRIME256V1_RFC5114-Peer-PUBLIC ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsSDeSqNkknlTRujebCyGRq4Gquon -n6d1s6sHFfbOUbCfG37s4g17XtjsaF+j8HHYNycCcJKoQROFw03eVwiytg== ------END PUBLIC KEY----- - -PrivPubKeyPair = PRIME256V1_RFC5114-Peer:PRIME256V1_RFC5114-Peer-PUBLIC - - - - -Derive=PRIME256V1_RFC5114 -PeerKey=PRIME256V1_RFC5114-Peer-PUBLIC -SharedSecret=DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788 - - -Derive=PRIME256V1_RFC5114-Peer -PeerKey=PRIME256V1_RFC5114-PUBLIC -SharedSecret=DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788 - -PrivateKey=SECP384R1_RFC5114 ------BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDSczXqcWZK8kTdFOn9 -EmBxXf2KeWVXHEjXCe56eWKhVtcGqQy8td8phvBf6tuTdvGhZANiAAR5MUjxeHY0 -1dpMbZB0QX0F4FerYvggVNEO5rBAPWJ5VH5qjqnR/XdCfQFv4nqLjGbGxBKUMx0j -5vSA9PtM1AUEyUc5LpT0w/BrjzmLsp5CNo96aFkj3jtnus7SFKGh0Sg= ------END PRIVATE KEY----- - -PublicKey=SECP384R1_RFC5114-PUBLIC ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEeTFI8Xh2NNXaTG2QdEF9BeBXq2L4IFTR -DuawQD1ieVR+ao6p0f13Qn0Bb+J6i4xmxsQSlDMdI+b0gPT7TNQFBMlHOS6U9MPw -a485i7KeQjaPemhZI947Z7rO0hShodEo ------END PUBLIC KEY----- - -PrivPubKeyPair = SECP384R1_RFC5114:SECP384R1_RFC5114-PUBLIC - - -PrivateKey=SECP384R1_RFC5114-Peer ------BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBS0Xkf20tw+JwPANRW -wvcCO2ElJiw2p98fgCMRIczj05vlLgDBlKQTLEpsdovNlNKhZANiAARc1Cq5xBtT -R/dLjU77cIs9WzbbZZFTWbRKvBdke2uZmXidcqhIZa4vIj8StaGrwSDhcUWP6qk5 -qqOov6xGtAS9j21bNIwPpNgM7KFjVsqTMkC96HI0Fajs4DWw7fNnVd4= ------END PRIVATE KEY----- - -PublicKey=SECP384R1_RFC5114-Peer-PUBLIC ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEXNQqucQbU0f3S41O+3CLPVs222WRU1m0 -SrwXZHtrmZl4nXKoSGWuLyI/ErWhq8Eg4XFFj+qpOaqjqL+sRrQEvY9tWzSMD6TY -DOyhY1bKkzJAvehyNBWo7OA1sO3zZ1Xe ------END PUBLIC KEY----- - -PrivPubKeyPair = SECP384R1_RFC5114-Peer:SECP384R1_RFC5114-Peer-PUBLIC - - - - -Derive=SECP384R1_RFC5114 -PeerKey=SECP384R1_RFC5114-Peer-PUBLIC -SharedSecret=5EA1FC4AF7256D2055981B110575E0A8CAE53160137D904C59D926EB1B8456E427AA8A4540884C37DE159A58028ABC0E - - -Derive=SECP384R1_RFC5114-Peer -PeerKey=SECP384R1_RFC5114-PUBLIC -SharedSecret=5EA1FC4AF7256D2055981B110575E0A8CAE53160137D904C59D926EB1B8456E427AA8A4540884C37DE159A58028ABC0E - -PrivateKey=SECP521R1_RFC5114 ------BEGIN PRIVATE KEY----- -MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBE/gtqCVzXj2XJ2aD -srdCd7rSczXqcWZK8kMMxPM0WblmnueLP/ubhoMBXTRNy/72+5r0xsRwviVFFs08 -Gh+0c2KhgYkDgYYABAHrs03XVyGr+K3J2+0XiJy7l2XZCnxg8s7wB7sPKybhSIH9 -RELmidYcst0EbuMOP/0g+aRbvfZBPVg6Lb9Zkk/TXAD2tjLRlMA4jiLYQ35VjFUq -4ZWt/RU/ktdJCDUbL4xO2pTtsJFtG1PAILXuyu0aX8OKIz5IMFh7su40ibO0KlqG -pA== ------END PRIVATE KEY----- - -PublicKey=SECP521R1_RFC5114-PUBLIC ------BEGIN PUBLIC KEY----- -MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB67NN11chq/itydvtF4icu5dl2Qp8 -YPLO8Ae7Dysm4UiB/URC5onWHLLdBG7jDj/9IPmkW732QT1YOi2/WZJP01wA9rYy -0ZTAOI4i2EN+VYxVKuGVrf0VP5LXSQg1Gy+MTtqU7bCRbRtTwCC17srtGl/DiiM+ -SDBYe7LuNImztCpahqQ= ------END PUBLIC KEY----- - -PrivPubKeyPair = SECP521R1_RFC5114:SECP521R1_RFC5114-PUBLIC - - -PrivateKey=SECP521R1_RFC5114-Peer ------BEGIN PRIVATE KEY----- -MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAzuNIDYZFoX0knyd2 -0ouuYWlS0Xkf20tw98M3hzKqGyKShEi80dwkltQ1sBBIBm6+T3KQPDYbGp3BGT3C -ydCJG5ahgYkDgYYABAEOv6/G6F4I0kv//MGkUR2w5jS+6xtt7IxZOa5EdmIBr2IA -QwupfIrGoOnwizPOfp/utbpO5eDYFRDCQpW4oI0CNQCkpuwwDfniV7A3K156v+8J -NDZxmneIfrsLGM+Ambn0IStuMKFBnBjgKdNoY8ydRI9Nuk0qDmBxG+VykV+9T+8m -lQ== ------END PRIVATE KEY----- - -PublicKey=SECP521R1_RFC5114-Peer-PUBLIC ------BEGIN PUBLIC KEY----- -MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBDr+vxuheCNJL//zBpFEdsOY0vusb -beyMWTmuRHZiAa9iAEMLqXyKxqDp8Iszzn6f7rW6TuXg2BUQwkKVuKCNAjUApKbs -MA354lewNyteer/vCTQ2cZp3iH67CxjPgJm59CErbjChQZwY4CnTaGPMnUSPTbpN -Kg5gcRvlcpFfvU/vJpU= ------END PUBLIC KEY----- - -PrivPubKeyPair = SECP521R1_RFC5114-Peer:SECP521R1_RFC5114-Peer-PUBLIC - - - - -Derive=SECP521R1_RFC5114 -PeerKey=SECP521R1_RFC5114-Peer-PUBLIC -SharedSecret=00CDEA89621CFA46B132F9E4CFE2261CDE2D4368EB5656634C7CC98C7A00CDE54ED1866A0DD3E6126C9D2F845DAFF82CEB1DA08F5D87521BB0EBECA77911169C20CC - - -Derive=SECP521R1_RFC5114-Peer -PeerKey=SECP521R1_RFC5114-PUBLIC -SharedSecret=00CDEA89621CFA46B132F9E4CFE2261CDE2D4368EB5656634C7CC98C7A00CDE54ED1866A0DD3E6126C9D2F845DAFF82CEB1DA08F5D87521BB0EBECA77911169C20CC - -# Keys and shared secrets from RFC 5903 -PrivateKey=PRIME256V1_RFC5903 ------BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgyI8B9RDZrD9wopLa -ojFt5UTpqriv6EBJxiqcV4YtFDOhRANCAATa0LZTlCIc+bBR4f7KV4fQmN/mN/yQ -ue+UXQw3clgRgFJxoEYc24JS1h8cRW+j5Zqx9FszrM9fWDieBXe4mQuz ------END PRIVATE KEY----- - -PublicKey=PRIME256V1_RFC5903-PUBLIC ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2tC2U5QiHPmwUeH+yleH0Jjf5jf8 -kLnvlF0MN3JYEYBScaBGHNuCUtYfHEVvo+WasfRbM6zPX1g4ngV3uJkLsw== ------END PUBLIC KEY----- - -PrivPubKeyPair = PRIME256V1_RFC5903:PRIME256V1_RFC5903-PUBLIC - - -PrivateKey=PRIME256V1_RFC5903-Peer ------BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgxu+cXXiuASoBEWSs -s5fOIIhoXY8Gv5vgsoOrRkdr7lOhRANCAATRLftSicjU+BIItwJwOYw0IpaXCgvM -t0xzb8dVRJS/Y1b788o2bMI+gVeFTBPFjWqsI/BGraMPg1PnTzMDmHKr ------END PRIVATE KEY----- - -PublicKey=PRIME256V1_RFC5903-Peer-PUBLIC ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0S37UonI1PgSCLcCcDmMNCKWlwoL -zLdMc2/HVUSUv2NW+/PKNmzCPoFXhUwTxY1qrCPwRq2jD4NT508zA5hyqw== ------END PUBLIC KEY----- - -PrivPubKeyPair = PRIME256V1_RFC5903-Peer:PRIME256V1_RFC5903-Peer-PUBLIC - - - - -Derive=PRIME256V1_RFC5903 -PeerKey=PRIME256V1_RFC5903-Peer-PUBLIC -SharedSecret=D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE - - -Derive=PRIME256V1_RFC5903-Peer -PeerKey=PRIME256V1_RFC5903-PUBLIC -SharedSecret=D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE - -PrivateKey=SECP384R1_RFC5903 ------BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAJnzxwNNSixpmITXOj -daZ/diTvfGs8DxYGR7Z0FNzmVeNbU4BB5knuP674lng6sZShZANiAARmeELX0YCs -LN5vdPN1UfVXVcdkXCDvc+MWNP5ytMVe5t46yAistL20yIcyrulfQaqUgu0fwO65 -yvxJhGJcz8I/ZQMhSeDhRK2gJBgVNaDzjuufz/PCyUfa5ptMY0VzqBw= ------END PRIVATE KEY----- - -PublicKey=SECP384R1_RFC5903-PUBLIC ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZnhC19GArCzeb3TzdVH1V1XHZFwg73Pj -FjT+crTFXubeOsgIrLS9tMiHMq7pX0GqlILtH8Duucr8SYRiXM/CP2UDIUng4USt -oCQYFTWg847rn8/zwslH2uabTGNFc6gc ------END PUBLIC KEY----- - -PrivPubKeyPair = SECP384R1_RFC5903:SECP384R1_RFC5903-PUBLIC - - -PrivateKey=SECP384R1_RFC5903-Peer ------BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBBywd5tL24XUeEZyX7 -7DyUMPq0bMjcUGCFXMm9oKopQuAwgxKRa47Slg5L1Vp0SPyhZANiAATlWNvvU+7N -49P8z8GuoIqJqYdHXRL9lQ2Dz6QXMrxQnQ0axDoDNt75b9pB0HdKNXHc++x6rPMZ -ZHIWnoOEMDZ/Zu6+PG5wxBbdXwxodZ3R//g/pAFCIJ3/XqrZbbnmOGw= ------END PRIVATE KEY----- - -PublicKey=SECP384R1_RFC5903-Peer-PUBLIC ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE5Vjb71PuzePT/M/BrqCKiamHR10S/ZUN -g8+kFzK8UJ0NGsQ6Azbe+W/aQdB3SjVx3PvseqzzGWRyFp6DhDA2f2buvjxucMQW -3V8MaHWd0f/4P6QBQiCd/16q2W255jhs ------END PUBLIC KEY----- - -PrivPubKeyPair = SECP384R1_RFC5903-Peer:SECP384R1_RFC5903-Peer-PUBLIC - - - -Derive=SECP384R1_RFC5903 -PeerKey=SECP384R1_RFC5903-Peer-PUBLIC -SharedSecret=11187331C279962D93D604243FD592CB9D0A926F422E47187521287E7156C5C4D603135569B9E9D09CF5D4A270F59746 - - -Derive=SECP384R1_RFC5903-Peer -PeerKey=SECP384R1_RFC5903-PUBLIC -SharedSecret=11187331C279962D93D604243FD592CB9D0A926F422E47187521287E7156C5C4D603135569B9E9D09CF5D4A270F59746 - -PrivateKey=SECP521R1_RFC5903 ------BEGIN PRIVATE KEY----- -MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAN63pMZqJ9Nq9s+9B -GqzMpRI8YayrV7U5Pc5HYIFyoJWqhaMP4cKVLGdx2Te6l3f1lXsmObqwckYvaMJ6 -VzgtSlKhgYkDgYYABAAVQX6E2/KMCtPCeHEzSdx98VPIl6GJG9mLq0NXyey+4eO/ -QuALjjgK6uV8LRB1ZJQYhZQq9af0YBcjxBldF2ztPgF8riC2ZB0u62lXhtjJRhRi -OdCZ4Y4dWlFMc518tKEK2KeIAVrEBdd5ncdee31bbPImGmp/FQdDi/Ab62yjkm+V -gg== ------END PRIVATE KEY----- - -PublicKey=SECP521R1_RFC5903-PUBLIC ------BEGIN PUBLIC KEY----- -MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAFUF+hNvyjArTwnhxM0ncffFTyJeh -iRvZi6tDV8nsvuHjv0LgC444CurlfC0QdWSUGIWUKvWn9GAXI8QZXRds7T4BfK4g -tmQdLutpV4bYyUYUYjnQmeGOHVpRTHOdfLShCtiniAFaxAXXeZ3HXnt9W2zyJhpq -fxUHQ4vwG+tso5JvlYI= ------END PUBLIC KEY----- - -PrivPubKeyPair = SECP521R1_RFC5903:SECP521R1_RFC5903-PUBLIC - - -PrivateKey=SECP521R1_RFC5903-Peer ------BEGIN PRIVATE KEY----- -MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBRbqZqEevQ3k/3Q6H -LnzfoWvjD9x4D5e8zD8Hg4AgHpxnfWALNDdXo72/KjFj5ML4acynRYqkpO/8MR9c -sVFoXrmhgYkDgYYABADQs5daxLeZ9b6hbV4T6a+XHV6bmEyfOXKLXlc5c1ohm5fD -VkNq3G6VuwNS9r5kpsKRLU7y0EM87SthcWQAEtlGDwFcaCJjg5VuO9Bm55e2I8J8 -4OrC9VGhDCxyTZhSB3uHIgtlNsXECKHSrruOhtZ4rknLVwkfRzIpZXmrRPzRfw/F -ag== ------END PRIVATE KEY----- - -PublicKey=SECP521R1_RFC5903-Peer-PUBLIC ------BEGIN PUBLIC KEY----- -MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA0LOXWsS3mfW+oW1eE+mvlx1em5hM -nzlyi15XOXNaIZuXw1ZDatxulbsDUva+ZKbCkS1O8tBDPO0rYXFkABLZRg8BXGgi -Y4OVbjvQZueXtiPCfODqwvVRoQwsck2YUgd7hyILZTbFxAih0q67jobWeK5Jy1cJ -H0cyKWV5q0T80X8PxWo= ------END PUBLIC KEY----- - -PrivPubKeyPair = SECP521R1_RFC5903-Peer:SECP521R1_RFC5903-Peer-PUBLIC - - -Derive=SECP521R1_RFC5903 -PeerKey=SECP521R1_RFC5903-Peer-PUBLIC -SharedSecret=01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3DDEA - - -Derive=SECP521R1_RFC5903-Peer -PeerKey=SECP521R1_RFC5903-PUBLIC -SharedSecret=01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3DDEA diff --git a/test/recipes/65-test_cmp_client.t b/test/recipes/65-test_cmp_client.t index de60599cf0..a25be81996 100644 --- a/test/recipes/65-test_cmp_client.t +++ b/test/recipes/65-test_cmp_client.t @@ -44,5 +44,5 @@ unless ($no_fips) { '-module', bldtop_file('providers', platform->dso('fips'))])), "fipsinstall"); - ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")]))); + ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips-and-base.cnf")]))); } diff --git a/test/recipes/65-test_cmp_msg.t b/test/recipes/65-test_cmp_msg.t index 0347c1a2a9..b74b2dc2ed 100644 --- a/test/recipes/65-test_cmp_msg.t +++ b/test/recipes/65-test_cmp_msg.t @@ -42,5 +42,6 @@ unless ($no_fips) { '-module', bldtop_file('providers', platform->dso('fips'))])), "fipsinstall"); - ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")]))); + ok(run(test([@basic_cmd, + "fips", srctop_file("test", "fips-and-base.cnf")]))); } diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t index 19185e112b..eb8e75d485 100644 --- a/test/recipes/65-test_cmp_protect.t +++ b/test/recipes/65-test_cmp_protect.t @@ -52,5 +52,6 @@ unless ($no_fips) { '-module', bldtop_file('providers', platform->dso('fips'))])), "fipsinstall"); - ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")]))); + ok(run(test([@basic_cmd, + "fips", srctop_file("test", "fips-and-base.cnf")]))); } diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index cdd5ec15a8..1edddb2a82 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -59,7 +59,7 @@ unless ($no_fips) { '-out', bldtop_file('providers', 'fipsmodule.cnf'), '-module', $infile])), "fipsinstall"); - @config = ( "-config", srctop_file("test", "fips.cnf") ); + @config = ( "-config", srctop_file("test", "fips-and-base.cnf") ); $provname = 'fips'; } diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 6051adbfb2..e2b9349d04 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -171,7 +171,7 @@ sub test_conf { if ($provider eq "fips") { ok(run(test(["ssl_test", $output_file, $provider, - srctop_file("test", "fips.cnf")])), + srctop_file("test", "fips-and-base.cnf")])), "running ssl_test $conf"); } else { ok(run(test(["ssl_test", $output_file, $provider])), diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 210346cb70..a4d84c9b5c 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -106,7 +106,8 @@ subtest 'test_ss' => sub { note('test_ssl -- key U'); testssl("keyU.ss", $Ucert, $CAcert, "default", srctop_file("test","default.cnf")); unless ($no_fips) { - testssl("keyU.ss", $Ucert, $CAcert, "fips", srctop_file("test","fips.cnf")); + testssl("keyU.ss", $Ucert, $CAcert, "fips", + srctop_file("test","fips-and-base.cnf")); } # ----------- diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t index 9af8435f6e..8cef077a66 100644 --- a/test/recipes/90-test_sslapi.t +++ b/test/recipes/90-test_sslapi.t @@ -45,7 +45,7 @@ unless ($no_fips) { ok(run(test(["sslapitest", srctop_dir("test", "certs"), srctop_file("test", "recipes", "90-test_sslapi_data", "passwd.txt"), $tmpfilename, "fips", - srctop_file("test", "fips.cnf")])), + srctop_file("test", "fips-and-base.cnf")])), "running sslapitest"); } diff --git a/test/recipes/90-test_store.t b/test/recipes/90-test_store.t index 57c2e6e9c2..05e4b341f5 100644 --- a/test/recipes/90-test_store.t +++ b/test/recipes/90-test_store.t @@ -86,13 +86,27 @@ my @noexist_file_files = ( "file:blahdiblah.pem", "file:test/blahdibleh.der" ); -my $n = (3 * scalar @noexist_files) - + (6 * scalar @src_files) - + (4 * scalar @generated_files) - + (scalar keys %generated_file_files) - + (scalar @noexist_file_files) - + 3 - + 11; +# There is more than one method to get a 'file:' loader. +# The default is a built-in provider implementation. +# However, there is also an engine, specially for testing purposes. +# +# @methods is a collection of extra 'openssl storeutl' arguments used to +# try the different methods. +my @methods; +push @methods, [qw(-provider default -provider legacy)]; +push @methods, [qw(-engine loader_attic)] + unless disabled('dynamic-engine') || disabled('deprecated-3.0'); + +my $n = scalar @methods + * ( (3 * scalar @noexist_files) + + (6 * scalar @src_files) + + (4 * scalar @generated_files) + + (scalar keys %generated_file_files) + + (scalar @noexist_file_files) + + 3 + + 11 ); + +plan skip_all => "No plan" if $n == 0; plan tests => $n; @@ -103,132 +117,134 @@ indir "store_$$" => sub { my $rehash = init_rehash(); - foreach (@noexist_files) { - my $file = srctop_file($_); + foreach my $method (@methods) { + my @storeutl = ( qw(openssl storeutl), @$method ); - ok(!run(app(["openssl", "storeutl", "-noout", $file]))); - ok(!run(app(["openssl", "storeutl", "-noout", - to_abs_file($file)]))); - { - local $ENV{MSYS2_ARG_CONV_EXCL} = "file:"; + foreach (@noexist_files) { + my $file = srctop_file($_); - ok(!run(app(["openssl", "storeutl", "-noout", - to_abs_file_uri($file)]))); - } - } - foreach (@src_files) { - my $file = srctop_file($_); + ok(!run(app([@storeutl, "-noout", $file]))); + ok(!run(app([@storeutl, "-noout", to_abs_file($file)]))); + { + local $ENV{MSYS2_ARG_CONV_EXCL} = "file:"; - ok(run(app(["openssl", "storeutl", "-noout", $file]))); - ok(run(app(["openssl", "storeutl", "-noout", to_abs_file($file)]))); - SKIP: - { - skip "file: tests disabled on MingW", 4 if $mingw; - - ok(run(app(["openssl", "storeutl", "-noout", - to_abs_file_uri($file)]))); - ok(run(app(["openssl", "storeutl", "-noout", - to_abs_file_uri($file, 0, "")]))); - ok(run(app(["openssl", "storeutl", "-noout", - to_abs_file_uri($file, 0, "localhost")]))); - ok(!run(app(["openssl", "storeutl", "-noout", - to_abs_file_uri($file, 0, "dummy")]))); + ok(!run(app([@storeutl, "-noout", + to_abs_file_uri($file)]))); + } } - } - foreach (@generated_files) { - ok(run(app(["openssl", "storeutl", "-noout", "-passin", - "pass:password", $_]))); - ok(run(app(["openssl", "storeutl", "-noout", "-passin", - "pass:password", to_abs_file($_)]))); - - SKIP: - { - skip "file: tests disabled on MingW", 2 if $mingw; - - ok(run(app(["openssl", "storeutl", "-noout", "-passin", - "pass:password", to_abs_file_uri($_)]))); - ok(!run(app(["openssl", "storeutl", "-noout", "-passin", - "pass:password", to_file_uri($_)]))); + foreach (@src_files) { + my $file = srctop_file($_); + + ok(run(app([@storeutl, "-noout", $file]))); + ok(run(app([@storeutl, "-noout", to_abs_file($file)]))); + SKIP: + { + skip "file: tests disabled on MingW", 4 if $mingw; + + ok(run(app([@storeutl, "-noout", + to_abs_file_uri($file)]))); + ok(run(app([@storeutl, "-noout", + to_abs_file_uri($file, 0, "")]))); + ok(run(app([@storeutl, "-noout", + to_abs_file_uri($file, 0, "localhost")]))); + ok(!run(app([@storeutl, "-noout", + to_abs_file_uri($file, 0, "dummy")]))); + } } - } - foreach (values %generated_file_files) { - SKIP: - { - skip "file: tests disabled on MingW", 1 if $mingw; - - ok(run(app(["openssl", "storeutl", "-noout", $_]))); + foreach (@generated_files) { + ok(run(app([@storeutl, "-noout", "-passin", + "pass:password", $_]))); + ok(run(app([@storeutl, "-noout", "-passin", + "pass:password", to_abs_file($_)]))); + + SKIP: + { + skip "file: tests disabled on MingW", 2 if $mingw; + + ok(run(app([@storeutl, "-noout", "-passin", + "pass:password", to_abs_file_uri($_)]))); + ok(!run(app([@storeutl, "-noout", "-passin", + "pass:password", to_file_uri($_)]))); + } } - } - foreach (@noexist_file_files) { - SKIP: - { - skip "file: tests disabled on MingW", 1 if $mingw; + foreach (values %generated_file_files) { + SKIP: + { + skip "file: tests disabled on MingW", 1 if $mingw; - ok(!run(app(["openssl", "storeutl", "-noout", $_]))); + ok(run(app([@storeutl, "-noout", $_]))); + } } - } - { - my $dir = srctop_dir("test", "certs"); + foreach (@noexist_file_files) { + SKIP: + { + skip "file: tests disabled on MingW", 1 if $mingw; - ok(run(app(["openssl", "storeutl", "-noout", $dir]))); - ok(run(app(["openssl", "storeutl", "-noout", - to_abs_file($dir, 1)]))); - SKIP: + ok(!run(app([@storeutl, "-noout", $_]))); + } + } { - skip "file: tests disabled on MingW", 1 if $mingw; + my $dir = srctop_dir("test", "certs"); + + ok(run(app([@storeutl, "-noout", $dir]))); + ok(run(app([@storeutl, "-noout", to_abs_file($dir, 1)]))); + SKIP: + { + skip "file: tests disabled on MingW", 1 if $mingw; - ok(run(app(["openssl", "storeutl", "-noout", - to_abs_file_uri($dir, 1)]))); + ok(run(app([@storeutl, "-noout", + to_abs_file_uri($dir, 1)]))); + } } - } - ok(!run(app(['openssl', 'storeutl', '-noout', - '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', - srctop_file('test', 'testx509.pem')])), - "Checking that -subject can't be used with a single file"); - - ok(run(app(['openssl', 'storeutl', '-certs', '-noout', - srctop_file('test', 'testx509.pem')])), - "Checking that -certs returns 1 object on a certificate file"); - ok(run(app(['openssl', 'storeutl', '-certs', '-noout', - srctop_file('test', 'testcrl.pem')])), - "Checking that -certs returns 0 objects on a CRL file"); - - ok(run(app(['openssl', 'storeutl', '-crls', '-noout', - srctop_file('test', 'testx509.pem')])), - "Checking that -crls returns 0 objects on a certificate file"); - ok(run(app(['openssl', 'storeutl', '-crls', '-noout', - srctop_file('test', 'testcrl.pem')])), - "Checking that -crls returns 1 object on a CRL file"); - - SKIP: { - skip "failed rehash initialisation", 6 unless $rehash; - - # subject from testx509.pem: - # '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' - # issuer from testcrl.pem: - # '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' - ok(run(app(['openssl', 'storeutl', '-noout', - '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', - catdir(curdir(), 'rehash')]))); - ok(run(app(['openssl', 'storeutl', '-noout', - '-subject', - '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority', - catdir(curdir(), 'rehash')]))); - ok(run(app(['openssl', 'storeutl', '-noout', '-certs', - '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', - catdir(curdir(), 'rehash')]))); - ok(run(app(['openssl', 'storeutl', '-noout', '-crls', - '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', - catdir(curdir(), 'rehash')]))); - ok(run(app(['openssl', 'storeutl', '-noout', '-certs', - '-subject', - '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority', - catdir(curdir(), 'rehash')]))); - ok(run(app(['openssl', 'storeutl', '-noout', '-crls', - '-subject', - '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority', - catdir(curdir(), 'rehash')]))); + ok(!run(app([@storeutl, '-noout', + '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', + srctop_file('test', 'testx509.pem')])), + "Checking that -subject can't be used with a single file"); + + ok(run(app([@storeutl, '-certs', '-noout', + srctop_file('test', 'testx509.pem')])), + "Checking that -certs returns 1 object on a certificate file"); + ok(run(app([@storeutl, '-certs', '-noout', + srctop_file('test', 'testcrl.pem')])), + "Checking that -certs returns 0 objects on a CRL file"); + + ok(run(app([@storeutl, '-crls', '-noout', + srctop_file('test', 'testx509.pem')])), + "Checking that -crls returns 0 objects on a certificate file"); + ok(run(app([@storeutl, '-crls', '-noout', + srctop_file('test', 'testcrl.pem')])), + "Checking that -crls returns 1 object on a CRL file"); + + SKIP: { + skip "failed rehash initialisation", 6 unless $rehash; + + # subject from testx509.pem: + # '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' + # issuer from testcrl.pem: + # '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' + ok(run(app([@storeutl, '-noout', + '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', + catdir(curdir(), 'rehash')]))); + ok(run(app([@storeutl, '-noout', + '-subject', + '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority', + catdir(curdir(), 'rehash')]))); + ok(run(app([@storeutl, '-noout', '-certs', + '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', + catdir(curdir(), 'rehash')]))); + ok(run(app([@storeutl, '-noout', '-crls', + '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', + catdir(curdir(), 'rehash')]))); + ok(run(app([@storeutl, '-noout', '-certs', + '-subject', + '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority', + catdir(curdir(), 'rehash')]))); + ok(run(app([@storeutl, '-noout', '-crls', + '-subject', + '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority', + catdir(curdir(), 'rehash')]))); + } } } }, create => 1, cleanup => 1; @@ -236,39 +252,47 @@ indir "store_$$" => sub { sub init { my $cnf = srctop_file('test', 'ca-and-certs.cnf'); my $cakey = srctop_file('test', 'certs', 'ca-key.pem'); + my @std_args = qw(-provider default -provider legacy); return ( # rsa-key-pkcs1.pem - run(app(["openssl", "pkey", + run(app(["openssl", "pkey", @std_args, "-in", data_file("rsa-key-2432.pem"), "-out", "rsa-key-pkcs1.pem"])) # rsa-key-pkcs1-aes128.pem - && run(app(["openssl", "rsa", "-passout", "pass:password", "-aes128", + && run(app(["openssl", "rsa", @std_args, + "-passout", "pass:password", "-aes128", "-in", "rsa-key-pkcs1.pem", "-out", "rsa-key-pkcs1-aes128.pem"])) # dsa-key-pkcs1.pem - && (!$use_dsa || run(app(["openssl", "gendsa", - "-out", "dsa-key-pkcs1.pem", - data_file("dsaparam.pem")]))) + && (!$use_dsa + || run(app(["openssl", "gendsa", @std_args, + "-out", "dsa-key-pkcs1.pem", + data_file("dsaparam.pem")]))) # dsa-key-pkcs1-aes128.pem - && (!$use_dsa || run(app(["openssl", "dsa", - "-passout", "pass:password", "-aes128", - "-in", "dsa-key-pkcs1.pem", - "-out", "dsa-key-pkcs1-aes128.pem"]))) + && (!$use_dsa + || run(app(["openssl", "dsa", @std_args, + "-passout", "pass:password", "-aes128", + "-in", "dsa-key-pkcs1.pem", + "-out", "dsa-key-pkcs1-aes128.pem"]))) # ec-key-pkcs1.pem (one might think that 'genec' would be practical) - && (!$use_ecc || run(app(["openssl", "ecparam", "-genkey", - "-name", "prime256v1", - "-out", "ec-key-pkcs1.pem"]))) + && (!$use_ecc + || run(app(["openssl", "ecparam", @std_args, + "-genkey", + "-name", "prime256v1", + "-out", "ec-key-pkcs1.pem"]))) # ec-key-pkcs1-aes128.pem - && (!$use_ecc || run(app(["openssl", "ec", - "-passout", "pass:password", "-aes128", - "-in", "ec-key-pkcs1.pem", - "-out", "ec-key-pkcs1-aes128.pem"]))) + && (!$use_ecc + || run(app(["openssl", "ec", @std_args, + "-passout", "pass:password", "-aes128", + "-in", "ec-key-pkcs1.pem", + "-out", "ec-key-pkcs1-aes128.pem"]))) # *-key-pkcs8.pem && runall(sub { my $dstfile = shift; (my $srcfile = $dstfile) =~ s/-key-pkcs8\.pem$/-key-pkcs1.pem/i; - run(app(["openssl", "pkcs8", "-topk8", "-nocrypt", + run(app(["openssl", "pkcs8", @std_args, + "-topk8", "-nocrypt", "-in", $srcfile, "-out", $dstfile])); }, grep(/-key-pkcs8\.pem$/, @generated_files)) # *-key-pkcs8-pbes1-sha1-3des.pem @@ -277,7 +301,8 @@ sub init { (my $srcfile = $dstfile) =~ s/-key-pkcs8-pbes1-sha1-3des\.pem$ /-key-pkcs8.pem/ix; - run(app(["openssl", "pkcs8", "-topk8", + run(app(["openssl", "pkcs8", @std_args, + "-topk8", "-passout", "pass:password", "-v1", "pbeWithSHA1And3-KeyTripleDES-CBC", "-in", $srcfile, "-out", $dstfile])); @@ -288,7 +313,8 @@ sub init { (my $srcfile = $dstfile) =~ s/-key-pkcs8-pbes1-md5-des\.pem$ /-key-pkcs8.pem/ix; - run(app(["openssl", "pkcs8", "-topk8", + run(app(["openssl", "pkcs8", @std_args, + "-topk8", "-passout", "pass:password", "-v1", "pbeWithSHA1And3-KeyTripleDES-CBC", "-in", $srcfile, "-out", $dstfile])); @@ -299,7 +325,8 @@ sub init { (my $srcfile = $dstfile) =~ s/-key-pkcs8-pbes2-sha1\.pem$ /-key-pkcs8.pem/ix; - run(app(["openssl", "pkcs8", "-topk8", + run(app(["openssl", "pkcs8", @std_args, + "-topk8", "-passout", "pass:password", "-v2", "aes256", "-v2prf", "hmacWithSHA1", "-in", $srcfile, "-out", $dstfile])); @@ -310,13 +337,14 @@ sub init { (my $srcfile = $dstfile) =~ s/-key-pkcs8-pbes2-sha256\.pem$ /-key-pkcs8.pem/ix; - run(app(["openssl", "pkcs8", "-topk8", + run(app(["openssl", "pkcs8", @std_args, + "-topk8", "-passout", "pass:password", "-v2", "aes256", "-v2prf", "hmacWithSHA256", "-in", $srcfile, "-out", $dstfile])); }, grep(/-key-pkcs8-pbes2-sha256\.pem$/, @generated_files)) # *-cert.pem (intermediary for the .p12 inits) - && run(app(["openssl", "req", "-x509", + && run(app(["openssl", "req", "-x509", @std_args, "-config", $cnf, "-noenc", "-key", $cakey, "-out", "cacert.pem"])) && runall(sub { @@ -324,11 +352,12 @@ sub init { (my $dstfile = $srckey) =~ s|-key-pkcs8\.|-cert.|; (my $csr = $dstfile) =~ s|\.pem|.csr|; - (run(app(["openssl", "req", "-new", + (run(app(["openssl", "req", "-new", @std_args, "-config", $cnf, "-section", "userreq", "-key", $srckey, "-out", $csr])) && - run(app(["openssl", "x509", "-days", "3650", + run(app(["openssl", "x509", @std_args, + "-days", "3650", "-CA", "cacert.pem", "-CAkey", $cakey, "-set_serial", time(), "-req", @@ -380,9 +409,7 @@ sub init { print STDERR "(destination file was $dstfile)\n"; return 0; } - run(app(["openssl", "pkcs12", - "-provider", "default", - "-provider", "legacy", + run(app(["openssl", "pkcs12", @std_args, "-inkey", $srckey, "-in", $srccert, "-passout", "pass:password", "-chain", "-CAfile", "cacert.pem", diff --git a/util/libcrypto.num b/util/libcrypto.num index 96f834500d..d5e7ab423e 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4154,18 +4154,18 @@ ERR_load_strings_const 4242 3_0_0 EXIST::FUNCTION: ASN1_TIME_to_tm 4243 3_0_0 EXIST::FUNCTION: ASN1_TIME_set_string_X509 4244 3_0_0 EXIST::FUNCTION: OCSP_resp_get1_id 4245 3_0_0 EXIST::FUNCTION:OCSP -OSSL_STORE_register_loader 4246 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_set_error 4247 3_0_0 EXIST::FUNCTION: +OSSL_STORE_register_loader 4246 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +OSSL_STORE_LOADER_set_error 4247 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OSSL_STORE_INFO_get0_PKEY 4248 3_0_0 EXIST::FUNCTION: OSSL_STORE_INFO_get_type 4249 3_0_0 EXIST::FUNCTION: ERR_load_OSSL_STORE_strings 4250 3_0_0 EXIST::FUNCTION: OSSL_STORE_LOADER_free 4251 3_0_0 EXIST::FUNCTION: OSSL_STORE_INFO_get1_PKEY 4252 3_0_0 EXIST::FUNCTION: OSSL_STORE_INFO_free 4253 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_set_eof 4255 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_new 4256 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_set_eof 4255 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +OSSL_STORE_LOADER_new 4256 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OSSL_STORE_INFO_get0_CERT 4257 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_set_close 4258 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_set_close 4258 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OSSL_STORE_INFO_new_PARAMS 4259 3_0_0 EXIST::FUNCTION: OSSL_STORE_INFO_new_PKEY 4260 3_0_0 EXIST::FUNCTION: OSSL_STORE_INFO_get1_PARAMS 4261 3_0_0 EXIST::FUNCTION: @@ -4175,26 +4175,26 @@ OSSL_STORE_INFO_get1_CERT 4264 3_0_0 EXIST::FUNCTION: OSSL_STORE_INFO_get0_PARAMS 4265 3_0_0 EXIST::FUNCTION: OSSL_STORE_INFO_type_string 4266 3_0_0 EXIST::FUNCTION: OSSL_STORE_INFO_get1_NAME 4267 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_set_load 4268 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_get0_scheme 4269 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_set_load 4268 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +OSSL_STORE_LOADER_get0_scheme 4269 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OSSL_STORE_open 4270 3_0_0 EXIST::FUNCTION: OSSL_STORE_close 4271 3_0_0 EXIST::FUNCTION: OSSL_STORE_INFO_new_CERT 4272 3_0_0 EXIST::FUNCTION: OSSL_STORE_INFO_get0_CRL 4273 3_0_0 EXIST::FUNCTION: OSSL_STORE_load 4274 3_0_0 EXIST::FUNCTION: OSSL_STORE_INFO_get0_NAME 4275 3_0_0 EXIST::FUNCTION: -OSSL_STORE_unregister_loader 4276 3_0_0 EXIST::FUNCTION: +OSSL_STORE_unregister_loader 4276 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OSSL_STORE_INFO_new_CRL 4277 3_0_0 EXIST::FUNCTION: OSSL_STORE_INFO_new_NAME 4278 3_0_0 EXIST::FUNCTION: OSSL_STORE_eof 4279 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_set_open 4280 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_set_ctrl 4281 3_0_0 EXIST::FUNCTION: -OSSL_STORE_ctrl 4282 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_set_open 4280 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +OSSL_STORE_LOADER_set_ctrl 4281 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +OSSL_STORE_ctrl 4282 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OSSL_STORE_INFO_get0_NAME_description 4283 3_0_0 EXIST::FUNCTION: OSSL_STORE_INFO_set0_NAME_description 4284 3_0_0 EXIST::FUNCTION: OSSL_STORE_INFO_get1_NAME_description 4285 3_0_0 EXIST::FUNCTION: -OSSL_STORE_do_all_loaders 4286 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_get0_engine 4287 3_0_0 EXIST::FUNCTION: +OSSL_STORE_do_all_loaders 4286 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +OSSL_STORE_LOADER_get0_engine 4287 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OPENSSL_fork_prepare 4288 3_0_0 EXIST:UNIX:FUNCTION: OPENSSL_fork_parent 4289 3_0_0 EXIST:UNIX:FUNCTION: OPENSSL_fork_child 4290 3_0_0 EXIST:UNIX:FUNCTION: @@ -4333,10 +4333,10 @@ EVP_sha512_256 4428 3_0_0 EXIST::FUNCTION: EVP_sha512_224 4429 3_0_0 EXIST::FUNCTION: OCSP_basic_sign_ctx 4430 3_0_0 EXIST::FUNCTION:OCSP RAND_DRBG_bytes 4431 3_0_0 NOEXIST::FUNCTION: -OSSL_STORE_vctrl 4433 3_0_0 EXIST::FUNCTION: +OSSL_STORE_vctrl 4433 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OSSL_STORE_SEARCH_by_alias 4434 3_0_0 EXIST::FUNCTION: BIO_bind 4435 3_0_0 EXIST::FUNCTION:SOCK -OSSL_STORE_LOADER_set_expect 4436 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_set_expect 4436 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OSSL_STORE_expect 4437 3_0_0 EXIST::FUNCTION: OSSL_STORE_SEARCH_by_key_fingerprint 4438 3_0_0 EXIST::FUNCTION: OSSL_STORE_SEARCH_get0_serial 4439 3_0_0 EXIST::FUNCTION: @@ -4349,7 +4349,7 @@ OSSL_STORE_SEARCH_get0_string 4445 3_0_0 EXIST::FUNCTION: OSSL_STORE_SEARCH_by_issuer_serial 4446 3_0_0 EXIST::FUNCTION: OSSL_STORE_SEARCH_get0_name 4447 3_0_0 EXIST::FUNCTION: X509_get0_authority_key_id 4448 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_set_find 4449 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_set_find 4449 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OSSL_STORE_SEARCH_free 4450 3_0_0 EXIST::FUNCTION: OSSL_STORE_SEARCH_get0_digest 4451 3_0_0 EXIST::FUNCTION: RAND_DRBG_set_reseed_defaults 4452 3_0_0 NOEXIST::FUNCTION: @@ -5126,7 +5126,7 @@ OSSL_PARAM_construct_time_t ? 3_0_0 EXIST::FUNCTION: OSSL_PARAM_get_time_t ? 3_0_0 EXIST::FUNCTION: OSSL_PARAM_set_time_t ? 3_0_0 EXIST::FUNCTION: OSSL_STORE_attach ? 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_set_attach ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_set_attach ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen ? 3_0_0 EXIST::FUNCTION:RSA EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md ? 3_0_0 EXIST::FUNCTION:RSA EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name ? 3_0_0 EXIST::FUNCTION:RSA @@ -5272,7 +5272,7 @@ PEM_read_bio_PUBKEY_ex ? 3_0_0 EXIST::FUNCTION: PEM_read_PUBKEY_ex ? 3_0_0 EXIST::FUNCTION:STDIO PEM_read_bio_Parameters_ex ? 3_0_0 EXIST::FUNCTION: EC_GROUP_new_from_params ? 3_0_0 EXIST::FUNCTION:EC -OSSL_STORE_LOADER_set_open_with_libctx ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_set_open_with_libctx ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OSSL_STORE_LOADER_fetch ? 3_0_0 EXIST::FUNCTION: OSSL_STORE_LOADER_up_ref ? 3_0_0 EXIST::FUNCTION: OSSL_STORE_LOADER_provider ? 3_0_0 EXIST::FUNCTION: @@ -5286,3 +5286,11 @@ OSSL_PARAM_get_octet_string_ptr ? 3_0_0 EXIST::FUNCTION: OSSL_DECODER_CTX_set_passphrase_cb ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set_mac_key ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_new_CMAC_key_with_libctx ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_INFO_new ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_INFO_get0_data ? 3_0_0 EXIST::FUNCTION: +ossl_do_blob_header ? 3_0_0 EXIST::FUNCTION:DSA +ossl_do_PVK_header ? 3_0_0 EXIST::FUNCTION:DSA,RC4 +asn1_d2i_read_bio ? 3_0_0 EXIST::FUNCTION: +EVP_PKCS82PKEY_with_libctx ? 3_0_0 EXIST::FUNCTION: +ossl_b2i ? 3_0_0 EXIST::FUNCTION:DSA +ossl_b2i_bio ? 3_0_0 EXIST::FUNCTION:DSA diff --git a/util/missingcrypto-internal.txt b/util/missingcrypto-internal.txt index 4c90857035..54e1bc9ba7 100644 --- a/util/missingcrypto-internal.txt +++ b/util/missingcrypto-internal.txt @@ -1,3 +1,8 @@ WPACKET(3) WPACKET_init_der(3) WPACKET_init_null_der(3) +asn1_d2i_read_bio(3) +ossl_do_PVK_header(3) +ossl_do_blob_header(3) +ossl_b2i(3) +ossl_b2i_bio(3) diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index 54ff9cc1b7..783df1203f 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -673,6 +673,7 @@ EVP_PBE_find(3) EVP_PBE_get(3) EVP_PBE_scrypt(3) EVP_PKCS82PKEY(3) +EVP_PKCS82PKEY_with_libctx(3) EVP_PKEY2PKCS8(3) EVP_PKEY_CTX_get0_peerkey(3) EVP_PKEY_CTX_get0_pkey(3) From builds at travis-ci.com Thu Sep 3 18:00:26 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 03 Sep 2020 18:00:26 +0000 Subject: Errored: openssl/openssl#37125 (master - d55d093) In-Reply-To: Message-ID: <5f512f3a49db0_13f91181d5bd02225f9@travis-pro-tasks-65765b8494-vx4tz.mail> Build Update for openssl/openssl ------------------------------------- Build: #37125 Status: Errored Duration: 1 hr, 34 mins, and 34 secs Commit: d55d093 (master) Author: Richard Levitte Message: ASN1: Make ASN1_item_verify_ctx() work with provider-native keys Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) View the changeset: https://github.com/openssl/openssl/compare/0bc193dd05fa...d55d0935deb1 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182625703?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Sep 3 21:33:02 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 03 Sep 2020 21:33:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console Message-ID: <1599168782.742616.12902.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui-console/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=211, Tests=3353, 947 wallclock secs (13.85 usr 1.44 sys + 832.89 cusr 65.75 csys = 913.93 CPU) Result: FAIL Makefile:3190: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui-console' Makefile:3188: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Sep 4 00:00:56 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 04 Sep 2020 00:00:56 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1599177656.433290.29190.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock credentials' -proxy '' -no_proxy 127.0.0.1 -cert "" -key "" -keypass "" -unprotected_requests => 0 not ok 38 - unprotected request # ------------------------------------------------------------------------------ # Failed test 'unprotected request' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. # Looks like you failed 3 tests of 38. not ok 5 - CMP app CLI Mock credentials # ------------------------------------------------------------------------------ # cmp_main:../openssl/apps/cmp.c:2705:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2309:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:684:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:2038:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # save_certs:../openssl/apps/cmp.c:2082:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout test.cert.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # ------------------------------------------------------------------------------ # cmp_main:../openssl/apps/cmp.c:2705:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2309:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:684:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:2038:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # save_certs:../openssl/apps/cmp.c:2082:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout test.cert.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # ------------------------------------------------------------------------------ # Failed test 'popo NONE' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. # cmp_main:../openssl/apps/cmp.c:2705:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2309:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:684:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:2038:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # save_certs:../openssl/apps/cmp.c:2082:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout test.cert.pem -out_trusted root.crt => 0 not ok 48 - popo KEYENC not supported # ------------------------------------------------------------------------------ # Looks like you failed 3 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 3 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 768 Tests: 7 Failed: 3) Failed tests: 4-5, 7 Non-zero exit status: 3 Files=211, Tests=3021, 800 wallclock secs (10.34 usr 1.37 sys + 737.16 cusr 53.07 csys = 801.94 CPU) Result: FAIL Makefile:2415: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:2413: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Sep 4 06:23:02 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 04 Sep 2020 06:23:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1599200582.895202.26770.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EncryptedData_decrypt.3 doc/man/man3/CMS_EncryptedData_encrypt.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_data_create.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_digest_create.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_CTX_get_iv.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_certreq.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_DECODER.3 doc/man/man3/OSSL_DECODER_CTX.3 doc/man/man3/OSSL_DECODER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_DECODER_from_bio.3 doc/man/man3/OSSL_ENCODER.3 doc/man/man3/OSSL_ENCODER_CTX.3 doc/man/man3/OSSL_ENCODER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_ENCODER_to_bio.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_X509_INFO_read_bio_with_libctx.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_create_cert.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_SAFEBAG_get1_cert.3 doc/man/man3/PKCS12_add1_attr_by_NID.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_cert.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_add_safe.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_get0_primary.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_ASN1.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_ASN1.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_add_cert.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-PKCS12KDF.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-HMAC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-HMAC.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-base.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-encoder.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-object.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-signature.7 doc/man/man7/provider-storemgmt.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_core_object test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_decoder test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_encoder test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/defltfips_test test/destest test/dhtest test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/endecode_test test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkcs12_format_test test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_status_test test/provider_test test/rand_status_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/der/der_wrap_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/common/include/prov/der_wrap.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_core_object.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_decoder.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_encoder.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha7-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4186: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3155: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Fri Sep 4 07:12:39 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 04 Sep 2020 07:12:39 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-rc2 Message-ID: <1599203559.725825.31704.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-rc2 Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok Could not read any cert of certificates from -in file from ../../../openssl/test/certs/v3-certs-RC2.p12 C050CDD3907F0000:error::digital envelope routines:EVP_PBE_CipherInit:unknown cipher:../openssl/crypto/evp/evp_pbe.c:116: C050CDD3907F0000:error::PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:../openssl/crypto/pkcs12/p12_decr.c:37: C050CDD3907F0000:error::PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../openssl/crypto/pkcs12/p12_decr.c:90: C050CDD3907F0000:error::PKCS12 routines:PKCS12_parse:parse error:../openssl/crypto/pkcs12/p12_kiss.c:87: ../../util/wrap.pl ../../apps/openssl pkcs12 -export -in ../../../openssl/test/certs/v3-certs-RC2.p12 -passin 'pass:v3-certs' -provider default -provider legacy -nokeys -passout 'pass:v3-certs' -descert -out tmp.p12 => 1 not ok 5 - test_pkcs12_passcert # ------------------------------------------------------------------------------ # Failed test 'test_pkcs12_passcert' # at ../openssl/test/recipes/80-test_pkcs12.t line 93. # Looks like you failed 1 test of 5.80-test_pkcs12.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/5 subtests 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_pkcs12.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=211, Tests=3328, 897 wallclock secs (13.72 usr 1.37 sys + 820.92 cusr 66.32 csys = 902.33 CPU) Result: FAIL Makefile:3186: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-rc2' Makefile:3184: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Sep 4 11:31:46 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 04 Sep 2020 11:31:46 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1599219106.641284.14814.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EncryptedData_decrypt.html doc/html/man3/CMS_EncryptedData_encrypt.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_data_create.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_digest_create.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_CTX_get_iv.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_RAND.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_certreq.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set0_validity.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_DECODER.html doc/html/man3/OSSL_DECODER_CTX.html doc/html/man3/OSSL_DECODER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_DECODER_from_bio.html doc/html/man3/OSSL_ENCODER.html doc/html/man3/OSSL_ENCODER_CTX.html doc/html/man3/OSSL_ENCODER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_ENCODER_to_bio.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_X509_INFO_read_bio_with_libctx.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_create_cert.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_SAFEBAG_get1_cert.html doc/html/man3/PKCS12_add1_attr_by_NID.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_cert.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_add_safe.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_get0_primary.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_ASN1.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_ASN1.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_add_cert.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-PKCS12KDF.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-HMAC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_RAND-CTR-DRBG.html doc/html/man7/EVP_RAND-HASH-DRBG.html doc/html/man7/EVP_RAND-HMAC-DRBG.html doc/html/man7/EVP_RAND-TEST-RAND.html doc/html/man7/EVP_RAND.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-HMAC.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-base.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_dispatch.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-encoder.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-object.html doc/html/man7/provider-rand.html doc/html/man7/provider-signature.html doc/html/man7/provider-storemgmt.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EncryptedData_decrypt.3 doc/man/man3/CMS_EncryptedData_encrypt.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_data_create.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_digest_create.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_CTX_get_iv.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_certreq.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_DECODER.3 doc/man/man3/OSSL_DECODER_CTX.3 doc/man/man3/OSSL_DECODER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_DECODER_from_bio.3 doc/man/man3/OSSL_ENCODER.3 doc/man/man3/OSSL_ENCODER_CTX.3 doc/man/man3/OSSL_ENCODER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_ENCODER_to_bio.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_X509_INFO_read_bio_with_libctx.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_create_cert.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_SAFEBAG_get1_cert.3 doc/man/man3/PKCS12_add1_attr_by_NID.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_cert.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_add_safe.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_get0_primary.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_ASN1.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_ASN1.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_add_cert.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-PKCS12KDF.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-HMAC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-HMAC.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-base.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-encoder.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-object.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-signature.7 doc/man/man7/provider-storemgmt.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_core_object test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_decoder test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_encoder test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/defltfips_test test/destest test/dhtest test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/endecode_test test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkcs12_format_test test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_status_test test/provider_test test/rand_status_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/der/der_wrap_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/common/include/prov/der_wrap.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_core_object.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_decoder.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_encoder.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha7-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4191: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3160: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Fri Sep 4 15:23:27 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 04 Sep 2020 15:23:27 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1599233007.422090.7939.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 40C7B888527F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 406772B5987F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 406772B5987F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=211, Tests=3353, 1816 wallclock secs (14.74 usr 1.25 sys + 1719.75 cusr 91.86 csys = 1827.60 CPU) Result: FAIL Makefile:3183: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:3181: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Sep 4 15:48:56 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 04 Sep 2020 15:48:56 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui Message-ID: <1599234536.238296.26196.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=211, Tests=3353, 935 wallclock secs (13.79 usr 1.25 sys + 830.89 cusr 65.22 csys = 911.15 CPU) Result: FAIL Makefile:3188: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui' Makefile:3186: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Fri Sep 4 17:32:01 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 04 Sep 2020 17:32:01 +0000 Subject: Build failed: openssl master.36618 Message-ID: <20200904173201.1.41E9761EDC909FB8@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Sep 4 18:41:45 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 04 Sep 2020 18:41:45 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1599244905.362212.25452.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=211, Tests=3350, 871 wallclock secs (13.33 usr 1.15 sys + 806.13 cusr 63.47 csys = 884.08 CPU) Result: FAIL Makefile:3191: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3189: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Sep 4 21:29:12 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 04 Sep 2020 21:29:12 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1599254952.861476.18610.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C02089AC637F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1327 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1405 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C02089AC637F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C02089AC637F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6456 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/QfFvMft7Ik default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0306E7BC07F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0306E7BC07F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:846 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0306E7BC07F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0306E7BC07F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1327 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1405 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0306E7BC07F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0306E7BC07F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6456 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/QfFvMft7Ik fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=211, Tests=3352, 895 wallclock secs (13.58 usr 1.23 sys + 827.07 cusr 64.01 csys = 905.89 CPU) Result: FAIL Makefile:3192: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3190: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Sep 4 23:55:39 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 04 Sep 2020 23:55:39 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1599263739.774706.28726.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C070C42C627F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1327 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1405 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C070C42C627F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C070C42C627F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6456 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/HjV7A492u0 default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0F0F4EBBB7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0F0F4EBBB7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:846 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0F0F4EBBB7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0F0F4EBBB7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1327 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1405 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0F0F4EBBB7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0F0F4EBBB7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6456 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/HjV7A492u0 fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=211, Tests=3352, 895 wallclock secs (13.11 usr 1.26 sys + 826.50 cusr 66.38 csys = 907.25 CPU) Result: FAIL Makefile:3188: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3186: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat Sep 5 00:44:20 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 05 Sep 2020 00:44:20 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1599266660.295084.31591.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: 2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs ef0f01c0af Avoid uninitialised variable warning for jobs 1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop 72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. ab114c6dde Fix two issues with AES-CCM KTLS tests. 18efb63016 Skip tests using KTLS RX for TLS 1.3. cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported. eb818d23c2 Refactor the KTLS tests to minimize code duplication. c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c. b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3. 3c1641e8e8 Don't check errno if ktls_read_record() returned 0. 0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. 3e5826061b Add helper functions for FreeBSD KTLS. c34ca13a60 Add a ktls_crypto_info_t typedef. 23e77b0ba3 Update test data for DSA public key text e2e46dfa8c Add the correct enum value for DSA public key serialization Build log ended with (last 100 lines): # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0F0BDB8067F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0F0BDB8067F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:7912 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0F0BDB8067F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0F0BDB8067F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:7912 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/wt3gUHdj_j default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C05044813E7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C05044813E7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:7912 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C05044813E7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C05044813E7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:7912 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/wt3gUHdj_j fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=211, Tests=3274, 832 wallclock secs (12.46 usr 1.38 sys + 760.54 cusr 61.59 csys = 835.97 CPU) Result: FAIL Makefile:3168: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3166: recipe for target 'tests' failed make: *** [tests] Error 2 From shane.lontis at oracle.com Sat Sep 5 05:46:49 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Sat, 05 Sep 2020 05:46:49 +0000 Subject: [openssl] master update Message-ID: <1599284809.041457.16799.nullmailer@dev.openssl.org> The branch master has been updated via 59ed73398920a9ad663da03a08cfd290995f55af (commit) via 5340c8ea2a25d17ee2ce1f35d1fb545b8487e84b (commit) via 776cf98b493768de02f798f71f6b30c40deb3506 (commit) via d135774e7d4304df90eab0ed37e93ecdfb1b99a9 (commit) via 33200269110f0ed4a9c96be03b32cd8913f9e426 (commit) via 0e540f231cbdc8e24e1496cf8ac265b62a983692 (commit) via 7ce49eeaca2081ccd881fc1b22fac2d08d3bb69a (commit) via ea478697927798ff2850ea94b4938bb0c76da48b (commit) from d55d0935deb1a8af9cb9a76bf4ca21da47ba8184 (commit) - Log ----------------------------------------------------------------- commit 59ed73398920a9ad663da03a08cfd290995f55af Author: Shane Lontis Date: Mon Aug 24 12:52:56 2020 +1000 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12708) commit 5340c8ea2a25d17ee2ce1f35d1fb545b8487e84b Author: Shane Lontis Date: Mon Aug 24 12:45:50 2020 +1000 Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12708) commit 776cf98b493768de02f798f71f6b30c40deb3506 Author: Shane Lontis Date: Mon Aug 24 12:16:24 2020 +1000 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12708) commit d135774e7d4304df90eab0ed37e93ecdfb1b99a9 Author: Shane Lontis Date: Mon Aug 24 12:02:02 2020 +1000 Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12708) commit 33200269110f0ed4a9c96be03b32cd8913f9e426 Author: Shane Lontis Date: Mon Aug 24 11:57:12 2020 +1000 Fix coverity CID #1466371 - fix dereference before NULL check. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12708) commit 0e540f231cbdc8e24e1496cf8ac265b62a983692 Author: Shane Lontis Date: Mon Aug 24 11:45:57 2020 +1000 Fix coverity CID #1466375 - Remove dead code. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12708) commit 7ce49eeaca2081ccd881fc1b22fac2d08d3bb69a Author: Shane Lontis Date: Mon Aug 24 11:32:48 2020 +1000 Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12708) commit ea478697927798ff2850ea94b4938bb0c76da48b Author: Shane Lontis Date: Mon Aug 24 11:29:23 2020 +1000 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12708) ----------------------------------------------------------------------- Summary of changes: crypto/cms/cms_ess.c | 8 +++--- crypto/dh/dh_ameth.c | 5 ++-- crypto/ec/ec_backend.c | 2 +- crypto/ffc/ffc_params.c | 10 +++++--- crypto/initthread.c | 3 ++- .../implementations/encode_decode/encoder_ec.c | 29 ++++++++++------------ providers/implementations/keymgmt/ec_kmgmt.c | 19 ++++++++------ 7 files changed, 39 insertions(+), 37 deletions(-) diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index 3e545b7add..b6b2037532 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -430,12 +430,12 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc) { ASN1_STRING *seq = NULL; - unsigned char *p, *pp; + unsigned char *p, *pp = NULL; int len; /* Add SigningCertificateV2 signed attribute to the signer info. */ len = i2d_ESS_SIGNING_CERT_V2(sc, NULL); - if ((pp = OPENSSL_malloc(len)) == NULL) + if (len <= 0 || (pp = OPENSSL_malloc(len)) == NULL) goto err; p = pp; i2d_ESS_SIGNING_CERT_V2(sc, &p); @@ -462,12 +462,12 @@ int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc) int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc) { ASN1_STRING *seq = NULL; - unsigned char *p, *pp; + unsigned char *p, *pp = NULL; int len; /* Add SigningCertificate signed attribute to the signer info. */ len = i2d_ESS_SIGNING_CERT(sc, NULL); - if ((pp = OPENSSL_malloc(len)) == NULL) + if (len <= 0 || (pp = OPENSSL_malloc(len)) == NULL) goto err; p = pp; i2d_ESS_SIGNING_CERT(sc, &p); diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 011bc5ad03..3d4605ae11 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -564,13 +564,12 @@ static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx, EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); DH *dh = dh_new_with_libctx(pctx->libctx); - DH_clear_flags(dh, DH_FLAG_TYPE_MASK); - DH_set_flags(dh, type == EVP_PKEY_DH ? DH_FLAG_TYPE_DH : DH_FLAG_TYPE_DHX); - if (dh == NULL) { ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); return 0; } + DH_clear_flags(dh, DH_FLAG_TYPE_MASK); + DH_set_flags(dh, type == EVP_PKEY_DH ? DH_FLAG_TYPE_DH : DH_FLAG_TYPE_DHX); if (!dh_ffc_params_fromdata(dh, params) || !dh_key_fromdata(dh, params) diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c index 1599e2b1f3..8acbcebd6f 100644 --- a/crypto/ec/ec_backend.c +++ b/crypto/ec/ec_backend.c @@ -162,7 +162,7 @@ int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl, #endif } else { /* named curve */ - const char *curve_name = curve_name = ec_curve_nid2name(curve_nid); + const char *curve_name = ec_curve_nid2name(curve_nid); if (curve_name == NULL || !ossl_param_build_set_utf8_string(tmpl, params, diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c index ac767c0a1c..c980ea0018 100644 --- a/crypto/ffc/ffc_params.c +++ b/crypto/ffc/ffc_params.c @@ -313,8 +313,10 @@ int ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent) goto err; if (ffc->seed != NULL) { size_t i; - BIO_indent(bp, indent, 128); - BIO_puts(bp, "seed:"); + + if (!BIO_indent(bp, indent, 128) + || BIO_puts(bp, "seed:") <= 0) + goto err; for (i = 0; i < ffc->seedlen; i++) { if ((i % 15) == 0) { if (BIO_puts(bp, "\n") <= 0 @@ -329,8 +331,8 @@ int ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent) return 0; } if (ffc->pcounter != -1) { - BIO_indent(bp, indent, 128); - if (BIO_printf(bp, "counter: %d\n", ffc->pcounter) <= 0) + if (!BIO_indent(bp, indent, 128) + || BIO_printf(bp, "counter: %d\n", ffc->pcounter) <= 0) goto err; } return 1; diff --git a/crypto/initthread.c b/crypto/initthread.c index c9a34a77db..5ad38dfee2 100644 --- a/crypto/initthread.c +++ b/crypto/initthread.c @@ -392,13 +392,14 @@ static int init_thread_deregister(void *index, int all) for (i = 0; i < sk_THREAD_EVENT_HANDLER_PTR_num(gtr->skhands); i++) { THREAD_EVENT_HANDLER **hands = sk_THREAD_EVENT_HANDLER_PTR_value(gtr->skhands, i); - THREAD_EVENT_HANDLER *curr = *hands, *prev = NULL, *tmp; + THREAD_EVENT_HANDLER *curr = NULL, *prev = NULL, *tmp; if (hands == NULL) { if (!all) CRYPTO_THREAD_unlock(gtr->lock); return 0; } + curr = *hands; while (curr != NULL) { if (all || curr->index == index) { if (prev != NULL) diff --git a/providers/implementations/encode_decode/encoder_ec.c b/providers/implementations/encode_decode/encoder_ec.c index ee64e2f802..ab8e82eb6e 100644 --- a/providers/implementations/encode_decode/encoder_ec.c +++ b/providers/implementations/encode_decode/encoder_ec.c @@ -69,23 +69,20 @@ static int ossl_prov_print_ec_param_explicit_gen(BIO *out, || EC_POINT_point2bn(group, point, form, gen, ctx) == NULL) return 0; - if (gen != NULL) { - switch (form) { - case POINT_CONVERSION_COMPRESSED: - glabel = "Generator (compressed):"; - break; - case POINT_CONVERSION_UNCOMPRESSED: - glabel = "Generator (uncompressed):"; - break; - case POINT_CONVERSION_HYBRID: - glabel = "Generator (hybrid):"; - break; - default: - return 0; - } - return ossl_prov_print_labeled_bignum(out, glabel, gen); + switch (form) { + case POINT_CONVERSION_COMPRESSED: + glabel = "Generator (compressed):"; + break; + case POINT_CONVERSION_UNCOMPRESSED: + glabel = "Generator (uncompressed):"; + break; + case POINT_CONVERSION_HYBRID: + glabel = "Generator (hybrid):"; + break; + default: + return 0; } - return 1; + return ossl_prov_print_labeled_bignum(out, glabel, gen); } /* Print explicit parameters */ diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index cb5e2291da..9c2e627e37 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -321,7 +321,7 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, void *cbarg) { EC_KEY *ec = keydata; - OSSL_PARAM_BLD *tmpl; + OSSL_PARAM_BLD *tmpl = NULL; OSSL_PARAM *params = NULL; unsigned char *pub_key = NULL, *genbuf = NULL; BN_CTX *bnctx = NULL; @@ -358,8 +358,11 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { bnctx = BN_CTX_new_ex(ec_key_get_libctx(ec)); + if (bnctx == NULL) { + ok = 0; + goto end; + } BN_CTX_start(bnctx); - ok = ok && (bnctx != NULL); ok = ok && ec_group_todata(EC_KEY_get0_group(ec), tmpl, NULL, ec_key_get_libctx(ec), ec_key_get0_propq(ec), bnctx, &genbuf); @@ -376,7 +379,7 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, if (ok && (params = OSSL_PARAM_BLD_to_param(tmpl)) != NULL) ok = param_cb(params, cbarg); - +end: OSSL_PARAM_BLD_free_params(params); OSSL_PARAM_BLD_free(tmpl); OPENSSL_free(pub_key); @@ -526,10 +529,10 @@ int ec_get_params(void *key, OSSL_PARAM params[]) if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL && !OSSL_PARAM_set_int(p, ECDSA_size(eck))) - return 0; + goto err; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL && !OSSL_PARAM_set_int(p, EC_GROUP_order_bits(ecg))) - return 0; + goto err; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL) { int ecbits, sec_bits; @@ -565,12 +568,12 @@ int ec_get_params(void *key, OSSL_PARAM params[]) sec_bits = ecbits / 2; if (!OSSL_PARAM_set_int(p, sec_bits)) - return 0; + goto err; } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL && !OSSL_PARAM_set_utf8_string(p, EC_DEFAULT_MD)) - return 0; + goto err; p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH); if (p != NULL) { @@ -580,7 +583,7 @@ int ec_get_params(void *key, OSSL_PARAM params[]) (EC_KEY_get_flags(eck) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; if (!OSSL_PARAM_set_int(p, ecdh_cofactor_mode)) - return 0; + goto err; } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL) { p->return_size = EC_POINT_point2oct(EC_KEY_get0_group(key), From matthias.st.pierre at ncp-e.com Sat Sep 5 09:08:57 2020 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Sat, 05 Sep 2020 09:08:57 +0000 Subject: [openssl] master update Message-ID: <1599296937.056819.8834.nullmailer@dev.openssl.org> The branch master has been updated via 09e76c5dd34515f9df42b2f1deed5166ba6b31fa (commit) from 59ed73398920a9ad663da03a08cfd290995f55af (commit) - Log ----------------------------------------------------------------- commit 09e76c5dd34515f9df42b2f1deed5166ba6b31fa Author: Dr. Matthias St. Pierre Date: Wed Jul 8 09:23:29 2020 +0200 test/drbgtest: improve the reseed after fork test Issue #12377 demonstrated that it is not sufficient to verify that after a fork a reseeding is triggered in the child. This commit enhances the test by collecting the output of the public and private drbg for the parent and all children and checking for duplicates. In case of duplicates, it prints an error message and displays a sorted output. The analysis of #12377 (see [1]) showed that due to an error in the resetting of the AES-CTR (issue #12405, fixed by #12413), it could happen that only the first n bytes (n=1,...15) of the children's random output were identical. This test is optimized to detect this issue by only comparing the first byte of the sampled data (i.e., the first 'column' of the output). The number of samples is chosen high enough to keep the chance of false positives low. The test is executed sixteen times, each time advancing the internal counter by requesting a single extra byte of random data. Another, more general test splits the entire sampled random data into two-byte chunks and counts their collisions. If a certain threshold is exceeded, it reports an error. [1] https://github.com/openssl/openssl/issues/12377#issuecomment-656207334 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12407) ----------------------------------------------------------------------- Summary of changes: test/drbgtest.c | 345 ++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 310 insertions(+), 35 deletions(-) diff --git a/test/drbgtest.c b/test/drbgtest.c index fbe5c78c58..eeb71f0227 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -68,6 +68,10 @@ static int rand_priv_bytes(unsigned char *buf, int num) return gen_bytes(RAND_get0_private(NULL), buf, num); } + +/* size of random output generated in test_drbg_reseed() */ +#define RANDOM_SIZE 16 + /* * DRBG query functions */ @@ -153,27 +157,36 @@ static int disable_crngt(EVP_RAND_CTX *drbg) * * |expect_success|: expected outcome (as reported by RAND_status()) * |primary|, |public|, |private|: pointers to the three shared DRBGs + * |public_random|, |private_random|: generated random output * |expect_xxx_reseed| = * 1: it is expected that the specified DRBG is reseeded * 0: it is expected that the specified DRBG is not reseeded * -1: don't check whether the specified DRBG was reseeded or not - * |reseed_time|: if nonzero, used instead of time(NULL) to set the + * |reseed_when|: if nonzero, used instead of time(NULL) to set the * |before_reseed| time. */ static int test_drbg_reseed(int expect_success, EVP_RAND_CTX *primary, EVP_RAND_CTX *public, EVP_RAND_CTX *private, + unsigned char *public_random, + unsigned char *private_random, int expect_primary_reseed, int expect_public_reseed, int expect_private_reseed, time_t reseed_when ) { - unsigned char buf[32]; time_t before_reseed, after_reseed; int expected_state = (expect_success ? DRBG_READY : DRBG_ERROR); unsigned int primary_reseed, public_reseed, private_reseed; + unsigned char dummy[RANDOM_SIZE]; + + if (public_random == NULL) + public_random = dummy; + + if (private_random == NULL) + private_random = dummy; /* * step 1: check preconditions @@ -194,8 +207,10 @@ static int test_drbg_reseed(int expect_success, /* Generate random output from the public and private DRBG */ before_reseed = expect_primary_reseed == 1 ? reseed_when : 0; - if (!TEST_int_eq(rand_bytes(buf, sizeof(buf)), expect_success) - || !TEST_int_eq(rand_priv_bytes(buf, sizeof(buf)), expect_success)) + if (!TEST_int_eq(rand_bytes((unsigned char*)public_random, + RANDOM_SIZE), expect_success) + || !TEST_int_eq(rand_priv_bytes((unsigned char*) private_random, + RANDOM_SIZE), expect_success)) return 0; after_reseed = time(NULL); @@ -251,30 +266,271 @@ static int test_drbg_reseed(int expect_success, #if defined(OPENSSL_SYS_UNIX) +/* number of children to fork */ +#define DRBG_FORK_COUNT 9 +/* two results per child, two for the parent */ +#define DRBG_FORK_RESULT_COUNT (2 * (DRBG_FORK_COUNT + 1)) + +typedef struct drbg_fork_result_st { + + unsigned char random[RANDOM_SIZE]; /* random output */ + + int pindex; /* process index (0: parent, 1,2,3...: children)*/ + pid_t pid; /* process id */ + int private; /* true if the private drbg was used */ + char name[10]; /* 'parent' resp. 'child 1', 'child 2', ... */ +} drbg_fork_result; + /* - * Test whether primary, public and private DRBG are reseeded after - * forking the process. + * Sort the drbg_fork_result entries in lexicographical order + * + * This simplifies finding duplicate random output and makes + * the printout in case of an error more readable. */ -static int test_drbg_reseed_after_fork(EVP_RAND_CTX *primary, - EVP_RAND_CTX *public, - EVP_RAND_CTX *private) +static int compare_drbg_fork_result(const void * left, const void * right) { + int result; + const drbg_fork_result *l = left; + const drbg_fork_result *r = right; + + /* separate public and private results */ + result = l->private - r->private; + + if (result == 0) + result = memcmp(l->random, r->random, RANDOM_SIZE); + + if (result == 0) + result = l->pindex - r->pindex; + + return result; +} + +/* + * Sort two-byte chunks of random data + * + * Used for finding collisions in two-byte chunks + */ +static int compare_rand_chunk(const void * left, const void * right) +{ + return memcmp(left, right, 2); +} + +/* + * Test whether primary, public and private DRBG are reseeded + * in the child after forking the process. Collect the random + * output of the public and private DRBG and send it back to + * the parent process. + */ +static int test_drbg_reseed_in_child(EVP_RAND_CTX *primary, + EVP_RAND_CTX *public, + EVP_RAND_CTX *private, + drbg_fork_result result[2]) +{ + int rv = 0, status; + int fd[2]; pid_t pid; - int status=0; + unsigned char random[2 * RANDOM_SIZE]; + + if (!TEST_int_ge(pipe(fd), 0)) + return 0; - pid = fork(); - if (!TEST_int_ge(pid, 0)) + if (!TEST_int_ge(pid = fork(), 0)) { + close(fd[0]); + close(fd[1]); return 0; + } else if (pid > 0) { + + /* I'm the parent; close the write end */ + close(fd[1]); + + /* wait for children to terminate and collect their random output */ + if (TEST_int_eq(waitpid(pid, &status, 0), pid) + && TEST_int_eq(status, 0) + && TEST_true(read(fd[0], &random[0], sizeof(random)) + == sizeof(random))) { + + /* random output of public drbg */ + result[0].pid = pid; + result[0].private = 0; + memcpy(result[0].random, &random[0], RANDOM_SIZE); + + /* random output of private drbg */ + result[1].pid = pid; + result[1].private = 1; + memcpy(result[1].random, &random[RANDOM_SIZE], RANDOM_SIZE); + + rv = 1; + } + + /* close the read end */ + close(fd[0]); + + return rv; + + } else { + + /* I'm the child; close the read end */ + close(fd[0]); + + /* check whether all three DRBGs reseed and send output to parent */ + if (TEST_true(test_drbg_reseed(1, primary, public, private, + &random[0], &random[RANDOM_SIZE], + 1, 1, 1, 0)) + && TEST_true(write(fd[1], random, sizeof(random)) + == sizeof(random))) { + + rv = 1; + } + + /* close the write end */ + close(fd[1]); + + /* convert boolean to exit code */ + exit(rv == 0); + } +} + +static int test_rand_reseed_on_fork(EVP_RAND_CTX *primary, + EVP_RAND_CTX *public, + EVP_RAND_CTX *private) +{ + unsigned int i; + pid_t pid = getpid(); + int verbose = (getenv("V") != NULL); + int success = 1; + int duplicate[2] = {0, 0}; + unsigned char random[2 * RANDOM_SIZE]; + unsigned char sample[DRBG_FORK_RESULT_COUNT * RANDOM_SIZE]; + unsigned char *psample = &sample[0]; + drbg_fork_result result[DRBG_FORK_RESULT_COUNT]; + drbg_fork_result *presult = &result[2]; + + memset(&result, 0, sizeof(result)); + + for (i = 1 ; i <= DRBG_FORK_COUNT ; ++i) { + + presult[0].pindex = presult[1].pindex = i; + + sprintf(presult[0].name, "child %d", i); + strcpy(presult[1].name, presult[0].name); + + /* collect the random output of the children */ + if (!TEST_true(test_drbg_reseed_in_child(primary, + public, + private, + presult))) + return 0; - if (pid > 0) { - /* I'm the parent; wait for the child and check its exit code */ - return TEST_int_eq(waitpid(pid, &status, 0), pid) && TEST_int_eq(status, 0); + presult += 2; } - /* I'm the child; check whether all three DRBGs reseed. */ - if (!TEST_true(test_drbg_reseed(1, primary, public, private, 1, 1, 1, 0))) - status = 1; - exit(status); + /* collect the random output of the parent */ + if (!TEST_true(test_drbg_reseed(1, + primary, public, private, + &random[0], &random[RANDOM_SIZE], + 0, 0, 0, 0))) + return 0; + + strcpy(result[0].name, "parent"); + strcpy(result[1].name, "parent"); + + /* output of public drbg */ + result[0].pid = pid; + result[0].private = 0; + memcpy(result[0].random, &random[0], RANDOM_SIZE); + + /* output of private drbg */ + result[1].pid = pid; + result[1].private = 1; + memcpy(result[1].random, &random[RANDOM_SIZE], RANDOM_SIZE); + + /* collect all sampled random data in a single buffer */ + for (i = 0 ; i < DRBG_FORK_RESULT_COUNT ; ++i) { + memcpy(psample, &result[i].random[0], RANDOM_SIZE); + psample += RANDOM_SIZE; + } + + /* sort the results... */ + qsort(result, DRBG_FORK_RESULT_COUNT, sizeof(drbg_fork_result), + compare_drbg_fork_result); + + /* ...and count duplicate prefixes by looking at the first byte only */ + for (i = 1 ; i < DRBG_FORK_RESULT_COUNT ; ++i) { + if (result[i].random[0] == result[i-1].random[0]) { + /* count public and private duplicates separately */ + ++duplicate[result[i].private]; + } + } + + if (duplicate[0] >= DRBG_FORK_COUNT - 1) { + /* just too many duplicates to be a coincidence */ + TEST_note("ERROR: %d duplicate prefixes in public random output", duplicate[0]); + success = 0; + } + + if (duplicate[1] >= DRBG_FORK_COUNT - 1) { + /* just too many duplicates to be a coincidence */ + TEST_note("ERROR: %d duplicate prefixes in private random output", duplicate[1]); + success = 0; + } + + duplicate[0] = 0; + + /* sort the two-byte chunks... */ + qsort(sample, sizeof(sample)/2, 2, compare_rand_chunk); + + /* ...and count duplicate chunks */ + for (i = 2, psample = sample + 2 ; i < sizeof(sample) ; i += 2, psample += 2) { + if (compare_rand_chunk(psample - 2, psample) == 0) + ++duplicate[0]; + } + + if (duplicate[0] >= DRBG_FORK_COUNT - 1) { + /* just too many duplicates to be a coincidence */ + TEST_note("ERROR: %d duplicate chunks in random output", duplicate[0]); + success = 0; + } + + if (verbose || !success) { + + for (i = 0 ; i < DRBG_FORK_RESULT_COUNT ; ++i) { + char *rand_hex = OPENSSL_buf2hexstr(result[i].random, RANDOM_SIZE); + + TEST_note(" random: %s, pid: %d (%s, %s)", + rand_hex, + result[i].pid, + result[i].name, + result[i].private ? "private" : "public" + ); + + OPENSSL_free(rand_hex); + } + } + + return success; +} + +static int test_rand_fork_safety(int i) +{ + int success = 1; + unsigned char random[1]; + EVP_RAND_CTX *primary, *public, *private; + + /* All three DRBGs should be non-null */ + if (!TEST_ptr(primary = RAND_get0_primary(NULL)) + || !TEST_ptr(public = RAND_get0_public(NULL)) + || !TEST_ptr(private = RAND_get0_private(NULL))) + return 0; + + /* run the actual test */ + if (!TEST_true(test_rand_reseed_on_fork(primary, public, private))) + success = 0; + + /* request a single byte from each of the DRBGs before the next run */ + if (!TEST_true(RAND_bytes(random, 1) && RAND_priv_bytes(random, 1))) + success = 0; + + return success; } #endif @@ -283,7 +539,7 @@ static int test_drbg_reseed_after_fork(EVP_RAND_CTX *primary, * setup correctly, in particular whether reseeding works * as designed. */ -static int test_rand_drbg_reseed(void) +static int test_rand_reseed(void) { EVP_RAND_CTX *primary, *public, *private; unsigned char rand_add_buf[256]; @@ -324,14 +580,20 @@ static int test_rand_drbg_reseed(void) /* * Test initial seeding of shared DRBGs */ - if (!TEST_true(test_drbg_reseed(1, primary, public, private, 1, 1, 1, 0))) + if (!TEST_true(test_drbg_reseed(1, + primary, public, private, + NULL, NULL, + 1, 1, 1, 0))) goto error; /* * Test initial state of shared DRBGs */ - if (!TEST_true(test_drbg_reseed(1, primary, public, private, 0, 0, 0, 0))) + if (!TEST_true(test_drbg_reseed(1, + primary, public, private, + NULL, NULL, + 0, 0, 0, 0))) goto error; /* @@ -339,7 +601,10 @@ static int test_rand_drbg_reseed(void) * reseed counters differ from the primary's reseed counter. */ inc_reseed_counter(primary); - if (!TEST_true(test_drbg_reseed(1, primary, public, private, 0, 1, 1, 0))) + if (!TEST_true(test_drbg_reseed(1, + primary, public, private, + NULL, NULL, + 0, 1, 1, 0))) goto error; /* @@ -348,7 +613,10 @@ static int test_rand_drbg_reseed(void) */ inc_reseed_counter(primary); inc_reseed_counter(private); - if (!TEST_true(test_drbg_reseed(1, primary, public, private, 0, 1, 0, 0))) + if (!TEST_true(test_drbg_reseed(1, + primary, public, private, + NULL, NULL, + 0, 1, 0, 0))) goto error; /* @@ -357,14 +625,12 @@ static int test_rand_drbg_reseed(void) */ inc_reseed_counter(primary); inc_reseed_counter(public); - if (!TEST_true(test_drbg_reseed(1, primary, public, private, 0, 0, 1, 0))) + if (!TEST_true(test_drbg_reseed(1, + primary, public, private, + NULL, NULL, + 0, 0, 1, 0))) goto error; -#if defined(OPENSSL_SYS_UNIX) - if (!TEST_true(test_drbg_reseed_after_fork(primary, public, private))) - goto error; -#endif - /* fill 'randomness' buffer with some arbitrary data */ memset(rand_add_buf, 'r', sizeof(rand_add_buf)); @@ -379,7 +645,10 @@ static int test_rand_drbg_reseed(void) */ before_reseed = time(NULL); RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf)); - if (!TEST_true(test_drbg_reseed(1, primary, public, private, 1, 1, 1, + if (!TEST_true(test_drbg_reseed(1, + primary, public, private, + NULL, NULL, + 1, 1, 1, before_reseed))) goto error; #else /* FIPS_MODULE */ @@ -391,7 +660,10 @@ static int test_rand_drbg_reseed(void) */ before_reseed = time(NULL); RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf)); - if (!TEST_true(test_drbg_reseed(1, primary, public, private, 0, 0, 0, + if (!TEST_true(test_drbg_reseed(1, + primary, public, private, + NULL, NULL, + 0, 0, 0, before_reseed))) goto error; #endif @@ -538,7 +810,7 @@ static EVP_RAND_CTX *new_drbg(EVP_RAND_CTX *parent) return drbg; } -static int test_rand_drbg_prediction_resistance(void) +static int test_rand_prediction_resistance(void) { EVP_RAND_CTX *x = NULL, *y = NULL, *z = NULL; unsigned char buf1[51], buf2[sizeof(buf1)]; @@ -627,8 +899,11 @@ err: int setup_tests(void) { - ADD_TEST(test_rand_drbg_reseed); - ADD_TEST(test_rand_drbg_prediction_resistance); + ADD_TEST(test_rand_reseed); +#if defined(OPENSSL_SYS_UNIX) + ADD_ALL_TESTS(test_rand_fork_safety, RANDOM_SIZE); +#endif + ADD_TEST(test_rand_prediction_resistance); #if defined(OPENSSL_THREADS) ADD_TEST(test_multi_thread); #endif From matt at openssl.org Sat Sep 5 09:17:07 2020 From: matt at openssl.org (Matt Caswell) Date: Sat, 05 Sep 2020 09:17:07 +0000 Subject: [web] master update Message-ID: <1599297427.888855.10421.nullmailer@dev.openssl.org> The branch master has been updated via 9b73985f37ba01f63b9aeb5c25560d2f6409dba4 (commit) from aa5a6394fe82d072ca491cc4054b00cbf624358e (commit) - Log ----------------------------------------------------------------- commit 9b73985f37ba01f63b9aeb5c25560d2f6409dba4 Author: Matt Caswell Date: Sat Sep 5 10:09:25 2020 +0100 Publish project admin blog post Reviewed-by: Mark J. Cox (Merged from https://github.com/openssl/web/pull/192) ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index a1094b9..edc8cc8 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +05-Sep-2020: New Blog post: OpenSSL Is Looking for a Full Time Administrator and Manager 06-Aug-2020: Alpha 6 of OpenSSL 3.0 is now available: please download and test it 16-Jul-2020: Alpha 5 of OpenSSL 3.0 is now available: please download and test it 25-Jun-2020: New Blog post: OpenSSL 3.0 Alpha4 Release From builds at travis-ci.com Sat Sep 5 09:22:46 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 05 Sep 2020 09:22:46 +0000 Subject: Failed: openssl/openssl#37195 (master - 59ed733) In-Reply-To: Message-ID: <5f5358e6599d4_13fd030311e204953a@travis-pro-tasks-6988dd9dfc-8zg8z.mail> Build Update for openssl/openssl ------------------------------------- Build: #37195 Status: Failed Duration: 1 hr, 18 mins, and 1 sec Commit: 59ed733 (master) Author: Shane Lontis Message: Fix coverity CID #1454815 - NULL ptr dereference in initthread.c Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12708) View the changeset: https://github.com/openssl/openssl/compare/d55d0935deb1...59ed73398920 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182873394?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Sep 5 11:46:02 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 05 Sep 2020 11:46:02 +0000 Subject: Build failed: openssl master.36659 Message-ID: <20200905114602.1.20D634E93039B777@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Sep 5 12:46:04 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 05 Sep 2020 12:46:04 +0000 Subject: Build completed: openssl master.36660 Message-ID: <20200905124604.1.9C7FB9EAB741FC79@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.com Sat Sep 5 14:07:25 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 05 Sep 2020 14:07:25 +0000 Subject: Failed: openssl/openssl#37202 (master - 09e76c5) In-Reply-To: Message-ID: <5f539b9cc5db0_13fea91dac60c9515b@travis-pro-tasks-576588c988-8tf46.mail> Build Update for openssl/openssl ------------------------------------- Build: #37202 Status: Failed Duration: 1 hr, 18 mins, and 16 secs Commit: 09e76c5 (master) Author: Dr. Matthias St. Pierre Message: test/drbgtest: improve the reseed after fork test Issue #12377 demonstrated that it is not sufficient to verify that after a fork a reseeding is triggered in the child. This commit enhances the test by collecting the output of the public and private drbg for the parent and all children and checking for duplicates. In case of duplicates, it prints an error message and displays a sorted output. The analysis of #12377 (see [1]) showed that due to an error in the resetting of the AES-CTR (issue #12405, fixed by #12413), it could happen that only the first n bytes (n=1,...15) of the children's random output were identical. This test is optimized to detect this issue by only comparing the first byte of the sampled data (i.e., the first 'column' of the output). The number of samples is chosen high enough to keep the chance of false positives low. The test is executed sixteen times, each time advancing the internal counter by requesting a single extra byte of random data. Another, more general test splits the entire sampled random data into two-byte chunks and counts their collisions. If a certain threshold is exceeded, it reports an error. [1] https://github.com/openssl/openssl/issues/12377#issuecomment-656207334 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12407) View the changeset: https://github.com/openssl/openssl/compare/59ed73398920...09e76c5dd345 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182880640?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev at ddvo.net Sat Sep 5 16:10:20 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Sat, 05 Sep 2020 16:10:20 +0000 Subject: [openssl] master update Message-ID: <1599322220.081244.13438.nullmailer@dev.openssl.org> The branch master has been updated via 39082af2fa6549c3d92c917ea5a423bca57c7b42 (commit) from 09e76c5dd34515f9df42b2f1deed5166ba6b31fa (commit) - Log ----------------------------------------------------------------- commit 39082af2fa6549c3d92c917ea5a423bca57c7b42 Author: Dr. David von Oheimb Date: Fri Sep 4 09:29:01 2020 +0200 Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout Also simplify certificate saving in apps/cmp.c Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12790) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 69 +++++++++++++++++++++---------------------- crypto/cmp/cmp_ctx.c | 30 +++++++++++++++++++ crypto/cmp/cmp_local.h | 2 ++ doc/man1/openssl-cmp.pod.in | 5 ++++ doc/man3/OSSL_CMP_CTX_new.pod | 9 +++++- include/openssl/cmp.h | 1 + test/cmp_ctx_test.c | 4 +++ util/libcrypto.num | 1 + 8 files changed, 84 insertions(+), 37 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 4d6acdd499..1af27f7881 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -129,6 +129,7 @@ static char *opt_out_trusted = NULL; static int opt_implicit_confirm = 0; static int opt_disable_confirm = 0; static char *opt_certout = NULL; +static char *opt_chainout = NULL; /* certificate enrollment and revocation */ static char *opt_oldcert = NULL; @@ -205,7 +206,7 @@ typedef enum OPTION_choice { OPT_POLICIES, OPT_POLICY_OIDS, OPT_POLICY_OIDS_CRITICAL, OPT_POPO, OPT_CSR, OPT_OUT_TRUSTED, OPT_IMPLICIT_CONFIRM, OPT_DISABLE_CONFIRM, - OPT_CERTOUT, + OPT_CERTOUT, OPT_CHAINOUT, OPT_OLDCERT, OPT_REVREASON, @@ -314,6 +315,8 @@ const OPTIONS cmp_options[] = { "confirmation. WARNING: This leads to behavior violating RFC 4210"}, {"certout", OPT_CERTOUT, 's', "File to save newly enrolled certificate"}, + {"chainout", OPT_CHAINOUT, 's', + "File to save the chain of newly enrolled certificate"}, OPT_SECTION("Certificate enrollment and revocation"), @@ -521,7 +524,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */ {(char **)&opt_popo}, {&opt_csr}, {&opt_out_trusted}, {(char **)&opt_implicit_confirm}, {(char **)&opt_disable_confirm}, - {&opt_certout}, + {&opt_certout}, {&opt_chainout}, {&opt_oldcert}, {(char **)&opt_revreason}, @@ -2066,18 +2069,21 @@ static int write_cert(BIO *bio, X509 *cert) } /* - * writes out a stack of certs to the given file. + * If destFile != NULL writes out a stack of certs to the given file. + * In any case frees the certs. * Depending on options use either PEM or DER format, * where DER does not make much sense for writing more than one cert! - * Returns number of written certificates on success, 0 on error. + * Returns number of written certificates on success, -1 on error. */ -static int save_certs(OSSL_CMP_CTX *ctx, - STACK_OF(X509) *certs, char *destFile, char *desc) +static int save_free_certs(OSSL_CMP_CTX *ctx, + STACK_OF(X509) *certs, char *destFile, char *desc) { BIO *bio = NULL; int i; int n = sk_X509_num(certs); + if (destFile == NULL) + goto end; CMP_info3("received %d %s certificate(s), saving to file '%s'", n, desc, destFile); if (n > 1 && opt_certform != FORMAT_PEM) @@ -2087,19 +2093,20 @@ static int save_certs(OSSL_CMP_CTX *ctx, || !BIO_write_filename(bio, (char *)destFile)) { CMP_err1("could not open file '%s' for writing", destFile); n = -1; - goto err; + goto end; } for (i = 0; i < n; i++) { if (!write_cert(bio, sk_X509_value(certs, i))) { CMP_err1("cannot write certificate to file '%s'", destFile); n = -1; - goto err; + goto end; } } - err: + end: BIO_free(bio); + sk_X509_pop_free(certs, X509_free); return n; } @@ -2511,6 +2518,9 @@ static int get_opts(int argc, char **argv) case OPT_CERTOUT: opt_certout = opt_str("certout"); break; + case OPT_CHAINOUT: + opt_chainout = opt_str("chainout"); + break; case OPT_OLDCERT: opt_oldcert = opt_str("oldcert"); break; @@ -2935,39 +2945,26 @@ int cmp_main(int argc, char **argv) OPENSSL_free(buf); } - if (opt_cacertsout != NULL) { - STACK_OF(X509) *certs = OSSL_CMP_CTX_get1_caPubs(cmp_ctx); - - if (sk_X509_num(certs) > 0 - && save_certs(cmp_ctx, certs, opt_cacertsout, "CA") < 0) { - sk_X509_pop_free(certs, X509_free); - goto err; - } - sk_X509_pop_free(certs, X509_free); - } - - if (opt_extracertsout != NULL) { - STACK_OF(X509) *certs = OSSL_CMP_CTX_get1_extraCertsIn(cmp_ctx); - if (sk_X509_num(certs) > 0 - && save_certs(cmp_ctx, certs, opt_extracertsout, - "extra") < 0) { - sk_X509_pop_free(certs, X509_free); - goto err; - } - sk_X509_pop_free(certs, X509_free); - } - - if (opt_certout != NULL && newcert != NULL) { + if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_caPubs(cmp_ctx), + opt_cacertsout, "CA") < 0) + goto err; + if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_extraCertsIn(cmp_ctx), + opt_extracertsout, "extra") < 0) + goto err; + if (newcert != NULL) { STACK_OF(X509) *certs = sk_X509_new_null(); - if (certs == NULL || !sk_X509_push(certs, newcert) - || save_certs(cmp_ctx, certs, opt_certout, - "enrolled") < 0) { + if (!X509_add_cert(certs, newcert, X509_ADD_FLAG_UP_REF)) { sk_X509_free(certs); goto err; } - sk_X509_free(certs); + if (save_free_certs(cmp_ctx, certs, opt_certout, "enrolled") < 0) + goto err; } + if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_newChain(cmp_ctx), + opt_chainout, "chain") < 0) + goto err; + if (!OSSL_CMP_CTX_reinit(cmp_ctx)) goto err; } diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index 57878a8f8d..50c5d0e061 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -162,6 +162,7 @@ int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx) return ossl_cmp_ctx_set0_statusString(ctx, NULL) && ossl_cmp_ctx_set0_newCert(ctx, NULL) + && ossl_cmp_ctx_set1_newChain(ctx, NULL) && ossl_cmp_ctx_set1_caPubs(ctx, NULL) && ossl_cmp_ctx_set1_extraCertsIn(ctx, NULL) && ossl_cmp_ctx_set0_validatedSrvCert(ctx, NULL) @@ -216,6 +217,7 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx) sk_ASN1_UTF8STRING_pop_free(ctx->statusString, ASN1_UTF8STRING_free); X509_free(ctx->newCert); + sk_X509_pop_free(ctx->newChain, X509_free); sk_X509_pop_free(ctx->caPubs, X509_free); sk_X509_pop_free(ctx->extraCertsIn, X509_free); @@ -459,6 +461,34 @@ int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec, return 1; } +/* Returns the cert chain computed by OSSL_CMP_certConf_cb(), NULL on error */ +STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx) +{ + if (ctx == NULL) { + CMPerr(0, CMP_R_NULL_ARGUMENT); + return NULL; + } + if (ctx->newChain == NULL) + return sk_X509_new_null(); + return X509_chain_up_ref(ctx->newChain); +} + +/* + * Copies any given stack of inbound X509 certificates to newChain + * of the OSSL_CMP_CTX structure so that they may be retrieved later. + */ +int ossl_cmp_ctx_set1_newChain(OSSL_CMP_CTX *ctx, STACK_OF(X509) *newChain) +{ + if (!ossl_assert(ctx != NULL)) + return 0; + + sk_X509_pop_free(ctx->newChain, X509_free); + ctx->newChain= NULL; + if (newChain == NULL) + return 1; + return (ctx->newChain = X509_chain_up_ref(newChain)) != NULL; +} + /* * Returns the stack of certificates received in a response message. * The stack is duplicated so the caller must handle freeing it! diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 41c10b22c1..a6e55cfd1b 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -120,6 +120,7 @@ struct ossl_cmp_ctx_st { /* TODO: this should be a stack since there could be more than one */ X509 *newCert; /* newly enrolled cert received from the CA */ /* TODO: this should be a stack since there could be more than one */ + STACK_OF(X509) *newChain; /* chain of newly enrolled cert received */ STACK_OF(X509) *caPubs; /* CA certs received from server (in IP message) */ STACK_OF(X509) *extraCertsIn; /* extraCerts received from server */ @@ -780,6 +781,7 @@ int ossl_cmp_ctx_set0_statusString(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIFREETEXT *text); int ossl_cmp_ctx_set_failInfoCode(OSSL_CMP_CTX *ctx, int fail_info); int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert); +int ossl_cmp_ctx_set1_newChain(OSSL_CMP_CTX *ctx, STACK_OF(X509) *newChain); int ossl_cmp_ctx_set1_caPubs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *caPubs); int ossl_cmp_ctx_set1_extraCertsIn(OSSL_CMP_CTX *ctx, STACK_OF(X509) *extraCertsIn); diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 760e21ccbe..d91bd31684 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -63,6 +63,7 @@ B B [B<-implicit_confirm>] [B<-disable_confirm>] [B<-certout> I] +[B<-chainout> I] [B<-oldcert> I] [B<-revreason> I] @@ -378,6 +379,10 @@ B This leads to behavior violating RFC 4210. The file where the newly enrolled certificate should be saved. +=item B<-chainout> I + +The file where the chain of the newly enrolled certificate should be saved. + =back diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index 62e1a562c9..fda5150434 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -54,6 +54,7 @@ OSSL_CMP_CTX_get_status, OSSL_CMP_CTX_get0_statusString, OSSL_CMP_CTX_get_failInfoCode, OSSL_CMP_CTX_get0_newCert, +OSSL_CMP_CTX_get1_newChain, OSSL_CMP_CTX_get1_caPubs, OSSL_CMP_CTX_get1_extraCertsIn, OSSL_CMP_CTX_set1_transactionID, @@ -144,6 +145,7 @@ OSSL_CMP_CTX_set1_senderNonce int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); + STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx); @@ -170,7 +172,7 @@ OSSL_CMP_CTX_free() deallocates an OSSL_CMP_CTX structure. OSSL_CMP_CTX_reinit() prepares the given B for a further transaction by clearing the internal CMP transaction (aka session) status, PKIStatusInfo, -and any previous results (newCert, caPubs, and extraCertsIn) +and any previous results (newCert, newChain, caPubs, and extraCertsIn) from the last executed transaction. All other field values (i.e., CMP options) are retained for potential re-use. @@ -579,6 +581,10 @@ OSSL_CMP_CTX_FAILINFO_badAlg. Returns -1 if the failInfoCode field is unset. OSSL_CMP_CTX_get0_newCert() returns the pointer to the newly obtained certificate in case it is available, else NULL. +OSSL_CMP_CTX_get1_newChain() returns a pointer to a duplicate of the stack of +X.509 certificates computed by OSSL_CMP_certConf_cb() (if this function has +been called) on the last received certificate response message IP/CP/KUP. + OSSL_CMP_CTX_get1_caPubs() returns a pointer to a duplicate of the stack of X.509 certificates received in the caPubs field of last received certificate response message IP/CP/KUP. @@ -611,6 +617,7 @@ OSSL_CMP_CTX_get0_newPkey(), OSSL_CMP_CTX_get_certConf_cb_arg(), OSSL_CMP_CTX_get0_statusString(), OSSL_CMP_CTX_get0_newCert(), +OSSL_CMP_CTX_get0_newChain(), OSSL_CMP_CTX_get1_caPubs(), and OSSL_CMP_CTX_get1_extraCertsIn() return the intended pointer value as described above or NULL on error. diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h index cf79a4c71f..d12d48ba4f 100644 --- a/include/openssl/cmp.h +++ b/include/openssl/cmp.h @@ -331,6 +331,7 @@ OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); # define OSSL_CMP_PKISI_BUFLEN 1024 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); +STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx, diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c index 184e5bf498..9b2a53df5f 100644 --- a/test/cmp_ctx_test.c +++ b/test/cmp_ctx_test.c @@ -76,6 +76,7 @@ static int execute_CTX_reinit_test(OSSL_CMP_CTX_TEST_FIXTURE *fixture) if (!ossl_cmp_ctx_set0_statusString(ctx, sk_ASN1_UTF8STRING_new_null()) || !ossl_cmp_ctx_set0_newCert(ctx, X509_new()) || !TEST_ptr(certs = sk_X509_new_1()) + || !ossl_cmp_ctx_set1_newChain(ctx, certs) || !ossl_cmp_ctx_set1_caPubs(ctx, certs) || !ossl_cmp_ctx_set1_extraCertsIn(ctx, certs) || !ossl_cmp_ctx_set0_validatedSrvCert(ctx, X509_new()) @@ -93,6 +94,7 @@ static int execute_CTX_reinit_test(OSSL_CMP_CTX_TEST_FIXTURE *fixture) && ctx->failInfoCode == -1 && ctx->statusString == NULL && ctx->newCert == NULL + && ctx->newChain == NULL && ctx->caPubs == NULL && ctx->extraCertsIn == NULL && ctx->validatedSrvCert == NULL @@ -780,6 +782,7 @@ DEFINE_SET_GET_INT_TEST(ossl_cmp, ctx, status) DEFINE_SET_GET_SK_TEST(ossl_cmp, ctx, 0, 0, statusString, ASN1_UTF8STRING) DEFINE_SET_GET_INT_TEST(ossl_cmp, ctx, failInfoCode) DEFINE_SET_GET_TEST(ossl_cmp, ctx, 0, 0, 0, newCert, X509) +DEFINE_SET_GET_SK_X509_TEST(ossl_cmp, ctx, 1, 1, newChain) DEFINE_SET_GET_SK_X509_TEST(ossl_cmp, ctx, 1, 1, caPubs) DEFINE_SET_GET_SK_X509_TEST(ossl_cmp, ctx, 1, 1, extraCertsIn) @@ -869,6 +872,7 @@ int setup_tests(void) ADD_TEST(test_CTX_set0_get0_statusString); ADD_TEST(test_CTX_set_get_failInfoCode); ADD_TEST(test_CTX_set0_get0_newCert); + ADD_TEST(test_CTX_set1_get1_newChain); ADD_TEST(test_CTX_set1_get1_caPubs); ADD_TEST(test_CTX_set1_get1_extraCertsIn); /* exported for testing and debugging purposes: */ diff --git a/util/libcrypto.num b/util/libcrypto.num index d5e7ab423e..cfe1cb8bc6 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4797,6 +4797,7 @@ OSSL_CMP_CTX_get_status ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_get0_statusString ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_get_failInfoCode ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_get0_newCert ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_get1_newChain ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_get1_caPubs ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_get1_extraCertsIn ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set1_transactionID ? 3_0_0 EXIST::FUNCTION:CMP From dev at ddvo.net Sat Sep 5 16:11:52 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Sat, 05 Sep 2020 16:11:52 +0000 Subject: [openssl] master update Message-ID: <1599322312.177194.16237.nullmailer@dev.openssl.org> The branch master has been updated via 15076c26d794dbbdc5413a72e7feded0c9a2ba07 (commit) from 39082af2fa6549c3d92c917ea5a423bca57c7b42 (commit) - Log ----------------------------------------------------------------- commit 15076c26d794dbbdc5413a72e7feded0c9a2ba07 Author: Dr. David von Oheimb Date: Fri Sep 4 15:24:14 2020 +0200 Strengthen chain building for CMP * Add -own_trusted option to CMP app * Add OSSL_CMP_CTX_build_cert_chain() * Add optional trust store arg to ossl_cmp_build_cert_chain() * Extend the tests in cmp_protect_test.c and the documentation accordingly Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12791) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 34 ++++++++++++------ crypto/cmp/cmp_ctx.c | 28 +++++++++++++++ crypto/cmp/cmp_err.c | 2 ++ crypto/cmp/cmp_local.h | 1 + crypto/cmp/cmp_protect.c | 2 +- crypto/cmp/cmp_util.c | 58 ++++++++++++++---------------- crypto/err/openssl.txt | 1 + doc/internal/man3/ossl_cmp_msg_protect.pod | 30 +++++++--------- doc/man1/openssl-cmp.pod.in | 14 +++++++- doc/man3/OSSL_CMP_CTX_new.pod | 17 +++++++++ include/openssl/cmp.h | 6 ++-- include/openssl/cmperr.h | 1 + test/cmp_protect_test.c | 28 +++++++++++++-- util/libcrypto.num | 1 + 14 files changed, 157 insertions(+), 66 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 1af27f7881..799ec34e1f 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -97,6 +97,7 @@ static char *opt_cacertsout = NULL; static char *opt_ref = NULL; static char *opt_secret = NULL; static char *opt_cert = NULL; +static char *opt_own_trusted = NULL; static char *opt_key = NULL; static char *opt_keypass = NULL; static char *opt_digest = NULL; @@ -218,7 +219,7 @@ typedef enum OPTION_choice { OPT_IGNORE_KEYUSAGE, OPT_UNPROTECTED_ERRORS, OPT_EXTRACERTSOUT, OPT_CACERTSOUT, - OPT_REF, OPT_SECRET, OPT_CERT, OPT_KEY, OPT_KEYPASS, + OPT_REF, OPT_SECRET, OPT_CERT, OPT_OWN_TRUSTED, OPT_KEY, OPT_KEYPASS, OPT_DIGEST, OPT_MAC, OPT_EXTRACERTS, OPT_UNPROTECTED_REQUESTS, @@ -383,6 +384,8 @@ const OPTIONS cmp_options[] = { "Client's current certificate (needed unless using -secret for PBM);"}, {OPT_MORE_STR, 0, 0, "any further certs included are appended in extraCerts field"}, + {"own_trusted", OPT_OWN_TRUSTED, 's', + "Optional certs to verify chain building for own CMP signer cert"}, {"key", OPT_KEY, 's', "Private key for the client's current certificate"}, {"keypass", OPT_KEYPASS, 's', "Client private key (and cert and old cert file) pass phrase source"}, @@ -536,7 +539,8 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */ {(char **)&opt_ignore_keyusage}, {(char **)&opt_unprotected_errors}, {&opt_extracertsout}, {&opt_cacertsout}, - {&opt_ref}, {&opt_secret}, {&opt_cert}, {&opt_key}, {&opt_keypass}, + {&opt_ref}, {&opt_secret}, + {&opt_cert}, {&opt_own_trusted}, {&opt_key}, {&opt_keypass}, {&opt_digest}, {&opt_mac}, {&opt_extracerts}, {(char **)&opt_unprotected_requests}, @@ -1595,6 +1599,7 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) if (opt_cert != NULL) { X509 *cert; STACK_OF(X509) *certs = NULL; + X509_STORE *own_trusted = NULL; int ok = 0; if (!load_cert_certs(opt_cert, &cert, &certs, 0, opt_keypass, @@ -1603,18 +1608,24 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) goto err; ok = OSSL_CMP_CTX_set1_cert(ctx, cert); X509_free(cert); - - if (ok) { - /* add any remaining certs to the list of untrusted certs */ - STACK_OF(X509) *untrusted = OSSL_CMP_CTX_get0_untrusted_certs(ctx); - ok = untrusted != NULL ? - X509_add_certs(untrusted, certs, - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP) - : OSSL_CMP_CTX_set1_untrusted_certs(ctx, certs); + if (!ok) { + CMP_err("out of memory"); + } else { + if (opt_own_trusted != NULL) { + own_trusted = load_certstore(opt_own_trusted, + "trusted certs for verifying own CMP signer cert"); + ok = own_trusted != NULL + && set1_store_parameters(own_trusted) + && truststore_set_host_etc(own_trusted, NULL); + } + ok = ok && OSSL_CMP_CTX_build_cert_chain(ctx, own_trusted, certs); } + X509_STORE_free(own_trusted); sk_X509_pop_free(certs, X509_free); if (!ok) goto err; + } else if (opt_own_trusted != NULL) { + CMP_warn("-own_trusted option is ignored without -cert"); } if (!setup_certs(opt_extracerts, "extra certificates for CMP", ctx, @@ -2400,6 +2411,9 @@ static int get_opts(int argc, char **argv) case OPT_CERT: opt_cert = opt_str("cert"); break; + case OPT_OWN_TRUSTED: + opt_own_trusted = opt_str("own_trusted"); + break; case OPT_KEY: opt_key = opt_str("key"); break; diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index 50c5d0e061..adb3ff564b 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -742,6 +742,34 @@ int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, */ DEFINE_OSSL_CMP_CTX_set1_up_ref(cert, X509) +int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, + STACK_OF(X509) *candidates) +{ + STACK_OF(X509) *chain; + + if (ctx == NULL) { + CMPerr(0, CMP_R_NULL_ARGUMENT); + return 0; + } + + if (ctx->untrusted_certs != NULL ? + !X509_add_certs(ctx->untrusted_certs, candidates, + X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP) : + !OSSL_CMP_CTX_set1_untrusted_certs(ctx, candidates)) + return 0; + + ossl_cmp_debug(ctx, "trying to build chain for own CMP signer cert"); + chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, own_trusted, + ctx->untrusted_certs, ctx->cert); + if (chain == NULL) { + CMPerr(0, CMP_R_FAILED_BUILDING_OWN_CHAIN); + return 0; + } + ossl_cmp_debug(ctx, "success building chain for own CMP signer cert"); + sk_X509_pop_free(chain, X509_free); /* TODO(3.0) replace this by 'ctx->chain = chain;' when ctx->chain is available */ + return 1; +} + /* * Set the old certificate that we are updating in KUR * or the certificate to be revoked in RR, respectively. diff --git a/crypto/cmp/cmp_err.c b/crypto/cmp/cmp_err.c index 19d1556426..260e8386d5 100644 --- a/crypto/cmp/cmp_err.c +++ b/crypto/cmp/cmp_err.c @@ -73,6 +73,8 @@ static const ERR_STRING_DATA CMP_str_reasons[] = { "error validating protection"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_VALIDATING_SIGNATURE), "error validating signature"}, + {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAILED_BUILDING_OWN_CHAIN), + "failed building own chain"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAILED_EXTRACTING_PUBKEY), "failed extracting pubkey"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAILURE_OBTAINING_RANDOM), diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index a6e55cfd1b..e3dcb94704 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -747,6 +747,7 @@ int ossl_cmp_asn1_octet_string_set1_bytes(ASN1_OCTET_STRING **tgt, const unsigned char *bytes, int len); STACK_OF(X509) *ossl_cmp_build_cert_chain(OPENSSL_CTX *libctx, const char *propq, + X509_STORE *store, STACK_OF(X509) *certs, X509 *cert); /* from cmp_ctx.c */ diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index 140b1720c8..2a008bd0bf 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -152,7 +152,7 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) ossl_cmp_debug(ctx, "trying to build chain for own CMP signer cert"); - chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, + chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, NULL, ctx->untrusted_certs, ctx->cert); res = X509_add_certs(msg->extraCerts, chain, X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c index c4797f1691..c2ee9b6e0d 100644 --- a/crypto/cmp/cmp_util.c +++ b/crypto/cmp/cmp_util.c @@ -206,56 +206,49 @@ int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, } /*- - * Builds up the chain of intermediate CA certificates - * starting from the given certificate as high up as possible using - * the given list of candidate certificates, similarly to ssl_add_cert_chain(). + * Builds a certificate chain starting from + * using the optional list of intermediate CA certificates . + * If is NULL builds the chain as far down as possible, ignoring errors. + * Else the chain must reach a trust anchor contained in . * - * Intended use of this function is to find all the certificates above the trust - * anchor needed to verify an EE's own certificate. Those are supposed to be - * included in the ExtraCerts field of every first CMP message of a transaction - * when MSG_SIG_ALG is utilized. + * Returns NULL on error, else a pointer to a stack of (up_ref'ed) certificates + * starting with given EE certificate and followed by all available intermediate + * certificates down towards any trust anchor but without including the latter. * - * NOTE: This allocates a stack and increments the reference count of each cert, - * so when not needed any more the stack and all its elements should be freed. + * NOTE: If a non-NULL stack is returned the caller is responsible for freeing. * NOTE: In case there is more than one possibility for the chain, * OpenSSL seems to take the first one; check X509_verify_cert() for details. - * - * returns a pointer to a stack of (up_ref'ed) X509 certificates containing: - * - the EE certificate given in the function arguments (cert) - * - all intermediate certificates up the chain toward the trust anchor - * whereas the (self-signed) trust anchor is not included - * returns NULL on error */ +/* TODO this should be of more general interest and thus be exported. */ STACK_OF(X509) *ossl_cmp_build_cert_chain(OPENSSL_CTX *libctx, const char *propq, + X509_STORE *store, STACK_OF(X509) *certs, X509 *cert) { STACK_OF(X509) *chain = NULL, *result = NULL; - X509_STORE *store = X509_STORE_new(); + X509_STORE *ts = store == NULL ? X509_STORE_new() : store; X509_STORE_CTX *csc = NULL; - if (certs == NULL || cert == NULL || store == NULL) { + if (ts == NULL || cert == NULL) { CMPerr(0, CMP_R_NULL_ARGUMENT); goto err; } - csc = X509_STORE_CTX_new_with_libctx(libctx, propq); - if (csc == NULL) + if ((csc = X509_STORE_CTX_new_with_libctx(libctx, propq)) == NULL) goto err; - - if (!ossl_cmp_X509_STORE_add1_certs(store, certs, 0) - || !X509_STORE_CTX_init(csc, store, cert, NULL)) + if (store == NULL && certs != NULL + && !ossl_cmp_X509_STORE_add1_certs(ts, certs, 0)) goto err; + if (!X509_STORE_CTX_init(csc, ts, cert, + store == NULL ? NULL : certs)) + goto err; + /* disable any cert status/revocation checking etc. */ + X509_VERIFY_PARAM_clear_flags(X509_STORE_CTX_get0_param(csc), + ~(X509_V_FLAG_USE_CHECK_TIME + | X509_V_FLAG_NO_CHECK_TIME)); - (void)ERR_set_mark(); - /* - * ignore return value as it would fail without trust anchor given in store - */ - (void)X509_verify_cert(csc); - - /* don't leave any new errors in the queue */ - (void)ERR_pop_to_mark(); - + if (X509_verify_cert(csc) <= 0 && store != NULL) + goto err; chain = X509_STORE_CTX_get0_chain(csc); /* result list to store the up_ref'ed not self-signed certificates */ @@ -269,7 +262,8 @@ STACK_OF(X509) } err: - X509_STORE_free(store); + if (store == NULL) + X509_STORE_free(ts); X509_STORE_CTX_free(csc); return result; } diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 592fb6b50a..7c37a3e56e 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2114,6 +2114,7 @@ CMP_R_ERROR_SETTING_CERTHASH:128:error setting certhash CMP_R_ERROR_UNEXPECTED_CERTCONF:160:error unexpected certconf CMP_R_ERROR_VALIDATING_PROTECTION:140:error validating protection CMP_R_ERROR_VALIDATING_SIGNATURE:171:error validating signature +CMP_R_FAILED_BUILDING_OWN_CHAIN:164:failed building own chain CMP_R_FAILED_EXTRACTING_PUBKEY:141:failed extracting pubkey CMP_R_FAILURE_OBTAINING_RANDOM:110:failure obtaining random CMP_R_FAIL_INFO_OUT_OF_RANGE:129:fail info out of range diff --git a/doc/internal/man3/ossl_cmp_msg_protect.pod b/doc/internal/man3/ossl_cmp_msg_protect.pod index 6c33db6954..39f5146530 100644 --- a/doc/internal/man3/ossl_cmp_msg_protect.pod +++ b/doc/internal/man3/ossl_cmp_msg_protect.pod @@ -14,6 +14,7 @@ ossl_cmp_msg_add_extraCerts STACK_OF(X509) *ossl_cmp_build_cert_chain(OPENSSL_CTX *libctx, const char *propq, + X509_STORE *store, STACK_OF(X509) *certs, X509 *cert); ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg); @@ -22,19 +23,15 @@ ossl_cmp_msg_add_extraCerts =head1 DESCRIPTION -ossl_cmp_build_cert_chain() builds up the chain of intermediate CA certificates -starting from the given certificate I as high up as possible using -the given list of candidate certificates, similarly to ssl_add_cert_chain(). +ossl_cmp_build_cert_chain() builds a certificate chain starting from I +using the optional list of intermediate CA certificates I. +If I is NULL builds the chain as far down as possible, ignoring errors. +Else the chain must reach a trust anchor contained in I. It internally uses a B structure associated with the library context I and property query string I, both of which may be NULL. -Intended use of this function is to find all the certificates above the trust -anchor needed to verify an EE's own certificate. -Those are supposed to be included in the ExtraCerts field of every first -CMP message of a transaction when MSG_SIG_ALG is utilized. -This allocates a stack and increments the reference count of each cert, -so when not needed any more the stack and all its elements should be freed. +If a non-NULL stack is returned the caller is responsible for freeing it. In case there is more than one possibility for the chain, -OpenSSL seems to take the first one; check X509_verify_cert() for details. +OpenSSL seems to take the first one; check L for details. ossl_cmp_calc_protection() calculates the protection for the given I according to the algorithm and parameters in the message header's protectionAlg @@ -46,10 +43,10 @@ If there is a secretValue it selects PBMAC, else if there is a protection cert it selects Signature and uses L. It also sets the protectionAlg field in the message header accordingly. -ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in the given -message I. It tries to build the certificate chain of the client cert in -the I if present by using certificates in ctx->untrusted_certs; -if no untrusted certs are set, it will at least add the client certificate. +ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I. +If signature-based message protection is used it adds first the CMP signer cert +ctx->cert and then its chain ctx->chain. If this chain is not present in I +tries to build it using ctx->untrusted_certs and caches the result in ctx->chain. In any case all the certificates explicitly specified to be sent out (i.e., IextraCertsOut>) are added. Note that it will NOT add the root certificate of the chain, i.e, the trust anchor (unless it is part of extraCertsOut). @@ -62,9 +59,8 @@ CMP is defined in RFC 4210 (and CRMF in RFC 4211). ossl_cmp_build_cert_chain() returns NULL on error, else a pointer to a stack of (up_ref'ed) certificates -containing the EE certificate given in the function arguments (cert) -and all intermediate certificates up the chain toward the trust anchor. -The (self-signed) trust anchor is not included. +starting with given EE certificate and followed by all available intermediate +certificates down towards (but excluding) any trusted root certificate. ossl_cmp_calc_protection() returns the protection on success, else NULL. diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index d91bd31684..3dc193cd4d 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -32,6 +32,7 @@ B B [B<-ref> I] [B<-secret> I] [B<-cert> I] +[B<-own_trusted> I] [B<-key> I] [B<-keypass> I] [B<-digest> I] @@ -617,7 +618,7 @@ B section in L. =item B<-cert> I -The client's current certificate. +The client's current CMP signer certificate. Requires the corresponding key to be given with B<-key>. The subject of this certificate will be used as sender of outgoing CMP messages, while the subject of B<-oldcert> or B<-subjectName> may provide fallback values. @@ -629,6 +630,16 @@ For Key Update Request (KUR) messages this is also used as the certificate to be updated if the B<-oldcert> option is not given. If the file includes further certs, they are appended to the untrusted certs. +=item B<-own_trusted> I + +If this list of certificates is provided then the chain built for +the CMP signer certificate given with the B<-cert> option is verified +using the given certificates as trust anchors. + +Multiple filenames may be given, separated by commas and/or whitespace +(where in the latter case the whole argument must be enclosed in "..."). +Each source may contain multiple certificates. + =item B<-key> I The corresponding private key file for the client's current certificate given in @@ -694,6 +705,7 @@ The only value with effect is B. =item B<-otherpass> I Pass phrase source for certificate given with the B<-trusted>, B<-untrusted>, +B<-own_trusted>, B<-out_trusted>, B<-extracerts>, B<-tls_extra>, or B<-tls_trusted> options. If not given here, the password will be prompted for if needed. diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index fda5150434..f4425d511a 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -29,6 +29,7 @@ OSSL_CMP_CTX_get0_trustedStore, OSSL_CMP_CTX_set1_untrusted_certs, OSSL_CMP_CTX_get0_untrusted_certs, OSSL_CMP_CTX_set1_cert, +OSSL_CMP_CTX_build_cert_chain, OSSL_CMP_CTX_set1_pkey, OSSL_CMP_CTX_set1_referenceValue, OSSL_CMP_CTX_set1_secretValue, @@ -104,6 +105,8 @@ OSSL_CMP_CTX_set1_senderNonce /* client authentication: */ int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert); + int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, + STACK_OF(X509) *candidates); int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, const unsigned char *ref, int len); @@ -436,6 +439,20 @@ messages, while the subject of any cert set via B and any value set via B are used as fallback. The B argument may be NULL to clear the entry. +OSSL_CMP_CTX_build_cert_chain() builds a certificate chain for the CMP signer +certificate previously set in the B. It adds the optional B, +a list of intermediate CA certs that may already constitute the targeted chain, +to the untrusted certs that may already exist in the B. +Then the function uses this augumented set of certs for chain construction. +If I is NULL it builds the chain as far down as possible and +ignores any verification errors. Else the CMP signer certificate must be +verifiable where the chain reaches a trust anchor contained in I. +On success the function stores the resulting chain in B +for inclusion in the extraCerts field of signature-protected messages. +Calling this function is optional; by default a chain construction +is performed on demand that is equivalent to calling this function +with the B and I arguments being NULL. + OSSL_CMP_CTX_set1_pkey() sets the private key corresponding to the protection certificate B set via B. This key is used create signature-based protection (protectionAlg = MSG_SIG_ALG) diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h index d12d48ba4f..edab120364 100644 --- a/include/openssl/cmp.h +++ b/include/openssl/cmp.h @@ -295,6 +295,8 @@ int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx); /* client authentication: */ int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert); +int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, + STACK_OF(X509) *candidates); int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, const unsigned char *ref, int len); @@ -322,6 +324,8 @@ int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); /* certificate confirmation: */ typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, const char **txt); +int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, + const char **text); int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb); int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg); void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx); @@ -437,8 +441,6 @@ X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type, OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL) int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, const OSSL_CRMF_MSG *crm, int *checkAfter); -int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, - const char **text); X509 *OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx); STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx); diff --git a/include/openssl/cmperr.h b/include/openssl/cmperr.h index 2ae82974a9..190e1a96bd 100644 --- a/include/openssl/cmperr.h +++ b/include/openssl/cmperr.h @@ -66,6 +66,7 @@ int ERR_load_CMP_strings(void); # define CMP_R_ERROR_UNEXPECTED_CERTCONF 160 # define CMP_R_ERROR_VALIDATING_PROTECTION 140 # define CMP_R_ERROR_VALIDATING_SIGNATURE 171 +# define CMP_R_FAILED_BUILDING_OWN_CHAIN 164 # define CMP_R_FAILED_EXTRACTING_PUBKEY 141 # define CMP_R_FAILURE_OBTAINING_RANDOM 110 # define CMP_R_FAIL_INFO_OUT_OF_RANGE 129 diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c index 66cc6af370..7132ccc5cb 100644 --- a/test/cmp_protect_test.c +++ b/test/cmp_protect_test.c @@ -333,8 +333,9 @@ static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture) { int ret = 0; OSSL_CMP_CTX *ctx = fixture->cmp_ctx; + X509_STORE *store; STACK_OF(X509) *chain = - ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, + ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, NULL, fixture->certs, fixture->cert); if (TEST_ptr(chain)) { @@ -342,12 +343,30 @@ static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture) ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); sk_X509_pop_free(chain, X509_free); } + if (!ret) + return 0; + + if (TEST_ptr(store = X509_STORE_new()) + && TEST_true(X509_STORE_add_cert(store, root))) { + X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store), + X509_V_FLAG_NO_CHECK_TIME); + chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, + store, fixture->certs, fixture->cert); + ret = TEST_int_eq(fixture->expected, chain != NULL); + if (ret && chain != NULL) { + /* Check whether chain built is equal to the expected one */ + ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); + sk_X509_pop_free(chain, X509_free); + } + } + X509_STORE_free(store); return ret; } static int test_cmp_build_cert_chain(void) { SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + fixture->expected = 1; fixture->cert = endentity2; if (!TEST_ptr(fixture->certs = sk_X509_new_null()) || !TEST_ptr(fixture->chain = sk_X509_new_null()) @@ -366,6 +385,7 @@ static int test_cmp_build_cert_chain(void) static int test_cmp_build_cert_chain_missing_intermediate(void) { SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + fixture->expected = 0; fixture->cert = endentity2; if (!TEST_ptr(fixture->certs = sk_X509_new_null()) || !TEST_ptr(fixture->chain = sk_X509_new_null()) @@ -379,9 +399,10 @@ static int test_cmp_build_cert_chain_missing_intermediate(void) return result; } -static int test_cmp_build_cert_chain_missing_root(void) +static int test_cmp_build_cert_chain_no_root(void) { SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + fixture->expected = 1; fixture->cert = endentity2; if (!TEST_ptr(fixture->certs = sk_X509_new_null()) || !TEST_ptr(fixture->chain = sk_X509_new_null()) @@ -399,6 +420,7 @@ static int test_cmp_build_cert_chain_missing_root(void) static int test_cmp_build_cert_chain_no_certs(void) { SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + fixture->expected = 0; fixture->cert = endentity2; if (!TEST_ptr(fixture->certs = sk_X509_new_null()) || !TEST_ptr(fixture->chain = sk_X509_new_null()) @@ -556,7 +578,7 @@ int setup_tests(void) #ifndef OPENSSL_NO_EC ADD_TEST(test_cmp_build_cert_chain); - ADD_TEST(test_cmp_build_cert_chain_missing_root); + ADD_TEST(test_cmp_build_cert_chain_no_root); ADD_TEST(test_cmp_build_cert_chain_missing_intermediate); ADD_TEST(test_cmp_build_cert_chain_no_certs); #endif diff --git a/util/libcrypto.num b/util/libcrypto.num index cfe1cb8bc6..25ee44144b 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4774,6 +4774,7 @@ OSSL_CMP_CTX_set1_untrusted_certs ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_get0_untrusted_certs ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set1_cert ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set1_pkey ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_build_cert_chain ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set1_referenceValue ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set1_secretValue ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set1_recipient ? 3_0_0 EXIST::FUNCTION:CMP From no-reply at appveyor.com Sat Sep 5 17:10:52 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 05 Sep 2020 17:10:52 +0000 Subject: Build failed: openssl master.36665 Message-ID: <20200905171052.1.06CAF023315266C0@appveyor.com> An HTML attachment was scrubbed... URL: From dev at ddvo.net Sat Sep 5 17:36:56 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Sat, 05 Sep 2020 17:36:56 +0000 Subject: [openssl] master update Message-ID: <1599327416.242723.25942.nullmailer@dev.openssl.org> The branch master has been updated via 0b86eefd431dd05a0ba87b2f67a6b99def89b6d5 (commit) from 15076c26d794dbbdc5413a72e7feded0c9a2ba07 (commit) - Log ----------------------------------------------------------------- commit 0b86eefd431dd05a0ba87b2f67a6b99def89b6d5 Author: Dr. David von Oheimb Date: Fri Aug 28 12:42:47 2020 +0200 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12788) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 7 +++---- crypto/cmp/cmp_client.c | 2 +- crypto/cmp/cmp_ctx.c | 30 +++++++++++++++--------------- crypto/cmp/cmp_local.h | 2 +- crypto/cmp/cmp_protect.c | 6 +++--- crypto/cmp/cmp_vfy.c | 16 ++++++++-------- doc/man3/OSSL_CMP_CTX_new.pod | 15 +++++++-------- doc/man3/OSSL_CMP_validate_msg.pod | 2 +- include/openssl/cmp.h | 4 ++-- test/cmp_ctx_test.c | 4 ++-- test/cmp_vfy_test.c | 2 +- util/libcrypto.num | 4 ++-- 12 files changed, 46 insertions(+), 48 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 799ec34e1f..9846e7a9c2 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1234,8 +1234,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine) } if (!setup_certs(opt_srv_untrusted, "untrusted certificates for mock server", ctx, - (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted_certs, - NULL)) + (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted, NULL)) goto err; if (opt_rsp_cert == NULL) { @@ -1316,7 +1315,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine) static int setup_verification_ctx(OSSL_CMP_CTX *ctx) { if (!setup_certs(opt_untrusted, "untrusted certificates", ctx, - (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted_certs, + (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted, NULL)) goto err; @@ -1413,7 +1412,7 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx) */ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) { - STACK_OF(X509) *untrusted_certs = OSSL_CMP_CTX_get0_untrusted_certs(ctx); + STACK_OF(X509) *untrusted_certs = OSSL_CMP_CTX_get0_untrusted(ctx); EVP_PKEY *pkey = NULL; X509_STORE *trust_store = NULL; SSL_CTX *ssl_ctx; diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index b7319372e6..d5a4f3ced5 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -469,7 +469,7 @@ static X509 *get1_cert_status(OSSL_CMP_CTX *ctx, int bodytype, /*- * Callback fn validating that the new certificate can be verified, using * ctx->certConf_cb_arg, which has been initialized using opt_out_trusted, and - * ctx->untrusted_certs, which at this point already contains ctx->extraCertsIn. + * ctx->untrusted, which at this point already contains ctx->extraCertsIn. * Returns 0 on acceptance, else a bit field reflecting PKIFailureInfo. * Quoting from RFC 4210 section 5.1. Overall PKI Message: * The extraCerts field can contain certificates that may be useful to diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index adb3ff564b..5b61108f8b 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -57,36 +57,36 @@ int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store) } /* Get current list of non-trusted intermediate certs */ -STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx) +STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx) { if (ctx == NULL) { CMPerr(0, CMP_R_NULL_ARGUMENT); return NULL; } - return ctx->untrusted_certs; + return ctx->untrusted; } /* * Set untrusted certificates for path construction in authentication of * the CMP server and potentially others (TLS server, newly enrolled cert). */ -int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs) +int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs) { - STACK_OF(X509) *untrusted_certs; + STACK_OF(X509) *untrusted; if (ctx == NULL) { CMPerr(0, CMP_R_NULL_ARGUMENT); return 0; } - if ((untrusted_certs = sk_X509_new_null()) == NULL) + if ((untrusted = sk_X509_new_null()) == NULL) return 0; - if (X509_add_certs(untrusted_certs, certs, + if (X509_add_certs(untrusted, certs, X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP) != 1) goto err; - sk_X509_pop_free(ctx->untrusted_certs, X509_free); - ctx->untrusted_certs = untrusted_certs; + sk_X509_pop_free(ctx->untrusted, X509_free); + ctx->untrusted = untrusted; return 1; err: - sk_X509_pop_free(untrusted_certs, X509_free); + sk_X509_pop_free(untrusted, X509_free); return 0; } @@ -126,7 +126,7 @@ OSSL_CMP_CTX *OSSL_CMP_CTX_new(OPENSSL_CTX *libctx, const char *propq) ctx->msg_timeout = 2 * 60; - if ((ctx->untrusted_certs = sk_X509_new_null()) == NULL) + if ((ctx->untrusted = sk_X509_new_null()) == NULL) goto err; ctx->pbm_slen = 16; @@ -186,7 +186,7 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx) X509_free(ctx->validatedSrvCert); X509_NAME_free(ctx->expected_sender); X509_STORE_free(ctx->trusted); - sk_X509_pop_free(ctx->untrusted_certs, X509_free); + sk_X509_pop_free(ctx->untrusted, X509_free); X509_free(ctx->cert); EVP_PKEY_free(ctx->pkey); @@ -752,15 +752,15 @@ int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, return 0; } - if (ctx->untrusted_certs != NULL ? - !X509_add_certs(ctx->untrusted_certs, candidates, + if (ctx->untrusted != NULL ? + !X509_add_certs(ctx->untrusted, candidates, X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP) : - !OSSL_CMP_CTX_set1_untrusted_certs(ctx, candidates)) + !OSSL_CMP_CTX_set1_untrusted(ctx, candidates)) return 0; ossl_cmp_debug(ctx, "trying to build chain for own CMP signer cert"); chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, own_trusted, - ctx->untrusted_certs, ctx->cert); + ctx->untrusted, ctx->cert); if (chain == NULL) { CMPerr(0, CMP_R_FAILED_BUILDING_OWN_CHAIN); return 0; diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index e3dcb94704..d5ac7a521d 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -60,7 +60,7 @@ struct ossl_cmp_ctx_st { X509 *validatedSrvCert; /* caches any already validated server cert */ X509_NAME *expected_sender; /* expected sender in header of response */ X509_STORE *trusted; /* trust store maybe w CRLs and cert verify callback */ - STACK_OF(X509) *untrusted_certs; /* untrusted (intermediate) certs */ + STACK_OF(X509) *untrusted; /* untrusted (intermediate CA) certs */ int ignore_keyusage; /* ignore key usage entry when validating certs */ /* * permitTAInExtraCertsForIR allows use of root certs in extracerts diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index 2a008bd0bf..b65de09517 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -146,14 +146,14 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) | X509_ADD_FLAG_PREPEND)) return 0; /* if we have untrusted certs, try to add intermediate certs */ - if (ctx->untrusted_certs != NULL) { + if (ctx->untrusted != NULL) { STACK_OF(X509) *chain; int res; ossl_cmp_debug(ctx, "trying to build chain for own CMP signer cert"); chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, NULL, - ctx->untrusted_certs, ctx->cert); + ctx->untrusted, ctx->cert); res = X509_add_certs(msg->extraCerts, chain, X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP | X509_ADD_FLAG_NO_SS); @@ -298,7 +298,7 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) /* * will add ctx->cert followed, if possible, by its chain built - * from ctx->untrusted_certs, and then ctx->extraCertsOut + * from ctx->untrusted, and then ctx->extraCertsOut */ } else { CMPerr(0, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION); diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index 86e39d262e..9b8a88f94b 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -122,7 +122,7 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, if ((csc = X509_STORE_CTX_new_with_libctx(ctx->libctx, ctx->propq)) == NULL || !X509_STORE_CTX_init(csc, trusted_store, - cert, ctx->untrusted_certs)) + cert, ctx->untrusted)) goto err; valid = X509_verify_cert(csc) > 0; @@ -398,7 +398,7 @@ static int check_msg_with_certs(OSSL_CMP_CTX *ctx, const STACK_OF(X509) *certs, } /*- - * Verify msg trying first ctx->untrusted_certs, which should include extraCerts + * Verify msg trying first ctx->untrusted, which should include extraCerts * at its front, then trying the trusted certs in truststore (if any) of ctx. * On success cache the found cert using ossl_cmp_ctx_set0_validatedSrvCert(). */ @@ -418,7 +418,7 @@ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, if (check_msg_with_certs(ctx, msg->extraCerts, "extraCerts", NULL, NULL, msg, mode_3gpp)) return 1; - if (check_msg_with_certs(ctx, ctx->untrusted_certs, "untrusted certs", + if (check_msg_with_certs(ctx, ctx->untrusted, "untrusted certs", msg->extraCerts, NULL, msg, mode_3gpp)) return 1; @@ -430,7 +430,7 @@ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, ret = check_msg_with_certs(ctx, trusted, mode_3gpp ? "self-issued extraCerts" : "certs in trusted store", - msg->extraCerts, ctx->untrusted_certs, + msg->extraCerts, ctx->untrusted, msg, mode_3gpp); sk_X509_pop_free(trusted, X509_free); } @@ -536,7 +536,7 @@ static int check_msg_find_cert(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) * Validate the protection of the given PKIMessage using either password- * based mac (PBM) or a signature algorithm. In the case of signature algorithm, * the sender certificate can have been pinned by providing it in ctx->srvCert, - * else it is searched in msg->extraCerts, ctx->untrusted_certs, in ctx->trusted + * else it is searched in msg->extraCerts, ctx->untrusted, in ctx->trusted * (in this order) and is path is validated against ctx->trusted. * On success cache the found cert using ossl_cmp_ctx_set0_validatedSrvCert(). * @@ -636,7 +636,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) /*- * Check received message (i.e., response by server or request from client) - * Any msg->extraCerts are prepended to ctx->untrusted_certs. + * Any msg->extraCerts are prepended to ctx->untrusted. * * Ensures that: * its sender is of appropriate type (curently only X509_NAME) and @@ -693,7 +693,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, * extraCerts because they do not belong to the protected msg part anyway. * For efficiency, the extraCerts are prepended so they get used first. */ - if (!X509_add_certs(ctx->untrusted_certs, msg->extraCerts, + if (!X509_add_certs(ctx->untrusted, msg->extraCerts, /* this allows self-signed certs */ X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP | X509_ADD_FLAG_PREPEND)) @@ -775,7 +775,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, * the peer does not need to send them again in the same transaction. * For efficiency, the extraCerts are prepended so they get used first. */ - if (!X509_add_certs(ctx->untrusted_certs, msg->extraCerts, + if (!X509_add_certs(ctx->untrusted, msg->extraCerts, /* this allows self-signed certs */ X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP | X509_ADD_FLAG_PREPEND)) diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index f4425d511a..972cef9047 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -26,8 +26,8 @@ OSSL_CMP_CTX_set1_srvCert, OSSL_CMP_CTX_set1_expected_sender, OSSL_CMP_CTX_set0_trustedStore, OSSL_CMP_CTX_get0_trustedStore, -OSSL_CMP_CTX_set1_untrusted_certs, -OSSL_CMP_CTX_get0_untrusted_certs, +OSSL_CMP_CTX_set1_untrusted, +OSSL_CMP_CTX_get0_untrusted, OSSL_CMP_CTX_set1_cert, OSSL_CMP_CTX_build_cert_chain, OSSL_CMP_CTX_set1_pkey, @@ -99,9 +99,8 @@ OSSL_CMP_CTX_set1_senderNonce const X509_NAME *name); int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); - int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, - STACK_OF(X509) *certs); - STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx); + int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); + STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx); /* client authentication: */ int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert); @@ -420,13 +419,13 @@ When given a NULL parameter the entry is cleared. OSSL_CMP_CTX_get0_trustedStore() returns a pointer to the currently set certificate store containing trusted cert etc., or an empty store if unset. -OSSL_CMP_CTX_set1_untrusted_certs() sets up a list of non-trusted certificates +OSSL_CMP_CTX_set1_untrusted() sets up a list of non-trusted certificates of intermediate CAs that may be useful for path construction for the CMP client certificate, for the TLS client certificate (if any), when verifying the CMP server certificate, and when verifying newly enrolled certificates. The reference counts of those certificates handled successfully are increased. -OSSL_CMP_CTX_get0_untrusted_certs(OSSL_CMP_CTX *ctx) returns a pointer to the +OSSL_CMP_CTX_get0_untrusted(OSSL_CMP_CTX *ctx) returns a pointer to the list of untrusted certs, which may be empty if unset. OSSL_CMP_CTX_set1_cert() sets the certificate used for CMP message protection. @@ -629,7 +628,7 @@ OSSL_CMP_CTX_new(), OSSL_CMP_CTX_get_http_cb_arg(), OSSL_CMP_CTX_get_transfer_cb_arg(), OSSL_CMP_CTX_get0_trustedStore(), -OSSL_CMP_CTX_get0_untrusted_certs(), +OSSL_CMP_CTX_get0_untrusted(), OSSL_CMP_CTX_get0_newPkey(), OSSL_CMP_CTX_get_certConf_cb_arg(), OSSL_CMP_CTX_get0_statusString(), diff --git a/doc/man3/OSSL_CMP_validate_msg.pod b/doc/man3/OSSL_CMP_validate_msg.pod index 6370325028..ed2ff6c2c6 100644 --- a/doc/man3/OSSL_CMP_validate_msg.pod +++ b/doc/man3/OSSL_CMP_validate_msg.pod @@ -26,7 +26,7 @@ In case of signature algorithm, the certificate to use for the signature check is preferably the one provided by a call to L. If no such sender cert has been pinned then candidate sender certificates are taken from the list of certificates received in the C extraCerts, then any -certificates provided before via L, and +certificates provided before via L, and then all trusted certificates provided via L, where a candidate is acceptable only if has not expired, its subject DN matches the C sender DN (as far as present), and its subject key identifier diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h index edab120364..9fc281a705 100644 --- a/include/openssl/cmp.h +++ b/include/openssl/cmp.h @@ -291,8 +291,8 @@ int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert); int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); -int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); -STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx); +int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); +STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx); /* client authentication: */ int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert); int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c index 9b2a53df5f..8b797f2e98 100644 --- a/test/cmp_ctx_test.c +++ b/test/cmp_ctx_test.c @@ -746,7 +746,7 @@ DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, expected_sender, X509_NAME) DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set0, get0, 0, trustedStore, X509_STORE *, NULL, DEFAULT_STORE, X509_STORE_new_1(), X509_STORE_free) -DEFINE_SET_GET_SK_X509_TEST(OSSL_CMP, CTX, 1, 0, untrusted_certs) +DEFINE_SET_GET_SK_X509_TEST(OSSL_CMP, CTX, 1, 0, untrusted) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, cert, X509) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, pkey, EVP_PKEY) @@ -830,7 +830,7 @@ int setup_tests(void) ADD_TEST(test_CTX_set0_get0_validatedSrvCert); ADD_TEST(test_CTX_set1_get0_expected_sender); ADD_TEST(test_CTX_set0_get0_trustedStore); - ADD_TEST(test_CTX_set1_get0_untrusted_certs); + ADD_TEST(test_CTX_set1_get0_untrusted); /* client authentication: */ ADD_TEST(test_CTX_set1_get0_cert); ADD_TEST(test_CTX_set1_get0_pkey); diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c index 1aec50d657..93d57dd8bb 100644 --- a/test/cmp_vfy_test.c +++ b/test/cmp_vfy_test.c @@ -191,7 +191,7 @@ static int add_trusted(OSSL_CMP_CTX *ctx, X509 *cert) static int add_untrusted(OSSL_CMP_CTX *ctx, X509 *cert) { - return X509_add_cert(OSSL_CMP_CTX_get0_untrusted_certs(ctx), cert, + return X509_add_cert(OSSL_CMP_CTX_get0_untrusted(ctx), cert, X509_ADD_FLAG_UP_REF); } diff --git a/util/libcrypto.num b/util/libcrypto.num index 25ee44144b..9488ffe1ee 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4770,8 +4770,8 @@ OSSL_CMP_CTX_set1_srvCert ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set1_expected_sender ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set0_trustedStore ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_get0_trustedStore ? 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_untrusted_certs ? 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_get0_untrusted_certs ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_untrusted ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_get0_untrusted ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set1_cert ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set1_pkey ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_build_cert_chain ? 3_0_0 EXIST::FUNCTION:CMP From builds at travis-ci.com Sat Sep 5 17:58:10 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 05 Sep 2020 17:58:10 +0000 Subject: Still Failing: openssl/openssl#37205 (master - 39082af) In-Reply-To: Message-ID: <5f53d1b1afaf0_13f95b971864c12345c@travis-pro-tasks-96bbbcddc-vgn5w.mail> Build Update for openssl/openssl ------------------------------------- Build: #37205 Status: Still Failing Duration: 1 hr, 20 mins, and 2 secs Commit: 39082af (master) Author: Dr. David von Oheimb Message: Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout Also simplify certificate saving in apps/cmp.c Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12790) View the changeset: https://github.com/openssl/openssl/compare/09e76c5dd345...39082af2fa65 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182916007?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Sep 5 18:11:13 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 05 Sep 2020 18:11:13 +0000 Subject: Build completed: openssl master.36666 Message-ID: <20200905181113.1.8528B2FEC4D9FACF@appveyor.com> An HTML attachment was scrubbed... URL: From dev at ddvo.net Sat Sep 5 18:12:02 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Sat, 05 Sep 2020 18:12:02 +0000 Subject: [openssl] master update Message-ID: <1599329522.381625.15436.nullmailer@dev.openssl.org> The branch master has been updated via 076bf8c2c972d01a70ca4146e637dfbe6f35b2fb (commit) from 0b86eefd431dd05a0ba87b2f67a6b99def89b6d5 (commit) - Log ----------------------------------------------------------------- commit 076bf8c2c972d01a70ca4146e637dfbe6f35b2fb Author: Dr. David von Oheimb Date: Thu Sep 3 23:04:48 2020 +0200 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12787) ----------------------------------------------------------------------- Summary of changes: crypto/x509/t_x509.c | 21 +++++++++++++++------ crypto/x509/v3_prn.c | 7 ++++++- include/openssl/x509.h | 1 + 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 199f88857b..f0240f12c3 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -200,9 +200,10 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, } } - if (!(cflag & X509_FLAG_NO_EXTENSIONS)) - X509V3_extensions_print(bp, "X509v3 extensions", - X509_get0_extensions(x), cflag, 8); + if (!(cflag & X509_FLAG_NO_EXTENSIONS) + && !X509V3_extensions_print(bp, "X509v3 extensions", + X509_get0_extensions(x), cflag, 8)) + goto err; if (!(cflag & X509_FLAG_NO_SIGDUMP)) { const X509_ALGOR *sig_alg; @@ -415,7 +416,8 @@ int x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags) if (X509_cmp_current_time(X509_get0_notAfter(cert)) < 0) if (BIO_printf(bio, " no more valid\n") <= 0) return 0; - return X509_print_ex(bio, cert, flags, ~(neg_cflags)); + return X509_print_ex(bio, cert, flags, + ~neg_cflags & ~X509_FLAG_EXTENSIONS_ONLY_KID); } static int print_certs(BIO *bio, const STACK_OF(X509) *certs) @@ -427,8 +429,15 @@ static int print_certs(BIO *bio, const STACK_OF(X509) *certs) for (i = 0; i < sk_X509_num(certs); i++) { X509 *cert = sk_X509_value(certs, i); - if (cert != NULL && !x509_print_ex_brief(bio, cert, 0)) - return 0; + + if (cert != NULL) { + if (!x509_print_ex_brief(bio, cert, 0)) + return 0; + if (!X509V3_extensions_print(bio, NULL, + X509_get0_extensions(cert), + X509_FLAG_EXTENSIONS_ONLY_KID, 8)) + return 0; + } } return 1; } diff --git a/crypto/x509/v3_prn.c b/crypto/x509/v3_prn.c index aa902204f0..4b2ad2685b 100644 --- a/crypto/x509/v3_prn.c +++ b/crypto/x509/v3_prn.c @@ -156,10 +156,15 @@ int X509V3_extensions_print(BIO *bp, const char *title, for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { ASN1_OBJECT *obj; X509_EXTENSION *ex; + ex = sk_X509_EXTENSION_value(exts, i); + obj = X509_EXTENSION_get_object(ex); + if ((flag & X509_FLAG_EXTENSIONS_ONLY_KID) != 0 + && OBJ_obj2nid(obj) != NID_subject_key_identifier + && OBJ_obj2nid(obj) != NID_authority_key_identifier) + continue; if (indent && BIO_printf(bp, "%*s", indent, "") <= 0) return 0; - obj = X509_EXTENSION_get_object(ex); i2a_ASN1_OBJECT(bp, obj); j = X509_EXTENSION_get_critical(ex); if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0) diff --git a/include/openssl/x509.h b/include/openssl/x509.h index d243fda94c..bbe2d62cf9 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -159,6 +159,7 @@ DEFINE_OR_DECLARE_STACK_OF(X509_TRUST) # define X509_FLAG_NO_AUX (1L << 10) # define X509_FLAG_NO_ATTRIBUTES (1L << 11) # define X509_FLAG_NO_IDS (1L << 12) +# define X509_FLAG_EXTENSIONS_ONLY_KID (1L << 13) /* Flags specific to X509_NAME_print_ex() */ From builds at travis-ci.com Sat Sep 5 18:59:01 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 05 Sep 2020 18:59:01 +0000 Subject: Still Failing: openssl/openssl#37206 (master - 15076c2) In-Reply-To: Message-ID: <5f53dff4ade6b_13f95b994c800186184@travis-pro-tasks-96bbbcddc-vgn5w.mail> Build Update for openssl/openssl ------------------------------------- Build: #37206 Status: Still Failing Duration: 1 hr, 27 mins, and 1 sec Commit: 15076c2 (master) Author: Dr. David von Oheimb Message: Strengthen chain building for CMP * Add -own_trusted option to CMP app * Add OSSL_CMP_CTX_build_cert_chain() * Add optional trust store arg to ossl_cmp_build_cert_chain() * Extend the tests in cmp_protect_test.c and the documentation accordingly Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12791) View the changeset: https://github.com/openssl/openssl/compare/39082af2fa65...15076c26d794 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182916075?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Sat Sep 5 20:12:54 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 05 Sep 2020 20:12:54 +0000 Subject: Still Failing: openssl/openssl#37208 (master - 0b86eef) In-Reply-To: Message-ID: <5f53f145ddeaf_13f95b990e4b02394fa@travis-pro-tasks-96bbbcddc-vgn5w.mail> Build Update for openssl/openssl ------------------------------------- Build: #37208 Status: Still Failing Duration: 1 hr, 22 mins, and 48 secs Commit: 0b86eef (master) Author: Dr. David von Oheimb Message: OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12788) View the changeset: https://github.com/openssl/openssl/compare/15076c26d794...0b86eefd431d View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182919743?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Sat Sep 5 21:22:06 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 05 Sep 2020 21:22:06 +0000 Subject: Still Failing: openssl/openssl#37210 (master - 076bf8c) In-Reply-To: Message-ID: <5f54017dc3766_13fd363a9cf10353d3@travis-pro-tasks-677f454f98-hznb2.mail> Build Update for openssl/openssl ------------------------------------- Build: #37210 Status: Still Failing Duration: 1 hr, 36 mins, and 40 secs Commit: 076bf8c (master) Author: Dr. David von Oheimb Message: X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12787) View the changeset: https://github.com/openssl/openssl/compare/0b86eefd431d...076bf8c2c972 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182921917?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kaduk at mit.edu Sun Sep 6 03:30:13 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Sun, 06 Sep 2020 03:30:13 +0000 Subject: [openssl] master update Message-ID: <1599363013.649801.6838.nullmailer@dev.openssl.org> The branch master has been updated via 7f0f88240e181b6c95d55893cbab55e0765a1d89 (commit) via 74eee1bdaa03cfcb3b1df01beff2b6d81a113f58 (commit) via 4b09e19216d5e889b85593dbf45b78a874426d8a (commit) from 076bf8c2c972d01a70ca4146e637dfbe6f35b2fb (commit) - Log ----------------------------------------------------------------- commit 7f0f88240e181b6c95d55893cbab55e0765a1d89 Author: John Baldwin Date: Mon Aug 31 17:13:17 2020 -0700 Slightly abstract ktls_start() to reduce OS-specific #ifdefs. Instead of passing the length in from the caller, compute the length to pass to setsockopt() inside of ktls_start(). This isolates the OS-specific behavior to ktls.h and removes it from the socket BIO implementations. Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12782) commit 74eee1bdaa03cfcb3b1df01beff2b6d81a113f58 Author: John Baldwin Date: Thu Sep 3 10:56:10 2020 -0700 Remove unused dummy functions from ktls.h. The KTLS functions are always used under #ifndef OPENSSL_NO_KTLS, so the dummy functions were never used. Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12782) commit 4b09e19216d5e889b85593dbf45b78a874426d8a Author: John Baldwin Date: Mon Aug 31 17:02:01 2020 -0700 Fix the socket BIO control methods to use ktls_crypto_info_t. This is mostly a cosmetic cleanup I missed when adding the ktls_crypto_info_t type. However, while fixing this I noticed that the changes to extract the size from crypto_info from the wrapper structure for Linux KTLS had not been propagated from bss_sock.c to bss_conn.c, so I've fixed that to use the correct length. Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12782) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_conn.c | 14 +++----------- crypto/bio/bss_sock.c | 17 +++-------------- include/internal/ktls.h | 43 +++++++------------------------------------ 3 files changed, 13 insertions(+), 61 deletions(-) diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 6cff2a99ac..e6972efd8d 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -377,11 +377,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) long ret = 1; BIO_CONNECT *data; # ifndef OPENSSL_NO_KTLS -# ifdef __FreeBSD__ - struct tls_enable *crypto_info; -# else - struct tls12_crypto_info_aes_gcm_128 *crypto_info; -# endif + ktls_crypto_info_t *crypto_info; # endif data = (BIO_CONNECT *)b->ptr; @@ -544,12 +540,8 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) break; # ifndef OPENSSL_NO_KTLS case BIO_CTRL_SET_KTLS: -# ifdef __FreeBSD__ - crypto_info = (struct tls_enable *)ptr; -# else - crypto_info = (struct tls12_crypto_info_aes_gcm_128 *)ptr; -# endif - ret = ktls_start(b->num, crypto_info, sizeof(*crypto_info), num); + crypto_info = (ktls_crypto_info_t *)ptr; + ret = ktls_start(b->num, crypto_info, num); if (ret) BIO_set_ktls_flag(b, num); break; diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index ff2bde7a58..d3eaa6b19e 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -154,12 +154,7 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) long ret = 1; int *ip; # ifndef OPENSSL_NO_KTLS - size_t crypto_info_len; -# ifdef __FreeBSD__ - struct tls_enable *crypto_info; -# else - struct tls_crypto_info_all *crypto_info; -# endif + ktls_crypto_info_t *crypto_info; # endif switch (cmd) { @@ -190,14 +185,8 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) break; # ifndef OPENSSL_NO_KTLS case BIO_CTRL_SET_KTLS: -# ifdef __FreeBSD__ - crypto_info = (struct tls_enable *)ptr; - crypto_info_len = sizeof(*crypto_info); -# else - crypto_info = (struct tls_crypto_info_all *)ptr; - crypto_info_len = crypto_info->tls_crypto_info_len; -# endif - ret = ktls_start(b->num, crypto_info, crypto_info_len, num); + crypto_info = (ktls_crypto_info_t *)ptr; + ret = ktls_start(b->num, crypto_info, num); if (ret) BIO_set_ktls_flag(b, num); break; diff --git a/include/internal/ktls.h b/include/internal/ktls.h index 2af1589f98..fd439b5718 100644 --- a/include/internal/ktls.h +++ b/include/internal/ktls.h @@ -66,15 +66,14 @@ static ossl_inline int ktls_enable(int fd) * as using TLS. If successful, then data received for this socket will * be authenticated and decrypted using the tls_en provided here. */ -static ossl_inline int ktls_start(int fd, - void *tls_en, - size_t len, int is_tx) +static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *tls_en, int is_tx) { if (is_tx) return setsockopt(fd, IPPROTO_TCP, TCP_TXTLS_ENABLE, - tls_en, len) ? 0 : 1; + tls_en, sizeof(*tls_en)) ? 0 : 1; # ifndef OPENSSL_NO_KTLS_RX - return setsockopt(fd, IPPROTO_TCP, TCP_RXTLS_ENABLE, tls_en, len) ? 0 : 1; + return setsockopt(fd, IPPROTO_TCP, TCP_RXTLS_ENABLE, tls_en, + sizeof(*tls_en)) ? 0 : 1; # else return 0; # endif @@ -281,11 +280,11 @@ static ossl_inline int ktls_enable(int fd) * If successful, then data received using this socket will be decrypted, * authenticated and decapsulated using the crypto_info provided here. */ -static ossl_inline int ktls_start(int fd, void *crypto_info, - size_t len, int is_tx) +static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *crypto_info, + int is_tx) { return setsockopt(fd, SOL_TLS, is_tx ? TLS_TX : TLS_RX, - crypto_info, len) ? 0 : 1; + crypto_info, crypto_info->tls_crypto_info_len) ? 0 : 1; } /* @@ -400,33 +399,5 @@ static ossl_inline int ktls_read_record(int fd, void *data, size_t length) # endif /* OPENSSL_NO_KTLS_RX */ # endif /* OPENSSL_SYS_LINUX */ -# else /* OPENSSL_NO_KTLS */ -/* Dummy functions here */ -static ossl_inline int ktls_enable(int fd) -{ - return 0; -} - -static ossl_inline int ktls_start(int fd, void *crypto_info, - size_t len, int is_tx) -{ - return 0; -} - -static ossl_inline int ktls_send_ctrl_message(int fd, unsigned char record_type, - const void *data, size_t length) -{ - return -1; -} - -static ossl_inline int ktls_read_record(int fd, void *data, size_t length) -{ - return -1; -} - -static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off, size_t size, int flags) -{ - return -1; -} # endif /* OPENSSL_NO_KTLS */ #endif /* HEADER_INTERNAL_KTLS */ From no-reply at appveyor.com Sun Sep 6 03:31:45 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 06 Sep 2020 03:31:45 +0000 Subject: Build failed: openssl master.36676 Message-ID: <20200906033145.1.0F7EE47EA310B705@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.com Sun Sep 6 04:47:23 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 06 Sep 2020 04:47:23 +0000 Subject: Still Failing: openssl/openssl#37214 (master - 7f0f882) In-Reply-To: Message-ID: <5f5469dac2be2_13f9977f1cea8110d6@travis-pro-tasks-8cdd78c84-lnpdj.mail> Build Update for openssl/openssl ------------------------------------- Build: #37214 Status: Still Failing Duration: 1 hr, 15 mins, and 48 secs Commit: 7f0f882 (master) Author: John Baldwin Message: Slightly abstract ktls_start() to reduce OS-specific #ifdefs. Instead of passing the length in from the caller, compute the length to pass to setsockopt() inside of ktls_start(). This isolates the OS-specific behavior to ktls.h and removes it from the socket BIO implementations. Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12782) View the changeset: https://github.com/openssl/openssl/compare/076bf8c2c972...7f0f88240e18 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182937895?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Sep 6 05:45:40 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 06 Sep 2020 05:45:40 +0000 Subject: Build completed: openssl master.36677 Message-ID: <20200906054540.1.052C18D575C0C2EF@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Sun Sep 6 06:16:02 2020 From: levitte at openssl.org (Richard Levitte) Date: Sun, 06 Sep 2020 06:16:02 +0000 Subject: [openssl] master update Message-ID: <1599372962.048871.26099.nullmailer@dev.openssl.org> The branch master has been updated via bef763861020f450acbee037f5b02ec656b52ea2 (commit) from 7f0f88240e181b6c95d55893cbab55e0765a1d89 (commit) - Log ----------------------------------------------------------------- commit bef763861020f450acbee037f5b02ec656b52ea2 Author: jwalch Date: Fri Sep 4 15:48:20 2020 -0400 Cleanup deprecation of ENGINE_setup_bsd_cryptodev CLA: trivial Reviewed-by: Ben Kaduk Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12793) ----------------------------------------------------------------------- Summary of changes: include/openssl/engine.h | 2 +- util/libcrypto.num | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/openssl/engine.h b/include/openssl/engine.h index 3af9ecccc9..51260e42a2 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -763,7 +763,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, void *ENGINE_get_static_state(void); # if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) -DEPRECATEDIN_3_0(DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void))) +DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void)) # endif diff --git a/util/libcrypto.num b/util/libcrypto.num index 9488ffe1ee..26a9961d76 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -3189,7 +3189,7 @@ EVP_read_pw_string_min 3254 3_0_0 EXIST::FUNCTION: X509_set1_notBefore 3255 3_0_0 EXIST::FUNCTION: MD4 3256 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD4 EVP_PKEY_CTX_dup 3257 3_0_0 EXIST::FUNCTION: -ENGINE_setup_bsd_cryptodev 3258 3_0_0 EXIST:__FreeBSD__:FUNCTION:DEPRECATEDIN_1_1_0,DEPRECATEDIN_3_0,ENGINE +ENGINE_setup_bsd_cryptodev 3258 3_0_0 EXIST:__FreeBSD__:FUNCTION:DEPRECATEDIN_1_1_0,ENGINE PEM_read_bio_DHparams 3259 3_0_0 EXIST::FUNCTION:DH CMS_SharedInfo_encode 3260 3_0_0 EXIST::FUNCTION:CMS ASN1_OBJECT_create 3261 3_0_0 EXIST::FUNCTION: From no-reply at appveyor.com Sun Sep 6 06:45:23 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 06 Sep 2020 06:45:23 +0000 Subject: Build failed: openssl master.36678 Message-ID: <20200906064523.1.FA06D02D5FEC0919@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.com Sun Sep 6 07:35:08 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 06 Sep 2020 07:35:08 +0000 Subject: Still Failing: openssl/openssl#37216 (master - bef7638) In-Reply-To: Message-ID: <5f54912c63558_13f99766b6878449e6@travis-pro-tasks-8cdd78c84-lnpdj.mail> Build Update for openssl/openssl ------------------------------------- Build: #37216 Status: Still Failing Duration: 1 hr, 17 mins, and 53 secs Commit: bef7638 (master) Author: jwalch Message: Cleanup deprecation of ENGINE_setup_bsd_cryptodev CLA: trivial Reviewed-by: Ben Kaduk Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12793) View the changeset: https://github.com/openssl/openssl/compare/7f0f88240e18...bef763861020 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182941831?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun Sep 6 07:54:26 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 06 Sep 2020 07:54:26 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5f5495b26d203_38bb852aac99780f586404e@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DQxJy_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGl8kiTzQ7uOve1j4wx0nnoT56lg9fCSORS0sb-2BYTRWwpAuRPKomdYFqjRPWhO-2Bgn4A6DbB2SBoKkEOCBwG9KpFj4mCjEea94uWxPAAv9IhBlMx-2BSJzeS9dqOcDfH-2Fj0VM-2FZWEDlsZwXi-2BcgzQtM91Buwi4UgQzosX4EnVj-2FRudF697BF4l8G4i4sePA1b52kY-3D Build ID: 337733 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sun Sep 6 07:56:58 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 06 Sep 2020 07:56:58 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5f549649c50fc_38bcbd2aac99780f58640da@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D513F_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHX375ziR1mIKD6IEmq9dNS27rCye9FQJXL-2F4alftTFx1OwsoSALrzEJ7Qhr5P-2Bbl07e-2BCMjYi5Bjo7Rwi4bNkck72VFJz2TY6lJV8HJPI-2FA4CyK854fR8Rb4haH0h6Q0Vzj-2BvJHb7fJd96bPzbCuP13tI5FJ7grtxKsj-2BVo2q83OMH7OdaAyTnkF3H-2FNXp50U-3D Build ID: 337732 Analysis Summary: New defects found: 0 Defects eliminated: 12 From no-reply at appveyor.com Sun Sep 6 09:00:17 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 06 Sep 2020 09:00:17 +0000 Subject: Build completed: openssl master.36679 Message-ID: <20200906090017.1.052E516A6DEB83C0@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Sun Sep 6 18:57:33 2020 From: levitte at openssl.org (Richard Levitte) Date: Sun, 06 Sep 2020 18:57:33 +0000 Subject: [openssl] master update Message-ID: <1599418653.554193.25160.nullmailer@dev.openssl.org> The branch master has been updated via 6353507e9d4afe666ade7b8fdf0f0e673f57b36c (commit) via d9ea62c2c29340818d254ca45111749959236e50 (commit) from bef763861020f450acbee037f5b02ec656b52ea2 (commit) - Log ----------------------------------------------------------------- commit 6353507e9d4afe666ade7b8fdf0f0e673f57b36c Author: Richard Levitte Date: Thu Jul 9 07:47:12 2020 +0200 DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12389) commit d9ea62c2c29340818d254ca45111749959236e50 Author: Richard Levitte Date: Tue Jul 7 23:36:22 2020 +0200 DOC: Modify one example in EVP_PKEY_fromdata(3) The example to create an EC key from user data didn't show what one could expect and application to do, especially with regard to how it's done with raw EC functions. We therefore refactor it to make proper use of a BIGNUM where expected, and also use OSSL_PARAM_BLD(3) for easier handling of the OSSL_PARAM array. Fixes #12388 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12389) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_PKEY_fromdata.pod | 75 +++++++++++++++++++++++++++--------------- 1 file changed, 48 insertions(+), 27 deletions(-) diff --git a/doc/man3/EVP_PKEY_fromdata.pod b/doc/man3/EVP_PKEY_fromdata.pod index e3e6d89f8c..aaf545d648 100644 --- a/doc/man3/EVP_PKEY_fromdata.pod +++ b/doc/man3/EVP_PKEY_fromdata.pod @@ -110,8 +110,8 @@ TODO Write a set of cookbook documents and link to them. EVP_PKEY *pkey = NULL; if (ctx == NULL - || !EVP_PKEY_key_fromdata_init(ctx) - || !EVP_PKEY_fromdata(ctx, &pkey, params)) + || EVP_PKEY_key_fromdata_init(ctx) <= 0 + || EVP_PKEY_fromdata(ctx, &pkey, params) <= 0) exit(1); /* Do what you want with |pkey| */ @@ -120,33 +120,28 @@ TODO Write a set of cookbook documents and link to them. =head2 Creating an ECC keypair using raw key data #include + #include /* - * These arrays represent large numbers, big endian organization. - * In a real application, these would probably be bignums that get - * converted to the native integer organization with BN_bn2nativepad(). - * We're not doing that here, since this is not an example of BIGNUM - * functionality, but an example of EVP_PKEY_fromdata(). + * Fixed data to represent the private and public key. */ - #ifndef B_ENDIAN - # error "We haven't prepared little endian arrays" - #endif - const unsigned char priv[] = { + const unsigned char priv_data[] = { 0xb9, 0x2f, 0x3c, 0xe6, 0x2f, 0xfb, 0x45, 0x68, 0x39, 0x96, 0xf0, 0x2a, 0xaf, 0x6c, 0xda, 0xf2, 0x89, 0x8a, 0x27, 0xbf, 0x39, 0x9b, 0x7e, 0x54, 0x21, 0xc2, 0xa1, 0xe5, 0x36, 0x12, 0x48, 0x5d }; - const unsigned char pub[] = { - 0x04, 0xcf, 0x20, 0xfb, 0x9a, 0x1d, 0x11, 0x6c, - 0x5e, 0x9f, 0xec, 0x38, 0x87, 0x6c, 0x1d, 0x2f, - 0x58, 0x47, 0xab, 0xa3, 0x9b, 0x79, 0x23, 0xe6, - 0xeb, 0x94, 0x6f, 0x97, 0xdb, 0xa3, 0x7d, 0xbd, - 0xe5, 0x26, 0xca, 0x07, 0x17, 0x8d, 0x26, 0x75, - 0xff, 0xcb, 0x8e, 0xb6, 0x84, 0xd0, 0x24, 0x02, - 0x25, 0x8f, 0xb9, 0x33, 0x6e, 0xcf, 0x12, 0x16, - 0x2f, 0x5c, 0xcd, 0x86, 0x71, 0xa8, 0xbf, 0x1a, - 0x47 + /* UNCOMPRESSED FORMAT */ + const unsigned char pub_data[] = { + POINT_CONVERSION_UNCOMPRESSED, + 0xcf, 0x20, 0xfb, 0x9a, 0x1d, 0x11, 0x6c, 0x5e, + 0x9f, 0xec, 0x38, 0x87, 0x6c, 0x1d, 0x2f, 0x58, + 0x47, 0xab, 0xa3, 0x9b, 0x79, 0x23, 0xe6, 0xeb, + 0x94, 0x6f, 0x97, 0xdb, 0xa3, 0x7d, 0xbd, 0xe5, + 0x26, 0xca, 0x07, 0x17, 0x8d, 0x26, 0x75, 0xff, + 0xcb, 0x8e, 0xb6, 0x84, 0xd0, 0x24, 0x02, 0x25, + 0x8f, 0xb9, 0x33, 0x6e, 0xcf, 0x12, 0x16, 0x2f, + 0x5c, 0xcd, 0x86, 0x71, 0xa8, 0xbf, 0x1a, 0x47 }; const OSSL_PARAM params[] = { OSSL_PARAM_utf8_string("group", "prime256v1"), @@ -157,15 +152,41 @@ TODO Write a set of cookbook documents and link to them. int main() { - EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); + EVP_PKEY_CTX *ctx; EVP_PKEY *pkey = NULL; - + BIGNUM *priv; + OSSL_PARAM_BLD *param_bld; + OSSL_PARAM *params = NULL; + int exitcode = 0; + + priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL); + + param_bld = OSSL_PARAM_BLD_new(); + if (priv != NULL && param_bld != NULL + && OSSL_PARAM_BLD_push_utf8_string(param_bld, "group", + "prime256v1", 0); + && OSSL_PARAM_BLD_push_BN(param_bld, "priv", priv); + && OSSL_PARAM_BLD_push_octet_string(param_bld, "pub", + pub_data, sizeof(pub_data))) + params = OSSL_PARAM_BLD_to_param(param_bld); + + ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); if (ctx == NULL - || !EVP_PKEY_key_fromdata_init(ctx) - || !EVP_PKEY_fromdata(ctx, &pkey, params)) - exit(1); + || params != NULL + || EVP_PKEY_key_fromdata_init(ctx) <= 0 + || EVP_PKEY_fromdata(ctx, &pkey, params) <= 0) { + exitcode = 1; + } else { + /* Do what you want with |pkey| */ + } - /* Do what you want with |pkey| */ + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(ctx); + OSSL_PARAM_BLD_free_params(params); + OSSL_PARAM_BLD_free(param_bld); + BN_free(priv); + + exit(exitcode); } =head2 Finding out params for an unknown key type From builds at travis-ci.com Sun Sep 6 20:47:58 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 06 Sep 2020 20:47:58 +0000 Subject: Still Failing: openssl/openssl#37224 (master - 6353507) In-Reply-To: Message-ID: <5f554afe2d61d_13fae31cb4c7846249@travis-pro-tasks-67689b4dd4-wcn9g.mail> Build Update for openssl/openssl ------------------------------------- Build: #37224 Status: Still Failing Duration: 1 hr, 17 mins, and 50 secs Commit: 6353507 (master) Author: Richard Levitte Message: DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12389) View the changeset: https://github.com/openssl/openssl/compare/bef763861020...6353507e9d4a View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/182970295?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Sun Sep 6 23:49:19 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sun, 06 Sep 2020 23:49:19 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1599436159.921496.6914.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 8097E236E37F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 8037C5D5977F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 8037C5D5977F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=211, Tests=3145, 1417 wallclock secs (12.38 usr 1.78 sys + 1239.82 cusr 162.11 csys = 1416.09 CPU) Result: FAIL Makefile:2550: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:2548: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Sep 7 01:38:40 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 07 Sep 2020 01:38:40 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1599442720.875829.12913.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=211, Tests=3423, 721 wallclock secs (13.75 usr 1.28 sys + 656.04 cusr 61.89 csys = 732.96 CPU) Result: FAIL Makefile:3170: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3168: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Sep 7 04:13:43 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 07 Sep 2020 04:13:43 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1599452023.851526.5656.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_ctx_test-bin-ssl_ctx_test.d.tmp -MT test/ssl_ctx_test-bin-ssl_ctx_test.o -c -o test/ssl_ctx_test-bin-ssl_ctx_test.o ../openssl/test/ssl_ctx_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-handshake_helper.d.tmp -MT test/ssl_test-bin-handshake_helper.o -c -o test/ssl_test-bin-handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-ssl_test.d.tmp -MT test/ssl_test-bin-ssl_test.o -c -o test/ssl_test-bin-ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-ssl_test_ctx.d.tmp -MT test/ssl_test-bin-ssl_test_ctx.o -c -o test/ssl_test-bin-ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test_ctx_test-bin-ssl_test_ctx.d.tmp -MT test/ssl_test_ctx_test-bin-ssl_test_ctx.o -c -o test/ssl_test_ctx_test-bin-ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test_ctx_test-bin-ssl_test_ctx_test.d.tmp -MT test/ssl_test_ctx_test-bin-ssl_test_ctx_test.o -c -o test/ssl_test_ctx_test-bin-ssl_test_ctx_test.o ../openssl/test/ssl_test_ctx_test.c clang -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslapitest-bin-filterprov.d.tmp -MT test/sslapitest-bin-filterprov.o -c -o test/sslapitest-bin-filterprov.o ../openssl/test/filterprov.c clang -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslapitest-bin-sslapitest.d.tmp -MT test/sslapitest-bin-sslapitest.o -c -o test/sslapitest-bin-sslapitest.o ../openssl/test/sslapitest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslapitest-bin-ssltestlib.d.tmp -MT test/sslapitest-bin-ssltestlib.o -c -o test/sslapitest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslapitest-bin-tls-provider.d.tmp -MT test/sslapitest-bin-tls-provider.o -c -o test/sslapitest-bin-tls-provider.o ../openssl/test/tls-provider.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslbuffertest-bin-sslbuffertest.d.tmp -MT test/sslbuffertest-bin-sslbuffertest.o -c -o test/sslbuffertest-bin-sslbuffertest.o ../openssl/test/sslbuffertest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslbuffertest-bin-ssltestlib.d.tmp -MT test/sslbuffertest-bin-ssltestlib.o -c -o test/sslbuffertest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslcorrupttest-bin-sslcorrupttest.d.tmp -MT test/sslcorrupttest-bin-sslcorrupttest.o -c -o test/sslcorrupttest-bin-sslcorrupttest.o ../openssl/test/sslcorrupttest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslcorrupttest-bin-ssltestlib.d.tmp -MT test/sslcorrupttest-bin-ssltestlib.o -c -o test/sslcorrupttest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssltest_old-bin-ssltest_old.d.tmp -MT test/ssltest_old-bin-ssltest_old.o -c -o test/ssltest_old-bin-ssltest_old.o ../openssl/test/ssltest_old.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/stack_test-bin-stack_test.d.tmp -MT test/stack_test-bin-stack_test.o -c -o test/stack_test-bin-stack_test.o ../openssl/test/stack_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sysdefaulttest-bin-sysdefaulttest.d.tmp -MT test/sysdefaulttest-bin-sysdefaulttest.o -c -o test/sysdefaulttest-bin-sysdefaulttest.o ../openssl/test/sysdefaulttest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/test_test-bin-test_test.d.tmp -MT test/test_test-bin-test_test.o -c -o test/test_test-bin-test_test.o ../openssl/test/test_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/threadstest-bin-threadstest.d.tmp -MT test/threadstest-bin-threadstest.o -c -o test/threadstest-bin-threadstest.o ../openssl/test/threadstest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/time_offset_test-bin-time_offset_test.d.tmp -MT test/time_offset_test-bin-time_offset_test.o -c -o test/time_offset_test-bin-time_offset_test.o ../openssl/test/time_offset_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/tls13ccstest-bin-ssltestlib.d.tmp -MT test/tls13ccstest-bin-ssltestlib.o -c -o test/tls13ccstest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/tls13ccstest-bin-tls13ccstest.d.tmp -MT test/tls13ccstest-bin-tls13ccstest.o -c -o test/tls13ccstest-bin-tls13ccstest.o ../openssl/test/tls13ccstest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/tls13encryptiontest-bin-tls13encryptiontest.d.tmp -MT test/tls13encryptiontest-bin-tls13encryptiontest.o -c -o test/tls13encryptiontest-bin-tls13encryptiontest.o ../openssl/test/tls13encryptiontest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -DOPENSSL_NO_KTLS -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/tls13secretstest-bin-packet.d.tmp -MT crypto/tls13secretstest-bin-packet.o -c -o crypto/tls13secretstest-bin-packet.o ../openssl/crypto/packet.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -DOPENSSL_NO_KTLS -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF ssl/tls13secretstest-bin-tls13_enc.d.tmp -MT ssl/tls13secretstest-bin-tls13_enc.o -c -o ssl/tls13secretstest-bin-tls13_enc.o ../openssl/ssl/tls13_enc.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -DOPENSSL_NO_KTLS -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/tls13secretstest-bin-tls13secretstest.d.tmp -MT test/tls13secretstest-bin-tls13secretstest.o -c -o test/tls13secretstest-bin-tls13secretstest.o ../openssl/test/tls13secretstest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/uitest-bin-apps_ui.d.tmp -MT apps/lib/uitest-bin-apps_ui.o -c -o apps/lib/uitest-bin-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/uitest-bin-uitest.d.tmp -MT test/uitest-bin-uitest.o -c -o test/uitest-bin-uitest.o ../openssl/test/uitest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/v3ext-bin-v3ext.d.tmp -MT test/v3ext-bin-v3ext.o -c -o test/v3ext-bin-v3ext.o ../openssl/test/v3ext.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/v3nametest-bin-v3nametest.d.tmp -MT test/v3nametest-bin-v3nametest.o -c -o test/v3nametest-bin-v3nametest.o ../openssl/test/v3nametest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/verify_extra_test-bin-verify_extra_test.d.tmp -MT test/verify_extra_test-bin-verify_extra_test.o -c -o test/verify_extra_test-bin-verify_extra_test.o ../openssl/test/verify_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/versions-bin-versions.d.tmp -MT test/versions-bin-versions.o -c -o test/versions-bin-versions.o ../openssl/test/versions.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/wpackettest-bin-wpackettest.d.tmp -MT test/wpackettest-bin-wpackettest.o -c -o test/wpackettest-bin-wpackettest.o ../openssl/test/wpackettest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509_check_cert_pkey_test-bin-x509_check_cert_pkey_test.d.tmp -MT test/x509_check_cert_pkey_test-bin-x509_check_cert_pkey_test.o -c -o test/x509_check_cert_pkey_test-bin-x509_check_cert_pkey_test.o ../openssl/test/x509_check_cert_pkey_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509_dup_cert_test-bin-x509_dup_cert_test.d.tmp -MT test/x509_dup_cert_test-bin-x509_dup_cert_test.o -c -o test/x509_dup_cert_test-bin-x509_dup_cert_test.o ../openssl/test/x509_dup_cert_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509_internal_test-bin-x509_internal_test.d.tmp -MT test/x509_internal_test-bin-x509_internal_test.o -c -o test/x509_internal_test-bin-x509_internal_test.o ../openssl/test/x509_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509_time_test-bin-x509_time_test.d.tmp -MT test/x509_time_test-bin-x509_time_test.o -c -o test/x509_time_test-bin-x509_time_test.o ../openssl/test/x509_time_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509aux-bin-x509aux.d.tmp -MT test/x509aux-bin-x509aux.o -c -o test/x509aux-bin-x509aux.o ../openssl/test/x509aux.c /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/apps/CA.pl.in > "apps/CA.pl" /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/apps/tsget.in > "apps/tsget.pl" /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/tools/c_rehash.in > "tools/c_rehash" /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/util/shlib_wrap.sh.in > "util/shlib_wrap.sh" chmod a+x apps/CA.pl ar r apps/libapps.a apps/lib/libapps-lib-app_params.o apps/lib/libapps-lib-app_provider.o apps/lib/libapps-lib-app_rand.o apps/lib/libapps-lib-app_x509.o apps/lib/libapps-lib-apps.o apps/lib/libapps-lib-apps_ui.o apps/lib/libapps-lib-columns.o apps/lib/libapps-lib-fmt.o apps/lib/libapps-lib-http_server.o apps/lib/libapps-lib-names.o apps/lib/libapps-lib-opt.o apps/lib/libapps-lib-s_cb.o apps/lib/libapps-lib-s_socket.o ar: creating apps/libapps.a ranlib apps/libapps.a || echo Never mind. clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aes-x86_64.o crypto/aes/aes-x86_64.s chmod a+x apps/tsget.pl clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-mb-x86_64.o crypto/aes/aesni-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-sha1-x86_64.o crypto/aes/aesni-sha1-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-sha256-x86_64.o crypto/aes/aesni-sha256-x86_64.s chmod a+x tools/c_rehash clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-x86_64.o crypto/aes/aesni-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-bsaes-x86_64.o crypto/aes/bsaes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-vpaes-x86_64.o crypto/aes/vpaes-x86_64.s chmod a+x util/shlib_wrap.sh clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-rsaz-avx2.o crypto/bn/rsaz-avx2.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-rsaz-x86_64.o crypto/bn/rsaz-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-gf2m.o crypto/bn/x86_64-gf2m.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-mont.o crypto/bn/x86_64-mont.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-mont5.o crypto/bn/x86_64-mont5.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/camellia/libcrypto-lib-cmll-x86_64.o crypto/camellia/cmll-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/chacha/libcrypto-lib-chacha-x86_64.o crypto/chacha/chacha-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/ec/libcrypto-lib-ecp_nistz256-x86_64.o crypto/ec/ecp_nistz256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/ec/libcrypto-lib-x25519-x86_64.o crypto/ec/x25519-x86_64.s clang -Icrypto -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/libcrypto-lib-cversion.d.tmp -MT crypto/libcrypto-lib-cversion.o -c -o crypto/libcrypto-lib-cversion.o ../openssl/crypto/cversion.c clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/libcrypto-lib-x86_64cpuid.o crypto/x86_64cpuid.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/md5/libcrypto-lib-md5-x86_64.o crypto/md5/md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/modes/libcrypto-lib-aesni-gcm-x86_64.o crypto/modes/aesni-gcm-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/modes/libcrypto-lib-ghash-x86_64.o crypto/modes/ghash-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/poly1305/libcrypto-lib-poly1305-x86_64.o crypto/poly1305/poly1305-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/rc4/libcrypto-lib-rc4-md5-x86_64.o crypto/rc4/rc4-md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/rc4/libcrypto-lib-rc4-x86_64.o crypto/rc4/rc4-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-keccak1600-x86_64.o crypto/sha/keccak1600-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha1-mb-x86_64.o crypto/sha/sha1-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha1-x86_64.o crypto/sha/sha1-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha256-mb-x86_64.o crypto/sha/sha256-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha256-x86_64.o crypto/sha/sha256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha512-x86_64.o crypto/sha/sha512-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/whrlpool/libcrypto-lib-wp-x86_64.o crypto/whrlpool/wp-x86_64.s clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/encode_decode/libimplementations-lib-encoder_rsa.d.tmp -MT providers/implementations/encode_decode/libimplementations-lib-encoder_rsa.o -c -o providers/implementations/encode_decode/libimplementations-lib-encoder_rsa.o ../openssl/providers/implementations/encode_decode/encoder_rsa.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/kdfs/libimplementations-lib-x942kdf.d.tmp -MT providers/implementations/kdfs/libimplementations-lib-x942kdf.o -c -o providers/implementations/kdfs/libimplementations-lib-x942kdf.o ../openssl/providers/implementations/kdfs/x942kdf.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/signature/libimplementations-lib-dsa.d.tmp -MT providers/implementations/signature/libimplementations-lib-dsa.o -c -o providers/implementations/signature/libimplementations-lib-dsa.o ../openssl/providers/implementations/signature/dsa.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_digests_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_digests_gen.o -c -o providers/common/der/libnonfips-lib-der_digests_gen.o providers/common/der/der_digests_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_gen.o -c -o providers/common/der/libnonfips-lib-der_dsa_gen.o providers/common/der/der_dsa_gen.c ../openssl/providers/implementations/kdfs/x942kdf.c:438:21: error: no previous extern declaration for non-static variable 'kdf_x942_kdf_functions' [-Werror,-Wmissing-variable-declarations] const OSSL_DISPATCH kdf_x942_kdf_functions[] = { ^ 1 error generated. clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_key.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_key.o -c -o providers/common/der/libnonfips-lib-der_dsa_key.o ../openssl/providers/common/der/der_dsa_key.c Makefile:21497: recipe for target 'providers/implementations/kdfs/libimplementations-lib-x942kdf.o' failed make[1]: *** [providers/implementations/kdfs/libimplementations-lib-x942kdf.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-cms' Makefile:3130: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Mon Sep 7 06:23:31 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 07 Sep 2020 06:23:31 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1599459811.668390.20853.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): C0C0C16C197F0000:error::asn1 encoding routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:105: Unable to load private key for CMP client certificate cmp_main:../openssl/apps/cmp.c:2886:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2728:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2326:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:691:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 1 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. Could not open file or uri test.cert.pem for loading CMP client certificate (optionally with chain) Could not read any cert of CMP client certificate (optionally with chain) from test.cert.pem C010B9D4DC7F0000:error::asn1 encoding routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:105: C010B9D4DC7F0000:error::STORE routines:ossl_store_get0_loader_int:unregistered scheme:../openssl/crypto/store/store_register.c:240:scheme=file C010B9D4DC7F0000:error::system library:file_open:No such file or directory:../openssl/providers/implementations/storemgmt/file_store.c:278:calling stat(test.cert.pem) cmp_main:../openssl/apps/cmp.c:2886:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2728:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2326:CMP warning: argument of -proxy option is empty string, resetting option # setup_client_ctx:../openssl/apps/cmp.c:1952:CMP warning: -subject '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf' given, which overrides the subject of 'test.cert.pem' in KUR # warn_cert_msg:../openssl/apps/cmp.c:691:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 1 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. Could not open file or uri test.cert.pem for loading CMP client certificate (optionally with chain) Could not read any cert of CMP client certificate (optionally with chain) from test.cert.pem C000DA043D7F0000:error::asn1 encoding routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:105: C000DA043D7F0000:error::STORE routines:ossl_store_get0_loader_int:unregistered scheme:../openssl/crypto/store/store_register.c:240:scheme=file C000DA043D7F0000:error::system library:file_open:No such file or directory:../openssl/providers/implementations/storemgmt/file_store.c:278:calling stat(test.cert.pem) cmp_main:../openssl/apps/cmp.c:2886:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2728:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2326:CMP warning: argument of -proxy option is empty string, resetting option # opt_str:../openssl/apps/cmp.c:2326:CMP warning: argument of -subject option is empty string, resetting option # opt_str:../openssl/apps/cmp.c:2326:CMP warning: argument of -secret option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:691:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 1 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ # Looks like you failed 31 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-des/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 30-test_evp.t (Wstat: 768 Tests: 84 Failed: 3) Failed tests: 12, 36, 69 Non-zero exit status: 3 30-test_evp_kdf.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=211, Tests=3411, 710 wallclock secs (13.96 usr 1.48 sys + 642.89 cusr 58.72 csys = 717.05 CPU) Result: FAIL Makefile:3131: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' Makefile:3129: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Sep 7 06:45:22 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 07 Sep 2020 06:45:22 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1599461122.067594.8337.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=211, Tests=3557, 690 wallclock secs (13.55 usr 1.35 sys + 611.54 cusr 59.84 csys = 686.28 CPU) Result: FAIL Makefile:3198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Sep 7 07:07:29 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 07 Sep 2020 07:07:29 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh Message-ID: <1599462449.188386.28666.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. skipped: dh is not supported by this OpenSSL build 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. skipped: dh is not supported by this OpenSSL build 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 30-test_evp.t (Wstat: 512 Tests: 84 Failed: 2) Failed tests: 20, 44 Non-zero exit status: 2 Files=211, Tests=3544, 689 wallclock secs (13.91 usr 1.43 sys + 608.99 cusr 64.40 csys = 688.73 CPU) Result: FAIL Makefile:3163: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dh' Makefile:3161: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Mon Sep 7 07:24:34 2020 From: levitte at openssl.org (Richard Levitte) Date: Mon, 07 Sep 2020 07:24:34 +0000 Subject: [openssl] master update Message-ID: <1599463474.810104.9829.nullmailer@dev.openssl.org> The branch master has been updated via 385deae79f26dd685339d3141a06d04d6bd753cd (commit) from 6353507e9d4afe666ade7b8fdf0f0e673f57b36c (commit) - Log ----------------------------------------------------------------- commit 385deae79f26dd685339d3141a06d04d6bd753cd Author: Richard Levitte Date: Sun Aug 23 18:33:57 2020 +0200 Building: Build Unix static libraries one object file at a time We're hitting problems that the 'ar' command line becomes too long for some 'make' versions, or the shell it uses. We therefore change the way we create a static library by doing so one object file at a time. This is slower, but has better guarantees to work properly on limited systems. Fixes #12116 Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/12706) ----------------------------------------------------------------------- Summary of changes: Configurations/00-base-templates.conf | 2 +- Configurations/unix-Makefile.tmpl | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf index 821a211cc8..340e789326 100644 --- a/Configurations/00-base-templates.conf +++ b/Configurations/00-base-templates.conf @@ -66,7 +66,7 @@ my %targets=( template => 1, AR => "ar", - ARFLAGS => "r", + ARFLAGS => "qc", CC => "cc", lflags => sub { $withargs{zlib_lib} ? "-L".$withargs{zlib_lib} : () }, diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index ff4803be74..ff37aa0290 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -1508,11 +1508,16 @@ EOF my %args = @_; my $lib = platform->staticlib($args{lib}); my @objs = map { platform->obj($_) } @{$args{objs}}; - my $objs = join(" \\\n" . ' ' x (length($lib) + 2), + my $deps = join(" \\\n" . ' ' x (length($lib) + 2), fill_lines(' ', $COLUMNS - length($lib) - 2, @objs)); + my $max_per_call = 250; + my @objs_grouped; + push @objs_grouped, join(" ", splice @objs, 0, $max_per_call) while @objs; + my $fill_lib = + join("\n\t", (map { "\$(AR) \$(ARFLAGS) $lib $_" } @objs_grouped)); return <<"EOF"; -$lib: $objs - \$(AR) \$(ARFLAGS) \$\@ \$\? +$lib: $deps + $fill_lib \$(RANLIB) \$\@ || echo Never mind. EOF } From openssl at openssl.org Mon Sep 7 07:28:17 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 07 Sep 2020 07:28:17 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1599463697.634918.13870.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 30-test_evp.t (Wstat: 512 Tests: 84 Failed: 2) Failed tests: 15, 39 Non-zero exit status: 2 Files=211, Tests=3478, 654 wallclock secs (13.03 usr 1.19 sys + 591.11 cusr 59.52 csys = 664.85 CPU) Result: FAIL Makefile:3168: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dsa' Makefile:3166: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Mon Sep 7 07:45:03 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 07 Sep 2020 07:45:03 +0000 Subject: Build failed: openssl master.36694 Message-ID: <20200907074503.1.06E2E02E2AFAF369@appveyor.com> An HTML attachment was scrubbed... URL: From shane.lontis at oracle.com Mon Sep 7 07:49:43 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Mon, 07 Sep 2020 07:49:43 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1599464983.075674.13750.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 309e73dfe067b3b774ef6f57bf665f41373a81ca (commit) from 56456c3404b0ec27f93816d951ff7a58827481f0 (commit) - Log ----------------------------------------------------------------- commit 309e73dfe067b3b774ef6f57bf665f41373a81ca Author: Shane Lontis Date: Mon Sep 7 17:44:38 2020 +1000 Coverity Fixes x_algor.c: Explicit null dereferenced cms_sd.c: Resource leak ts_rsp_sign.c Resource Leak extensions_srvr.c: Resourse Leak v3_alt.c: Resourse Leak pcy_data.c: Resource Leak cms_lib.c: Resource Leak drbg_lib.c: Unchecked return code Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12531) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/x_algor.c | 12 ++++++++---- crypto/cms/cms_lib.c | 3 ++- crypto/cms/cms_sd.c | 4 +++- crypto/rand/drbg_lib.c | 8 +++++--- crypto/ts/ts_rsp_sign.c | 2 ++ crypto/x509v3/pcy_data.c | 1 + crypto/x509v3/v3_alt.c | 1 + ssl/statem/extensions_srvr.c | 2 +- 8 files changed, 23 insertions(+), 10 deletions(-) diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index e13daf849b..2046d8f3cf 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -110,13 +110,17 @@ int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src) if ((dest->algorithm = OBJ_dup(src->algorithm)) == NULL) return 0; - if (src->parameter) + if (src->parameter) { + dest->parameter = ASN1_TYPE_new(); + if (dest->parameter == NULL) + return 0; + /* Assuming this is also correct for a BOOL. * set does copy as a side effect. */ if (ASN1_TYPE_set1(dest->parameter, - src->parameter->type, src->parameter->value.ptr) == 0) - return 0; - + src->parameter->type, src->parameter->value.ptr) == 0) + return 0; + } return 1; } diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index 57afba4361..cdd794e211 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -92,12 +92,13 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) default: CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE); - return NULL; + goto err; } if (cmsbio) return BIO_push(cmsbio, cont); +err: if (!icont) BIO_free(cont); return NULL; diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 29ba4c1b13..6030f07181 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -897,8 +897,10 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, ASN1_INTEGER *key = NULL; if (keysize > 0) { key = ASN1_INTEGER_new(); - if (key == NULL || !ASN1_INTEGER_set(key, keysize)) + if (key == NULL || !ASN1_INTEGER_set(key, keysize)) { + ASN1_INTEGER_free(key); return 0; + } } alg = X509_ALGOR_new(); if (alg == NULL) { diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index faf0590c6c..73fd4394a3 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -330,7 +330,7 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter); if (drbg->reseed_next_counter) { drbg->reseed_next_counter++; - if(!drbg->reseed_next_counter) + if (!drbg->reseed_next_counter) drbg->reseed_next_counter = 1; } @@ -432,7 +432,7 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg, drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter); if (drbg->reseed_next_counter) { drbg->reseed_next_counter++; - if(!drbg->reseed_next_counter) + if (!drbg->reseed_next_counter) drbg->reseed_next_counter = 1; } @@ -554,7 +554,9 @@ int rand_drbg_restart(RAND_DRBG *drbg, drbg->meth->reseed(drbg, adin, adinlen, NULL, 0); } else if (reseeded == 0) { /* do a full reseeding if it has not been done yet above */ - RAND_DRBG_reseed(drbg, NULL, 0, 0); + if (!RAND_DRBG_reseed(drbg, NULL, 0, 0)) { + RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_RESEED_ERROR); + } } } diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 041a187da6..342582f024 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -57,12 +57,14 @@ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data) goto err; if (!ASN1_INTEGER_set(serial, 1)) goto err; + return serial; err: TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE); TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, "Error during serial number generation."); + ASN1_INTEGER_free(serial); return NULL; } diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c index 0735059513..62db3b48e2 100644 --- a/crypto/x509v3/pcy_data.c +++ b/crypto/x509v3/pcy_data.c @@ -52,6 +52,7 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE); + ASN1_OBJECT_free(id); return NULL; } ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index 7ac2911b91..0bcee334a8 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -275,6 +275,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) num = sk_GENERAL_NAME_num(ialt); if (!sk_GENERAL_NAME_reserve(gens, num)) { X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE); + sk_GENERAL_NAME_free(ialt); goto err; } diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 3b07c6b940..3c7395c0eb 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1151,7 +1151,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, if (sesstmp == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR); - return 0; + goto err; } SSL_SESSION_free(sess); sess = sesstmp; From shane.lontis at oracle.com Mon Sep 7 08:09:42 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Mon, 07 Sep 2020 08:09:42 +0000 Subject: [openssl] master update Message-ID: <1599466182.783072.19105.nullmailer@dev.openssl.org> The branch master has been updated via 4348995b0d818203f37ffa51c9bdf4488cf24bad (commit) from 385deae79f26dd685339d3141a06d04d6bd753cd (commit) - Log ----------------------------------------------------------------- commit 4348995b0d818203f37ffa51c9bdf4488cf24bad Author: luxinyou Date: Mon Sep 7 18:06:45 2020 +1000 Fix memory leaks in conf_def.c Fixes #12471 CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12533) ----------------------------------------------------------------------- Summary of changes: crypto/conf/conf_def.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 1d34519d1a..5475429abd 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -442,11 +442,13 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) if (biosk == NULL) { if ((biosk = sk_BIO_new_null()) == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); + BIO_free(next); goto err; } } if (!sk_BIO_push(biosk, in)) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); + BIO_free(next); goto err; } /* continue with reading from the included BIO */ From shane.lontis at oracle.com Mon Sep 7 08:14:41 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Mon, 07 Sep 2020 08:14:41 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1599466481.535257.20843.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 526cf60408e1a356ec712b6c88a88864fdbe73af (commit) from 309e73dfe067b3b774ef6f57bf665f41373a81ca (commit) - Log ----------------------------------------------------------------- commit 526cf60408e1a356ec712b6c88a88864fdbe73af Author: luxinyou Date: Mon Sep 7 18:06:45 2020 +1000 Fix memory leaks in conf_def.c Fixes #12471 CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12533) (cherry picked from commit 4348995b0d818203f37ffa51c9bdf4488cf24bad) ----------------------------------------------------------------------- Summary of changes: crypto/conf/conf_def.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index ca76fa3679..72669b15f9 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -376,11 +376,13 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) if (biosk == NULL) { if ((biosk = sk_BIO_new_null()) == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); + BIO_free(next); goto err; } } if (!sk_BIO_push(biosk, in)) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); + BIO_free(next); goto err; } /* continue with reading from the included BIO */ From openssl at openssl.org Mon Sep 7 08:44:39 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 07 Sep 2020 08:44:39 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1599468279.323683.25696.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 30-test_evp.t (Wstat: 2048 Tests: 84 Failed: 8) Failed tests: 16-17, 21, 23, 40-41, 45, 47 Non-zero exit status: 8 Files=211, Tests=2558, 557 wallclock secs (12.70 usr 1.17 sys + 500.55 cusr 53.42 csys = 567.84 CPU) Result: FAIL Makefile:3180: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' Makefile:3178: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Mon Sep 7 08:52:47 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 07 Sep 2020 08:52:47 +0000 Subject: Build completed: openssl master.36695 Message-ID: <20200907085247.1.5175D4B9869F95B2@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.com Mon Sep 7 10:28:48 2020 From: builds at travis-ci.com (Travis CI) Date: Mon, 07 Sep 2020 10:28:48 +0000 Subject: Still Failing: openssl/openssl#37234 (master - 385deae) In-Reply-To: Message-ID: <5f560b601696d_13fb0b91bd4c0624854@travis-pro-tasks-556464d5d8-q2hjc.mail> Build Update for openssl/openssl ------------------------------------- Build: #37234 Status: Still Failing Duration: 1 hr, 19 mins, and 6 secs Commit: 385deae (master) Author: Richard Levitte Message: Building: Build Unix static libraries one object file at a time We're hitting problems that the 'ar' command line becomes too long for some 'make' versions, or the shell it uses. We therefore change the way we create a static library by doing so one object file at a time. This is slower, but has better guarantees to work properly on limited systems. Fixes #12116 Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/12706) View the changeset: https://github.com/openssl/openssl/compare/6353507e9d4a...385deae79f26 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183062975?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Sep 7 10:33:35 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 07 Sep 2020 10:33:35 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine Message-ID: <1599474815.083410.24909.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -certs -noout ../../../../openssl/test/testcrl.pem => 1 not ok 410 - Checking that -certs returns 0 objects on a CRL file # ------------------------------------------------------------------------------ # Failed test 'Checking that -certs returns 0 objects on a CRL file' # at ../openssl/test/recipes/90-test_store.t line 208. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -crls -noout ../../../../openssl/test/testx509.pem => 1 not ok 411 - Checking that -crls returns 0 objects on a certificate file # ------------------------------------------------------------------------------ # Failed test 'Checking that -crls returns 0 objects on a certificate file' # at ../openssl/test/recipes/90-test_store.t line 212. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -crls -noout ../../../../openssl/test/testcrl.pem => 1 not ok 412 - Checking that -crls returns 1 object on a CRL file # ------------------------------------------------------------------------------ # Failed test 'Checking that -crls returns 1 object on a CRL file' # at ../openssl/test/recipes/90-test_store.t line 215. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1 not ok 413 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 226. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -subject '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' rehash => 1 not ok 414 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 229. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -certs -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1 not ok 415 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 233. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -crls -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1 not ok 416 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 236. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -certs -subject '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' rehash => 1 not ok 417 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 239. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -crls -subject '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' rehash => 1 not ok 418 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 243. # Looks like you failed 157 tests of 418.90-test_store.t .................... Dubious, test returned 157 (wstat 40192, 0x9d00) Failed 157/418 subtests 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 20-test_pkeyutl.t (Wstat: 512 Tests: 11 Failed: 2) Failed tests: 1-2 Non-zero exit status: 2 25-test_req.t (Wstat: 768 Tests: 16 Failed: 3) Failed tests: 11-12, 14 Non-zero exit status: 3 90-test_store.t (Wstat: 40192 Tests: 418 Failed: 157) Failed tests: 216-220, 222-226, 228-232, 234-238, 240-244 246-248, 250-252, 254-256, 258-260, 262-264 266-268, 270-272, 274-276, 278-280, 282-284 286-288, 290-292, 294-296, 298-300, 302-304 306-308, 310-312, 314-316, 318-320, 322-324 326-328, 330-332, 334-336, 338-340, 342-344 346-348, 350-352, 354-356, 358-360, 362-364 366-368, 370-372, 374-376, 378-380, 382-384 386-388, 390-392, 394-396, 398-402, 405-407 409-418 Non-zero exit status: 157 Files=211, Tests=3368, 657 wallclock secs ( 9.88 usr 1.06 sys + 605.47 cusr 51.40 csys = 667.81 CPU) Result: FAIL Makefile:3149: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-engine' Makefile:3147: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Sep 7 11:27:05 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 07 Sep 2020 11:27:05 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1599478025.828867.23310.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=211, Tests=3423, 707 wallclock secs (13.62 usr 1.24 sys + 641.43 cusr 63.80 csys = 720.09 CPU) Result: FAIL Makefile:3189: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3187: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Mon Sep 7 12:53:03 2020 From: builds at travis-ci.com (Travis CI) Date: Mon, 07 Sep 2020 12:53:03 +0000 Subject: Still Failing: openssl/openssl#37239 (master - 4348995) In-Reply-To: Message-ID: <5f562d2ec2c39_13fc9ca6b17cc16418d@travis-pro-tasks-5697676796-vlxcz.mail> Build Update for openssl/openssl ------------------------------------- Build: #37239 Status: Still Failing Duration: 1 hr, 21 mins, and 47 secs Commit: 4348995 (master) Author: luxinyou Message: Fix memory leaks in conf_def.c Fixes #12471 CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12533) View the changeset: https://github.com/openssl/openssl/compare/385deae79f26...4348995b0d81 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183071879?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Sep 7 18:40:27 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 07 Sep 2020 18:40:27 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console Message-ID: <1599504027.600969.14709.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui-console/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=211, Tests=3560, 720 wallclock secs (12.66 usr 1.25 sys + 621.52 cusr 58.14 csys = 693.57 CPU) Result: FAIL Makefile:3179: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui-console' Makefile:3177: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Sep 7 20:54:14 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 07 Sep 2020 20:54:14 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1599512054.532307.5396.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): # Failed test 'unprotected request' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. # Looks like you failed 3 tests of 38. not ok 5 - CMP app CLI Mock credentials # ------------------------------------------------------------------------------ # cmp_main:../openssl/apps/cmp.c:2728:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2326:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:691:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:2051:CMP info: will contact http://127.0.0.1:1700/pkix/ # ASN1_get_object:../openssl/crypto/asn1/asn1_lib.c:105:CMP error: header too long # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2098:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout test.cert.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # ------------------------------------------------------------------------------ # cmp_main:../openssl/apps/cmp.c:2728:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2326:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:691:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:2051:CMP info: will contact http://127.0.0.1:1700/pkix/ # ASN1_get_object:../openssl/crypto/asn1/asn1_lib.c:105:CMP error: header too long # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2098:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout test.cert.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # ------------------------------------------------------------------------------ # Failed test 'popo NONE' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. # cmp_main:../openssl/apps/cmp.c:2728:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2326:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:691:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:2051:CMP info: will contact http://127.0.0.1:1700/pkix/ # ASN1_get_object:../openssl/crypto/asn1/asn1_lib.c:105:CMP error: header too long # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2098:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout test.cert.pem -out_trusted root.crt => 0 not ok 48 - popo KEYENC not supported # ------------------------------------------------------------------------------ # Looks like you failed 3 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 3 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 768 Tests: 7 Failed: 3) Failed tests: 4-5, 7 Non-zero exit status: 3 Files=211, Tests=3019, 600 wallclock secs ( 9.93 usr 1.27 sys + 533.41 cusr 53.47 csys = 598.08 CPU) Result: FAIL Makefile:2425: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:2423: recipe for target 'tests' failed make: *** [tests] Error 2 From pauli at openssl.org Mon Sep 7 23:03:55 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 07 Sep 2020 23:03:55 +0000 Subject: [openssl] master update Message-ID: <1599519835.713635.1251.nullmailer@dev.openssl.org> The branch master has been updated via 884baafba4a5fec6502b828a73188d7133b9179b (commit) from 4348995b0d818203f37ffa51c9bdf4488cf24bad (commit) - Log ----------------------------------------------------------------- commit 884baafba4a5fec6502b828a73188d7133b9179b Author: Jon Spillett Date: Thu Sep 3 14:02:48 2020 +1000 Use return code for 'which command' checks Reviewed-by: Shane Lontis Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12775) ----------------------------------------------------------------------- Summary of changes: test/recipes/81-test_cmp_cli.t | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/recipes/81-test_cmp_cli.t b/test/recipes/81-test_cmp_cli.t index 8c4f0f920a..fa70c84981 100644 --- a/test/recipes/81-test_cmp_cli.t +++ b/test/recipes/81-test_cmp_cli.t @@ -37,9 +37,9 @@ plan skip_all => "Tests involving CMP server not available on Windows or VMS" plan skip_all => "Tests involving CMP server not available in cross-compile builds" if defined $ENV{EXE_SHELL}; plan skip_all => "Tests involving CMP server require 'kill' command" - unless `which kill`; + if system("which kill"); plan skip_all => "Tests involving CMP server require 'lsof' command" - unless `which lsof`; # this typically excludes Solaris + if system("which lsof"); # this typically excludes Solaris sub chop_dblquot { # chop any leading & trailing '"' (needed for Windows) my $str = shift; From builds at travis-ci.com Tue Sep 8 00:21:09 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 08 Sep 2020 00:21:09 +0000 Subject: Still Failing: openssl/openssl#37264 (master - 884baaf) In-Reply-To: Message-ID: <5f56ce704cc8f_13f81217b6a881036666@travis-pro-tasks-7b8949fb95-b2fk6.mail> Build Update for openssl/openssl ------------------------------------- Build: #37264 Status: Still Failing Duration: 1 hr, 15 mins, and 54 secs Commit: 884baaf (master) Author: Jon Spillett Message: Use return code for 'which command' checks Reviewed-by: Shane Lontis Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12775) View the changeset: https://github.com/openssl/openssl/compare/4348995b0d81...884baafba4a5 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183241492?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Sep 8 02:28:16 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 08 Sep 2020 02:28:16 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1599532096.703825.21628.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EncryptedData_decrypt.3 doc/man/man3/CMS_EncryptedData_encrypt.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_data_create.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_digest_create.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_CTX_get_iv.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_certreq.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_DECODER.3 doc/man/man3/OSSL_DECODER_CTX.3 doc/man/man3/OSSL_DECODER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_DECODER_from_bio.3 doc/man/man3/OSSL_ENCODER.3 doc/man/man3/OSSL_ENCODER_CTX.3 doc/man/man3/OSSL_ENCODER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_ENCODER_to_bio.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_X509_INFO_read_bio_with_libctx.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_create_cert.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_SAFEBAG_get1_cert.3 doc/man/man3/PKCS12_add1_attr_by_NID.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_cert.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_add_safe.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_get0_primary.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_ASN1.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_ASN1.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_add_cert.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-PKCS12KDF.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-HMAC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-HMAC.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-base.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-encoder.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-object.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-signature.7 doc/man/man7/provider-storemgmt.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_core_object test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_decoder test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_encoder test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/defltfips_test test/destest test/dhtest test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/endecode_test test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkcs12_format_test test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_status_test test/provider_test test/rand_status_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/loader_attic.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/loader_attic.ld engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/der/der_wrap_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/common/include/prov/der_wrap.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_core_object.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_decoder.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_encoder.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha7-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4180: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3147: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Tue Sep 8 03:11:45 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 08 Sep 2020 03:11:45 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-rc2 Message-ID: <1599534705.814140.28757.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-rc2 Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok Could not read any cert of certificates from -in file from ../../../openssl/test/certs/v3-certs-RC2.p12 C010E1DBC87F0000:error::asn1 encoding routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:105: ../../util/wrap.pl ../../apps/openssl pkcs12 -export -in ../../../openssl/test/certs/v3-certs-RC2.p12 -passin 'pass:v3-certs' -provider default -provider legacy -nokeys -passout 'pass:v3-certs' -descert -out tmp.p12 => 1 not ok 5 - test_pkcs12_passcert # ------------------------------------------------------------------------------ # Failed test 'test_pkcs12_passcert' # at ../openssl/test/recipes/80-test_pkcs12.t line 93. # Looks like you failed 1 test of 5.80-test_pkcs12.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/5 subtests 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_pkcs12.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=211, Tests=3535, 705 wallclock secs (13.35 usr 1.16 sys + 634.81 cusr 65.73 csys = 715.05 CPU) Result: FAIL Makefile:3182: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-rc2' Makefile:3180: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Tue Sep 8 04:28:03 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 08 Sep 2020 04:28:03 +0000 Subject: [openssl] master update Message-ID: <1599539283.293834.3110.nullmailer@dev.openssl.org> The branch master has been updated via 08497fc64f688a91d421de74a8498aff33573485 (commit) via 20d56d6d62d98c3b2649afd2d20e0c2cc39afce1 (commit) via 509144964ba69b69a90269da52a2dc3acb3149e6 (commit) from 884baafba4a5fec6502b828a73188d7133b9179b (commit) - Log ----------------------------------------------------------------- commit 08497fc64f688a91d421de74a8498aff33573485 Author: Richard Levitte Date: Fri Sep 4 10:52:20 2020 +0200 Fix test/evp_extra_test.c Because EVP_PKEY_CTX_new_from_name() could return a non-NULL context with no value in it, the lack of legacy implementation when OpenSSL was configured with 'no-ec' went through undetected. This adds the necessary guards to skip a test of SM2 in that case. Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/12785) commit 20d56d6d62d98c3b2649afd2d20e0c2cc39afce1 Author: Richard Levitte Date: Thu Sep 3 12:42:43 2020 +0200 EVP: Don't shadow EVP_PKEY_CTX_new* error records There are places that add an ERR_R_MALLOC_FAILURE record when any of EVP_PKEY_CTX_new*() return NULL, which is 1) inaccurate, and 2) shadows the more accurate error record generated when trying to create the EVP_PKEY_CTX. Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/12785) commit 509144964ba69b69a90269da52a2dc3acb3149e6 Author: Richard Levitte Date: Wed Sep 2 09:30:42 2020 +0200 EVP: Preserve the EVP_PKEY id in a few more spots As long as there are internal legacy keys for EVP_PKEY, we need to preserve the EVP_PKEY numeric identity when generating a key, and when creating the EVP_PKEY_CTX. For added consistency, the EVP_PKEY_CTX contructor tries a little harder to find a EVP_PKEY_METHOD. Otherwise, we may run into situations where the EVP_PKEY_CTX ends up having no associated methods at all. Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/12785) ----------------------------------------------------------------------- Summary of changes: crypto/evp/p_lib.c | 95 ++++++++++++++++++---------------- crypto/evp/pmeth_gn.c | 6 +++ crypto/evp/pmeth_lib.c | 136 ++++++++++++++++++++++++++++++++----------------- include/crypto/evp.h | 3 ++ test/evp_extra_test.c | 52 ++++++++++++++----- 5 files changed, 189 insertions(+), 103 deletions(-) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index fd2a6c5abc..fec4e2d43b 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -606,10 +606,8 @@ static EVP_PKEY *new_cmac_key_int(const unsigned char *priv, size_t len, } ctx = EVP_PKEY_CTX_new_from_name(libctx, "CMAC", propq); - if (ctx == NULL) { - EVPerr(0, ERR_R_MALLOC_FAILURE); + if (ctx == NULL) goto err; - } if (!EVP_PKEY_key_fromdata_init(ctx)) { EVPerr(0, EVP_R_KEY_SETUP_FAILED); @@ -988,51 +986,62 @@ int EVP_PKEY_base_id(const EVP_PKEY *pkey) return EVP_PKEY_type(pkey->type); } +#ifndef FIPS_MODULE +int evp_pkey_name2type(const char *name) +{ + /* + * These hard coded cases are pure hackery to get around the fact + * that names in crypto/objects/objects.txt are a mess. There is + * no "EC", and "RSA" leads to the NID for 2.5.8.1.1, an OID that's + * fallen out in favor of { pkcs-1 1 }, i.e. 1.2.840.113549.1.1.1, + * the NID of which is used for EVP_PKEY_RSA. Strangely enough, + * "DSA" is accurate... but still, better be safe and hard-code + * names that we know. + * On a similar topic, EVP_PKEY_type(EVP_PKEY_SM2) will result in + * EVP_PKEY_EC, because of aliasing. + * TODO Clean this away along with all other #legacy support. + */ + int type = NID_undef; + + if (strcasecmp(name, "RSA") == 0) + type = EVP_PKEY_RSA; + else if (strcasecmp(name, "RSA-PSS") == 0) + type = EVP_PKEY_RSA_PSS; + else if (strcasecmp(name, "EC") == 0) + type = EVP_PKEY_EC; + else if (strcasecmp(name, "ED25519") == 0) + type = EVP_PKEY_ED25519; + else if (strcasecmp(name, "ED448") == 0) + type = EVP_PKEY_ED448; + else if (strcasecmp(name, "X25519") == 0) + type = EVP_PKEY_X25519; + else if (strcasecmp(name, "X448") == 0) + type = EVP_PKEY_X448; + else if (strcasecmp(name, "SM2") == 0) + type = EVP_PKEY_SM2; + else if (strcasecmp(name, "DH") == 0) + type = EVP_PKEY_DH; + else if (strcasecmp(name, "X9.42 DH") == 0) + type = EVP_PKEY_DHX; + else if (strcasecmp(name, "DSA") == 0) + type = EVP_PKEY_DSA; + + if (type == NID_undef) + type = EVP_PKEY_type(OBJ_sn2nid(name)); + if (type == NID_undef) + type = EVP_PKEY_type(OBJ_ln2nid(name)); + + return type; +} +#endif + int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name) { #ifndef FIPS_MODULE if (pkey->keymgmt == NULL) { - /* - * These hard coded cases are pure hackery to get around the fact - * that names in crypto/objects/objects.txt are a mess. There is - * no "EC", and "RSA" leads to the NID for 2.5.8.1.1, an OID that's - * fallen out in favor of { pkcs-1 1 }, i.e. 1.2.840.113549.1.1.1, - * the NID of which is used for EVP_PKEY_RSA. Strangely enough, - * "DSA" is accurate... but still, better be safe and hard-code - * names that we know. - * TODO Clean this away along with all other #legacy support. - */ - int type; + int type = evp_pkey_name2type(name); - if (strcasecmp(name, "RSA") == 0) - type = EVP_PKEY_RSA; - else if (strcasecmp(name, "RSA-PSS") == 0) - type = EVP_PKEY_RSA_PSS; -#ifndef OPENSSL_NO_EC - else if (strcasecmp(name, "EC") == 0) - type = EVP_PKEY_EC; - else if (strcasecmp(name, "ED25519") == 0) - type = EVP_PKEY_ED25519; - else if (strcasecmp(name, "ED448") == 0) - type = EVP_PKEY_ED448; - else if (strcasecmp(name, "X25519") == 0) - type = EVP_PKEY_X25519; - else if (strcasecmp(name, "X448") == 0) - type = EVP_PKEY_X448; -#endif -#ifndef OPENSSL_NO_DH - else if (strcasecmp(name, "DH") == 0) - type = EVP_PKEY_DH; - else if (strcasecmp(name, "X9.42 DH") == 0) - type = EVP_PKEY_DHX; -#endif -#ifndef OPENSSL_NO_DSA - else if (strcasecmp(name, "DSA") == 0) - type = EVP_PKEY_DSA; -#endif - else - type = EVP_PKEY_type(OBJ_sn2nid(name)); - return EVP_PKEY_type(pkey->type) == type; + return pkey->type == type; } #endif return EVP_KEYMGMT_is_a(pkey->keymgmt, name); diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 3096828678..b8dad20abd 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -212,6 +212,12 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) evp_pkey_free_legacy(*ppkey); #endif + /* + * Because we still have legacy keys, and evp_pkey_downgrade() + * TODO remove this #legacy internal keys are gone + */ + (*ppkey)->type = ctx->legacy_keytype; + /* TODO remove when SM2 key have been cleanly separated from EC keys */ #ifdef TMP_SM2_HACK /* diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index aef7c39a20..7f144b0afc 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -121,22 +121,36 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; return pmeth; } + +static void help_get_legacy_alg_type_from_keymgmt(const char *keytype, + void *arg) +{ + int *type = arg; + + if (*type == NID_undef) + *type = evp_pkey_name2type(keytype); +} + +static int get_legacy_alg_type_from_keymgmt(const EVP_KEYMGMT *keymgmt) +{ + int type = NID_undef; + + EVP_KEYMGMT_names_do_all(keymgmt, help_get_legacy_alg_type_from_keymgmt, + &type); + return type; +} #endif /* FIPS_MODULE */ static int is_legacy_alg(int id, const char *keytype) { #ifndef FIPS_MODULE /* Certain EVP_PKEY keytypes are only available in legacy form */ - if (id == -1) { - id = OBJ_sn2nid(keytype); - if (id == NID_undef) - id = OBJ_ln2nid(keytype); - if (id == NID_undef) - return 0; - } + if (id == -1) + id = evp_pkey_name2type(keytype); + switch (id) { /* - * TODO(3.0): Remove SM2 and DHX when they are converted to have provider + * TODO(3.0): Remove SM2 when they are converted to have provider * support */ case EVP_PKEY_SM2: @@ -155,19 +169,12 @@ static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx, int id) { - EVP_PKEY_CTX *ret; + EVP_PKEY_CTX *ret = NULL; const EVP_PKEY_METHOD *pmeth = NULL; EVP_KEYMGMT *keymgmt = NULL; /* - * When using providers, the context is bound to the algo implementation - * later. - */ - if (pkey == NULL && e == NULL && id == -1) - goto common; - - /* - * If the internal key is provided, we extract the keytype from its + * If the given |pkey| is provided, we extract the keytype from its * keymgmt and skip over the legacy code. */ if (pkey != NULL && evp_pkey_is_provided(pkey)) { @@ -177,14 +184,24 @@ static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx, keytype = evp_first_name(pkey->keymgmt->prov, pkey->keymgmt->name_id); goto common; } + #ifndef FIPS_MODULE - /* TODO(3.0) Legacy code should be removed when all is provider based */ + /* + * TODO(3.0) This legacy code section should be removed when we stop + * supporting engines + */ /* BEGIN legacy */ if (id == -1) { - if (pkey == NULL) - return NULL; - id = pkey->type; + if (pkey != NULL) + id = pkey->type; + else if (keytype != NULL) + id = evp_pkey_name2type(keytype); + if (id == NID_undef) + id = -1; } + /* If no ID was found here, we can only resort to find a keymgmt */ + if (id == -1) + goto common; /* * Here, we extract what information we can for the purpose of @@ -219,24 +236,11 @@ static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx, * If an ENGINE handled this method look it up. Otherwise use internal * tables. */ - if (e != NULL) { + if (e != NULL) pmeth = ENGINE_get_pkey_meth(e, id); - /* - * We are supposed to use an engine, so no point in looking for a - * provided implementation. If pmeth is NULL here we just fail. - */ - if (pmeth == NULL) { - ENGINE_finish(e); - EVPerr(EVP_F_INT_CTX_NEW, EVP_R_UNSUPPORTED_ALGORITHM); - return NULL; - } - } else + else # endif pmeth = EVP_PKEY_meth_find(id); - /* - * if pmeth is NULL here we can keep trying to see if we have a provided - * implementation below. - */ /* END legacy */ #endif /* FIPS_MODULE */ @@ -248,33 +252,71 @@ static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx, if (e == NULL && keytype != NULL) { int legacy = is_legacy_alg(id, keytype); - if (legacy) { - /* This could fail so ignore errors */ + /* This could fail so ignore errors */ + if (legacy) ERR_set_mark(); - } keymgmt = EVP_KEYMGMT_fetch(libctx, keytype, propquery); - if (legacy) { + if (legacy) ERR_pop_to_mark(); - } else if (keymgmt == NULL) { - EVPerr(EVP_F_INT_CTX_NEW, EVP_R_FETCH_FAILED); - return NULL; + else if (keymgmt == NULL) + return NULL; /* EVP_KEYMGMT_fetch() recorded an error */ + +#ifndef FIPS_MODULE + /* + * Chase down the legacy NID, as that might be needed for diverse + * purposes, such as ensure that EVP_PKEY_type() can return sensible + * values, or that there's a better chance to "downgrade" a key when + * needed. We go through all keymgmt names, because the keytype + * that's passed to this function doesn't necessarily translate + * directly. + * TODO: Remove this when #legacy keys are gone. + */ + if (keymgmt != NULL) { + int tmp_id = get_legacy_alg_type_from_keymgmt(keymgmt); + + if (tmp_id != NID_undef) { + if (id == -1) { + id = tmp_id; + } else { + /* + * It really really shouldn't differ. If it still does, + * something is very wrong. + */ + if (!ossl_assert(id == tmp_id)) { + EVPerr(EVP_F_INT_CTX_NEW, ERR_R_INTERNAL_ERROR); + EVP_KEYMGMT_free(keymgmt); + return NULL; + } + } + } } +#endif + } + + if (pmeth == NULL && keymgmt == NULL) { + EVPerr(EVP_F_INT_CTX_NEW, EVP_R_UNSUPPORTED_ALGORITHM); + } else { + ret = OPENSSL_zalloc(sizeof(*ret)); + if (ret == NULL) + EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE); } - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) { - EVP_KEYMGMT_free(keymgmt); #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) + if ((ret == NULL || pmeth == NULL) && e != NULL) ENGINE_finish(e); #endif - EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE); + + if (ret == NULL) { + EVP_KEYMGMT_free(keymgmt); return NULL; } + ret->libctx = libctx; ret->propquery = propquery; ret->keytype = keytype; ret->keymgmt = keymgmt; + ret->legacy_keytype = id; /* TODO: Remove when #legacy key are gone */ ret->engine = e; ret->pmeth = pmeth; ret->operation = EVP_PKEY_OP_UNDEFINED; diff --git a/include/crypto/evp.h b/include/crypto/evp.h index b00634234c..43ecc79f52 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -62,6 +62,8 @@ struct evp_pkey_ctx_st { /* Legacy fields below */ + /* EVP_PKEY identity */ + int legacy_keytype; /* Method associated with this operation */ const EVP_PKEY_METHOD *pmeth; /* Engine that implements this method or NULL if builtin */ @@ -766,6 +768,7 @@ int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); EVP_MD_CTX *evp_md_ctx_new_with_libctx(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, OPENSSL_CTX *libctx, const char *propq); +int evp_pkey_name2type(const char *name); #endif /* !defined(FIPS_MODULE) */ void evp_method_store_flush(OPENSSL_CTX *libctx); int evp_set_default_properties_int(OPENSSL_CTX *libctx, const char *propq, diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index f62e26c290..94b95eeac8 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1803,14 +1803,19 @@ static int test_keygen_with_empty_template(int n) /* * Test that we fail if we attempt to use an algorithm that is not available - * in the current library context (unless we are using an algorithm that should - * be made available via legacy codepaths). + * in the current library context (unless we are using an algorithm that + * should be made available via legacy codepaths). + * + * 0: RSA + * 1: SM2 */ static int test_pkey_ctx_fail_without_provider(int tst) { OPENSSL_CTX *tmpctx = OPENSSL_CTX_new(); OSSL_PROVIDER *nullprov = NULL; EVP_PKEY_CTX *pctx = NULL; + const char *keytype = NULL; + int expect_null = 0; int ret = 0; if (!TEST_ptr(tmpctx)) @@ -1820,21 +1825,42 @@ static int test_pkey_ctx_fail_without_provider(int tst) if (!TEST_ptr(nullprov)) goto err; - pctx = EVP_PKEY_CTX_new_from_name(tmpctx, tst == 0 ? "RSA" : "SM2", ""); - - /* RSA is not available via any provider so we expect this to fail */ - if (tst == 0 && !TEST_ptr_null(pctx)) - goto err; - /* - * SM2 is always available because it is implemented via legacy codepaths - * and not in a provider at all. We expect this to pass. - * TODO(3.0): This can be removed once there are no more algorithms - * available via legacy codepaths + * We check for certain algos in the null provider. + * If an algo is expected to have a provider keymgmt, contructing an + * EVP_PKEY_CTX is expected to fail (return NULL). + * Otherwise, if it's expected to have legacy support, contructing an + * EVP_PKEY_CTX is expected to succeed (return non-NULL). */ - if (tst == 1 && !TEST_ptr(pctx)) + switch (tst) { + case 0: + keytype = "RSA"; + expect_null = 1; + break; + case 1: + keytype = "SM2"; + expect_null = 0; /* TODO: change to 1 when we have a SM2 keymgmt */ +#ifdef OPENSSL_NO_EC + TEST_info("EC disable, skipping SM2 check..."); + goto end; +#endif +#ifdef OPENSSL_NO_SM2 + TEST_info("SM2 disable, skipping SM2 check..."); + goto end; +#endif + break; + default: + TEST_error("No test for case %d", tst); + goto err; + } + + pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, ""); + if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx)) goto err; +#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2) + end: +#endif ret = 1; err: From beldmit at gmail.com Tue Sep 8 06:15:24 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Tue, 08 Sep 2020 06:15:24 +0000 Subject: [openssl] master update Message-ID: <1599545724.363520.19087.nullmailer@dev.openssl.org> The branch master has been updated via ea0add4a822749d620714a4660eedd86a91e8e1b (commit) from 08497fc64f688a91d421de74a8498aff33573485 (commit) - Log ----------------------------------------------------------------- commit ea0add4a822749d620714a4660eedd86a91e8e1b Author: Dmitry Belyavskiy Date: Thu Sep 3 16:47:19 2020 +0300 New GOST PKCS12 standard support Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12780) ----------------------------------------------------------------------- Summary of changes: crypto/pkcs12/p12_decr.c | 50 +++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 45 insertions(+), 5 deletions(-) diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c index b9d13d9cf5..32e5597e06 100644 --- a/crypto/pkcs12/p12_decr.c +++ b/crypto/pkcs12/p12_decr.c @@ -24,13 +24,14 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, unsigned char *out = NULL; int outlen, i; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); + int max_out_len, mac_len = 0; if (ctx == NULL) { PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE); goto err; } - /* Decrypt data */ + /* Process data */ if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, algor->parameter, ctx, en_de)) { PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, @@ -38,8 +39,37 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, goto err; } - if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(ctx))) - == NULL) { + /* + * GOST algorithm specifics: + * OMAC algorithm calculate and encrypt MAC of the encrypted objects + * It's appended to encrypted text on encrypting + * MAC should be processed on decrypting separately from plain text + */ + max_out_len = inlen + EVP_CIPHER_CTX_block_size(ctx); + if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) { + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, 0, &mac_len) < 0) { + PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_INTERNAL_ERROR); + goto err; + } + + if (EVP_CIPHER_CTX_encrypting(ctx)) { + max_out_len += mac_len; + } else { + if (inlen < mac_len) { + PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, + PKCS12_R_UNSUPPORTED_PKCS12_MODE); + goto err; + } + inlen -= mac_len; + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + (int)mac_len, (unsigned char *)in+inlen) < 0) { + PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_INTERNAL_ERROR); + goto err; + } + } + } + + if ((out = OPENSSL_malloc(max_out_len)) == NULL) { PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -60,6 +90,16 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, goto err; } outlen += i; + if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, + (int)mac_len, out+outlen) < 0) { + PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_INTERNAL_ERROR); + goto err; + } + outlen += mac_len; + } + } if (datalen) *datalen = outlen; if (data) @@ -79,10 +119,10 @@ void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf) { - unsigned char *out; + unsigned char *out = NULL; const unsigned char *p; void *ret; - int outlen; + int outlen = 0; if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length, &out, &outlen, 0)) { From builds at travis-ci.com Tue Sep 8 06:36:44 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 08 Sep 2020 06:36:44 +0000 Subject: Still Failing: openssl/openssl#37271 (master - 08497fc) In-Reply-To: Message-ID: <5f57267c53d75_13ffba08cb15454966d@travis-pro-tasks-79bdccc9c5-6p5sz.mail> Build Update for openssl/openssl ------------------------------------- Build: #37271 Status: Still Failing Duration: 1 hr, 21 mins, and 42 secs Commit: 08497fc (master) Author: Richard Levitte Message: Fix test/evp_extra_test.c Because EVP_PKEY_CTX_new_from_name() could return a non-NULL context with no value in it, the lack of legacy implementation when OpenSSL was configured with 'no-ec' went through undetected. This adds the necessary guards to skip a test of SM2 in that case. Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/12785) View the changeset: https://github.com/openssl/openssl/compare/884baafba4a5...08497fc64f68 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183277598?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Sep 8 07:02:13 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 08 Sep 2020 07:02:13 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1599548533.316629.26443.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EncryptedData_decrypt.3 doc/man/man3/CMS_EncryptedData_encrypt.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_data_create.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_digest_create.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_CTX_get_iv.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_certreq.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_DECODER.3 doc/man/man3/OSSL_DECODER_CTX.3 doc/man/man3/OSSL_DECODER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_DECODER_from_bio.3 doc/man/man3/OSSL_ENCODER.3 doc/man/man3/OSSL_ENCODER_CTX.3 doc/man/man3/OSSL_ENCODER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_ENCODER_to_bio.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_X509_INFO_read_bio_with_libctx.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_create_cert.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_SAFEBAG_get1_cert.3 doc/man/man3/PKCS12_add1_attr_by_NID.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_cert.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_add_safe.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_get0_primary.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_ASN1.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_ASN1.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_add_cert.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-PKCS12KDF.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-HMAC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-HMAC.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-base.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-encoder.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-object.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-signature.7 doc/man/man7/provider-storemgmt.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_core_object test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_decoder test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_encoder test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/defltfips_test test/destest test/dhtest test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/endecode_test test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkcs12_format_test test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_status_test test/provider_test test/rand_status_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/loader_attic.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/loader_attic.ld engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/der/der_wrap_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/common/include/prov/der_wrap.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_core_object.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_decoder.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_encoder.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha7-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4186: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3153: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From builds at travis-ci.com Tue Sep 8 08:42:22 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 08 Sep 2020 08:42:22 +0000 Subject: Still Failing: openssl/openssl#37275 (master - ea0add4) In-Reply-To: Message-ID: <5f5743ee30b1_13f904febe1541461ea@travis-pro-tasks-859b489b-q88lb.mail> Build Update for openssl/openssl ------------------------------------- Build: #37275 Status: Still Failing Duration: 1 hr, 16 mins, and 35 secs Commit: ea0add4 (master) Author: Dmitry Belyavskiy Message: New GOST PKCS12 standard support Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12780) View the changeset: https://github.com/openssl/openssl/compare/08497fc64f68...ea0add4a8227 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183290832?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Sep 8 10:09:06 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 08 Sep 2020 10:09:06 +0000 Subject: [openssl] master update Message-ID: <1599559746.799929.15545.nullmailer@dev.openssl.org> The branch master has been updated via 8d6481f532ab8c502de2ad17e09f688abb675a71 (commit) via b968945204130620b1328f585610cbe1d6b5a69e (commit) via 86df26b3943509219057ae87f8764b3c15e0d8b8 (commit) from ea0add4a822749d620714a4660eedd86a91e8e1b (commit) - Log ----------------------------------------------------------------- commit 8d6481f532ab8c502de2ad17e09f688abb675a71 Author: Richard Levitte Date: Fri Sep 4 18:00:29 2020 +0200 EVP: Move the functions and controls for setting and getting distid Those functions were located in the EC files, but is really broader than that, even thought currently only used for SM2. They should therefore be in a more central location, which was also indicated by diverse TODOs. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12789) commit b968945204130620b1328f585610cbe1d6b5a69e Author: Richard Levitte Date: Thu Sep 3 07:22:00 2020 +0200 EVP: Expand the use of EVP_PKEY_CTX_md() Setting a hash function was reserved for signature operations. However, it turns out that SM2 uses a hash function for encryption and decryption as well. Therefore, EVP_PKEY_CTX_md() must be called with an expanded operation type combination that includes EVP_PKEY_OP_TYPE_CRYPT when used in a generic way. For SM2, test/recipes/30-test_evp_data/evppkey_sm2.txt is expanded to test decryption both with an implicit and an explicit digest. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12789) commit 86df26b3943509219057ae87f8764b3c15e0d8b8 Author: Richard Levitte Date: Wed Sep 2 15:54:13 2020 +0200 EVP: Add support for delayed EVP_PKEY operation parameters They get called "delayed parameters" because they may make it to the implementation at a later time than when they're given. This currently only covers the distinguished ID, as that's the only EVP_PKEY operation parameter so far that has been possible to give before the operation has been initialized. This includes a re-implementation of EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id(), and EVP_PKEY_CTX_get1_id_len(). Also, the more rigorous controls of keytype and optype are restored. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12789) ----------------------------------------------------------------------- Summary of changes: crypto/evp/m_sigver.c | 13 +- crypto/evp/pmeth_lib.c | 369 ++++++++++++++++++++++---- crypto/evp/signature.c | 9 +- include/crypto/evp.h | 21 ++ include/openssl/core_names.h | 1 + include/openssl/ec.h | 16 -- include/openssl/evp.h | 8 +- test/recipes/30-test_evp_data/evppkey_sm2.txt | 6 + util/libcrypto.num | 3 + 9 files changed, 376 insertions(+), 70 deletions(-) diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 0278d9ca09..a60d6e770b 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -204,7 +204,8 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, mdname, provkey); } - return ret ? 1 : 0; + goto end; + err: evp_pkey_ctx_free_old_ops(locpctx); locpctx->operation = EVP_PKEY_OP_UNDEFINED; @@ -279,7 +280,15 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, if (ctx->pctx->pmeth->digest_custom != NULL) ctx->pctx->flag_call_digest_custom = 1; - return 1; + ret = 1; + + end: +#ifndef FIPS_MODULE + if (ret > 0) + ret = evp_pkey_ctx_use_cached_data(locpctx); +#endif + + return ret > 0 ? 1 : 0; } int EVP_DigestSignInit_with_libctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 7f144b0afc..e557e14e18 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -33,6 +33,14 @@ #ifndef FIPS_MODULE +static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx, + int keytype, int optype, + int cmd, const char *name, + const void *data, size_t data_len); +static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX *ctx, + int cmd, const char *name); +static void evp_pkey_ctx_free_all_cached_data(EVP_PKEY_CTX *ctx); + typedef const EVP_PKEY_METHOD *(*pmeth_fn)(void); typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); @@ -122,6 +130,29 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) return pmeth; } +/* Three possible states: */ +# define EVP_PKEY_STATE_UNKNOWN 0 +# define EVP_PKEY_STATE_LEGACY 1 +# define EVP_PKEY_STATE_PROVIDER 2 + +static int evp_pkey_ctx_state(EVP_PKEY_CTX *ctx) +{ + if (ctx->operation == EVP_PKEY_OP_UNDEFINED) + return EVP_PKEY_STATE_UNKNOWN; + + if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx) + && ctx->op.kex.exchprovctx != NULL) + || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) + && ctx->op.sig.sigprovctx != NULL) + || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) + && ctx->op.ciph.ciphprovctx != NULL) + || (EVP_PKEY_CTX_IS_GEN_OP(ctx) + && ctx->op.keymgmt.genctx != NULL)) + return EVP_PKEY_STATE_PROVIDER; + + return EVP_PKEY_STATE_LEGACY; +} + static void help_get_legacy_alg_type_from_keymgmt(const char *keytype, void *arg) { @@ -388,6 +419,9 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) ctx->pmeth->cleanup(ctx); evp_pkey_ctx_free_old_ops(ctx); +#ifndef FIPS_MODULE + evp_pkey_ctx_free_all_cached_data(ctx); +#endif EVP_KEYMGMT_free(ctx->keymgmt); EVP_PKEY_free(ctx->pkey); @@ -1065,9 +1099,100 @@ int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key, key, keylen); } +int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX *ctx, const void *id, int len) +{ + OSSL_PARAM params[2], *p = params; + int ret; + + if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } + + *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_DIST_ID, + /* + * Cast away the const. This is + * read only so should be safe + */ + (void *)id, (size_t)len); + *p++ = OSSL_PARAM_construct_end(); + + ret = evp_pkey_ctx_set_params_strict(ctx, params); + if (ret == -2) + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + return ret; +} + +int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, const void *id, int len) +{ + return EVP_PKEY_CTX_ctrl(ctx, -1, -1, + EVP_PKEY_CTRL_SET1_ID, (int)len, (void*)(id)); +} + +static int get1_id_data(EVP_PKEY_CTX *ctx, void *id, size_t *id_len) +{ + int ret; + void *tmp_id = NULL; + OSSL_PARAM params[2], *p = params; + + if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } + + *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_PKEY_PARAM_DIST_ID, + &tmp_id, 0); + *p++ = OSSL_PARAM_construct_end(); + + ret = evp_pkey_ctx_get_params_strict(ctx, params); + if (ret == -2) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + } else if (ret > 0) { + size_t tmp_id_len = params[0].return_size; + + if (id != NULL) + memcpy(id, tmp_id, tmp_id_len); + if (id_len != NULL) + *id_len = tmp_id_len; + } + return ret; +} + +int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX *ctx, void *id) +{ + return get1_id_data(ctx, id, NULL); +} + +int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX *ctx, size_t *id_len) +{ + return get1_id_data(ctx, NULL, id_len); +} + +int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id) +{ + return EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_GET1_ID, 0, (void*)id); +} + +int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len) +{ + return EVP_PKEY_CTX_ctrl(ctx, -1, -1, + EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)id_len); +} + static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2) { + switch (cmd) { + case EVP_PKEY_CTRL_SET1_ID: + return evp_pkey_ctx_set1_id_prov(ctx, p2, p1); + case EVP_PKEY_CTRL_GET1_ID: + return evp_pkey_ctx_get1_id_prov(ctx, p2); + case EVP_PKEY_CTRL_GET1_ID_LEN: + return evp_pkey_ctx_get1_id_len_prov(ctx, p2); + } + # ifndef OPENSSL_NO_DH if (keytype == EVP_PKEY_DHX) { switch (cmd) { @@ -1281,53 +1406,77 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype, return 0; } -int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, - int cmd, int p1, void *p2) +static int evp_pkey_ctx_ctrl_int(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2) { - int ret; + int ret = 0; if (ctx == NULL) { - EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); + EVPerr(0, EVP_R_COMMAND_NOT_SUPPORTED); return -2; } - if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx) && ctx->op.kex.exchprovctx != NULL) - || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) - && ctx->op.sig.sigprovctx != NULL) - || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) - && ctx->op.ciph.ciphprovctx != NULL) - || (EVP_PKEY_CTX_IS_GEN_OP(ctx) - && ctx->op.keymgmt.genctx != NULL)) - return legacy_ctrl_to_param(ctx, keytype, optype, cmd, p1, p2); + /* + * If the method has a |digest_custom| function, we can relax the + * operation type check, since this can be called before the operation + * is initialized. + */ + if (ctx->pmeth == NULL || ctx->pmeth->digest_custom == NULL) { + if (ctx->operation == EVP_PKEY_OP_UNDEFINED) { + EVPerr(0, EVP_R_NO_OPERATION_SET); + return -1; + } - if (ctx->pmeth == NULL || ctx->pmeth->ctrl == NULL) { - EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; + if ((optype != -1) && !(ctx->operation & optype)) { + EVPerr(0, EVP_R_INVALID_OPERATION); + return -1; + } } - if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype)) - return -1; - /* Skip the operation checks since this is called in a very early stage */ - if (ctx->pmeth->digest_custom != NULL) - goto doit; + switch (evp_pkey_ctx_state(ctx)) { + case EVP_PKEY_STATE_PROVIDER: + return legacy_ctrl_to_param(ctx, keytype, optype, cmd, p1, p2); + case EVP_PKEY_STATE_UNKNOWN: + case EVP_PKEY_STATE_LEGACY: + if (ctx->pmeth == NULL || ctx->pmeth->ctrl == NULL) { + EVPerr(0, EVP_R_COMMAND_NOT_SUPPORTED); + return -2; + } + if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype)) + return -1; - if (ctx->operation == EVP_PKEY_OP_UNDEFINED) { - EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET); - return -1; - } + ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2); - if ((optype != -1) && !(ctx->operation & optype)) { - EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_INVALID_OPERATION); - return -1; + if (ret == -2) + EVPerr(0, EVP_R_COMMAND_NOT_SUPPORTED); + break; } + return ret; +} - doit: - ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2); +int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2) +{ + int ret = 0; - if (ret == -2) - EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); + /* If unsupported, we don't want that reported here */ + ERR_set_mark(); + ret = evp_pkey_ctx_store_cached_data(ctx, keytype, optype, + cmd, NULL, p2, p1); + if (ret == -2) { + ERR_pop_to_mark(); + } else { + ERR_clear_last_mark(); + /* + * If there was an error, there was an error. + * If the operation isn't initialized yet, we also return, as + * the saved values will be used then anyway. + */ + if (ret < 1 || ctx->operation == EVP_PKEY_OP_UNDEFINED) + return ret; + } - return ret; + return evp_pkey_ctx_ctrl_int(ctx, keytype, optype, cmd, p1, p2); } int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, @@ -1429,31 +1578,153 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, } } -int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, - const char *name, const char *value) +static int evp_pkey_ctx_ctrl_str_int(EVP_PKEY_CTX *ctx, + const char *name, const char *value) { + int ret = 0; + if (ctx == NULL) { - EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); + EVPerr(0, EVP_R_COMMAND_NOT_SUPPORTED); return -2; } - if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx) && ctx->op.kex.exchprovctx != NULL) - || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) - && ctx->op.sig.sigprovctx != NULL) - || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) - && ctx->op.ciph.ciphprovctx != NULL) - || (EVP_PKEY_CTX_IS_GEN_OP(ctx) - && ctx->op.keymgmt.genctx != NULL)) + switch (evp_pkey_ctx_state(ctx)) { + case EVP_PKEY_STATE_PROVIDER: return legacy_ctrl_str_to_param(ctx, name, value); + case EVP_PKEY_STATE_UNKNOWN: + case EVP_PKEY_STATE_LEGACY: + if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->ctrl_str == NULL) { + EVPerr(0, EVP_R_COMMAND_NOT_SUPPORTED); + return -2; + } + if (strcmp(name, "digest") == 0) + ret = EVP_PKEY_CTX_md(ctx, + EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, + EVP_PKEY_CTRL_MD, value); + else + ret = ctx->pmeth->ctrl_str(ctx, name, value); + break; + } - if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) { - EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; + return ret; +} + +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, + const char *name, const char *value) +{ + int ret = 0; + + /* If unsupported, we don't want that reported here */ + ERR_set_mark(); + ret = evp_pkey_ctx_store_cached_data(ctx, -1, -1, -1, + name, value, strlen(value) + 1); + if (ret == -2) { + ERR_pop_to_mark(); + } else { + ERR_clear_last_mark(); + /* + * If there was an error, there was an error. + * If the operation isn't initialized yet, we also return, as + * the saved values will be used then anyway. + */ + if (ret < 1 || ctx->operation == EVP_PKEY_OP_UNDEFINED) + return ret; } - if (strcmp(name, "digest") == 0) - return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD, - value); - return ctx->pmeth->ctrl_str(ctx, name, value); + + return evp_pkey_ctx_ctrl_str_int(ctx, name, value); +} + +static int decode_cmd(int cmd, const char *name) +{ + if (cmd == -1) { + /* + * The consequence of the assertion not being true is that this + * function will return -1, which will cause the calling functions + * to signal that the command is unsupported... in non-debug mode. + */ + if (ossl_assert(name != NULL)) + if (strcmp(name, "distid") == 0 || strcmp(name, "hexdistid") == 0) + cmd = EVP_PKEY_CTRL_SET1_ID; + } + + return cmd; +} + +static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx, + int keytype, int optype, + int cmd, const char *name, + const void *data, size_t data_len) +{ + if ((keytype != -1 && ctx->pmeth->pkey_id != keytype) + || ((optype != -1) && !(ctx->operation & optype))) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION); + return -1; + } + + cmd = decode_cmd(cmd, name); + switch (cmd) { + case EVP_PKEY_CTRL_SET1_ID: + evp_pkey_ctx_free_cached_data(ctx, cmd, name); + if (name != NULL) { + ctx->cached_parameters.dist_id_name = OPENSSL_strdup(name); + if (ctx->cached_parameters.dist_id_name == NULL) { + ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); + return 0; + } + } + if (data_len > 0) { + ctx->cached_parameters.dist_id = OPENSSL_memdup(data, data_len); + if (ctx->cached_parameters.dist_id == NULL) { + ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); + return 0; + } + } + ctx->cached_parameters.dist_id_set = 1; + ctx->cached_parameters.dist_id_len = data_len; + return 1; + } + + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + return -2; +} + +static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX *ctx, + int cmd, const char *name) +{ + cmd = decode_cmd(cmd, name); + switch (cmd) { + case EVP_PKEY_CTRL_SET1_ID: + OPENSSL_free(ctx->cached_parameters.dist_id); + OPENSSL_free(ctx->cached_parameters.dist_id_name); + ctx->cached_parameters.dist_id = NULL; + ctx->cached_parameters.dist_id_name = NULL; + break; + } +} + +static void evp_pkey_ctx_free_all_cached_data(EVP_PKEY_CTX *ctx) +{ + evp_pkey_ctx_free_cached_data(ctx, EVP_PKEY_CTRL_SET1_ID, NULL); +} + +int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx) +{ + int ret = 1; + + if (ret && ctx->cached_parameters.dist_id_set) { + const char *name = ctx->cached_parameters.dist_id_name; + const void *val = ctx->cached_parameters.dist_id; + size_t len = ctx->cached_parameters.dist_id_len; + + if (name != NULL) + ret = evp_pkey_ctx_ctrl_str_int(ctx, name, val); + else + ret = evp_pkey_ctx_ctrl_int(ctx, -1, ctx->operation, + EVP_PKEY_CTRL_SET1_ID, + (int)len, (void *)val); + } + + return ret; } /* Utility functions to send a string of hex string to a ctrl */ diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c index 67242f59be..7a2af1b5a2 100644 --- a/crypto/evp/signature.c +++ b/crypto/evp/signature.c @@ -482,7 +482,7 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation) ctx->op.sig.sigprovctx = NULL; goto err; } - return 1; + goto end; legacy: /* @@ -523,8 +523,13 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation) } if (ret <= 0) goto err; - return ret; + end: +#ifndef FIPS_MODULE + if (ret > 0) + ret = evp_pkey_ctx_use_cached_data(ctx); +#endif + return ret; err: evp_pkey_ctx_free_old_ops(ctx); ctx->operation = EVP_PKEY_OP_UNDEFINED; diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 43ecc79f52..7008e490e8 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -52,6 +52,21 @@ struct evp_pkey_ctx_st { } ciph; } op; + /* + * Cached parameters. Inits of operations that depend on these should + * call evp_pkey_ctx_use_delayed_data() when the operation has been set + * up properly. + */ + struct { + /* Distinguishing Identifier, ISO/IEC 15946-3, FIPS 196 */ + char *dist_id_name; /* The name used with EVP_PKEY_CTX_ctrl_str() */ + void *dist_id; /* The distinguishing ID itself */ + size_t dist_id_len; /* The length of the distinguishing ID */ + + /* Indicators of what has been set. Keep them together! */ + unsigned int dist_id_set : 1; + } cached_parameters; + /* Application specific data, usually used by the callback */ void *app_data; /* Keygen callback */ @@ -769,6 +784,12 @@ EVP_MD_CTX *evp_md_ctx_new_with_libctx(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, OPENSSL_CTX *libctx, const char *propq); int evp_pkey_name2type(const char *name); + +int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX *ctx, const void *id, int len); +int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX *ctx, void *id); +int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX *ctx, size_t *id_len); + +int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx); #endif /* !defined(FIPS_MODULE) */ void evp_method_store_flush(OPENSSL_CTX *libctx); int evp_set_default_properties_int(OPENSSL_CTX *libctx, const char *propq, diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index fc8d2cea02..932dae932e 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -261,6 +261,7 @@ extern "C" { #define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties" #define OSSL_PKEY_PARAM_TLS_ENCODED_PT "tls-encoded-pt" #define OSSL_PKEY_PARAM_GROUP_NAME "group" +#define OSSL_PKEY_PARAM_DIST_ID "distid" #define OSSL_PKEY_PARAM_PUB_KEY "pub" #define OSSL_PKEY_PARAM_PRIV_KEY "priv" diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 9db898cfed..9e0a6486cd 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1492,18 +1492,6 @@ int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); -/* SM2 will skip the operation check so no need to pass operation here */ -# define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \ - EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ - EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id)) -# define EVP_PKEY_CTX_get1_id(ctx, id) \ - EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ - EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id)) - -# define EVP_PKEY_CTX_get1_id_len(ctx, id_len) \ - EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ - EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)(id_len)) - # define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) # define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) # define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3) @@ -1514,10 +1502,6 @@ int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); # define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) # define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) # define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) -/* TODO move next three #defines to evp.h when 'breaking' change is possible */ -# define EVP_PKEY_CTRL_SET1_ID 15 -# define EVP_PKEY_CTRL_GET1_ID 16 -# define EVP_PKEY_CTRL_GET1_ID_LEN 17 /* KDF types */ # define EVP_PKEY_ECDH_KDF_NONE 1 diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 6bd6e26edf..74f97fd3e2 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1496,6 +1496,10 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, const void *id, int len); +int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id); +int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len); + # define EVP_PKEY_OP_UNDEFINED 0 # define EVP_PKEY_OP_PARAMGEN (1<<1) # define EVP_PKEY_OP_KEYGEN (1<<2) @@ -1544,7 +1548,9 @@ int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key, # define EVP_PKEY_CTRL_CIPHER 12 # define EVP_PKEY_CTRL_GET_MD 13 # define EVP_PKEY_CTRL_SET_DIGEST_SIZE 14 -/* TODO move here three #defines of EVP_PKEY_CTRL_*ET1_ID* from ec.h */ +# define EVP_PKEY_CTRL_SET1_ID 15 +# define EVP_PKEY_CTRL_GET1_ID 16 +# define EVP_PKEY_CTRL_GET1_ID_LEN 17 # define EVP_PKEY_ALG_CTRL 0x1000 diff --git a/test/recipes/30-test_evp_data/evppkey_sm2.txt b/test/recipes/30-test_evp_data/evppkey_sm2.txt index b5b36dea3d..85a60b021f 100644 --- a/test/recipes/30-test_evp_data/evppkey_sm2.txt +++ b/test/recipes/30-test_evp_data/evppkey_sm2.txt @@ -40,6 +40,12 @@ Ctrl = digest:SHA512 Input = 40AA1B203C9D8EE150B21C3C7CDA8261492E5420C5F2B9F7380700E094C303B48E62F319C1DA0E32EB40D113C5F1749CC61AEB499167890AB82F2CC9BB706971 Output = 3046022100AE018933B9BA041784380069F2DDF609694DCD299FDBF23D09F4B711FBC103EC0221008440BB1A48C132DE4FB91BE9F43B958142FDD29FB9DABE01B17514023A2F638C +Availablein = default +Decrypt = SM2_key1 +Input = 30818A0220466BE2EF5C11782EC77864A0055417F407A5AFC11D653C6BCE69E417BB1D05B6022062B572E21FF0DDF5C726BD3F9FF2EAE56E6294713A607E9B9525628965F62CC804203C1B5713B5DB2728EB7BF775E44F4689FC32668BDC564F52EA45B09E8DF2A5F40422084A9D0CC2997092B7D3C404FCE95956EB604D732B2307A8E5B8900ED6608CA5B197 +Output = "The floofy bunnies hop at midnight" + +# This is the same as above, but with explicit digest control Availablein = default Decrypt = SM2_key1 Ctrl = digest:SM3 diff --git a/util/libcrypto.num b/util/libcrypto.num index 26a9961d76..4982a7f93c 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5296,3 +5296,6 @@ asn1_d2i_read_bio ? 3_0_0 EXIST::FUNCTION: EVP_PKCS82PKEY_with_libctx ? 3_0_0 EXIST::FUNCTION: ossl_b2i ? 3_0_0 EXIST::FUNCTION:DSA ossl_b2i_bio ? 3_0_0 EXIST::FUNCTION:DSA +EVP_PKEY_CTX_set1_id ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get1_id ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get1_id_len ? 3_0_0 EXIST::FUNCTION: From openssl at openssl.org Tue Sep 8 10:37:47 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 08 Sep 2020 10:37:47 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1599561467.799902.20676.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 40A7D41BA37F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 40C78929407F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 40C78929407F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=211, Tests=3560, 1578 wallclock secs (14.34 usr 1.36 sys + 1481.75 cusr 94.50 csys = 1591.95 CPU) Result: FAIL Makefile:3181: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:3179: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Sep 8 10:59:33 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 08 Sep 2020 10:59:33 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui Message-ID: <1599562773.838653.7968.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=211, Tests=3560, 693 wallclock secs (12.86 usr 1.17 sys + 598.57 cusr 57.79 csys = 670.39 CPU) Result: FAIL Makefile:3179: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui' Makefile:3177: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Tue Sep 8 12:01:06 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 08 Sep 2020 12:01:06 +0000 Subject: Still Failing: openssl/openssl#37279 (master - 8d6481f) In-Reply-To: Message-ID: <5f5772825bb0f_13fe7b838b1681082470@travis-pro-tasks-859b489b-9fx4b.mail> Build Update for openssl/openssl ------------------------------------- Build: #37279 Status: Still Failing Duration: 1 hr, 28 mins, and 30 secs Commit: 8d6481f (master) Author: Richard Levitte Message: EVP: Move the functions and controls for setting and getting distid Those functions were located in the EC files, but is really broader than that, even thought currently only used for SM2. They should therefore be in a more central location, which was also indicated by diverse TODOs. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12789) View the changeset: https://github.com/openssl/openssl/compare/ea0add4a8227...8d6481f532ab View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183332516?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Sep 8 13:28:11 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 08 Sep 2020 13:28:11 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1599571691.059917.18490.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=211, Tests=3557, 628 wallclock secs (11.76 usr 0.92 sys + 574.33 cusr 52.65 csys = 639.66 CPU) Result: FAIL Makefile:3187: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3185: recipe for target 'tests' failed make: *** [tests] Error 2 From dev at ddvo.net Tue Sep 8 13:37:50 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Tue, 08 Sep 2020 13:37:50 +0000 Subject: [openssl] master update Message-ID: <1599572270.877863.5843.nullmailer@dev.openssl.org> The branch master has been updated via d96486dc809b5d134055785bfa6d707195d95534 (commit) via 6e477a60e42978f63623ad64d8e28e7a3e5f2e28 (commit) via d7fcee3b3b5fae674f107c736f8d53610212ce4e (commit) from 8d6481f532ab8c502de2ad17e09f688abb675a71 (commit) - Log ----------------------------------------------------------------- commit d96486dc809b5d134055785bfa6d707195d95534 Author: Dr. David von Oheimb Date: Fri Sep 4 08:11:41 2020 +0200 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12786) commit 6e477a60e42978f63623ad64d8e28e7a3e5f2e28 Author: Dr. David von Oheimb Date: Fri Sep 4 08:05:46 2020 +0200 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12786) commit d7fcee3b3b5fae674f107c736f8d53610212ce4e Author: Dr. David von Oheimb Date: Thu Sep 3 13:32:56 2020 +0200 OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12786) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 93 ++++---------- apps/lib/apps.c | 2 +- apps/ocsp.c | 2 +- apps/s_server.c | 4 +- crypto/err/openssl.txt | 3 + crypto/http/http_client.c | 3 +- crypto/http/http_err.c | 5 + crypto/http/http_lib.c | 102 ++++++++++------ doc/man1/openssl-cmp.pod.in | 7 +- doc/man3/OSSL_HTTP_transfer.pod | 136 +++++++++++---------- include/openssl/http.h | 2 +- include/openssl/httperr.h | 4 + test/http_test.c | 72 +++++++++++ .../81-test_cmp_cli_data/test_connection.csv | 3 + 14 files changed, 260 insertions(+), 178 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 9846e7a9c2..dd49142309 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -74,11 +74,10 @@ typedef enum { /* message transfer */ static char *opt_server = NULL; -static char server_port_s[32] = { '\0' }; -static int server_port = 0; +static char server_port[32] = { '\0' }; static char *opt_proxy = NULL; static char *opt_no_proxy = NULL; -static char *opt_path = "/"; +static char *opt_path = NULL; static int opt_msg_timeout = -1; static int opt_total_timeout = -1; @@ -334,9 +333,9 @@ const OPTIONS cmp_options[] = { OPT_SECTION("Message transfer"), {"server", OPT_SERVER, 's', - "[http[s]://]address[:port] of CMP server. Default port 80 or 443."}, + "[http[s]://]address[:port][/path] of CMP server. Default port 80 or 443."}, {OPT_MORE_STR, 0, 0, - "The address may be a DNS name or an IP address"}, + "address may be a DNS name or an IP address; path can be overridden by -path"}, {"proxy", OPT_PROXY, 's', "[http[s]://]address[:port][/path] of HTTP(S) proxy to use; path is ignored"}, {"no_proxy", OPT_NO_PROXY, 's', @@ -344,7 +343,7 @@ const OPTIONS cmp_options[] = { {OPT_MORE_STR, 0, 0, "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"}, {"path", OPT_PATH, 's', - "HTTP path (aka CMP alias) at the CMP server. Default \"/\""}, + "HTTP path (aka CMP alias) at the CMP server. Default from -server, else \"/\""}, {"msg_timeout", OPT_MSG_TIMEOUT, 'n', "Timeout per CMP message round trip (or 0 for none). Default 120 seconds"}, {"total_timeout", OPT_TOTAL_TIMEOUT, 'n', @@ -889,49 +888,6 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx, return res; } -/* - * parse string as integer value, not allowing trailing garbage, see also - * https://www.gnu.org/software/libc/manual/html_node/Parsing-of-Integers.html - * - * returns integer value, or INT_MIN on error - */ -static int atoint(const char *str) -{ - char *tailptr; - long res = strtol(str, &tailptr, 10); - - if ((*tailptr != '\0') || (res < INT_MIN) || (res > INT_MAX)) - return INT_MIN; - else - return (int)res; -} - -static int parse_addr(char **opt_string, int port, const char *name) -{ - char *port_string; - - if (strncasecmp(*opt_string, OSSL_HTTP_PREFIX, - strlen(OSSL_HTTP_PREFIX)) == 0) { - *opt_string += strlen(OSSL_HTTP_PREFIX); - } else if (strncasecmp(*opt_string, OSSL_HTTPS_PREFIX, - strlen(OSSL_HTTPS_PREFIX)) == 0) { - *opt_string += strlen(OSSL_HTTPS_PREFIX); - if (port == 0) - port = 443; /* == integer value of OSSL_HTTPS_PORT */ - } - - if ((port_string = strrchr(*opt_string, ':')) == NULL) - return port; /* using default */ - *(port_string++) = '\0'; - port = atoint(port_string); - if ((port <= 0) || (port > 65535)) { - CMP_err2("invalid %s port '%s' given, sane range 1-65535", - name, port_string); - return -1; - } - return port; -} - static int set1_store_parameters(X509_STORE *ts) { if (ts == NULL) @@ -1896,33 +1852,36 @@ static int handle_opt_geninfo(OSSL_CMP_CTX *ctx) static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) { int ret = 0; + char *server = NULL, *port = NULL, *path = NULL, *used_path; + int portnum, ssl; char server_buf[200] = { '\0' }; char proxy_buf[200] = { '\0' }; char *proxy_host = NULL; char *proxy_port_str = NULL; if (opt_server == NULL) { - CMP_err("missing server address[:port]"); + CMP_err("missing -server option"); + goto err; + } + if (!OSSL_HTTP_parse_url(opt_server, &server, &port, &portnum, &path, &ssl)) goto err; - } else if ((server_port = - parse_addr(&opt_server, server_port, "server")) < 0) { + if (ssl && !opt_tls_used) { + CMP_err("missing -tls_used option since -server URL indicates https"); goto err; } - if (server_port != 0) - BIO_snprintf(server_port_s, sizeof(server_port_s), "%d", server_port); - if (!OSSL_CMP_CTX_set1_server(ctx, opt_server) - || !OSSL_CMP_CTX_set_serverPort(ctx, server_port) - || !OSSL_CMP_CTX_set1_serverPath(ctx, opt_path)) + strncpy(server_port, port, sizeof(server_port)); + used_path = opt_path != NULL ? opt_path : path; + if (!OSSL_CMP_CTX_set1_server(ctx, server) + || !OSSL_CMP_CTX_set_serverPort(ctx, portnum) + || !OSSL_CMP_CTX_set1_serverPath(ctx, used_path)) goto oom; if (opt_proxy != NULL && !OSSL_CMP_CTX_set1_proxy(ctx, opt_proxy)) goto oom; if (opt_no_proxy != NULL && !OSSL_CMP_CTX_set1_no_proxy(ctx, opt_no_proxy)) goto oom; - (void)BIO_snprintf(server_buf, sizeof(server_buf), "http%s://%s%s%s/%s", - opt_tls_used ? "s" : "", opt_server, - server_port == 0 ? "" : ":", server_port_s, - opt_path == NULL ? "" : - opt_path[0] == '/' ? opt_path + 1 : opt_path); + (void)BIO_snprintf(server_buf, sizeof(server_buf), "http%s://%s:%s/%s", + opt_tls_used ? "s" : "", server, port, + *used_path == '/' ? used_path + 1 : used_path); if (opt_proxy != NULL) (void)BIO_snprintf(proxy_buf, sizeof(proxy_buf), " via %s", opt_proxy); @@ -2023,7 +1982,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) (void)OSSL_CMP_CTX_set_http_cb_arg(ctx, info); /* info will be freed along with CMP ctx */ info->server = opt_server; - info->port = server_port_s; + info->port = server_port; info->use_proxy = opt_proxy != NULL; info->timeout = OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_MSG_TIMEOUT); info->ssl_ctx = setup_ssl_ctx(ctx, engine); @@ -2053,6 +2012,9 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) ret = 1; err: + OPENSSL_free(server); + OPENSSL_free(port); + OPENSSL_free(path); OPENSSL_free(proxy_host); OPENSSL_free(proxy_port_str); return ret; @@ -2875,11 +2837,6 @@ int cmp_main(int argc, char **argv) } opt_server = mock_server; opt_proxy = "API"; - } else { - if (opt_server == NULL) { - CMP_err("missing -server option"); - goto err; - } } if (!setup_client_ctx(cmp_ctx, engine)) { diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 150df997b8..342c364aa4 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -2066,7 +2066,7 @@ ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy, return NULL; } - if (!OSSL_HTTP_parse_url(url, &server, &port, NULL /* ppath */, &use_ssl)) + if (!OSSL_HTTP_parse_url(url, &server, &port, NULL, NULL, &use_ssl)) return NULL; if (use_ssl && ssl_ctx == NULL) { HTTPerr(0, ERR_R_PASSED_NULL_PARAMETER); diff --git a/apps/ocsp.c b/apps/ocsp.c index 8fb605e6fe..0aca4b7622 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -275,7 +275,7 @@ int ocsp_main(int argc, char **argv) OPENSSL_free(tpath); thost = tport = tpath = NULL; if (!OSSL_HTTP_parse_url(opt_arg(), - &host, &port, &path, &use_ssl)) { + &host, &port, NULL, &path, &use_ssl)) { BIO_printf(bio_err, "%s Error parsing URL\n", prog); goto end; } diff --git a/apps/s_server.c b/apps/s_server.c index b936ff4226..4c2e5b27f7 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -535,7 +535,7 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx, aia = X509_get1_ocsp(x); if (aia != NULL) { if (!OSSL_HTTP_parse_url(sk_OPENSSL_STRING_value(aia, 0), - &host, &port, &path, &use_ssl)) { + &host, &port, NULL, &path, &use_ssl)) { BIO_puts(bio_err, "cert_status: can't parse AIA URL\n"); goto err; } @@ -1405,7 +1405,7 @@ int s_server_main(int argc, char *argv[]) #ifndef OPENSSL_NO_OCSP s_tlsextstatus = 1; if (!OSSL_HTTP_parse_url(opt_arg(), - &tlscstatp.host, &tlscstatp.port, + &tlscstatp.host, &tlscstatp.port, NULL, &tlscstatp.path, &tlscstatp.use_ssl)) { BIO_printf(bio_err, "Error parsing URL\n"); goto end; diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 7c37a3e56e..256ec35588 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2637,6 +2637,9 @@ HTTP_R_ERROR_PARSING_URL:101:error parsing url HTTP_R_ERROR_RECEIVING:103:error receiving HTTP_R_ERROR_SENDING:102:error sending HTTP_R_INCONSISTENT_CONTENT_LENGTH:120:inconsistent content length +HTTP_R_INVALID_PORT_NUMBER:123:invalid port number +HTTP_R_INVALID_URL_PATH:125:invalid url path +HTTP_R_INVALID_URL_PREFIX:124:invalid url prefix HTTP_R_MAX_RESP_LEN_EXCEEDED:117:max resp len exceeded HTTP_R_MISSING_ASN1_ENCODING:110:missing asn1 encoding HTTP_R_MISSING_CONTENT_TYPE:121:missing content type diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index 3e1be1f569..5a78d67ca4 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -1005,7 +1005,8 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy, return NULL; for (;;) { - if (!OSSL_HTTP_parse_url(current_url, &host, &port, &path, &use_ssl)) + if (!OSSL_HTTP_parse_url(current_url, &host, &port, NULL /* port_num */, + &path, &use_ssl)) break; new_rpath: diff --git a/crypto/http/http_err.c b/crypto/http/http_err.c index 7b6f295170..13779fac84 100644 --- a/crypto/http/http_err.c +++ b/crypto/http/http_err.c @@ -26,6 +26,11 @@ static const ERR_STRING_DATA HTTP_str_reasons[] = { {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_SENDING), "error sending"}, {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INCONSISTENT_CONTENT_LENGTH), "inconsistent content length"}, + {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_PORT_NUMBER), + "invalid port number"}, + {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_URL_PATH), "invalid url path"}, + {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_URL_PREFIX), + "invalid url prefix"}, {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_MAX_RESP_LEN_EXCEEDED), "max resp len exceeded"}, {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_MISSING_ASN1_ENCODING), diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c index 5da5b1e724..19b964e613 100644 --- a/crypto/http/http_lib.c +++ b/crypto/http/http_lib.c @@ -21,19 +21,12 @@ */ int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport, - char **ppath, int *pssl) + int *pport_num, char **ppath, int *pssl) { char *p, *buf; - char *host; - const char *port = OSSL_HTTP_PORT; - size_t https_len = strlen(OSSL_HTTPS_NAME); - - if (!ossl_assert(https_len >= strlen(OSSL_HTTP_NAME))) - return 0; - if (url == NULL) { - HTTPerr(0, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } + char *host, *host_end; + const char *path, *port = OSSL_HTTP_PORT; + long portnum = 80; if (phost != NULL) *phost = NULL; @@ -44,59 +37,90 @@ int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport, if (pssl != NULL) *pssl = 0; + if (url == NULL) { + HTTPerr(0, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + /* dup the buffer since we are going to mess with it */ if ((buf = OPENSSL_strdup(url)) == NULL) goto err; - /* Check for initial colon */ - p = strchr(buf, ':'); - if (p == NULL || (size_t)(p - buf) > https_len) { + /* check for optional prefix "http[s]://" */ + p = strstr(buf, "://"); + if (p == NULL) { p = buf; } else { - *(p++) = '\0'; - + *p = '\0'; /* p points to end of scheme name */ if (strcmp(buf, OSSL_HTTPS_NAME) == 0) { if (pssl != NULL) *pssl = 1; port = OSSL_HTTPS_PORT; + portnum = 443; } else if (strcmp(buf, OSSL_HTTP_NAME) != 0) { - goto parse_err; + HTTPerr(0, HTTP_R_INVALID_URL_PREFIX); + goto err; } - - /* Check for double slash */ - if ((p[0] != '/') || (p[1] != '/')) - goto parse_err; - p += 2; + p += 3; } host = p; - /* Check for trailing part of path */ - p = strchr(p, '/'); - if (ppath != NULL && (*ppath = OPENSSL_strdup(p == NULL ? "/" : p)) == NULL) - goto err; - if (p != NULL) - *p = '\0'; /* Set start of path to 0 so hostname[:port] is valid */ - - p = host; + /* parse host name/address as far as needed here */ if (host[0] == '[') { - /* ipv6 literal */ + /* ipv6 literal, which may include ':' */ host++; - p = strchr(host, ']'); - if (p == NULL) + host_end = strchr(host, ']'); + if (host_end == NULL) goto parse_err; - *p = '\0'; - p++; + *host_end++ = '\0'; + } else { + host_end = strchr(host, ':'); /* look for start of optional port */ + if (host_end == NULL) + host_end = strchr(host, '/'); /* look for start of optional path */ + if (host_end == NULL) + /* the remaining string is just the hostname */ + host_end = host + strlen(host); } - /* Look for optional ':' for port number */ - if ((p = strchr(p, ':'))) { - *p = '\0'; - port = p + 1; + /* parse optional port specification starting with ':' */ + p = host_end; + if (*p == ':') { + port = ++p; + if (pport_num == NULL) { + p = strchr(port, '/'); + if (p == NULL) + p = p + strlen(port); + } else { /* make sure a numerical port value is given */ + portnum = strtol(port, &p, 10); + if (p == port || (*p != '\0' && *p != '/')) + goto parse_err; + if (portnum <= 0 || portnum >= 65536) { + HTTPerr(0, HTTP_R_INVALID_PORT_NUMBER); + goto err; + } + } + } + *host_end = '\0'; + *p = '\0'; /* terminate port string */ + + /* check for optional path at end of url starting with '/' */ + path = url + (p - buf); + /* cannot use p + 1 because *p is '\0' and path must start with '/' */ + if (*path == '\0') { + path = "/"; + } else if (*path != '/') { + HTTPerr(0, HTTP_R_INVALID_URL_PATH); + goto parse_err; } + if (phost != NULL && (*phost = OPENSSL_strdup(host)) == NULL) goto err; if (pport != NULL && (*pport = OPENSSL_strdup(port)) == NULL) goto err; + if (pport_num != NULL) + *pport_num = (int)portnum; + if (ppath != NULL && (*ppath = OPENSSL_strdup(path)) == NULL) + goto err; OPENSSL_free(buf); return 1; diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 3dc193cd4d..46c5059d84 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -12,7 +12,7 @@ B B [B<-config> I] [B<-section> I] -[B<-server> I] +[B<-server> I<[http[s]://]address[:port][/path]>] [B<-proxy> I<[http[s]://]address[:port][/path]>] [B<-no_proxy> I] [B<-path> I] @@ -431,11 +431,12 @@ Reason numbers defined in RFC 5280 are: =over 4 -=item B<-server> I<[http[s]://]address[:port]> +=item B<-server> I<[http[s]://]address[:port][/path]> The IP address or DNS hostname and optionally port (defaulting to 80 or 443) of the CMP server to connect to using HTTP(S) transport. The optional I or I prefix is ignored. +If a path is included it provides the default value for the B<-path> option. =item B<-proxy> I<[http[s]://]address[:port][/path]> @@ -454,7 +455,7 @@ Default is from the environment variable C if set, else C. =item B<-path> I HTTP path at the CMP server (aka CMP alias) to use for POST requests. -Defaults to I. +Defaults to any path given with B<-server>, else C<"/">. =item B<-msg_timeout> I diff --git a/doc/man3/OSSL_HTTP_transfer.pod b/doc/man3/OSSL_HTTP_transfer.pod index 34794c313c..f78d96be1f 100644 --- a/doc/man3/OSSL_HTTP_transfer.pod +++ b/doc/man3/OSSL_HTTP_transfer.pod @@ -55,36 +55,36 @@ OSSL_HTTP_parse_url const char *proxyuser, const char *proxypass, int timeout, BIO *bio_err, const char *prog); int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport, - char **ppath, int *pssl); + int *pport_num, char **ppath, int *pssl); =head1 DESCRIPTION -OSSL_HTTP_get() uses HTTP GET to obtain data (of any type) from the given B +OSSL_HTTP_get() uses HTTP GET to obtain data (of any type) from the given I and returns it as a memory BIO. OSSL_HTTP_get_asn1() uses HTTP GET to obtain an ASN.1-encoded value -(e.g., an X.509 certificate) with the expected structure specified by B -(e.g., I) from the given B +(e.g., an X.509 certificate) with the expected structure specified by I +(e.g., I) from the given I and returns it on success as a pointer to I. -OSSL_HTTP_post_asn1() uses the HTTP POST method to send a request B -with the ASN.1 structure defined in B and the given B to -the given B and optional B and B. -If B is nonzero a TLS connection is requested and the B +OSSL_HTTP_post_asn1() uses the HTTP POST method to send a request I +with the ASN.1 structure defined in I and the given I to +the given I and optional I and I. +If I is nonzero a TLS connection is requested and the I parameter, described below, must be provided. -The optional list B may contain additional custom HTTP header lines. -The expected structure of the response is specified by B. +The optional list I may contain additional custom HTTP header lines. +The expected structure of the response is specified by I. On success it returns the response as a pointer to B. OSSL_HTTP_transfer() exchanges any form of HTTP request and response. It implements the core of the functions described above. -If B parameter is NULL it defaults to "/". -If B is nonzero a TLS connection is requested -and the B parameter, described below, must be provided. -If B is NULL it uses the HTTP GET method, else it uses HTTP POST to -send a request with the contents of the memory BIO and optional B. -The optional list B may contain additional custom HTTP header lines. -If B is NULL (i.e., the HTTP method is GET) and B +If I parameter is NULL it defaults to "/". +If I is nonzero a TLS connection is requested +and the I parameter, described below, must be provided. +If I is NULL it uses the HTTP GET method, else it uses HTTP POST to +send a request with the contents of the memory BIO and optional I. +The optional list I may contain additional custom HTTP header lines. +If I is NULL (i.e., the HTTP method is GET) and I is not NULL the latter pointer is used to provide any new location that the server may return with HTTP code 301 (MOVED_PERMANENTLY) or 302 (FOUND). In this case the caller is responsible for deallocating this URL with @@ -93,71 +93,71 @@ L. The above functions have the following parameters in common. Typically the OpenSSL build supports sockets -and the B and B parameters are both NULL. +and the I and I parameters are both NULL. In this case the client creates a network BIO internally -for connecting to the given B -at the specified B (if any, defaulting to 80 for HTTP or 443 for HTTPS), -optionally via a B (respecting B) as described below. +for connecting to the given I +at the specified I (if any, defaulting to 80 for HTTP or 443 for HTTPS), +optionally via a I (respecting I) as described below. Then the client uses this internal BIO for exchanging the request and response. -If B is given and B is NULL then the client uses this B instead. -If both B and B are given (which may be memory BIOs for instance) +If I is given and I is NULL then the client uses this I instead. +If both I and I are given (which may be memory BIOs for instance) then no explicit connection is attempted, -B is used for writing the request, and B for reading the response. -As soon as the client has flushed B the server must be ready to provide -a response or indicate a waiting condition via B. +I is used for writing the request, and I for reading the response. +As soon as the client has flushed I the server must be ready to provide +a response or indicate a waiting condition via I. -The optional B parameter can be used to set the address of the an +The optional I parameter can be used to set the address of the an HTTP(S) proxy to use (unless overridden by "no_proxy" settings). -If TLS is not used this defaults to the environment variable B -if set, else B. -If B != 0 it defaults to B if set, else B. +If TLS is not used this defaults to the environment variable C +if set, else C. +If I != 0 it defaults to C if set, else C. An empty proxy string specifies not to use a proxy. -Else the format is I<[http[s]://]address[:port][/path]>, +Else the format is C<[http[s]://]address[:port][/path]>, where any path given is ignored. The default proxy port number is 80, or 443 in case "https:" is given. -The HTTP client functions connect via the given proxy unless the B -is found in the optional list B of proxy hostnames (if not NULL; -default is the environment variable B if set, else B). +The HTTP client functions connect via the given proxy unless the I +is found in the optional list I of proxy hostnames (if not NULL; +default is the environment variable C if set, else C). Proxying plain HTTP is supported directly, while using a proxy for HTTPS connections requires a suitable callback function -such as B, described below. +such as OSSL_HTTP_proxy_connect(), described below. -The B parameter specifies the response header maximum line length, +The I parameter specifies the response header maximum line length, where 0 indicates the default value, which currently is 4k. -The B parameter specifies the maximum response length, +The I parameter specifies the maximum response length, where 0 indicates the default value, which currently is 100k. An ASN.1-encoded response is expected by OSSL_HTTP_get_asn1() and OSSL_HTTP_post_asn1(), while for OSSL_HTTP_get() or OSSL_HTTP_transfer() -this is only the case if the B parameter is nonzero. +this is only the case if the I parameter is nonzero. If the response header contains one or more "Content-Length" header lines and/or an ASN.1-encoded response is expected, which should include a total length, the length indications received are checked for consistency and for not exceeding the maximum response length. -If the parameter B (or B, respectively) +If the parameter I (or I, respectively) is not NULL then the HTTP client checks that the given content type string is included in the HTTP header of the response and returns an error if not. -If the B parameter is > 0 this indicates the maximum number of seconds +If the I parameter is > 0 this indicates the maximum number of seconds to wait until the transfer is complete. A value of 0 enables waiting indefinitely, while a value < 0 immediately leads to a timeout condition. -The optional parameter B with its optional argument B may +The optional parameter I with its optional argument I may be used to modify the connection BIO used by the HTTP client (and cannot be -used when both B and B are given). -B is a BIO connect/disconnect callback function with prototype +used when both I and I are given). +I is a BIO connect/disconnect callback function with prototype BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail) -The callback may modify the HTTP BIO provided in the B argument, -whereby it may make use of a custom defined argument B, +The callback may modify the HTTP BIO provided in the I argument, +whereby it may make use of a custom defined argument I, which may for instance refer to an I structure. During connection establishment, just after calling BIO_do_connect_retry(), -the function is invoked with the B argument being 1 and the B +the function is invoked with the I argument being 1 and the I argument being 1 if HTTPS is requested, i.e., SSL/TLS should be enabled. -On disconnect B is 0 and B is 1 if no error occurred, else 0. +On disconnect I is 0 and I is 1 if no error occurred, else 0. For instance, on connect the function may prepend a TLS BIO to implement HTTPS; after disconnect it may do some diagnostic output and/or specific cleanup. The function should return NULL to indicate failure. @@ -180,31 +180,39 @@ After disconnect the modified BIO will be deallocated using BIO_free_all(). OSSL_HTTP_proxy_connect() may be used by an above BIO connect callback function to set up an SSL/TLS connection via an HTTPS proxy. -It promotes the given BIO B representing a connection +It promotes the given BIO I representing a connection pre-established with a TLS proxy using the HTTP CONNECT method, -optionally using proxy client credentials B and B, -to connect with TLS protection ultimately to B and B. -If the B argument is NULL or the empty string it defaults to "443". -The B parameter is used as described above. +optionally using proxy client credentials I and I, +to connect with TLS protection ultimately to I and I. +If the I argument is NULL or the empty string it defaults to "443". +The I parameter is used as described above. Since this function is typically called by applications such as -L it uses the B and B parameters (unless +L it uses the I and I parameters (unless NULL) to print additional diagnostic information in a user-oriented way. -OSSL_HTTP_parse_url() parses its input string B as a URL and splits it up -into host, port and path components and a flag whether it begins with 'https'. -The host component may be a DNS name or an IPv4 or an IPv6 address. +OSSL_HTTP_parse_url() parses its input string I as a URL +of the form C<[http[s]://]address[:port][/path]> and splits it up into host, +port, and path components and a flag indicating whether it begins with 'https'. +The host component may be a DNS name or an IP address +where IPv6 addresses should be enclosed in square brackets C<[> and C<]>. The port component is optional and defaults to "443" for HTTPS, else "80". +If the I argument is NULL the port specification +can be in mnemonic form such as "http" like with L, else +it must be in numerical form and its integer value is assigned to B<*pport_num>. The path component is also optional and defaults to "/". -As far as the result pointer arguments are not NULL it assigns via -them copies of the respective string components. -The strings returned this way must be deallocated by the caller using -L unless they are NULL, which is their default value on error. +On success the function assigns via each non-NULL result pointer argument +I, I, I, I, and I +the respective url component. +On error, B<*phost>, B<*pport>, and B<*ppath> are assigned to NULL, +else they are guaranteed to contain non-NULL string pointers. +It is the reponsibility of the caller to free them using L. +A string returned via B<*ppath> is guaranteed to begin with a C character. =head1 NOTES The names of the environment variables used by this implementation: -B, B, B, B, B, and -B, have been chosen for maximal compatibility with +C, C, C, C, C, and +C, have been chosen for maximal compatibility with other HTTP client implementations such as wget, curl, and git. =head1 RETURN VALUES @@ -216,6 +224,10 @@ Error conditions include connection/transfer timeout, parse errors, etc. OSSL_HTTP_proxy_connect() and OSSL_HTTP_parse_url() return 1 on success, 0 on error. +=head1 SEE ALSO + +L + =head1 HISTORY OSSL_HTTP_get(), OSSL_HTTP_get_asn1(), OSSL_HTTP_post_asn1(), diff --git a/include/openssl/http.h b/include/openssl/http.h index 45c8f11d7b..2c9ce9d86e 100644 --- a/include/openssl/http.h +++ b/include/openssl/http.h @@ -74,7 +74,7 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port, int timeout, BIO *bio_err, const char *prog); int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport, - char **ppath, int *pssl); + int *pport_num, char **ppath, int *pssl); # ifdef __cplusplus } diff --git a/include/openssl/httperr.h b/include/openssl/httperr.h index e4acb1df8c..7747643bfa 100644 --- a/include/openssl/httperr.h +++ b/include/openssl/httperr.h @@ -10,6 +10,7 @@ #ifndef OPENSSL_HTTPERR_H # define OPENSSL_HTTPERR_H +# pragma once # include # include @@ -37,6 +38,9 @@ int ERR_load_HTTP_strings(void); # define HTTP_R_ERROR_RECEIVING 103 # define HTTP_R_ERROR_SENDING 102 # define HTTP_R_INCONSISTENT_CONTENT_LENGTH 120 +# define HTTP_R_INVALID_PORT_NUMBER 123 +# define HTTP_R_INVALID_URL_PATH 125 +# define HTTP_R_INVALID_URL_PREFIX 124 # define HTTP_R_MAX_RESP_LEN_EXCEEDED 117 # define HTTP_R_MISSING_ASN1_ENCODING 110 # define HTTP_R_MISSING_CONTENT_TYPE 121 diff --git a/test/http_test.c b/test/http_test.c index f0b12a7dd0..f073dcd7ff 100644 --- a/test/http_test.c +++ b/test/http_test.c @@ -151,6 +151,72 @@ static int test_http_x509(int do_get) return res; } +static int test_http_url_ok(const char *url, const char *exp_host, int exp_ssl) +{ + char *host, *port, *path; + int num, ssl; + int res; + + res = TEST_true(OSSL_HTTP_parse_url(url, &host, &port, &num, &path, &ssl)) + && TEST_str_eq(host, exp_host) + && TEST_str_eq(port, "65535") + && TEST_int_eq(num, 65535) + && TEST_str_eq(path, "/pkix") + && TEST_int_eq(ssl, exp_ssl); + OPENSSL_free(host); + OPENSSL_free(port); + OPENSSL_free(path); + return res; +} + +static int test_http_url_dns(void) +{ + return test_http_url_ok("server:65535/pkix", "server", 0); +} + +static int test_http_url_ipv4(void) +{ + return test_http_url_ok("https://1.2.3.4:65535/pkix", "1.2.3.4", 1); +} + +static int test_http_url_ipv6(void) +{ + return test_http_url_ok("http://[FF01::101]:65535/pkix", "FF01::101", 0); +} + +static int test_http_url_invalid(const char *url) +{ + char *host = "1", *port = "1", *path = "1"; + int num = 1, ssl = 1; + int res; + + res = TEST_false(OSSL_HTTP_parse_url(url, &host, &port, &num, &path, &ssl)) + && TEST_ptr_null(host) + && TEST_ptr_null(port) + && TEST_ptr_null(path); + if (!res) { + OPENSSL_free(host); + OPENSSL_free(port); + OPENSSL_free(path); + } + return res; +} + +static int test_http_url_invalid_prefix(void) +{ + return test_http_url_invalid("htttps://1.2.3.4:65535/pkix"); +} + +static int test_http_url_invalid_port(void) +{ + return test_http_url_invalid("https://1.2.3.4:65536/pkix"); +} + +static int test_http_url_invalid_path(void) +{ + return test_http_url_invalid("https://[FF01::101]pkix"); +} + static int test_http_get_x509(void) { return test_http_x509(1); @@ -177,6 +243,12 @@ int setup_tests(void) if (!TEST_ptr((x509 = load_pem_cert(test_get_argument(0))))) return 1; + ADD_TEST(test_http_url_dns); + ADD_TEST(test_http_url_ipv4); + ADD_TEST(test_http_url_ipv6); + ADD_TEST(test_http_url_invalid_prefix); + ADD_TEST(test_http_url_invalid_port); + ADD_TEST(test_http_url_invalid_path); ADD_TEST(test_http_get_x509); ADD_TEST(test_http_post_x509); return 1; diff --git a/test/recipes/81-test_cmp_cli_data/test_connection.csv b/test/recipes/81-test_cmp_cli_data/test_connection.csv index 7e4775afec..5d1700fa21 100644 --- a/test/recipes/81-test_cmp_cli_data/test_connection.csv +++ b/test/recipes/81-test_cmp_cli_data/test_connection.csv @@ -22,6 +22,9 @@ TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,, 1,proxy default port, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com,-msg_timeout,1 1,proxy missing argument, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com ,,,,,,,,,,,,,,,,,,,,,,,,, +0,path explicit, -section,, -server,_SERVER_HOST:_SERVER_PORT,,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK,,BLANK, +0,path overrides -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/ignored,,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK,,BLANK, +0,path default -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/_SERVER_PATH,,, -path,"""",BLANK,,BLANK,,BLANK,,BLANK, 1,path missing argument, -section,,,,,, -path,,BLANK,,BLANK,,BLANK,,BLANK, 1,path wrong, -section,,,,,, -path,/publicweb/cmp/example,BLANK,,BLANK,,BLANK,,BLANK, 0,path with additional '/'s fine according to RFC 3986, -section,,,,,, -path,/_SERVER_PATH////,BLANK,,BLANK,,BLANK,,BLANK From tmraz at fedoraproject.org Tue Sep 8 13:43:44 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Tue, 08 Sep 2020 13:43:44 +0000 Subject: [openssl] master update Message-ID: <1599572624.503013.25143.nullmailer@dev.openssl.org> The branch master has been updated via 924663c36d47066d5307937da77fed7e872730c7 (commit) from d96486dc809b5d134055785bfa6d707195d95534 (commit) - Log ----------------------------------------------------------------- commit 924663c36d47066d5307937da77fed7e872730c7 Author: Jakub Zelenka Date: Sun Sep 6 19:11:34 2020 +0100 Add CMS AuthEnvelopedData with AES-GCM support Add the AuthEnvelopedData as defined in RFC 5083 with AES-GCM parameter as defined in RFC 5084. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8024) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/evp_asn1.c | 108 +++++++++-- crypto/cms/cms_asn1.c | 12 ++ crypto/cms/cms_enc.c | 32 +++- crypto/cms/cms_env.c | 345 ++++++++++++++++++++++++++-------- crypto/cms/cms_err.c | 3 + crypto/cms/cms_kari.c | 4 +- crypto/cms/cms_lib.c | 24 +++ crypto/cms/cms_local.h | 21 ++- crypto/cms/cms_pwri.c | 16 +- crypto/cms/cms_smime.c | 20 +- crypto/err/openssl.txt | 3 + crypto/evp/evp_lib.c | 107 ++++++++--- crypto/evp/evp_local.h | 5 + doc/man1/openssl-cms.pod.in | 3 + doc/man3/CMS_EnvelopedData_create.pod | 48 +++-- doc/man3/CMS_decrypt.pod | 6 +- doc/man3/CMS_encrypt.pod | 22 ++- include/crypto/asn1.h | 9 + include/crypto/evp.h | 12 ++ include/openssl/asn1err.h | 1 + include/openssl/cms.h | 5 + include/openssl/cmserr.h | 2 + test/cmsapitest.c | 29 ++- test/drbgtest.c | 1 + test/recipes/80-test_cms.t | 26 ++- util/libcrypto.num | 2 + 26 files changed, 686 insertions(+), 180 deletions(-) diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c index c775a22181..844aabe603 100644 --- a/crypto/asn1/evp_asn1.c +++ b/crypto/asn1/evp_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,7 @@ #include "internal/cryptlib.h" #include #include +#include "crypto/asn1.h" int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) { @@ -46,6 +47,34 @@ int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_l return ret; } +static ossl_inline void asn1_type_init_oct(ASN1_OCTET_STRING *oct, + unsigned char *data, int len) +{ + oct->data = data; + oct->type = V_ASN1_OCTET_STRING; + oct->length = len; + oct->flags = 0; +} + +static int asn1_type_get_int_oct(ASN1_OCTET_STRING *oct, int32_t anum, + long *num, unsigned char *data, int max_len) +{ + int ret = ASN1_STRING_length(oct), n; + + if (num != NULL) + *num = anum; + + if (max_len > ret) + n = ret; + else + n = max_len; + + if (data != NULL) + memcpy(data, ASN1_STRING_get0_data(oct), n); + + return ret; +} + typedef struct { int32_t num; ASN1_OCTET_STRING *oct; @@ -66,25 +95,18 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data, atmp.num = num; atmp.oct = &oct; - oct.data = data; - oct.type = V_ASN1_OCTET_STRING; - oct.length = len; - oct.flags = 0; + asn1_type_init_oct(&oct, data, len); if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(asn1_int_oct), &atmp, &a)) return 1; return 0; } -/* - * we return the actual length... - */ -/* int max_len: for returned value */ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, unsigned char *data, int max_len) { asn1_int_oct *atmp = NULL; - int ret = -1, n; + int ret = -1; if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) { goto err; @@ -95,17 +117,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, if (atmp == NULL) goto err; - if (num != NULL) - *num = atmp->num; + ret = asn1_type_get_int_oct(atmp->oct, atmp->num, num, data, max_len); - ret = ASN1_STRING_length(atmp->oct); - if (max_len > ret) - n = ret; - else - n = max_len; - - if (data != NULL) - memcpy(data, ASN1_STRING_get0_data(atmp->oct), n); if (ret == -1) { err: ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG); @@ -113,3 +126,58 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, M_ASN1_free_of(atmp, asn1_int_oct); return ret; } + +typedef struct { + ASN1_OCTET_STRING *oct; + int32_t num; +} asn1_oct_int; + +/* + * Defined in RFC 5084 - + * Section 2. "Content-Authenticated Encryption Algorithms" + */ +ASN1_SEQUENCE(asn1_oct_int) = { + ASN1_SIMPLE(asn1_oct_int, oct, ASN1_OCTET_STRING), + ASN1_EMBED(asn1_oct_int, num, INT32) +} static_ASN1_SEQUENCE_END(asn1_oct_int) + +DECLARE_ASN1_ITEM(asn1_oct_int) + +int asn1_type_set_octetstring_int(ASN1_TYPE *a, long num, unsigned char *data, + int len) +{ + asn1_oct_int atmp; + ASN1_OCTET_STRING oct; + + atmp.num = num; + atmp.oct = &oct; + asn1_type_init_oct(&oct, data, len); + + if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(asn1_oct_int), &atmp, &a)) + return 1; + return 0; +} + +int asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num, + unsigned char *data, int max_len) +{ + asn1_oct_int *atmp = NULL; + int ret = -1; + + if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) + goto err; + + atmp = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(asn1_oct_int), a); + + if (atmp == NULL) + goto err; + + ret = asn1_type_get_int_oct(atmp->oct, atmp->num, num, data, max_len); + + if (ret == -1) { + err: + ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING_INT, ASN1_R_DATA_IS_WRONG); + } + M_ASN1_free_of(atmp, asn1_oct_int); + return ret; +} diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index 082885dca8..8bf2f8f1cc 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -245,6 +245,17 @@ ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = { ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1) } ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData) +/* Defined in RFC 5083 - Section 2.1. AuthEnvelopedData Type */ +ASN1_NDEF_SEQUENCE(CMS_AuthEnvelopedData) = { + ASN1_EMBED(CMS_AuthEnvelopedData, version, INT32), + ASN1_IMP_OPT(CMS_AuthEnvelopedData, originatorInfo, CMS_OriginatorInfo, 0), + ASN1_SET_OF(CMS_AuthEnvelopedData, recipientInfos, CMS_RecipientInfo), + ASN1_SIMPLE(CMS_AuthEnvelopedData, authEncryptedContentInfo, CMS_EncryptedContentInfo), + ASN1_IMP_SET_OF_OPT(CMS_AuthEnvelopedData, authAttrs, X509_ALGOR, 2), + ASN1_SIMPLE(CMS_AuthEnvelopedData, mac, ASN1_OCTET_STRING), + ASN1_IMP_SET_OF_OPT(CMS_AuthEnvelopedData, unauthAttrs, X509_ALGOR, 3) +} ASN1_NDEF_SEQUENCE_END(CMS_AuthEnvelopedData) + ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = { ASN1_EMBED(CMS_AuthenticatedData, version, INT32), ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0), @@ -273,6 +284,7 @@ ASN1_ADB(CMS_ContentInfo) = { ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)), ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)), ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)), + ADB_ENTRY(NID_id_smime_ct_authEnvelopedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authEnvelopedData, CMS_AuthEnvelopedData, 0)), ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)), ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)), } ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL); diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index 48934ef2a1..ef87fac8ef 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -14,6 +14,7 @@ #include #include #include +#include "crypto/evp.h" #include "cms_local.h" /* CMS EncryptedData Utilities */ @@ -28,9 +29,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, EVP_CIPHER *fetched_ciph = NULL; const EVP_CIPHER *cipher = NULL; X509_ALGOR *calg = ec->contentEncryptionAlgorithm; + evp_cipher_aead_asn1_params aparams; unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL; unsigned char *tkey = NULL; int len; + int ivlen = 0; size_t tkeylen = 0; int ok = 0; int enc, keep_key = 0; @@ -76,7 +79,6 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, } if (enc) { - int ivlen; calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx)); /* Generate a random IV if we need one */ ivlen = EVP_CIPHER_CTX_iv_length(ctx); @@ -85,10 +87,20 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, goto err; piv = iv; } - } else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) { - CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, - CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); - goto err; + } else { + if (evp_cipher_asn1_to_param_ex(ctx, calg->parameter, &aparams) <= 0) { + CMSerr(0, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); + goto err; + } + if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) { + piv = aparams.iv; + if (ec->taglen > 0 + && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + ec->taglen, ec->tag) <= 0) { + CMSerr(0, CMS_R_CIPHER_AEAD_SET_TAG_ERROR); + goto err; + } + } } len = EVP_CIPHER_CTX_key_length(ctx); if (len <= 0) @@ -150,7 +162,15 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE); goto err; } - if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) { + if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) { + memcpy(aparams.iv, piv, ivlen); + aparams.iv_len = ivlen; + aparams.tag_len = EVP_CIPHER_CTX_tag_length(ctx); + if (aparams.tag_len <= 0) + goto err; + } + + if (evp_cipher_param_to_asn1_ex(ctx, calg->parameter, &aparams) <= 0) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); goto err; diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 1fed65c442..944846ca98 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -24,9 +24,28 @@ DEFINE_STACK_OF(CMS_RevocationInfoChoice) DEFINE_STACK_OF(X509_ATTRIBUTE) /* CMS EnvelopedData Utilities */ - static void cms_env_set_version(CMS_EnvelopedData *env); +#define CMS_ENVELOPED_STANDARD 1 +#define CMS_ENVELOPED_AUTH 2 + +static int cms_get_enveloped_type(const CMS_ContentInfo *cms) +{ + int nid = OBJ_obj2nid(cms->contentType); + + switch (nid) { + case NID_pkcs7_enveloped: + return CMS_ENVELOPED_STANDARD; + + case NID_id_smime_ct_authEnvelopedData: + return CMS_ENVELOPED_AUTH; + + default: + CMSerr(0, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); + return 0; + } +} + CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) { if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) { @@ -37,11 +56,20 @@ CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) return cms->d.envelopedData; } +CMS_AuthEnvelopedData *cms_get0_auth_enveloped(CMS_ContentInfo *cms) +{ + if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_authEnvelopedData) { + CMSerr(0, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); + return NULL; + } + return cms->d.authEnvelopedData; +} + static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms) { if (cms->d.other == NULL) { cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData); - if (!cms->d.envelopedData) { + if (cms->d.envelopedData == NULL) { CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, ERR_R_MALLOC_FAILURE); return NULL; } @@ -55,6 +83,26 @@ static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms) return cms_get0_enveloped(cms); } +static CMS_AuthEnvelopedData * +cms_auth_enveloped_data_init(CMS_ContentInfo *cms) +{ + if (cms->d.other == NULL) { + cms->d.authEnvelopedData = M_ASN1_new_of(CMS_AuthEnvelopedData); + if (cms->d.authEnvelopedData == NULL) { + CMSerr(0, ERR_R_MALLOC_FAILURE); + return NULL; + } + /* Defined in RFC 5083 - Section 2.1. "AuthEnvelopedData Type" */ + cms->d.authEnvelopedData->version = 0; + cms->d.authEnvelopedData->authEncryptedContentInfo->contentType = + OBJ_nid2obj(NID_pkcs7_data); + ASN1_OBJECT_free(cms->contentType); + cms->contentType = OBJ_nid2obj(NID_id_smime_ct_authEnvelopedData); + return cms->d.authEnvelopedData; + } + return cms_get0_auth_enveloped(cms); +} + int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd) { EVP_PKEY *pkey; @@ -86,13 +134,32 @@ int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd) return 1; } +CMS_EncryptedContentInfo* cms_get0_env_enc_content(const CMS_ContentInfo *cms) +{ + switch (cms_get_enveloped_type(cms)) { + case CMS_ENVELOPED_STANDARD: + return cms->d.envelopedData->encryptedContentInfo; + + case CMS_ENVELOPED_AUTH: + return cms->d.authEnvelopedData->authEncryptedContentInfo; + + default: + return NULL; + } +} + STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms) { - CMS_EnvelopedData *env; - env = cms_get0_enveloped(cms); - if (!env) + switch (cms_get_enveloped_type(cms)) { + case CMS_ENVELOPED_STANDARD: + return cms->d.envelopedData->recipientInfos; + + case CMS_ENVELOPED_AUTH: + return cms->d.authEnvelopedData->recipientInfos; + + default: return NULL; - return env->recipientInfos; + } } void cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms) @@ -169,45 +236,34 @@ CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher) return CMS_EnvelopedData_create_with_libctx(cipher, NULL, NULL); } -int cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain) +CMS_ContentInfo * +CMS_AuthEnvelopedData_create_with_libctx(const EVP_CIPHER *cipher, + OPENSSL_CTX *libctx, + const char *propq) { - CMS_EnvelopedData *env = NULL; - EVP_CIPHER_CTX *ctx = NULL; - BIO *mbio = BIO_find_type(chain, BIO_TYPE_CIPHER); - - env = cms_get0_enveloped(cms); - if (env == NULL) - return 0; - - if (mbio == NULL) { - CMSerr(CMS_F_CMS_ENVELOPEDDATA_FINAL, CMS_R_CONTENT_NOT_FOUND); - return 0; - } - - BIO_get_cipher_ctx(mbio, &ctx); - - /* - * If the selected cipher supports unprotected attributes, - * deal with it using special ctrl function - */ - if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) { - if (cms->d.envelopedData->unprotectedAttrs == NULL) - cms->d.envelopedData->unprotectedAttrs = sk_X509_ATTRIBUTE_new_null(); + CMS_ContentInfo *cms; + CMS_AuthEnvelopedData *aenv; - if (cms->d.envelopedData->unprotectedAttrs == NULL) { - CMSerr(CMS_F_CMS_ENVELOPEDDATA_FINAL, ERR_R_MALLOC_FAILURE); - return 0; - } + cms = CMS_ContentInfo_new_with_libctx(libctx, propq); + if (cms == NULL) + goto merr; + aenv = cms_auth_enveloped_data_init(cms); + if (aenv == NULL) + goto merr; + if (!cms_EncryptedContent_init(aenv->authEncryptedContentInfo, + cipher, NULL, 0, cms_get0_cmsctx(cms))) + goto merr; + return cms; + merr: + CMS_ContentInfo_free(cms); + CMSerr(0, ERR_R_MALLOC_FAILURE); + return NULL; +} - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, - 1, env->unprotectedAttrs) <= 0) { - CMSerr(CMS_F_CMS_ENVELOPEDDATA_FINAL, CMS_R_CTRL_FAILURE); - return 0; - } - } - cms_env_set_version(cms->d.envelopedData); - return 1; +CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher) +{ + return CMS_AuthEnvelopedData_create_with_libctx(cipher, NULL, NULL); } /* Key Transport Recipient Info (KTRI) routines */ @@ -272,17 +328,17 @@ CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, X509 *originator, unsigned int flags) { CMS_RecipientInfo *ri = NULL; - CMS_EnvelopedData *env; + STACK_OF(CMS_RecipientInfo) *ris; EVP_PKEY *pk = NULL; const CMS_CTX *ctx = cms_get0_cmsctx(cms); - env = cms_get0_enveloped(cms); - if (!env) + ris = CMS_get0_RecipientInfos(cms); + if (ris == NULL) goto err; /* Initialize recipient info */ ri = M_ASN1_new_of(CMS_RecipientInfo); - if (!ri) + if (ri == NULL) goto merr; pk = X509_get0_pubkey(recip); @@ -311,7 +367,7 @@ CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, } - if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) + if (!sk_CMS_RecipientInfo_push(ris, ri)) goto merr; return ri; @@ -324,8 +380,8 @@ CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, } -CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, - X509 *recip, unsigned int flags) +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, + unsigned int flags) { return CMS_add1_recipient(cms, recip, NULL, NULL, flags); } @@ -408,7 +464,7 @@ static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms, return 0; } ktri = ri->d.ktri; - ec = cms->d.envelopedData->encryptedContentInfo; + ec = cms_get0_env_enc_content(cms); pctx = ktri->pctx; @@ -471,7 +527,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, CMS_EncryptedContentInfo *ec; const CMS_CTX *ctx = cms_get0_cmsctx(cms); - ec = cms->d.envelopedData->encryptedContentInfo; + ec = cms_get0_env_enc_content(cms); if (ktri->pkey == NULL) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_NO_PRIVATE_KEY); @@ -598,10 +654,10 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, ASN1_TYPE *otherType) { CMS_RecipientInfo *ri = NULL; - CMS_EnvelopedData *env; CMS_KEKRecipientInfo *kekri; - env = cms_get0_enveloped(cms); - if (!env) + STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms); + + if (ris == NULL) goto err; if (nid == NID_undef) { @@ -658,7 +714,7 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, goto merr; } - if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) + if (!sk_CMS_RecipientInfo_push(ris, ri)) goto merr; /* After this point no calls can fail */ @@ -774,7 +830,9 @@ static int cms_RecipientInfo_kekri_encrypt(const CMS_ContentInfo *cms, EVP_CIPHER_CTX *ctx = NULL; const CMS_CTX *cms_ctx = cms_get0_cmsctx(cms); - ec = cms->d.envelopedData->encryptedContentInfo; + ec = cms_get0_env_enc_content(cms); + if (ec == NULL) + return 0; kekri = ri->d.kekri; @@ -843,7 +901,9 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, EVP_CIPHER_CTX *ctx = NULL; const CMS_CTX *cms_ctx = cms_get0_cmsctx(cms); - ec = cms->d.envelopedData->encryptedContentInfo; + ec = cms_get0_env_enc_content(cms); + if (ec == NULL) + return 0; kekri = ri->d.kekri; @@ -1013,6 +1073,28 @@ static void cms_env_set_version(CMS_EnvelopedData *env) env->version = 0; } +static int cms_env_encrypt_content_key(const CMS_ContentInfo *cms, + STACK_OF(CMS_RecipientInfo) *ris) +{ + int i; + CMS_RecipientInfo *ri; + + for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { + ri = sk_CMS_RecipientInfo_value(ris, i); + if (CMS_RecipientInfo_encrypt(cms, ri) <= 0) + return -1; + } + return 1; +} + +static void cms_env_clear_ec(CMS_EncryptedContentInfo *ec) +{ + ec->cipher = NULL; + OPENSSL_clear_free(ec->key, ec->keylen); + ec->key = NULL; + ec->keylen = 0; +} + static BIO *cms_EnvelopedData_Decryption_init_bio(CMS_ContentInfo *cms) { CMS_EncryptedContentInfo *ec = cms->d.envelopedData->encryptedContentInfo; @@ -1027,10 +1109,10 @@ static BIO *cms_EnvelopedData_Decryption_init_bio(CMS_ContentInfo *cms) BIO_free(contentBio); return NULL; } -/* - * If the selected cipher supports unprotected attributes, - * deal with it using special ctrl function - */ + /* + * If the selected cipher supports unprotected attributes, + * deal with it using special ctrl function + */ if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 0, cms->d.envelopedData->unprotectedAttrs) <= 0) { @@ -1044,13 +1126,13 @@ static BIO *cms_EnvelopedData_Encryption_init_bio(CMS_ContentInfo *cms) { CMS_EncryptedContentInfo *ec; STACK_OF(CMS_RecipientInfo) *rinfos; - CMS_RecipientInfo *ri; - int i, ok = 0; + int ok = 0; BIO *ret; + CMS_EnvelopedData *env = cms->d.envelopedData; /* Get BIO first to set up key */ - ec = cms->d.envelopedData->encryptedContentInfo; + ec = env->encryptedContentInfo; ret = cms_EncryptedContent_init_bio(ec, cms_get0_cmsctx(cms)); /* If error end of processing */ @@ -1058,24 +1140,20 @@ static BIO *cms_EnvelopedData_Encryption_init_bio(CMS_ContentInfo *cms) return ret; /* Now encrypt content key according to each RecipientInfo type */ - rinfos = cms->d.envelopedData->recipientInfos; - - for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) { - ri = sk_CMS_RecipientInfo_value(rinfos, i); - if (CMS_RecipientInfo_encrypt(cms, ri) <= 0) { - CMSerr(0, CMS_R_ERROR_SETTING_RECIPIENTINFO); - goto err; - } + rinfos = env->recipientInfos; + if (cms_env_encrypt_content_key(cms, rinfos) < 0) { + CMSerr(CMS_F_CMS_ENVELOPEDDATA_ENCRYPTION_INIT_BIO, + CMS_R_ERROR_SETTING_RECIPIENTINFO); + goto err; } - cms_env_set_version(cms->d.envelopedData); + + /* And finally set the version */ + cms_env_set_version(env); ok = 1; err: - ec->cipher = NULL; - OPENSSL_clear_free(ec->key, ec->keylen); - ec->key = NULL; - ec->keylen = 0; + cms_env_clear_ec(ec); if (ok) return ret; BIO_free(ret); @@ -1093,6 +1171,121 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) return cms_EnvelopedData_Decryption_init_bio(cms); } +BIO *cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms) +{ + CMS_EncryptedContentInfo *ec; + STACK_OF(CMS_RecipientInfo) *rinfos; + int ok = 0; + BIO *ret; + CMS_AuthEnvelopedData *aenv = cms->d.authEnvelopedData; + + /* Get BIO first to set up key */ + ec = aenv->authEncryptedContentInfo; + /* Set tag for decryption */ + if (ec->cipher == NULL) { + ec->tag = aenv->mac->data; + ec->taglen = aenv->mac->length; + } + ret = cms_EncryptedContent_init_bio(ec, cms_get0_cmsctx(cms)); + + /* If error or no cipher end of processing */ + if (ret == NULL || ec->cipher == NULL) + return ret; + + /* Now encrypt content key according to each RecipientInfo type */ + rinfos = aenv->recipientInfos; + if (cms_env_encrypt_content_key(cms, rinfos) < 0) { + CMSerr(0, CMS_R_ERROR_SETTING_RECIPIENTINFO); + goto err; + } + + /* And finally set the version */ + aenv->version = 0; + + ok = 1; + + err: + cms_env_clear_ec(ec); + if (ok) + return ret; + BIO_free(ret); + return NULL; +} + +int cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain) +{ + CMS_EnvelopedData *env = NULL; + EVP_CIPHER_CTX *ctx = NULL; + BIO *mbio = BIO_find_type(chain, BIO_TYPE_CIPHER); + + env = cms_get0_enveloped(cms); + if (env == NULL) + return 0; + + if (mbio == NULL) { + CMSerr(CMS_F_CMS_ENVELOPEDDATA_FINAL, CMS_R_CONTENT_NOT_FOUND); + return 0; + } + + BIO_get_cipher_ctx(mbio, &ctx); + + /* + * If the selected cipher supports unprotected attributes, + * deal with it using special ctrl function + */ + if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) { + if (env->unprotectedAttrs == NULL) + env->unprotectedAttrs = sk_X509_ATTRIBUTE_new_null(); + + if (env->unprotectedAttrs == NULL) { + CMSerr(CMS_F_CMS_ENVELOPEDDATA_FINAL, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, + 1, env->unprotectedAttrs) <= 0) { + CMSerr(CMS_F_CMS_ENVELOPEDDATA_FINAL, CMS_R_CTRL_FAILURE); + return 0; + } + } + + cms_env_set_version(cms->d.envelopedData); + return 1; +} + +int cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio) +{ + EVP_CIPHER_CTX *ctx; + unsigned char *tag = NULL; + int taglen, ok = 0; + + BIO_get_cipher_ctx(cmsbio, &ctx); + + /* + * The tag is set only for encryption. There is nothing to do for + * decryption. + */ + if (!EVP_CIPHER_CTX_encrypting(ctx)) + return 1; + + taglen = EVP_CIPHER_CTX_tag_length(ctx); + if (taglen <= 0 + || (tag = OPENSSL_malloc(taglen)) == NULL + || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, + tag) <= 0) { + CMSerr(0, CMS_R_CIPHER_GET_TAG); + goto err; + } + + if (!ASN1_OCTET_STRING_set(cms->d.authEnvelopedData->mac, tag, taglen)) + goto err; + + ok = 1; +err: + OPENSSL_free(tag); + return ok; +} + /* * Get RecipientInfo type (if any) supported by a key (public or private). To * retain compatibility with previous behaviour if the ctrl value isn't diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c index 16e25afc7f..da14c726c4 100644 --- a/crypto/cms/cms_err.c +++ b/crypto/cms/cms_err.c @@ -22,6 +22,9 @@ static const ERR_STRING_DATA CMS_str_reasons[] = { "certificate has no keyid"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_AEAD_SET_TAG_ERROR), + "cipher aead set tag error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_GET_TAG), "cipher get tag"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_INITIALISATION_ERROR), "cipher initialisation error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR), diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index 97b601b3bc..b5d85b7d67 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -291,7 +291,7 @@ int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, /* Attempt to decrypt CEK */ if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0)) goto err; - ec = cms->d.envelopedData->encryptedContentInfo; + ec = cms_get0_env_enc_content(cms); OPENSSL_clear_free(ec->key, ec->keylen); ec->key = cek; ec->keylen = ceklen; @@ -533,7 +533,7 @@ int cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms, } kari = ri->d.kari; reks = kari->recipientEncryptedKeys; - ec = cms->d.envelopedData->encryptedContentInfo; + ec = cms_get0_env_enc_content(cms); /* Initialise wrap algorithm parameters */ if (!cms_wrap_init(kari, ec->cipher)) return 0; diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index 7c9b2494a2..9fc8453d99 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -189,6 +189,10 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) cmsbio = cms_EnvelopedData_init_bio(cms); break; + case NID_id_smime_ct_authEnvelopedData: + cmsbio = cms_AuthEnvelopedData_init_bio(cms); + break; + default: CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE); goto err; @@ -239,6 +243,9 @@ int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio) case NID_pkcs7_enveloped: return cms_EnvelopedData_final(cms, cmsbio); + case NID_id_smime_ct_authEnvelopedData: + return cms_AuthEnvelopedData_final(cms, cmsbio); + case NID_pkcs7_signed: return cms_SignedData_final(cms, cmsbio); @@ -275,6 +282,10 @@ ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms) case NID_pkcs7_encrypted: return &cms->d.encryptedData->encryptedContentInfo->encryptedContent; + case NID_id_smime_ct_authEnvelopedData: + return &cms->d.authEnvelopedData->authEncryptedContentInfo + ->encryptedContent; + case NID_id_smime_ct_authData: return &cms->d.authenticatedData->encapContentInfo->eContent; @@ -311,6 +322,9 @@ static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms) case NID_pkcs7_encrypted: return &cms->d.encryptedData->encryptedContentInfo->contentType; + case NID_id_smime_ct_authEnvelopedData: + return &cms->d.authEnvelopedData->authEncryptedContentInfo + ->contentType; case NID_id_smime_ct_authData: return &cms->d.authenticatedData->encapContentInfo->eContentType; @@ -472,6 +486,11 @@ static STACK_OF(CMS_CertificateChoices) return NULL; return &cms->d.envelopedData->originatorInfo->certificates; + case NID_id_smime_ct_authEnvelopedData: + if (cms->d.authEnvelopedData->originatorInfo == NULL) + return NULL; + return &cms->d.authEnvelopedData->originatorInfo->certificates; + default: CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES, CMS_R_UNSUPPORTED_CONTENT_TYPE); @@ -551,6 +570,11 @@ static STACK_OF(CMS_RevocationInfoChoice) return NULL; return &cms->d.envelopedData->originatorInfo->crls; + case NID_id_smime_ct_authEnvelopedData: + if (cms->d.authEnvelopedData->originatorInfo == NULL) + return NULL; + return &cms->d.authEnvelopedData->originatorInfo->crls; + default: CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES, CMS_R_UNSUPPORTED_CONTENT_TYPE); diff --git a/crypto/cms/cms_local.h b/crypto/cms/cms_local.h index 4e85459a54..336c354655 100644 --- a/crypto/cms/cms_local.h +++ b/crypto/cms/cms_local.h @@ -29,6 +29,7 @@ typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; typedef struct CMS_DigestedData_st CMS_DigestedData; typedef struct CMS_EncryptedData_st CMS_EncryptedData; typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData; +typedef struct CMS_AuthEnvelopedData_st CMS_AuthEnvelopedData; typedef struct CMS_CompressedData_st CMS_CompressedData; typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat; typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo; @@ -58,6 +59,7 @@ struct CMS_ContentInfo_st { CMS_EnvelopedData *envelopedData; CMS_DigestedData *digestedData; CMS_EncryptedData *encryptedData; + CMS_AuthEnvelopedData *authEnvelopedData; CMS_AuthenticatedData *authenticatedData; CMS_CompressedData *compressedData; ASN1_TYPE *other; @@ -127,10 +129,12 @@ struct CMS_EncryptedContentInfo_st { ASN1_OBJECT *contentType; X509_ALGOR *contentEncryptionAlgorithm; ASN1_OCTET_STRING *encryptedContent; - /* Content encryption algorithm and key */ + /* Content encryption algorithm, key and tag */ const EVP_CIPHER *cipher; unsigned char *key; size_t keylen; + unsigned char *tag; + size_t taglen; /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ int debug; /* Set to 1 if we have no cert and need extra safety measures for MMA */ @@ -269,6 +273,16 @@ struct CMS_AuthenticatedData_st { STACK_OF(X509_ATTRIBUTE) *unauthAttrs; }; +struct CMS_AuthEnvelopedData_st { + int32_t version; + CMS_OriginatorInfo *originatorInfo; + STACK_OF(CMS_RecipientInfo) *recipientInfos; + CMS_EncryptedContentInfo *authEncryptedContentInfo; + STACK_OF(X509_ATTRIBUTE) *authAttrs; + ASN1_OCTET_STRING *mac; + STACK_OF(X509_ATTRIBUTE) *unauthAttrs; +}; + struct CMS_CompressedData_st { int32_t version; X509_ALGOR *compressionAlgorithm; @@ -425,7 +439,11 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si); BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); int cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain); +BIO *cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms); +int cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio); CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms); +CMS_AuthEnvelopedData *cms_get0_auth_enveloped(CMS_ContentInfo *cms); +CMS_EncryptedContentInfo* cms_get0_env_enc_content(const CMS_ContentInfo *cms); /* RecipientInfo routines */ int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd); @@ -457,6 +475,7 @@ DECLARE_ASN1_ITEM(CMS_CertificateChoices) DECLARE_ASN1_ITEM(CMS_DigestedData) DECLARE_ASN1_ITEM(CMS_EncryptedData) DECLARE_ASN1_ITEM(CMS_EnvelopedData) +DECLARE_ASN1_ITEM(CMS_AuthEnvelopedData) DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo) DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo) DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index 1ca5a7ee07..e281bd72f2 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -44,8 +44,9 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, ossl_ssize_t passlen, const EVP_CIPHER *kekciph) { + STACK_OF(CMS_RecipientInfo) *ris; CMS_RecipientInfo *ri = NULL; - CMS_EnvelopedData *env; + CMS_EncryptedContentInfo *ec; CMS_PasswordRecipientInfo *pwri; EVP_CIPHER_CTX *ctx = NULL; X509_ALGOR *encalg = NULL; @@ -53,8 +54,11 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, int ivlen; const CMS_CTX *cms_ctx = cms_get0_cmsctx(cms); - env = cms_get0_enveloped(cms); - if (!env) + ec = cms_get0_env_enc_content(cms); + if (ec == NULL) + return NULL; + ris = CMS_get0_RecipientInfos(cms); + if (ris == NULL) return NULL; if (wrap_nid <= 0) @@ -65,7 +69,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, /* Get from enveloped data */ if (kekciph == NULL) - kekciph = env->encryptedContentInfo->cipher; + kekciph = ec->cipher; if (kekciph == NULL) { CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, CMS_R_NO_CIPHER); @@ -156,7 +160,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, CMS_RecipientInfo_set0_password(ri, pass, passlen); pwri->version = 0; - if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) + if (!sk_CMS_RecipientInfo_push(ris, ri)) goto merr; return ri; @@ -292,7 +296,7 @@ int cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, size_t keylen; const CMS_CTX *cms_ctx = cms_get0_cmsctx(cms); - ec = cms->d.envelopedData->encryptedContentInfo; + ec = cms_get0_env_enc_content(cms); pwri = ri->d.pwri; diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 11c9fed1a8..92de68aa57 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -638,7 +638,10 @@ CMS_ContentInfo *CMS_encrypt_with_libctx(STACK_OF(X509) *certs, int i; X509 *recip; - cms = CMS_EnvelopedData_create_with_libctx(cipher, libctx, propq); + + cms = (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) + ? CMS_AuthEnvelopedData_create_with_libctx(cipher, libctx, propq) + : CMS_EnvelopedData_create_with_libctx(cipher, libctx, propq); if (cms == NULL) goto merr; for (i = 0; i < sk_X509_num(certs); i++) { @@ -711,7 +714,7 @@ int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk, ris = CMS_get0_RecipientInfos(cms); if (ris != NULL) - debug = cms->d.envelopedData->encryptedContentInfo->debug; + debug = cms_get0_env_enc_content(cms)->debug; cms_pkey_ri_type = cms_pkey_get_ri_type(pk); if (cms_pkey_ri_type == CMS_RECIPINFO_NONE) { @@ -848,20 +851,23 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, int r; BIO *cont; - if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) { + int nid = OBJ_obj2nid(CMS_get0_type(cms)); + + if (nid != NID_pkcs7_enveloped + && nid != NID_id_smime_ct_authEnvelopedData) { CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA); return 0; } if (dcont == NULL && !check_content(cms)) return 0; if (flags & CMS_DEBUG_DECRYPT) - cms->d.envelopedData->encryptedContentInfo->debug = 1; + cms_get0_env_enc_content(cms)->debug = 1; else - cms->d.envelopedData->encryptedContentInfo->debug = 0; + cms_get0_env_enc_content(cms)->debug = 0; if (cert == NULL) - cms->d.envelopedData->encryptedContentInfo->havenocert = 1; + cms_get0_env_enc_content(cms)->havenocert = 1; else - cms->d.envelopedData->encryptedContentInfo->havenocert = 0; + cms_get0_env_enc_content(cms)->havenocert = 0; if (pk == NULL && cert == NULL && dcont == NULL && out == NULL) return 1; if (pk != NULL && !CMS_decrypt_set1_pkey(cms, pk, cert)) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 256ec35588..44e36805f6 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -63,6 +63,7 @@ ASN1_F_ASN1_TEMPLATE_NOEXP_D2I:131:asn1_template_noexp_d2i ASN1_F_ASN1_TIME_ADJ:217:ASN1_TIME_adj ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING:134:ASN1_TYPE_get_int_octetstring ASN1_F_ASN1_TYPE_GET_OCTETSTRING:135:ASN1_TYPE_get_octetstring +ASN1_F_ASN1_TYPE_GET_OCTETSTRING_INT:146: ASN1_F_ASN1_UTCTIME_ADJ:218:ASN1_UTCTIME_adj ASN1_F_ASN1_VERIFY:137:ASN1_verify ASN1_F_B64_READ_ASN1:209:b64_read_asn1 @@ -2172,6 +2173,8 @@ CMS_R_ATTRIBUTE_ERROR:161:attribute error CMS_R_CERTIFICATE_ALREADY_PRESENT:175:certificate already present CMS_R_CERTIFICATE_HAS_NO_KEYID:160:certificate has no keyid CMS_R_CERTIFICATE_VERIFY_ERROR:100:certificate verify error +CMS_R_CIPHER_AEAD_SET_TAG_ERROR:184:cipher aead set tag error +CMS_R_CIPHER_GET_TAG:185:cipher get tag CMS_R_CIPHER_INITIALISATION_ERROR:101:cipher initialisation error CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR:102:\ cipher parameter initialisation error diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 676461a51b..81151e4f01 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -22,11 +22,59 @@ #include #include #include "crypto/evp.h" +#include "crypto/asn1.h" #include "internal/provider.h" #include "evp_local.h" #if !defined(FIPS_MODULE) int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +{ + return evp_cipher_param_to_asn1_ex(c, type, NULL); +} + +int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +{ + return evp_cipher_asn1_to_param_ex(c, type, NULL); +} + +int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) +{ + int i = 0; + unsigned int l; + + if (type != NULL) { + unsigned char iv[EVP_MAX_IV_LENGTH]; + + l = EVP_CIPHER_CTX_iv_length(ctx); + if (!ossl_assert(l <= sizeof(iv))) + return -1; + i = ASN1_TYPE_get_octetstring(type, iv, l); + if (i != (int)l) + return -1; + + if (!EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1)) + return -1; + } + return i; +} + +int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +{ + int i = 0; + unsigned int j; + unsigned char *oiv = NULL; + + if (type != NULL) { + oiv = (unsigned char *)EVP_CIPHER_CTX_original_iv(c); + j = EVP_CIPHER_CTX_iv_length(c); + OPENSSL_assert(j <= sizeof(c->iv)); + i = ASN1_TYPE_set_octetstring(type, oiv, j); + } + return i; +} + +int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, + evp_cipher_aead_asn1_params *asn1_params) { int ret = -1; /* Assume the worst */ const EVP_CIPHER *cipher = c->cipher; @@ -58,6 +106,9 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) break; case EVP_CIPH_GCM_MODE: + ret = evp_cipher_set_asn1_aead_params(c, type, asn1_params); + break; + case EVP_CIPH_CCM_MODE: case EVP_CIPH_XTS_MODE: case EVP_CIPH_OCB_MODE: @@ -104,15 +155,16 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) err: if (ret == -2) - EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, ASN1_R_UNSUPPORTED_CIPHER); + EVPerr(0, EVP_R_UNSUPPORTED_CIPHER); else if (ret <= 0) - EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, EVP_R_CIPHER_PARAMETER_ERROR); + EVPerr(0, EVP_R_CIPHER_PARAMETER_ERROR); if (ret < -1) ret = -1; return ret; } -int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, + evp_cipher_aead_asn1_params *asn1_params) { int ret = -1; /* Assume the worst */ const EVP_CIPHER *cipher = c->cipher; @@ -142,6 +194,9 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) break; case EVP_CIPH_GCM_MODE: + ret = evp_cipher_get_asn1_aead_params(c, type, asn1_params); + break; + case EVP_CIPH_CCM_MODE: case EVP_CIPH_XTS_MODE: case EVP_CIPH_OCB_MODE: @@ -170,47 +225,43 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) } if (ret == -2) - EVPerr(EVP_F_EVP_CIPHER_ASN1_TO_PARAM, EVP_R_UNSUPPORTED_CIPHER); + EVPerr(0, EVP_R_UNSUPPORTED_CIPHER); else if (ret <= 0) - EVPerr(EVP_F_EVP_CIPHER_ASN1_TO_PARAM, EVP_R_CIPHER_PARAMETER_ERROR); + EVPerr(0, EVP_R_CIPHER_PARAMETER_ERROR); if (ret < -1) ret = -1; return ret; } -int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) +int evp_cipher_get_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type, + evp_cipher_aead_asn1_params *asn1_params) { int i = 0; - unsigned int l; + long tl; + unsigned char iv[EVP_MAX_IV_LENGTH]; - if (type != NULL) { - unsigned char iv[EVP_MAX_IV_LENGTH]; + if (type == NULL || asn1_params == NULL) + return 0; - l = EVP_CIPHER_CTX_iv_length(ctx); - if (!ossl_assert(l <= sizeof(iv))) - return -1; - i = ASN1_TYPE_get_octetstring(type, iv, l); - if (i != (int)l) - return -1; + i = asn1_type_get_octetstring_int(type, &tl, NULL, EVP_MAX_IV_LENGTH); + if (i <= 0) + return -1; + asn1_type_get_octetstring_int(type, &tl, iv, i); + + memcpy(asn1_params->iv, iv, i); + asn1_params->iv_len = i; - if (!EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1)) - return -1; - } return i; } -int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +int evp_cipher_set_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type, + evp_cipher_aead_asn1_params *asn1_params) { - int i = 0; - unsigned int j; - unsigned char oiv[EVP_MAX_IV_LENGTH]; + if (type == NULL || asn1_params == NULL) + return 0; - if (type != NULL && EVP_CIPHER_CTX_get_iv(c, oiv, sizeof(oiv))) { - j = EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(j <= sizeof(c->iv)); - i = ASN1_TYPE_set_octetstring(type, oiv, j); - } - return i; + return asn1_type_set_octetstring_int(type, asn1_params->tag_len, + asn1_params->iv, asn1_params->iv_len); } #endif /* !defined(FIPS_MODULE) */ diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index 1e1d689070..e7f7643d83 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -240,6 +240,11 @@ EVP_KEYMGMT *evp_keymgmt_fetch_by_number(OPENSSL_CTX *ctx, int name_id, EVP_MD *evp_md_new(void); EVP_CIPHER *evp_cipher_new(void); +int evp_cipher_get_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type, + evp_cipher_aead_asn1_params *asn1_params); +int evp_cipher_set_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type, + evp_cipher_aead_asn1_params *asn1_params); + /* Helper functions to avoid duplicating code */ /* diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in index def9766b3c..ebe3fbda8c 100644 --- a/doc/man1/openssl-cms.pod.in +++ b/doc/man1/openssl-cms.pod.in @@ -309,6 +309,9 @@ EVP_get_cipherbyname() function) can also be used preceded by a dash, for example B<-aes-128-cbc>. See L for a list of ciphers supported by your version of OpenSSL. +Currently the AES variants with GCM mode are the only supported AEAD +algorithms. + If not specified triple DES is used. Only used with B<-encrypt> and B<-EncryptedData_create> commands. diff --git a/doc/man3/CMS_EnvelopedData_create.pod b/doc/man3/CMS_EnvelopedData_create.pod index e6903ea3f8..6978aaabcb 100644 --- a/doc/man3/CMS_EnvelopedData_create.pod +++ b/doc/man3/CMS_EnvelopedData_create.pod @@ -2,25 +2,39 @@ =head1 NAME -CMS_EnvelopedData_create_with_libctx, CMS_EnvelopedData_create +CMS_EnvelopedData_create_with_libctx, CMS_EnvelopedData_create, +CMS_AuthEnvelopedData_create, CMS_AuthEnvelopedData_create_with_libctx - Create CMS envelope =head1 SYNOPSIS #include - CMS_ContentInfo *CMS_EnvelopedData_create_with_libctx(const EVP_CIPHER *cipher, - OPENSSL_CTX *libctx, - const char *propq); + CMS_ContentInfo * + CMS_EnvelopedData_create_with_libctx(const EVP_CIPHER *cipher, + OPENSSL_CTX *libctx, + const char *propq); CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); + CMS_ContentInfo * + CMS_AuthEnvelopedData_create_with_libctx(const EVP_CIPHER *cipher, + OPENSSL_CTX *libctx, + const char *propq); + CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher); + =head1 DESCRIPTION -CMS_EnvelopedData_create_with_libctx() creates a B structure with -a type B. I is the symmetric cipher to use. The -library context I and the property query I are used when +CMS_EnvelopedData_create_with_libctx() creates a B structure +with a type B. I is the symmetric cipher to use. +The library context I and the property query I are used when retrieving algorithms from providers. +CMS_AuthEnvelopedData_create_with_libctx() creates a B +structure with a type B. B is the +symmetric AEAD cipher to use. Currently only AES variants with GCM mode are +supported. The library context I and the property query I are +used when retrieving algorithms from providers. + The algorithm passed in the I parameter must support ASN1 encoding of its parameters. @@ -30,21 +44,23 @@ L. The B structure needs to be finalized using L and then freed using L. -CMS_EnvelopedData_create() is similar to CMS_EnvelopedData_create_with_libctx() -but uses default values of NULL for the library context I and the -property query I. +CMS_EnvelopedData_create() and CMS_AuthEnvelopedData_create are similar to +CMS_EnvelopedData_create_with_libctx() and +CMS_AuthEnvelopedData_create_with_libctx() but use default values of NULL for +the library context I and the property query I. =head1 NOTES -Although CMS_EnvelopedData_create() allocates a new B -structure it is usually not used in applications. The wrappers -L and L are often used instead. +Although CMS_EnvelopedData_create() and CMS_AuthEnvelopedData_create() allocate +a new B structure, they are not usually used in applications. +The wrappers L and L are often used instead. =head1 RETURN VALUES -If the allocation fails, CMS_EnvelopedData_create() returns NULL and sets -an error code that can be obtained by L. -Otherwise it returns a pointer to the newly allocated structure. +If the allocation fails, CMS_EnvelopedData_create() and +CMS_AuthEnvelopedData_create() return NULL and set an error code that can be +obtained by L. Otherwise they return a pointer to the newly +allocated structure. =head1 SEE ALSO diff --git a/doc/man3/CMS_decrypt.pod b/doc/man3/CMS_decrypt.pod index 3124fa8394..4f8d32fbbb 100644 --- a/doc/man3/CMS_decrypt.pod +++ b/doc/man3/CMS_decrypt.pod @@ -18,9 +18,9 @@ content from a CMS envelopedData structure =head1 DESCRIPTION CMS_decrypt() extracts and decrypts the content from a CMS EnvelopedData -structure. B is the private key of the recipient, B is the -recipient's certificate, B is a BIO to write the content to and -B is an optional set of flags. +or AuthEnvelopedData structure. B is the private key of the recipient, +B is the recipient's certificate, B is a BIO to write the content to +and B is an optional set of flags. The B parameter is used in the rare case where the encrypted content is detached. It will normally be set to NULL. diff --git a/doc/man3/CMS_encrypt.pod b/doc/man3/CMS_encrypt.pod index 211ec18d36..9fe92e3ee6 100644 --- a/doc/man3/CMS_encrypt.pod +++ b/doc/man3/CMS_encrypt.pod @@ -11,17 +11,19 @@ CMS_encrypt_with_libctx, CMS_encrypt - create a CMS envelopedData structure CMS_ContentInfo *CMS_encrypt_with_libctx(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, unsigned int flags, - OPENSSL_CTX *libctx, const char *propq); + OPENSSL_CTX *libctx, + const char *propq); CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, unsigned int flags); =head1 DESCRIPTION -CMS_encrypt_with_libctx() creates and returns a CMS EnvelopedData structure. -I is a list of recipient certificates. I is the content to be -encrypted. I is the symmetric cipher to use. I is an optional set -of flags. The library context I and the property query I are used -internally when retrieving algorithms from providers. +CMS_encrypt_with_libctx() creates and returns a CMS EnvelopedData or +AuthEnvelopedData structure. I is a list of recipient certificates. +I is the content to be encrypted. I is the symmetric cipher to use. +I is an optional set of flags. The library context I and the +property query I are used internally when retrieving algorithms from +providers. Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this function. @@ -30,7 +32,9 @@ EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because most clients will support it. The algorithm passed in the B parameter must support ASN1 encoding of -its parameters. +its parameters. If the cipher mode is GCM, then an AuthEnvelopedData structure +containing MAC is used. Otherwise an EnvelopedData structure is used. Currently +the AES variants with GCM mode are the only supported AEAD algorithms. Many browsers implement a "sign and encrypt" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced @@ -81,8 +85,8 @@ and CMS_add0_recipient_key(). The parameter B may be NULL if B is set and recipients added later using CMS_add1_recipient_cert() or CMS_add0_recipient_key(). -CMS_encrypt() is similar to CMS_encrypt_with_libctx() but uses default values of -NULL for the library context I and the property query I. +CMS_encrypt() is similar to CMS_encrypt_with_libctx() but uses default values +of NULL for the library context I and the property query I. =head1 RETURN VALUES diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h index 624df3cb05..6e1d396851 100644 --- a/include/crypto/asn1.h +++ b/include/crypto/asn1.h @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ +#include + /* Internal ASN1 structures and functions: not for application use */ /* ASN1 public key method structure */ @@ -124,3 +126,10 @@ struct asn1_pctx_st { unsigned long oid_flags; unsigned long str_flags; } /* ASN1_PCTX */ ; + +/* ASN1 type functions */ + +int asn1_type_set_octetstring_int(ASN1_TYPE *a, long num, + unsigned char *data, int len); +int asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num, + unsigned char *data, int max_len); diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 7008e490e8..c488834511 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -511,6 +511,18 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ cipher##_init_key, NULL, NULL, NULL, NULL) +typedef struct { + unsigned char iv[EVP_MAX_IV_LENGTH]; + unsigned int iv_len; + unsigned int tag_len; +} evp_cipher_aead_asn1_params; + +int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, + evp_cipher_aead_asn1_params *params); + +int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, + evp_cipher_aead_asn1_params *params); + /* * An EVP_PKEY can have the following states: * diff --git a/include/openssl/asn1err.h b/include/openssl/asn1err.h index f610d8816d..b58339ba47 100644 --- a/include/openssl/asn1err.h +++ b/include/openssl/asn1err.h @@ -82,6 +82,7 @@ int ERR_load_ASN1_strings(void); # define ASN1_F_ASN1_TIME_ADJ 0 # define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 0 # define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 0 +# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING_INT 0 # define ASN1_F_ASN1_UTCTIME_ADJ 0 # define ASN1_F_ASN1_VERIFY 0 # define ASN1_F_B64_READ_ASN1 0 diff --git a/include/openssl/cms.h b/include/openssl/cms.h index 7397008fcb..ad6718dd6f 100644 --- a/include/openssl/cms.h +++ b/include/openssl/cms.h @@ -189,6 +189,11 @@ int CMS_decrypt_set1_password(CMS_ContentInfo *cms, STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); +CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher); +CMS_ContentInfo * +CMS_AuthEnvelopedData_create_with_libctx(const EVP_CIPHER *cipher, + OPENSSL_CTX *ctx, + const char *propq); CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); CMS_ContentInfo *CMS_EnvelopedData_create_with_libctx(const EVP_CIPHER *cipher, OPENSSL_CTX *ctx, diff --git a/include/openssl/cmserr.h b/include/openssl/cmserr.h index 97704bfa52..1e7daf044b 100644 --- a/include/openssl/cmserr.h +++ b/include/openssl/cmserr.h @@ -131,6 +131,8 @@ int ERR_load_CMS_strings(void); # define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 # define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 # define CMS_R_CERTIFICATE_VERIFY_ERROR 100 +# define CMS_R_CIPHER_AEAD_SET_TAG_ERROR 184 +# define CMS_R_CIPHER_GET_TAG 185 # define CMS_R_CIPHER_INITIALISATION_ERROR 101 # define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 # define CMS_R_CMS_DATAFINAL_ERROR 103 diff --git a/test/cmsapitest.c b/test/cmsapitest.c index 697daa814d..f90200e9ac 100644 --- a/test/cmsapitest.c +++ b/test/cmsapitest.c @@ -21,7 +21,7 @@ DEFINE_STACK_OF(X509) static X509 *cert = NULL; static EVP_PKEY *privkey = NULL; -static int test_encrypt_decrypt(void) +static int test_encrypt_decrypt(const EVP_CIPHER *cipher) { int testresult = 0; STACK_OF(X509) *certstack = sk_X509_new_null(); @@ -37,7 +37,7 @@ static int test_encrypt_decrypt(void) if (!TEST_int_gt(sk_X509_push(certstack, cert), 0)) goto end; - content = CMS_encrypt(certstack, msgbio, EVP_aes_128_cbc(), CMS_TEXT); + content = CMS_encrypt(certstack, msgbio, cipher, CMS_TEXT); if (!TEST_ptr(content)) goto end; @@ -60,6 +60,26 @@ static int test_encrypt_decrypt(void) return testresult; } +static int test_encrypt_decrypt_aes_cbc(void) +{ + return test_encrypt_decrypt(EVP_aes_128_cbc()); +} + +static int test_encrypt_decrypt_aes_128_gcm(void) +{ + return test_encrypt_decrypt(EVP_aes_128_gcm()); +} + +static int test_encrypt_decrypt_aes_192_gcm(void) +{ + return test_encrypt_decrypt(EVP_aes_192_gcm()); +} + +static int test_encrypt_decrypt_aes_256_gcm(void) +{ + return test_encrypt_decrypt(EVP_aes_256_gcm()); +} + OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") int setup_tests(void) @@ -99,7 +119,10 @@ int setup_tests(void) } BIO_free(privkeybio); - ADD_TEST(test_encrypt_decrypt); + ADD_TEST(test_encrypt_decrypt_aes_cbc); + ADD_TEST(test_encrypt_decrypt_aes_128_gcm); + ADD_TEST(test_encrypt_decrypt_aes_192_gcm); + ADD_TEST(test_encrypt_decrypt_aes_256_gcm); return 1; } diff --git a/test/drbgtest.c b/test/drbgtest.c index eeb71f0227..d069460cd5 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -23,6 +23,7 @@ #include #include "../crypto/rand/rand_local.h" #include "../include/crypto/rand.h" +#include "../include/crypto/evp.h" #include "../providers/implementations/rands/drbg_local.h" #include "../crypto/evp/evp_local.h" diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index 1edddb2a82..65a8e14574 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -298,7 +298,7 @@ my @smime_cms_tests = ( \&final_compare ], - [ "enveloped content test streaming PEM format, KEK", + [ "enveloped content test streaming PEM format, AES-256-CBC cipher, KEK", [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", "-stream", "-out", "{output}.cms", "-secretkey", "000102030405060708090A0B0C0D0E0F", @@ -310,6 +310,18 @@ my @smime_cms_tests = ( \&final_compare ], + [ "enveloped content test streaming PEM format, AES-256-GCM cipher, KEK", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes-128-gcm", + "-stream", "-out", "{output}.cms", + "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-secretkeyid", "C0FEE0" ], + [ "{cmd2}", "-decrypt", "-in", "{output}.cms", "-out", "{output}.txt", + "-inform", "PEM", + "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-secretkeyid", "C0FEE0" ], + \&final_compare + ], + [ "enveloped content test streaming PEM format, KEK, key only", [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", "-stream", "-out", "{output}.cms", @@ -373,7 +385,6 @@ my @smime_cms_tests = ( "-out", "{output}.txt" ], \&final_compare ], - ); my @smime_cms_cades_tests = ( @@ -560,7 +571,7 @@ my @smime_cms_param_tests = ( \&final_compare ], - [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF", + [ "enveloped content test streaming S/MIME format, ECDH, AES-128-CBC, SHA256 KDF", [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", "-recip", catfile($smdir, "smec1.pem"), "-aes128", @@ -570,6 +581,15 @@ my @smime_cms_param_tests = ( \&final_compare ], + [ "enveloped content test streaming S/MIME format, ECDH, AES-128-GCM cipher, SHA256 KDF", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smec1.pem"), "-aes-128-gcm", "-keyopt", "ecdh_kdf_md:sha256" ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare + ], + [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH", [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", diff --git a/util/libcrypto.num b/util/libcrypto.num index 4982a7f93c..777d8ce8a8 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5299,3 +5299,5 @@ ossl_b2i_bio ? 3_0_0 EXIST::FUNCTION:DSA EVP_PKEY_CTX_set1_id ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get1_id ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get1_id_len ? 3_0_0 EXIST::FUNCTION: +CMS_AuthEnvelopedData_create ? 3_0_0 EXIST::FUNCTION:CMS +CMS_AuthEnvelopedData_create_with_libctx ? 3_0_0 EXIST::FUNCTION:CMS From levitte at openssl.org Tue Sep 8 14:46:03 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 08 Sep 2020 14:46:03 +0000 Subject: [openssl] master update Message-ID: <1599576363.763941.17142.nullmailer@dev.openssl.org> The branch master has been updated via 1251cddf8d413af3747e81e39141f34318f92cd6 (commit) via 4ce1025a8ac37d255f569147116dd776f9267cce (commit) from 924663c36d47066d5307937da77fed7e872730c7 (commit) - Log ----------------------------------------------------------------- commit 1251cddf8d413af3747e81e39141f34318f92cd6 Author: Richard Levitte Date: Mon Sep 7 08:47:00 2020 +0200 TEST: modify test/endecode_test.c to not use legacy keys Now that PEM_write_bio_PrivateKey_traditional() can handle provider-native EVP_PKEYs, we don't need to use explicitly legacy ones. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12738) commit 4ce1025a8ac37d255f569147116dd776f9267cce Author: Richard Levitte Date: Thu Aug 27 10:07:09 2020 +0200 PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys PEM_write_bio_PrivateKey_traditional() didn't handle provider-native keys very well. Originally, it would simply use the corresponding encoder, which is likely to output modern PEM (not "traditional"). PEM_write_bio_PrivateKey_traditional() is now changed to try and get a legacy copy of the input EVP_PKEY, and use that copy for traditional output, if it has such support. Internally, evp_pkey_copy_downgraded() is added, to be used when evp_pkey_downgrade() is too intrusive for what it's needed for. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12738) ----------------------------------------------------------------------- Summary of changes: crypto/evp/p_lib.c | 222 +++++++++++++--------- crypto/pem/pem_pkey.c | 20 +- doc/internal/man3/evp_pkey_export_to_provider.pod | 10 +- include/crypto/evp.h | 2 + test/endecode_test.c | 221 ++++++++------------- 5 files changed, 242 insertions(+), 233 deletions(-) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index fec4e2d43b..0f5378c4fe 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1369,6 +1369,19 @@ size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt) /*- All methods below can also be used in FIPS_MODULE */ +static int evp_pkey_reset_unlocked(EVP_PKEY *pk) +{ + if (pk == NULL) + return 0; + + memset(pk, 0, sizeof(*pk)); + pk->type = EVP_PKEY_NONE; + pk->save_type = EVP_PKEY_NONE; + pk->references = 1; + pk->save_parameters = 1; + return 1; +} + EVP_PKEY *EVP_PKEY_new(void) { EVP_PKEY *ret = OPENSSL_zalloc(sizeof(*ret)); @@ -1377,10 +1390,10 @@ EVP_PKEY *EVP_PKEY_new(void) EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); return NULL; } - ret->type = EVP_PKEY_NONE; - ret->save_type = EVP_PKEY_NONE; - ret->references = 1; - ret->save_parameters = 1; + + if (!evp_pkey_reset_unlocked(ret)) + goto err; + ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); @@ -1802,109 +1815,142 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OPENSSL_CTX *libctx, } #ifndef FIPS_MODULE -int evp_pkey_downgrade(EVP_PKEY *pk) +int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src) { - EVP_KEYMGMT *keymgmt = pk->keymgmt; - void *keydata = pk->keydata; - int type = pk->type; - const char *keytype = NULL; + if (!ossl_assert(dest != NULL)) + return 0; - /* If this isn't a provider side key, we're done */ - if (keymgmt == NULL) - return 1; + if (evp_pkey_is_assigned(src) && evp_pkey_is_provided(src)) { + EVP_KEYMGMT *keymgmt = src->keymgmt; + void *keydata = src->keydata; + int type = src->type; + const char *keytype = NULL; - keytype = evp_first_name(EVP_KEYMGMT_provider(keymgmt), keymgmt->name_id); + keytype = evp_first_name(EVP_KEYMGMT_provider(keymgmt), + keymgmt->name_id); - /* - * If the type is EVP_PKEY_NONE, then we have a problem somewhere else - * in our code. If it's not one of the well known EVP_PKEY_xxx values, - * it should at least be EVP_PKEY_KEYMGMT at this point. - * TODO(3.0) remove this check when we're confident that the rest of the - * code treats this correctly. - */ - if (!ossl_assert(type != EVP_PKEY_NONE)) { - ERR_raise_data(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR, - "keymgmt key type = %s but legacy type = EVP_PKEY_NONE", - keytype); - return 0; - } + /* + * If the type is EVP_PKEY_NONE, then we have a problem somewhere + * else in our code. If it's not one of the well known EVP_PKEY_xxx + * values, it should at least be EVP_PKEY_KEYMGMT at this point. + * TODO(3.0) remove this check when we're confident that the rest + * of the code treats this correctly. + */ + if (!ossl_assert(type != EVP_PKEY_NONE)) { + ERR_raise_data(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR, + "keymgmt key type = %s but legacy type = EVP_PKEY_NONE", + keytype); + return 0; + } - /* Prefer the legacy key type name for error reporting */ - if (type != EVP_PKEY_KEYMGMT) - keytype = OBJ_nid2sn(type); + /* Prefer the legacy key type name for error reporting */ + if (type != EVP_PKEY_KEYMGMT) + keytype = OBJ_nid2sn(type); - /* - * To be able to downgrade, we steal the provider side "origin" keymgmt - * and keydata. We've already grabbed the pointers, so all we need to - * do is clear those pointers in |pk| and then call evp_pkey_free_it(). - * That way, we can restore |pk| if we need to. - */ - pk->keymgmt = NULL; - pk->keydata = NULL; - evp_pkey_free_it(pk); - if (EVP_PKEY_set_type(pk, type)) { - /* If the key is typed but empty, we're done */ - if (keydata == NULL) { - /* We're dropping the EVP_KEYMGMT */ - EVP_KEYMGMT_free(keymgmt); - return 1; - } + /* Make sure we have a clean slate to copy into */ + if (*dest == NULL) + *dest = EVP_PKEY_new(); + else + evp_pkey_free_it(*dest); - if (pk->ameth->import_from == NULL) { - ERR_raise_data(ERR_LIB_EVP, EVP_R_NO_IMPORT_FUNCTION, - "key type = %s", keytype); - } else { - /* - * We perform the export in the same libctx as the keymgmt that we - * are using. - */ - OPENSSL_CTX *libctx = ossl_provider_library_context(keymgmt->prov); - EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pk, NULL); - if (pctx == NULL) - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); + if (EVP_PKEY_set_type(*dest, type)) { + /* If the key is typed but empty, we're done */ + if (keydata == NULL) + return 1; - if (pctx != NULL - && evp_keymgmt_export(keymgmt, keydata, - OSSL_KEYMGMT_SELECT_ALL, - pk->ameth->import_from, pctx)) { + if ((*dest)->ameth->import_from == NULL) { + ERR_raise_data(ERR_LIB_EVP, EVP_R_NO_IMPORT_FUNCTION, + "key type = %s", keytype); + } else { /* - * Save the provider side data in the operation cache, so they'll - * find it again. evp_pkey_free_it() cleared the cache, so it's - * safe to assume slot zero is free. - * Note that evp_keymgmt_util_cache_keydata() increments keymgmt's - * reference count. + * We perform the export in the same libctx as the keymgmt + * that we are using. */ - evp_keymgmt_util_cache_keydata(pk, 0, keymgmt, keydata); - EVP_PKEY_CTX_free(pctx); + OPENSSL_CTX *libctx = + ossl_provider_library_context(keymgmt->prov); + EVP_PKEY_CTX *pctx = + EVP_PKEY_CTX_new_from_pkey(libctx, *dest, NULL); - /* Synchronize the dirty count */ - pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk); + if (pctx == NULL) + ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - /* evp_keymgmt_export() increased the refcount... */ - EVP_KEYMGMT_free(keymgmt); - return 1; + if (pctx != NULL + && evp_keymgmt_export(keymgmt, keydata, + OSSL_KEYMGMT_SELECT_ALL, + (*dest)->ameth->import_from, + pctx)) { + /* Synchronize the dirty count */ + (*dest)->dirty_cnt_copy = (*dest)->ameth->dirty_cnt(*dest); + + EVP_PKEY_CTX_free(pctx); + return 1; + } + EVP_PKEY_CTX_free(pctx); } - EVP_PKEY_CTX_free(pctx); - } - ERR_raise_data(ERR_LIB_EVP, EVP_R_KEYMGMT_EXPORT_FAILURE, - "key type = %s", keytype); + ERR_raise_data(ERR_LIB_EVP, EVP_R_KEYMGMT_EXPORT_FAILURE, + "key type = %s", keytype); + } } + return 0; +} + +int evp_pkey_downgrade(EVP_PKEY *pk) +{ + EVP_PKEY tmp_copy; /* Stack allocated! */ + + /* If this isn't an assigned provider side key, we're done */ + if (!evp_pkey_is_assigned(pk) || !evp_pkey_is_provided(pk)) + return 1; + /* - * Something went wrong. This could for example happen if the keymgmt - * turns out to be an HSM implementation that refuses to let go of some - * of the key data, typically the private bits. In this case, we restore - * the provider side internal "origin" and leave it at that. + * To be able to downgrade, we steal the contents of |pk|, then reset + * it, and finally try to make it a downgraded copy. If any of that + * fails, we restore the copied contents into |pk|. */ - if (!ossl_assert(evp_keymgmt_util_assign_pkey(pk, keymgmt, keydata))) { - /* This should not be impossible */ - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return 0; + tmp_copy = *pk; + + if (evp_pkey_reset_unlocked(pk) + && evp_pkey_copy_downgraded(&pk, &tmp_copy)) { + /* Restore the common attributes, then empty |tmp_copy| */ + pk->references = tmp_copy.references; + pk->lock = tmp_copy.lock; + pk->attributes = tmp_copy.attributes; + pk->save_parameters = tmp_copy.save_parameters; + pk->ex_data = tmp_copy.ex_data; + + /* Ensure that stuff we've copied won't be freed */ + tmp_copy.lock = NULL; + tmp_copy.attributes = NULL; + memset(&tmp_copy.ex_data, 0, sizeof(tmp_copy.ex_data)); + + /* + * Save the provider side data in the operation cache, so they'll + * find it again. |pk| is new, so it's safe to assume slot zero + * is free. + * Note that evp_keymgmt_util_cache_keydata() increments keymgmt's + * reference count, so we need to decrement it, or there will be a + * leak. + */ + evp_keymgmt_util_cache_keydata(pk, 0, tmp_copy.keymgmt, + tmp_copy.keydata); + EVP_KEYMGMT_free(tmp_copy.keymgmt); + + /* + * Clear keymgmt and keydata from |tmp_copy|, or they'll get + * inadvertently freed. + */ + tmp_copy.keymgmt = NULL; + tmp_copy.keydata = NULL; + + evp_pkey_free_it(&tmp_copy); + + return 1; } - /* evp_keymgmt_util_assign_pkey() increased the refcount... */ - EVP_KEYMGMT_free(keymgmt); - return 0; /* No downgrade, but at least the key is restored */ + + *pk = tmp_copy; + return 0; } #endif /* FIPS_MODULE */ diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 8b9bfe101e..462010d2ac 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -165,20 +165,36 @@ PEM_write_cb_fnsig(PrivateKey, EVP_PKEY, BIO, write_bio) return PEM_write_bio_PrivateKey_traditional(out, x, enc, kstr, klen, cb, u); } +/* + * Note: there is no way to tell a provided pkey encoder to use "traditional" + * encoding. Therefore, if the pkey is provided, we try to take a copy + * TODO: when #legacy keys are gone, this function will not be possible any + * more and should be removed. + */ int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc, const unsigned char *kstr, int klen, pem_password_cb *cb, void *u) { char pem_str[80]; + EVP_PKEY *copy = NULL; + int ret; + + if (evp_pkey_is_assigned(x) + && evp_pkey_is_provided(x) + && evp_pkey_copy_downgraded(©, x)) + x = copy; if (x->ameth == NULL || x->ameth->old_priv_encode == NULL) { ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE); return 0; } BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str); - return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, - pem_str, bp, x, enc, kstr, klen, cb, u); + ret = PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, + pem_str, bp, x, enc, kstr, klen, cb, u); + + EVP_PKEY_free(copy); + return ret; } EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x, diff --git a/doc/internal/man3/evp_pkey_export_to_provider.pod b/doc/internal/man3/evp_pkey_export_to_provider.pod index 1c80365ca6..b34cf86619 100644 --- a/doc/internal/man3/evp_pkey_export_to_provider.pod +++ b/doc/internal/man3/evp_pkey_export_to_provider.pod @@ -2,7 +2,7 @@ =head1 NAME -evp_pkey_export_to_provider, evp_pkey_downgrade +evp_pkey_export_to_provider, evp_pkey_copy_downgraded, evp_pkey_downgrade - internal EVP_PKEY support functions for providers =head1 SYNOPSIS @@ -13,6 +13,7 @@ evp_pkey_export_to_provider, evp_pkey_downgrade void *evp_pkey_export_to_provider(EVP_PKEY *pk, OPENSSL_CTX *libctx, EVP_KEYMGMT **keymgmt, const char *propquery); + int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src); int evp_pkey_downgrade(EVP_PKEY *pk); =head1 DESCRIPTION @@ -29,6 +30,13 @@ default context), the name of the legacy type of I, and the I If I isn't NULL but I<*keymgmt> is, and the "origin" was successfully exported, then I<*keymgmt> is assigned the implicitly fetched B. +evp_pkey_copy_downgraded() makes a copy of I in legacy form into I<*dest>, +if there's a corresponding legacy implementation. This should be used if the +use of a downgraded key is temporary. +For example, L uses this to try its +best to get "traditional" PEM output even if the input B has a +provider-native internal key. + evp_pkey_downgrade() converts an B with a provider side "origin" key to one with a legacy "origin", if there's a corresponding legacy implementation. This clears the operation cache, except for the provider side "origin" key. diff --git a/include/crypto/evp.h b/include/crypto/evp.h index c488834511..9d9b0a7298 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -591,6 +591,7 @@ struct evp_pkey_st { # endif /* == Common attributes == */ + /* If these are modified, so must evp_pkey_downgrade() */ CRYPTO_REF_COUNT references; CRYPTO_RWLOCK *lock; STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ @@ -672,6 +673,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OPENSSL_CTX *libctx, EVP_KEYMGMT **keymgmt, const char *propquery); #ifndef FIPS_MODULE +int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src); int evp_pkey_downgrade(EVP_PKEY *pk); void evp_pkey_free_legacy(EVP_PKEY *x); #endif diff --git a/test/endecode_test.c b/test/endecode_test.c index 5b1e06946f..580b7e8f35 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c @@ -38,14 +38,6 @@ static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL; # endif #endif -/* - * TODO(3.0) Modify PEM_write_bio_PrivateKey_traditional() to handle - * provider side EVP_PKEYs (which don't necessarily have an ameth) - * - * In the mean time, we use separate "downgraded" EVP_PKEYs to test - * encoding/decoding with "traditional" keys. - */ - static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) { EVP_PKEY *pkey = NULL; @@ -66,7 +58,7 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) } static EVP_PKEY *make_key(const char *type, EVP_PKEY *template, - OSSL_PARAM *genparams, int make_legacy) + OSSL_PARAM *genparams) { EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = @@ -84,11 +76,6 @@ static EVP_PKEY *make_key(const char *type, EVP_PKEY *template, || EVP_PKEY_CTX_set_params(ctx, genparams) > 0) && EVP_PKEY_keygen(ctx, &pkey) > 0); EVP_PKEY_CTX_free(ctx); - if (make_legacy && EVP_PKEY_get0(pkey) == NULL) { - EVP_PKEY_free(pkey); - pkey = NULL; - } - return pkey; } @@ -102,23 +89,21 @@ static EVP_PKEY *make_key(const char *type, EVP_PKEY *template, */ typedef int (encoder)(void **encoded, long *encoded_len, - void *object, const char *pass, const char *pcipher, - const char *encoder_propq); + void *object, const char *pass, const char *pcipher, + const char *encoder_propq); typedef int (decoder)(void **object, - void *encoded, long encoded_len, - const char *pass); + void *encoded, long encoded_len, + const char *pass); typedef int (tester)(const void *data1, size_t data1_len, const void *data2, size_t data2_len); typedef int (checker)(const char *type, const void *data, size_t data_len); typedef void (dumper)(const char *label, const void *data, size_t data_len); static int test_encode_decode(const char *type, EVP_PKEY *pkey, - const char *pass, const char *pcipher, - encoder *encode_cb, - decoder *decode_cb, - tester *test_cb, - checker *check_cb, dumper *dump_cb, - const char *encoder_propq, int make_legacy) + const char *pass, const char *pcipher, + encoder *encode_cb, decoder *decode_cb, + tester *test_cb, checker *check_cb, + dumper *dump_cb, const char *encoder_propq) { void *encoded = NULL; long encoded_len = 0; @@ -135,14 +120,6 @@ static int test_encode_decode(const char *type, EVP_PKEY *pkey, || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)) goto end; - /* - * TODO(3.0) Remove this when PEM_write_bio_PrivateKey_traditional() - * handles provider side keys. - */ - if (make_legacy - && !TEST_ptr(EVP_PKEY_get0(pkey2))) - goto end; - /* * Double check the encoding, but only for unprotected keys, * as protected keys have a random component, which makes the output @@ -173,9 +150,9 @@ static int test_encode_decode(const char *type, EVP_PKEY *pkey, /* Encoding and desencoding methods */ static int encode_EVP_PKEY_prov(void **encoded, long *encoded_len, - void *object, - const char *pass, const char *pcipher, - const char *encoder_propq) + void *object, + const char *pass, const char *pcipher, + const char *encoder_propq) { EVP_PKEY *pkey = object; OSSL_ENCODER_CTX *ectx = NULL; @@ -208,8 +185,8 @@ static int encode_EVP_PKEY_prov(void **encoded, long *encoded_len, } static int decode_EVP_PKEY_prov(void **object, - void *encoded, long encoded_len, - const char *pass) + void *encoded, long encoded_len, + const char *pass) { EVP_PKEY *pkey = NULL; OSSL_DECODER_CTX *dctx = NULL; @@ -234,10 +211,10 @@ static int decode_EVP_PKEY_prov(void **object, } static int encode_EVP_PKEY_legacy_PEM(void **encoded, - long *encoded_len, - void *object, - const char *pass, const char *pcipher, - ossl_unused const char *encoder_propq) + long *encoded_len, + void *object, + const char *pass, const char *pcipher, + ossl_unused const char *encoder_propq) { EVP_PKEY *pkey = object; EVP_CIPHER *cipher = NULL; @@ -273,12 +250,11 @@ static int encode_EVP_PKEY_legacy_PEM(void **encoded, } #ifndef OPENSSL_NO_DSA -static int encode_EVP_PKEY_MSBLOB(void **encoded, - long *encoded_len, - void *object, - ossl_unused const char *pass, - ossl_unused const char *pcipher, - ossl_unused const char *encoder_propq) +static int encode_EVP_PKEY_MSBLOB(void **encoded, long *encoded_len, + void *object, + ossl_unused const char *pass, + ossl_unused const char *pcipher, + ossl_unused const char *encoder_propq) { EVP_PKEY *pkey = object; BIO *mem_ser = NULL; @@ -301,12 +277,11 @@ static int encode_EVP_PKEY_MSBLOB(void **encoded, return ok; } -static int encode_public_EVP_PKEY_MSBLOB(void **encoded, - long *encoded_len, - void *object, - ossl_unused const char *pass, - ossl_unused const char *pcipher, - ossl_unused const char *encoder_propq) +static int encode_public_EVP_PKEY_MSBLOB(void **encoded, long *encoded_len, + void *object, + ossl_unused const char *pass, + ossl_unused const char *pcipher, + ossl_unused const char *encoder_propq) { EVP_PKEY *pkey = object; BIO *mem_ser = NULL; @@ -338,10 +313,10 @@ static int pass_pw(char *buf, int size, int rwflag, void *userdata) } static int encode_EVP_PKEY_PVK(void **encoded, long *encoded_len, - void *object, - const char *pass, - ossl_unused const char *pcipher, - ossl_unused const char *encoder_propq) + void *object, + const char *pass, + ossl_unused const char *pcipher, + ossl_unused const char *encoder_propq) { EVP_PKEY *pkey = object; BIO *mem_ser = NULL; @@ -413,12 +388,9 @@ static int check_unprotected_PKCS8_DER(const char *type, static int test_unprotected_via_DER(const char *type, EVP_PKEY *key) { return test_encode_decode(type, key, NULL, NULL, - encode_EVP_PKEY_prov, - decode_EVP_PKEY_prov, - test_mem, - check_unprotected_PKCS8_DER, dump_der, - OSSL_ENCODER_PrivateKey_TO_DER_PQ, - 0); + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_mem, check_unprotected_PKCS8_DER, dump_der, + OSSL_ENCODER_PrivateKey_TO_DER_PQ); } static int check_unprotected_PKCS8_PEM(const char *type, @@ -432,12 +404,9 @@ static int check_unprotected_PKCS8_PEM(const char *type, static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key) { return test_encode_decode(type, key, NULL, NULL, - encode_EVP_PKEY_prov, - decode_EVP_PKEY_prov, - test_text, - check_unprotected_PKCS8_PEM, dump_pem, - OSSL_ENCODER_PrivateKey_TO_PEM_PQ, - 0); + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_text, check_unprotected_PKCS8_PEM, dump_pem, + OSSL_ENCODER_PrivateKey_TO_PEM_PQ); } static int check_unprotected_legacy_PEM(const char *type, @@ -454,11 +423,9 @@ static int check_unprotected_legacy_PEM(const char *type, static int test_unprotected_via_legacy_PEM(const char *type, EVP_PKEY *key) { return test_encode_decode(type, key, NULL, NULL, - encode_EVP_PKEY_legacy_PEM, - decode_EVP_PKEY_prov, - test_text, - check_unprotected_legacy_PEM, dump_pem, - NULL, 1); + encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov, + test_text, check_unprotected_legacy_PEM, dump_pem, + NULL); } #ifndef OPENSSL_NO_DSA @@ -475,11 +442,9 @@ static int check_MSBLOB(const char *type, const void *data, size_t data_len) static int test_unprotected_via_MSBLOB(const char *type, EVP_PKEY *key) { return test_encode_decode(type, key, NULL, NULL, - encode_EVP_PKEY_MSBLOB, - decode_EVP_PKEY_prov, - test_mem, - check_MSBLOB, dump_der, - NULL, 0); + encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov, + test_mem, check_MSBLOB, dump_der, + NULL); } # ifndef OPENSSL_NO_RC4 @@ -495,11 +460,9 @@ static int check_PVK(const char *type, const void *data, size_t data_len) static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key) { return test_encode_decode(type, key, NULL, NULL, - encode_EVP_PKEY_PVK, - decode_EVP_PKEY_prov, - test_mem, - check_PVK, dump_der, - NULL, 0); + encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov, + test_mem, check_PVK, dump_der, + NULL); } # endif #endif @@ -521,12 +484,9 @@ static int check_protected_PKCS8_DER(const char *type, static int test_protected_via_DER(const char *type, EVP_PKEY *key) { return test_encode_decode(type, key, pass, pass_cipher, - encode_EVP_PKEY_prov, - decode_EVP_PKEY_prov, - test_mem, - check_protected_PKCS8_DER, dump_der, - OSSL_ENCODER_PrivateKey_TO_DER_PQ, - 0); + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_mem, check_protected_PKCS8_DER, dump_der, + OSSL_ENCODER_PrivateKey_TO_DER_PQ); } static int check_protected_PKCS8_PEM(const char *type, @@ -540,12 +500,9 @@ static int check_protected_PKCS8_PEM(const char *type, static int test_protected_via_PEM(const char *type, EVP_PKEY *key) { return test_encode_decode(type, key, pass, pass_cipher, - encode_EVP_PKEY_prov, - decode_EVP_PKEY_prov, - test_text, - check_protected_PKCS8_PEM, dump_pem, - OSSL_ENCODER_PrivateKey_TO_PEM_PQ, - 0); + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_text, check_protected_PKCS8_PEM, dump_pem, + OSSL_ENCODER_PrivateKey_TO_PEM_PQ); } static int check_protected_legacy_PEM(const char *type, @@ -563,22 +520,18 @@ static int check_protected_legacy_PEM(const char *type, static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key) { return test_encode_decode(type, key, pass, pass_cipher, - encode_EVP_PKEY_legacy_PEM, - decode_EVP_PKEY_prov, - test_text, - check_protected_legacy_PEM, dump_pem, - NULL, 1); + encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov, + test_text, check_protected_legacy_PEM, dump_pem, + NULL); } #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) static int test_protected_via_PVK(const char *type, EVP_PKEY *key) { return test_encode_decode(type, key, pass, NULL, - encode_EVP_PKEY_PVK, - decode_EVP_PKEY_prov, - test_mem, - check_PVK, dump_der, - NULL, 0); + encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov, + test_mem, check_PVK, dump_der, + NULL); } #endif @@ -595,12 +548,9 @@ static int check_public_DER(const char *type, const void *data, size_t data_len) static int test_public_via_DER(const char *type, EVP_PKEY *key) { return test_encode_decode(type, key, NULL, NULL, - encode_EVP_PKEY_prov, - decode_EVP_PKEY_prov, - test_mem, - check_public_DER, dump_der, - OSSL_ENCODER_PUBKEY_TO_DER_PQ, - 0); + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_mem, check_public_DER, dump_der, + OSSL_ENCODER_PUBKEY_TO_DER_PQ); } static int check_public_PEM(const char *type, const void *data, size_t data_len) @@ -614,12 +564,9 @@ static int check_public_PEM(const char *type, const void *data, size_t data_len) static int test_public_via_PEM(const char *type, EVP_PKEY *key) { return test_encode_decode(type, key, NULL, NULL, - encode_EVP_PKEY_prov, - decode_EVP_PKEY_prov, - test_text, - check_public_PEM, dump_pem, - OSSL_ENCODER_PUBKEY_TO_PEM_PQ, - 0); + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_text, check_public_PEM, dump_pem, + OSSL_ENCODER_PUBKEY_TO_PEM_PQ); } #ifndef OPENSSL_NO_DSA @@ -637,43 +584,33 @@ static int check_public_MSBLOB(const char *type, static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) { return test_encode_decode(type, key, NULL, NULL, - encode_public_EVP_PKEY_MSBLOB, - decode_EVP_PKEY_prov, - test_mem, - check_public_MSBLOB, dump_der, - NULL, 0); + encode_public_EVP_PKEY_MSBLOB, + decode_EVP_PKEY_prov, + test_mem, check_public_MSBLOB, dump_der, + NULL); } #endif #define KEYS(KEYTYPE) \ - static EVP_PKEY *key_##KEYTYPE = NULL; \ - static EVP_PKEY *legacy_key_##KEYTYPE = NULL + static EVP_PKEY *key_##KEYTYPE = NULL #define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params) \ ok = ok \ - && TEST_ptr(key_##KEYTYPE = \ - make_key(KEYTYPEstr, NULL, params, 0)) \ - && TEST_ptr(legacy_key_##KEYTYPE = \ - make_key(KEYTYPEstr, NULL, params, 1)) + && TEST_ptr(key_##KEYTYPE = make_key(KEYTYPEstr, NULL, params)) #define FREE_KEYS(KEYTYPE) \ EVP_PKEY_free(key_##KEYTYPE); \ - EVP_PKEY_free(legacy_key_##KEYTYPE) #define DOMAIN_KEYS(KEYTYPE) \ static EVP_PKEY *template_##KEYTYPE = NULL; \ - static EVP_PKEY *key_##KEYTYPE = NULL; \ - static EVP_PKEY *legacy_key_##KEYTYPE = NULL + static EVP_PKEY *key_##KEYTYPE = NULL #define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params) \ ok = ok \ && TEST_ptr(template_##KEYTYPE = \ make_template(KEYTYPEstr, params)) \ && TEST_ptr(key_##KEYTYPE = \ - make_key(KEYTYPEstr, template_##KEYTYPE, NULL, 0)) \ - && TEST_ptr(legacy_key_##KEYTYPE = \ - make_key(KEYTYPEstr, template_##KEYTYPE, NULL, 1)) + make_key(KEYTYPEstr, template_##KEYTYPE, NULL)) #define FREE_DOMAIN_KEYS(KEYTYPE) \ EVP_PKEY_free(template_##KEYTYPE); \ - EVP_PKEY_free(key_##KEYTYPE); \ - EVP_PKEY_free(legacy_key_##KEYTYPE) + EVP_PKEY_free(key_##KEYTYPE) #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr) \ static int test_unprotected_##KEYTYPE##_via_DER(void) \ @@ -712,17 +649,17 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) #define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr) \ static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void) \ { \ - return test_unprotected_via_legacy_PEM(KEYTYPEstr, \ - legacy_key_##KEYTYPE); \ + return \ + test_unprotected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \ } \ static int test_protected_##KEYTYPE##_via_legacy_PEM(void) \ { \ - return test_protected_via_legacy_PEM(KEYTYPEstr, \ - legacy_key_##KEYTYPE); \ + return \ + test_protected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \ } #define ADD_TEST_SUITE_LEGACY(KEYTYPE) \ - ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM); \ + ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM); \ ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM) #ifndef OPENSSL_NO_DSA From openssl at openssl.org Tue Sep 8 15:52:51 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 08 Sep 2020 15:52:51 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1599580371.819035.21154.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0009766637F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1327 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1405 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0009766637F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0009766637F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6456 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/WCBTXeSD8c default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0F07F1FC87F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0F07F1FC87F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:846 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0F07F1FC87F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0F07F1FC87F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1327 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1405 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0F07F1FC87F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0F07F1FC87F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6456 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/WCBTXeSD8c fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=211, Tests=3559, 720 wallclock secs (13.81 usr 1.31 sys + 649.95 cusr 66.31 csys = 731.38 CPU) Result: FAIL Makefile:3192: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3190: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Tue Sep 8 16:52:02 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 08 Sep 2020 16:52:02 +0000 Subject: Still Failing: openssl/openssl#37285 (master - d96486d) In-Reply-To: Message-ID: <5f57b6b1b9b6b_13fa8d25cfe441757c3@travis-pro-tasks-6c667f8c75-xs2vt.mail> Build Update for openssl/openssl ------------------------------------- Build: #37285 Status: Still Failing Duration: 1 hr, 23 mins, and 32 secs Commit: d96486d (master) Author: Dr. David von Oheimb Message: apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12786) View the changeset: https://github.com/openssl/openssl/compare/8d6481f532ab...d96486dc809b View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183370528?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Sep 8 18:02:52 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 08 Sep 2020 18:02:52 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1599588172.404888.9476.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C040557A137F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1327 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1405 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C040557A137F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C040557A137F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6456 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/Ibzx9hvTLL default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0509A55797F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0509A55797F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:846 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0509A55797F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0509A55797F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1327 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1405 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0509A55797F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0509A55797F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6456 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/Ibzx9hvTLL fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=211, Tests=3559, 702 wallclock secs (13.44 usr 1.12 sys + 635.40 cusr 66.16 csys = 716.12 CPU) Result: FAIL Makefile:3200: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3198: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Tue Sep 8 18:12:15 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 08 Sep 2020 18:12:15 +0000 Subject: Still Failing: openssl/openssl#37287 (master - 924663c) In-Reply-To: Message-ID: <5f57c97eba612_13fa8d25aa0405091e4@travis-pro-tasks-6c667f8c75-xs2vt.mail> Build Update for openssl/openssl ------------------------------------- Build: #37287 Status: Still Failing Duration: 1 hr, 29 mins, and 6 secs Commit: 924663c (master) Author: Jakub Zelenka Message: Add CMS AuthEnvelopedData with AES-GCM support Add the AuthEnvelopedData as defined in RFC 5083 with AES-GCM parameter as defined in RFC 5084. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8024) View the changeset: https://github.com/openssl/openssl/compare/d96486dc809b...924663c36d47 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183371637?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Sep 8 18:45:37 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 08 Sep 2020 18:45:37 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1599590737.978022.18115.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: 6353507e9d DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples d9ea62c2c2 DOC: Modify one example in EVP_PKEY_fromdata(3) bef7638610 Cleanup deprecation of ENGINE_setup_bsd_cryptodev 7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs. 74eee1bdaa Remove unused dummy functions from ktls.h. 4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t. 076bf8c2c9 X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs 0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 15076c26d7 Strengthen chain building for CMP 39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 09e76c5dd3 test/drbgtest: improve the reseed after fork test 59ed733989 Fix coverity CID #1454815 - NULL ptr dereference in initthread.c 5340c8ea2a Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c 776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. d135774e7d Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c 3320026911 Fix coverity CID #1466371 - fix dereference before NULL check. 0e540f231c Fix coverity CID #1466375 - Remove dead code. 7ce49eeaca Fix coverity CID #1466377 - resource leak due to early return in ec_get_params(). ea47869792 Fix coverity CID #1466378 - Incorrect expression in ec_backend.c d55d0935de ASN1: Make ASN1_item_verify_ctx() work with provider-native keys 5045abb2e9 EC: Remove one error record that shadows another 7192e4dfa1 TEST: Ensure that the base provider i activated when needed 96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST" 4feda976de EVP: Don't report malloc failure in new_raw_key_int() 88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error c2150f7357 STORE: Stop the flood of errors 67b6401356 CORE: Fix small bug in passphrase caching 7a30681095 STORE: Fix potential memory leak a10847c427 "Downgrade" provider-native keys to legacy where needed b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8() 7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders a1447076be STORE: Deprecate legacy / ENGINE functions 63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader) 16feca7154 STORE: Move the built-in 'file:' loader to become an engine module bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do 0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0 13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a() 820d87bc98 Update the EVP_PKEY MAC documentation f271389305 Enable PKEY MAC bridge signature algs to take ctx params e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size 2e2084dac3 Start using the provider side TLS HMAC implementation 3fddbb264e Add an HMAC implementation that is TLS aware b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring 6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment 1010e4ac97 Fix post-condition in algorithm_do_this 2b748d722b Fix use of OPENSSL_realloc in provider Build log ended with (last 100 lines): # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C01088E5A07F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C01088E5A07F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:7912 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C01088E5A07F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C01088E5A07F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:7912 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/Jq7j0EkpP9 default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0E06006667F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0E06006667F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:7912 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0E06006667F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0E06006667F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:7912 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/Jq7j0EkpP9 fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=211, Tests=3481, 664 wallclock secs (11.82 usr 1.05 sys + 602.83 cusr 57.48 csys = 673.18 CPU) Result: FAIL Makefile:3197: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3195: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Tue Sep 8 21:16:37 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 08 Sep 2020 21:16:37 +0000 Subject: Still Failing: openssl/openssl#37292 (master - 1251cdd) In-Reply-To: Message-ID: <5f57f4b4ec36b_13f84229b47a0220075@travis-pro-tasks-5f88d5d8f9-mhj4w.mail> Build Update for openssl/openssl ------------------------------------- Build: #37292 Status: Still Failing Duration: 1 hr, 19 mins, and 16 secs Commit: 1251cdd (master) Author: Richard Levitte Message: TEST: modify test/endecode_test.c to not use legacy keys Now that PEM_write_bio_PrivateKey_traditional() can handle provider-native EVP_PKEYs, we don't need to use explicitly legacy ones. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12738) View the changeset: https://github.com/openssl/openssl/compare/924663c36d47...1251cddf8d41 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183385057?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev at ddvo.net Tue Sep 8 21:22:57 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Tue, 08 Sep 2020 21:22:57 +0000 Subject: [openssl] master update Message-ID: <1599600177.522359.6462.nullmailer@dev.openssl.org> The branch master has been updated via 15633d74dcfe446d309d612c69fd075616d45c5b (commit) from 1251cddf8d413af3747e81e39141f34318f92cd6 (commit) - Log ----------------------------------------------------------------- commit 15633d74dcfe446d309d612c69fd075616d45c5b Author: Dr. David von Oheimb Date: Mon Sep 7 20:27:19 2020 +0200 Add 4 new OIDs for PKIX key purposes and 3 new CMP information types Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12807) ----------------------------------------------------------------------- Summary of changes: crypto/objects/obj_dat.h | 45 ++++++++++++++++++++++++++++++++++++++++----- crypto/objects/obj_mac.num | 7 +++++++ crypto/objects/objects.txt | 9 +++++++++ fuzz/oids.txt | 7 +++++++ include/openssl/obj_mac.h | 32 ++++++++++++++++++++++++++++++++ 5 files changed, 95 insertions(+), 5 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index decf33ef9b..0abd2a8d72 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -10,7 +10,7 @@ */ /* Serialized OID's */ -static const unsigned char so[7845] = { +static const unsigned char so[7901] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1086,9 +1086,16 @@ static const unsigned char so[7845] = { 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x05, /* [ 7820] OBJ_XmppAddr */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x07, /* [ 7828] OBJ_SRVName */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x08, /* [ 7836] OBJ_NAIRealm */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1D, /* [ 7844] OBJ_cmcArchive */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1E, /* [ 7852] OBJ_id_kp_bgpsec_router */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1F, /* [ 7860] OBJ_id_kp_BrandIndicatorforMessageIdentification */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x20, /* [ 7868] OBJ_cmKGA */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x11, /* [ 7876] OBJ_id_it_caCerts */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x12, /* [ 7884] OBJ_id_it_rootCaKeyUpdate */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x13, /* [ 7892] OBJ_id_it_certReqTemplate */ }; -#define NUM_NID 1219 +#define NUM_NID 1226 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2309,9 +2316,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"modp_6144", "modp_6144", NID_modp_6144}, {"modp_8192", "modp_8192", NID_modp_8192}, {"KxGOST18", "kx-gost18", NID_kx_gost18}, + {"cmcArchive", "CMC Archive Server", NID_cmcArchive, 8, &so[7844]}, + {"id-kp-bgpsec-router", "BGPsec Router", NID_id_kp_bgpsec_router, 8, &so[7852]}, + {"id-kp-BrandIndicatorforMessageIdentification", "Brand Indicator for Message Identification", NID_id_kp_BrandIndicatorforMessageIdentification, 8, &so[7860]}, + {"cmKGA", "Certificate Management Key Generation Authority", NID_cmKGA, 8, &so[7868]}, + {"id-it-caCerts", "id-it-caCerts", NID_id_it_caCerts, 8, &so[7876]}, + {"id-it-rootCaKeyUpdate", "id-it-rootCaKeyUpdate", NID_id_it_rootCaKeyUpdate, 8, &so[7884]}, + {"id-it-certReqTemplate", "id-it-certReqTemplate", NID_id_it_certReqTemplate, 8, &so[7892]}, }; -#define NUM_SN 1210 +#define NUM_SN 1217 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -2692,6 +2706,8 @@ static const unsigned int sn_objs[NUM_SN] = { 407, /* "characteristic-two-field" */ 395, /* "clearance" */ 130, /* "clientAuth" */ + 1222, /* "cmKGA" */ + 1219, /* "cmcArchive" */ 1131, /* "cmcCA" */ 1132, /* "cmcRA" */ 131, /* "codeSigning" */ @@ -2931,8 +2947,10 @@ static const unsigned int sn_objs[NUM_SN] = { 1104, /* "id-hmacWithSHA3-384" */ 1105, /* "id-hmacWithSHA3-512" */ 260, /* "id-it" */ + 1223, /* "id-it-caCerts" */ 302, /* "id-it-caKeyUpdateInfo" */ 298, /* "id-it-caProtEncCert" */ + 1225, /* "id-it-certReqTemplate" */ 311, /* "id-it-confirmWaitTime" */ 303, /* "id-it-currentCRL" */ 300, /* "id-it-encKeyPairTypes" */ @@ -2942,12 +2960,15 @@ static const unsigned int sn_objs[NUM_SN] = { 312, /* "id-it-origPKIMessage" */ 301, /* "id-it-preferredSymmAlg" */ 309, /* "id-it-revPassphrase" */ + 1224, /* "id-it-rootCaKeyUpdate" */ 299, /* "id-it-signKeyPairTypes" */ 305, /* "id-it-subscriptionRequest" */ 306, /* "id-it-subscriptionResponse" */ 784, /* "id-it-suppLangTags" */ 304, /* "id-it-unsupportedOIDs" */ 128, /* "id-kp" */ + 1221, /* "id-kp-BrandIndicatorforMessageIdentification" */ + 1220, /* "id-kp-bgpsec-router" */ 280, /* "id-mod-attribute-cert" */ 274, /* "id-mod-cmc" */ 277, /* "id-mod-cmp" */ @@ -3525,7 +3546,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1093, /* "x509ExtAdmission" */ }; -#define NUM_LN 1210 +#define NUM_LN 1217 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -3533,16 +3554,20 @@ static const unsigned int ln_objs[NUM_LN] = { 910, /* "Any Extended Key Usage" */ 664, /* "Any language" */ 177, /* "Authority Information Access" */ + 1220, /* "BGPsec Router" */ 365, /* "Basic OCSP Response" */ 285, /* "Biometric Info" */ + 1221, /* "Brand Indicator for Message Identification" */ 179, /* "CA Issuers" */ 785, /* "CA Repository" */ + 1219, /* "CMC Archive Server" */ 1131, /* "CMC Certificate Authority" */ 1132, /* "CMC Registration Authority" */ 954, /* "CT Certificate SCTs" */ 952, /* "CT Precertificate Poison" */ 951, /* "CT Precertificate SCTs" */ 953, /* "CT Precertificate Signer" */ + 1222, /* "Certificate Management Key Generation Authority" */ 131, /* "Code Signing" */ 1024, /* "Ctrl/Provision WAP Termination" */ 1023, /* "Ctrl/provision WAP Access" */ @@ -4144,8 +4169,10 @@ static const unsigned int ln_objs[NUM_LN] = { 508, /* "id-hex-multipart-message" */ 507, /* "id-hex-partial-message" */ 260, /* "id-it" */ + 1223, /* "id-it-caCerts" */ 302, /* "id-it-caKeyUpdateInfo" */ 298, /* "id-it-caProtEncCert" */ + 1225, /* "id-it-certReqTemplate" */ 311, /* "id-it-confirmWaitTime" */ 303, /* "id-it-currentCRL" */ 300, /* "id-it-encKeyPairTypes" */ @@ -4155,6 +4182,7 @@ static const unsigned int ln_objs[NUM_LN] = { 312, /* "id-it-origPKIMessage" */ 301, /* "id-it-preferredSymmAlg" */ 309, /* "id-it-revPassphrase" */ + 1224, /* "id-it-rootCaKeyUpdate" */ 299, /* "id-it-signKeyPairTypes" */ 305, /* "id-it-subscriptionRequest" */ 306, /* "id-it-subscriptionResponse" */ @@ -4739,7 +4767,7 @@ static const unsigned int ln_objs[NUM_LN] = { 125, /* "zlib compression" */ }; -#define NUM_OBJ 1081 +#define NUM_OBJ 1088 static const unsigned int obj_objs[NUM_OBJ] = { 0, /* OBJ_undef 0 */ 181, /* OBJ_iso 1 */ @@ -5345,6 +5373,10 @@ static const unsigned int obj_objs[NUM_OBJ] = { 1030, /* OBJ_sendProxiedOwner 1 3 6 1 5 5 7 3 26 */ 1131, /* OBJ_cmcCA 1 3 6 1 5 5 7 3 27 */ 1132, /* OBJ_cmcRA 1 3 6 1 5 5 7 3 28 */ + 1219, /* OBJ_cmcArchive 1 3 6 1 5 5 7 3 29 */ + 1220, /* OBJ_id_kp_bgpsec_router 1 3 6 1 5 5 7 3 30 */ + 1221, /* OBJ_id_kp_BrandIndicatorforMessageIdentification 1 3 6 1 5 5 7 3 31 */ + 1222, /* OBJ_cmKGA 1 3 6 1 5 5 7 3 32 */ 298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ 299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ 300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */ @@ -5361,6 +5393,9 @@ static const unsigned int obj_objs[NUM_OBJ] = { 311, /* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */ 312, /* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */ 784, /* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */ + 1223, /* OBJ_id_it_caCerts 1 3 6 1 5 5 7 4 17 */ + 1224, /* OBJ_id_it_rootCaKeyUpdate 1 3 6 1 5 5 7 4 18 */ + 1225, /* OBJ_id_it_certReqTemplate 1 3 6 1 5 5 7 4 19 */ 313, /* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */ 314, /* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */ 323, /* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 6d2c0d74a8..fb40663977 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1216,3 +1216,10 @@ modp_4096 1215 modp_6144 1216 modp_8192 1217 kx_gost18 1218 +cmcArchive 1219 +id_kp_bgpsec_router 1220 +id_kp_BrandIndicatorforMessageIdentification 1221 +cmKGA 1222 +id_it_caCerts 1223 +id_it_rootCaKeyUpdate 1224 +id_it_certReqTemplate 1225 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index b19454209b..4aa6fc5854 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -509,6 +509,7 @@ id-qt 1 : id-qt-cps : Policy Qualifier CPS id-qt 2 : id-qt-unotice : Policy Qualifier User Notice id-qt 3 : textNotice +# https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.3 # PKIX key purpose identifiers !Cname server-auth id-kp 1 : serverAuth : TLS Web Server Authentication @@ -541,7 +542,12 @@ id-kp 25 : sendOwner : Send Owner id-kp 26 : sendProxiedOwner : Send Proxied Owner id-kp 27 : cmcCA : CMC Certificate Authority id-kp 28 : cmcRA : CMC Registration Authority +id-kp 29 : cmcArchive : CMC Archive Server +id-kp 30 : id-kp-bgpsec-router : BGPsec Router +id-kp 31 : id-kp-BrandIndicatorforMessageIdentification : Brand Indicator for Message Identification +id-kp 32 : cmKGA : Certificate Management Key Generation Authority +# https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.4 # CMP information types id-it 1 : id-it-caProtEncCert id-it 2 : id-it-signKeyPairTypes @@ -561,6 +567,9 @@ id-it 13 : id-it-implicitConfirm id-it 14 : id-it-confirmWaitTime id-it 15 : id-it-origPKIMessage id-it 16 : id-it-suppLangTags +id-it 17 : id-it-caCerts +id-it 18 : id-it-rootCaKeyUpdate +id-it 19 : id-it-certReqTemplate # CRMF registration id-pkip 1 : id-regCtrl diff --git a/fuzz/oids.txt b/fuzz/oids.txt index ddd50880ce..2b4cb110ce 100644 --- a/fuzz/oids.txt +++ b/fuzz/oids.txt @@ -1073,3 +1073,10 @@ OBJ_id_on_SmtpUTF8Mailbox="\x2B\x06\x01\x05\x05\x07\x08\x09" OBJ_XmppAddr="\x2B\x06\x01\x05\x05\x07\x08\x05" OBJ_SRVName="\x2B\x06\x01\x05\x05\x07\x08\x07" OBJ_NAIRealm="\x2B\x06\x01\x05\x05\x07\x08\x08" +OBJ_cmcArchive="\x2B\x06\x01\x05\x05\x07\x03\x1D" +OBJ_id_kp_bgpsec_router="\x2B\x06\x01\x05\x05\x07\x03\x1E" +OBJ_id_kp_BrandIndicatorforMessageIdentification="\x2B\x06\x01\x05\x05\x07\x03\x1F" +OBJ_cmKGA="\x2B\x06\x01\x05\x05\x07\x03\x20" +OBJ_id_it_caCerts="\x2B\x06\x01\x05\x05\x07\x04\x11" +OBJ_id_it_rootCaKeyUpdate="\x2B\x06\x01\x05\x05\x07\x04\x12" +OBJ_id_it_certReqTemplate="\x2B\x06\x01\x05\x05\x07\x04\x13" diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 0f9adc9b6a..18fd0ec451 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -1647,6 +1647,26 @@ #define NID_cmcRA 1132 #define OBJ_cmcRA OBJ_id_kp,28L +#define SN_cmcArchive "cmcArchive" +#define LN_cmcArchive "CMC Archive Server" +#define NID_cmcArchive 1219 +#define OBJ_cmcArchive OBJ_id_kp,29L + +#define SN_id_kp_bgpsec_router "id-kp-bgpsec-router" +#define LN_id_kp_bgpsec_router "BGPsec Router" +#define NID_id_kp_bgpsec_router 1220 +#define OBJ_id_kp_bgpsec_router OBJ_id_kp,30L + +#define SN_id_kp_BrandIndicatorforMessageIdentification "id-kp-BrandIndicatorforMessageIdentification" +#define LN_id_kp_BrandIndicatorforMessageIdentification "Brand Indicator for Message Identification" +#define NID_id_kp_BrandIndicatorforMessageIdentification 1221 +#define OBJ_id_kp_BrandIndicatorforMessageIdentification OBJ_id_kp,31L + +#define SN_cmKGA "cmKGA" +#define LN_cmKGA "Certificate Management Key Generation Authority" +#define NID_cmKGA 1222 +#define OBJ_cmKGA OBJ_id_kp,32L + #define SN_id_it_caProtEncCert "id-it-caProtEncCert" #define NID_id_it_caProtEncCert 298 #define OBJ_id_it_caProtEncCert OBJ_id_it,1L @@ -1711,6 +1731,18 @@ #define NID_id_it_suppLangTags 784 #define OBJ_id_it_suppLangTags OBJ_id_it,16L +#define SN_id_it_caCerts "id-it-caCerts" +#define NID_id_it_caCerts 1223 +#define OBJ_id_it_caCerts OBJ_id_it,17L + +#define SN_id_it_rootCaKeyUpdate "id-it-rootCaKeyUpdate" +#define NID_id_it_rootCaKeyUpdate 1224 +#define OBJ_id_it_rootCaKeyUpdate OBJ_id_it,18L + +#define SN_id_it_certReqTemplate "id-it-certReqTemplate" +#define NID_id_it_certReqTemplate 1225 +#define OBJ_id_it_certReqTemplate OBJ_id_it,19L + #define SN_id_regCtrl "id-regCtrl" #define NID_id_regCtrl 313 #define OBJ_id_regCtrl OBJ_id_pkip,1L From dev at ddvo.net Tue Sep 8 21:25:06 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Tue, 08 Sep 2020 21:25:06 +0000 Subject: [openssl] master update Message-ID: <1599600306.417501.7773.nullmailer@dev.openssl.org> The branch master has been updated via b434b2c08d2025936fb8b7ece3a5908613333f6b (commit) from 15633d74dcfe446d309d612c69fd075616d45c5b (commit) - Log ----------------------------------------------------------------- commit b434b2c08d2025936fb8b7ece3a5908613333f6b Author: Dr. David von Oheimb Date: Fri Aug 28 13:37:04 2020 +0200 Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12806) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 6 ++---- crypto/cmp/cmp_vfy.c | 8 ++++++++ doc/man1/openssl-cmp.pod.in | 8 ++++++++ 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index dd49142309..f9b50fc659 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1546,10 +1546,8 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) } EVP_PKEY_free(pkey); } - if (opt_secret == NULL && opt_srvcert == NULL && opt_trusted == NULL) { - CMP_err("missing -secret or -srvcert or -trusted"); - goto err; - } + if (opt_secret == NULL && opt_srvcert == NULL && opt_trusted == NULL) + CMP_warn("will not authenticate server due to missing -secret, -trusted, or -srvcert"); if (opt_cert != NULL) { X509 *cert; diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index 9b8a88f94b..f5026e0bbc 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -568,6 +568,10 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) switch (ossl_cmp_hdr_get_protection_nid(msg->header)) { /* 5.1.3.1. Shared Secret Information */ case NID_id_PasswordBasedMAC: + if (ctx->secretValue == NULL) { + ossl_cmp_warn(ctx, "no secret available for verifying PBM-based CMP message protection"); + return 1; + } if (verify_PBMAC(ctx, msg)) { /* * RFC 4210, 5.3.2: 'Note that if the PKI Message Protection is @@ -615,6 +619,10 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) default: scrt = ctx->srvCert; if (scrt == NULL) { + if (ctx->trusted == NULL) { + ossl_cmp_warn(ctx, "no trust store nor pinned server cert available for verifying signature-based CMP message protection"); + return 1; + } if (check_msg_find_cert(ctx, msg)) return 1; } else { /* use pinned sender cert */ diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 46c5059d84..623e3f7dee 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -174,6 +174,7 @@ Default filename is from the environment variable C. Section(s) to use within config file defining CMP options. An empty string C<""> means no specific section. Default is C. + Multiple section names may be given, separated by commas and/or whitespace (where in the latter case the whole argument must be enclosed in "..."). Contents of sections named later may override contents of sections named before. @@ -485,6 +486,9 @@ This option gives more flexibility than the B<-srvcert> option because the protection certificate is not pinned but may be any certificate for which a chain to one of the given trusted certificates can be constructed. +If no B<-trusted>, B<-srvcert>, and B<-secret> option is given +then protected response messages from the server are not authenticated. + Multiple filenames may be given, separated by commas and/or whitespace (where in the latter case the whole argument must be enclosed in "..."). Each source may contain multiple certificates. @@ -809,6 +813,7 @@ Default is one invocation. =item B<-reqin> I Take sequence of CMP requests from file(s). + Multiple filenames may be given, separated by commas and/or whitespace (where in the latter case the whole argument must be enclosed in "..."). As many files are read as needed for a complete transaction. @@ -823,18 +828,21 @@ and the CMP server complains that the transaction ID has already been used. =item B<-reqout> I Save sequence of CMP requests to file(s). + Multiple filenames may be given, separated by commas and/or whitespace. As many files are written as needed to store the complete transaction. =item B<-rspin> I Process sequence of CMP responses provided in file(s), skipping server. + Multiple filenames may be given, separated by commas and/or whitespace. As many files are read as needed for the complete transaction. =item B<-rspout> I Save sequence of CMP responses to file(s). + Multiple filenames may be given, separated by commas and/or whitespace. As many files are written as needed to store the complete transaction. From openssl at openssl.org Tue Sep 8 23:46:15 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 08 Sep 2020 23:46:15 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1599608775.071278.28061.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 8047EBE33B7F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 8047432C237F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 8047432C237F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=211, Tests=3145, 1281 wallclock secs (10.93 usr 1.47 sys + 1100.09 cusr 152.55 csys = 1265.04 CPU) Result: FAIL Makefile:2551: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:2549: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Sep 9 01:41:19 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 Sep 2020 01:41:19 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1599615679.468806.1884.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=211, Tests=3423, 727 wallclock secs (13.30 usr 1.38 sys + 658.10 cusr 64.01 csys = 736.79 CPU) Result: FAIL Makefile:3200: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3198: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Wed Sep 9 03:10:32 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 09 Sep 2020 03:10:32 +0000 Subject: Still Failing: openssl/openssl#37302 (master - 15633d7) In-Reply-To: Message-ID: <5f5847a7c4ec7_13ff262cc1ebc206998@travis-pro-tasks-c5f7ff696-fvscb.mail> Build Update for openssl/openssl ------------------------------------- Build: #37302 Status: Still Failing Duration: 1 hr, 20 mins, and 42 secs Commit: 15633d7 (master) Author: Dr. David von Oheimb Message: Add 4 new OIDs for PKIX key purposes and 3 new CMP information types Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12807) View the changeset: https://github.com/openssl/openssl/compare/1251cddf8d41...15633d74dcfe View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183446405?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Wed Sep 9 04:13:54 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 09 Sep 2020 04:13:54 +0000 Subject: Still Failing: openssl/openssl#37303 (master - b434b2c) In-Reply-To: Message-ID: <5f585681a4521_13fbe13ccd5387868ba@travis-pro-tasks-c5f7ff696-sxhm6.mail> Build Update for openssl/openssl ------------------------------------- Build: #37303 Status: Still Failing Duration: 1 hr, 28 mins, and 1 sec Commit: b434b2c (master) Author: Dr. David von Oheimb Message: Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12806) View the changeset: https://github.com/openssl/openssl/compare/15633d74dcfe...b434b2c08d20 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183446683?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Sep 9 04:17:46 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 Sep 2020 04:17:46 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1599625066.202720.26865.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/srptest-bin-srptest.d.tmp -MT test/srptest-bin-srptest.o -c -o test/srptest-bin-srptest.o ../openssl/test/srptest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_cert_table_internal_test-bin-ssl_cert_table_internal_test.d.tmp -MT test/ssl_cert_table_internal_test-bin-ssl_cert_table_internal_test.o -c -o test/ssl_cert_table_internal_test-bin-ssl_cert_table_internal_test.o ../openssl/test/ssl_cert_table_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_ctx_test-bin-ssl_ctx_test.d.tmp -MT test/ssl_ctx_test-bin-ssl_ctx_test.o -c -o test/ssl_ctx_test-bin-ssl_ctx_test.o ../openssl/test/ssl_ctx_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-handshake_helper.d.tmp -MT test/ssl_test-bin-handshake_helper.o -c -o test/ssl_test-bin-handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-ssl_test.d.tmp -MT test/ssl_test-bin-ssl_test.o -c -o test/ssl_test-bin-ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-ssl_test_ctx.d.tmp -MT test/ssl_test-bin-ssl_test_ctx.o -c -o test/ssl_test-bin-ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test_ctx_test-bin-ssl_test_ctx.d.tmp -MT test/ssl_test_ctx_test-bin-ssl_test_ctx.o -c -o test/ssl_test_ctx_test-bin-ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test_ctx_test-bin-ssl_test_ctx_test.d.tmp -MT test/ssl_test_ctx_test-bin-ssl_test_ctx_test.o -c -o test/ssl_test_ctx_test-bin-ssl_test_ctx_test.o ../openssl/test/ssl_test_ctx_test.c clang -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslapitest-bin-filterprov.d.tmp -MT test/sslapitest-bin-filterprov.o -c -o test/sslapitest-bin-filterprov.o ../openssl/test/filterprov.c clang -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslapitest-bin-sslapitest.d.tmp -MT test/sslapitest-bin-sslapitest.o -c -o test/sslapitest-bin-sslapitest.o ../openssl/test/sslapitest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslapitest-bin-ssltestlib.d.tmp -MT test/sslapitest-bin-ssltestlib.o -c -o test/sslapitest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslapitest-bin-tls-provider.d.tmp -MT test/sslapitest-bin-tls-provider.o -c -o test/sslapitest-bin-tls-provider.o ../openssl/test/tls-provider.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslbuffertest-bin-sslbuffertest.d.tmp -MT test/sslbuffertest-bin-sslbuffertest.o -c -o test/sslbuffertest-bin-sslbuffertest.o ../openssl/test/sslbuffertest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslbuffertest-bin-ssltestlib.d.tmp -MT test/sslbuffertest-bin-ssltestlib.o -c -o test/sslbuffertest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslcorrupttest-bin-sslcorrupttest.d.tmp -MT test/sslcorrupttest-bin-sslcorrupttest.o -c -o test/sslcorrupttest-bin-sslcorrupttest.o ../openssl/test/sslcorrupttest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslcorrupttest-bin-ssltestlib.d.tmp -MT test/sslcorrupttest-bin-ssltestlib.o -c -o test/sslcorrupttest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssltest_old-bin-ssltest_old.d.tmp -MT test/ssltest_old-bin-ssltest_old.o -c -o test/ssltest_old-bin-ssltest_old.o ../openssl/test/ssltest_old.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/stack_test-bin-stack_test.d.tmp -MT test/stack_test-bin-stack_test.o -c -o test/stack_test-bin-stack_test.o ../openssl/test/stack_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sysdefaulttest-bin-sysdefaulttest.d.tmp -MT test/sysdefaulttest-bin-sysdefaulttest.o -c -o test/sysdefaulttest-bin-sysdefaulttest.o ../openssl/test/sysdefaulttest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/test_test-bin-test_test.d.tmp -MT test/test_test-bin-test_test.o -c -o test/test_test-bin-test_test.o ../openssl/test/test_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/threadstest-bin-threadstest.d.tmp -MT test/threadstest-bin-threadstest.o -c -o test/threadstest-bin-threadstest.o ../openssl/test/threadstest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/time_offset_test-bin-time_offset_test.d.tmp -MT test/time_offset_test-bin-time_offset_test.o -c -o test/time_offset_test-bin-time_offset_test.o ../openssl/test/time_offset_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/tls13ccstest-bin-ssltestlib.d.tmp -MT test/tls13ccstest-bin-ssltestlib.o -c -o test/tls13ccstest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/tls13ccstest-bin-tls13ccstest.d.tmp -MT test/tls13ccstest-bin-tls13ccstest.o -c -o test/tls13ccstest-bin-tls13ccstest.o ../openssl/test/tls13ccstest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/tls13encryptiontest-bin-tls13encryptiontest.d.tmp -MT test/tls13encryptiontest-bin-tls13encryptiontest.o -c -o test/tls13encryptiontest-bin-tls13encryptiontest.o ../openssl/test/tls13encryptiontest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -DOPENSSL_NO_KTLS -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/tls13secretstest-bin-packet.d.tmp -MT crypto/tls13secretstest-bin-packet.o -c -o crypto/tls13secretstest-bin-packet.o ../openssl/crypto/packet.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -DOPENSSL_NO_KTLS -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF ssl/tls13secretstest-bin-tls13_enc.d.tmp -MT ssl/tls13secretstest-bin-tls13_enc.o -c -o ssl/tls13secretstest-bin-tls13_enc.o ../openssl/ssl/tls13_enc.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -DOPENSSL_NO_KTLS -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/tls13secretstest-bin-tls13secretstest.d.tmp -MT test/tls13secretstest-bin-tls13secretstest.o -c -o test/tls13secretstest-bin-tls13secretstest.o ../openssl/test/tls13secretstest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/uitest-bin-apps_ui.d.tmp -MT apps/lib/uitest-bin-apps_ui.o -c -o apps/lib/uitest-bin-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/uitest-bin-uitest.d.tmp -MT test/uitest-bin-uitest.o -c -o test/uitest-bin-uitest.o ../openssl/test/uitest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/v3ext-bin-v3ext.d.tmp -MT test/v3ext-bin-v3ext.o -c -o test/v3ext-bin-v3ext.o ../openssl/test/v3ext.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/v3nametest-bin-v3nametest.d.tmp -MT test/v3nametest-bin-v3nametest.o -c -o test/v3nametest-bin-v3nametest.o ../openssl/test/v3nametest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/verify_extra_test-bin-verify_extra_test.d.tmp -MT test/verify_extra_test-bin-verify_extra_test.o -c -o test/verify_extra_test-bin-verify_extra_test.o ../openssl/test/verify_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/versions-bin-versions.d.tmp -MT test/versions-bin-versions.o -c -o test/versions-bin-versions.o ../openssl/test/versions.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/wpackettest-bin-wpackettest.d.tmp -MT test/wpackettest-bin-wpackettest.o -c -o test/wpackettest-bin-wpackettest.o ../openssl/test/wpackettest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509_check_cert_pkey_test-bin-x509_check_cert_pkey_test.d.tmp -MT test/x509_check_cert_pkey_test-bin-x509_check_cert_pkey_test.o -c -o test/x509_check_cert_pkey_test-bin-x509_check_cert_pkey_test.o ../openssl/test/x509_check_cert_pkey_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509_dup_cert_test-bin-x509_dup_cert_test.d.tmp -MT test/x509_dup_cert_test-bin-x509_dup_cert_test.o -c -o test/x509_dup_cert_test-bin-x509_dup_cert_test.o ../openssl/test/x509_dup_cert_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509_internal_test-bin-x509_internal_test.d.tmp -MT test/x509_internal_test-bin-x509_internal_test.o -c -o test/x509_internal_test-bin-x509_internal_test.o ../openssl/test/x509_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509_time_test-bin-x509_time_test.d.tmp -MT test/x509_time_test-bin-x509_time_test.o -c -o test/x509_time_test-bin-x509_time_test.o ../openssl/test/x509_time_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509aux-bin-x509aux.d.tmp -MT test/x509aux-bin-x509aux.o -c -o test/x509aux-bin-x509aux.o ../openssl/test/x509aux.c /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/apps/CA.pl.in > "apps/CA.pl" /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/apps/tsget.in > "apps/tsget.pl" chmod a+x apps/CA.pl /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/tools/c_rehash.in > "tools/c_rehash" /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/util/shlib_wrap.sh.in > "util/shlib_wrap.sh" ar qc apps/libapps.a apps/lib/libapps-lib-app_params.o apps/lib/libapps-lib-app_provider.o apps/lib/libapps-lib-app_rand.o apps/lib/libapps-lib-app_x509.o apps/lib/libapps-lib-apps.o apps/lib/libapps-lib-apps_ui.o apps/lib/libapps-lib-columns.o apps/lib/libapps-lib-fmt.o apps/lib/libapps-lib-http_server.o apps/lib/libapps-lib-names.o apps/lib/libapps-lib-opt.o apps/lib/libapps-lib-s_cb.o apps/lib/libapps-lib-s_socket.o ranlib apps/libapps.a || echo Never mind. clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aes-x86_64.o crypto/aes/aes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-mb-x86_64.o crypto/aes/aesni-mb-x86_64.s chmod a+x apps/tsget.pl clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-sha1-x86_64.o crypto/aes/aesni-sha1-x86_64.s chmod a+x tools/c_rehash clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-sha256-x86_64.o crypto/aes/aesni-sha256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-x86_64.o crypto/aes/aesni-x86_64.s chmod a+x util/shlib_wrap.sh clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-bsaes-x86_64.o crypto/aes/bsaes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-vpaes-x86_64.o crypto/aes/vpaes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-rsaz-avx2.o crypto/bn/rsaz-avx2.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-rsaz-x86_64.o crypto/bn/rsaz-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-gf2m.o crypto/bn/x86_64-gf2m.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-mont.o crypto/bn/x86_64-mont.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-mont5.o crypto/bn/x86_64-mont5.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/camellia/libcrypto-lib-cmll-x86_64.o crypto/camellia/cmll-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/chacha/libcrypto-lib-chacha-x86_64.o crypto/chacha/chacha-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/ec/libcrypto-lib-ecp_nistz256-x86_64.o crypto/ec/ecp_nistz256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/ec/libcrypto-lib-x25519-x86_64.o crypto/ec/x25519-x86_64.s clang -Icrypto -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/libcrypto-lib-cversion.d.tmp -MT crypto/libcrypto-lib-cversion.o -c -o crypto/libcrypto-lib-cversion.o ../openssl/crypto/cversion.c clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/libcrypto-lib-x86_64cpuid.o crypto/x86_64cpuid.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/md5/libcrypto-lib-md5-x86_64.o crypto/md5/md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/modes/libcrypto-lib-aesni-gcm-x86_64.o crypto/modes/aesni-gcm-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/modes/libcrypto-lib-ghash-x86_64.o crypto/modes/ghash-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/poly1305/libcrypto-lib-poly1305-x86_64.o crypto/poly1305/poly1305-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/rc4/libcrypto-lib-rc4-md5-x86_64.o crypto/rc4/rc4-md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/rc4/libcrypto-lib-rc4-x86_64.o crypto/rc4/rc4-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-keccak1600-x86_64.o crypto/sha/keccak1600-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha1-mb-x86_64.o crypto/sha/sha1-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha1-x86_64.o crypto/sha/sha1-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha256-mb-x86_64.o crypto/sha/sha256-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha256-x86_64.o crypto/sha/sha256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha512-x86_64.o crypto/sha/sha512-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/whrlpool/libcrypto-lib-wp-x86_64.o crypto/whrlpool/wp-x86_64.s clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/encode_decode/libimplementations-lib-encoder_rsa.d.tmp -MT providers/implementations/encode_decode/libimplementations-lib-encoder_rsa.o -c -o providers/implementations/encode_decode/libimplementations-lib-encoder_rsa.o ../openssl/providers/implementations/encode_decode/encoder_rsa.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/kdfs/libimplementations-lib-x942kdf.d.tmp -MT providers/implementations/kdfs/libimplementations-lib-x942kdf.o -c -o providers/implementations/kdfs/libimplementations-lib-x942kdf.o ../openssl/providers/implementations/kdfs/x942kdf.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/signature/libimplementations-lib-dsa.d.tmp -MT providers/implementations/signature/libimplementations-lib-dsa.o -c -o providers/implementations/signature/libimplementations-lib-dsa.o ../openssl/providers/implementations/signature/dsa.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_digests_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_digests_gen.o -c -o providers/common/der/libnonfips-lib-der_digests_gen.o providers/common/der/der_digests_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_gen.o -c -o providers/common/der/libnonfips-lib-der_dsa_gen.o providers/common/der/der_dsa_gen.c ../openssl/providers/implementations/kdfs/x942kdf.c:438:21: error: no previous extern declaration for non-static variable 'kdf_x942_kdf_functions' [-Werror,-Wmissing-variable-declarations] const OSSL_DISPATCH kdf_x942_kdf_functions[] = { ^ 1 error generated. Makefile:21503: recipe for target 'providers/implementations/kdfs/libimplementations-lib-x942kdf.o' failed make[1]: *** [providers/implementations/kdfs/libimplementations-lib-x942kdf.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-cms' Makefile:3133: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Wed Sep 9 06:28:59 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 Sep 2020 06:28:59 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1599632939.853624.9676.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): C0C054EB207F0000:error::asn1 encoding routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:105: Unable to load private key for CMP client certificate cmp_main:../openssl/apps/cmp.c:2841:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2688:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2286:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 1 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. Could not open file or uri test.cert.pem for loading CMP client certificate (optionally with chain) Could not read any cert of CMP client certificate (optionally with chain) from test.cert.pem C0A0874ADF7F0000:error::asn1 encoding routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:105: C0A0874ADF7F0000:error::STORE routines:ossl_store_get0_loader_int:unregistered scheme:../openssl/crypto/store/store_register.c:240:scheme=file C0A0874ADF7F0000:error::system library:file_open:No such file or directory:../openssl/providers/implementations/storemgmt/file_store.c:278:calling stat(test.cert.pem) cmp_main:../openssl/apps/cmp.c:2841:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2688:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2286:CMP warning: argument of -proxy option is empty string, resetting option # setup_client_ctx:../openssl/apps/cmp.c:1909:CMP warning: -subject '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf' given, which overrides the subject of 'test.cert.pem' in KUR # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 1 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. Could not open file or uri test.cert.pem for loading CMP client certificate (optionally with chain) Could not read any cert of CMP client certificate (optionally with chain) from test.cert.pem C040EAB3627F0000:error::asn1 encoding routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:105: C040EAB3627F0000:error::STORE routines:ossl_store_get0_loader_int:unregistered scheme:../openssl/crypto/store/store_register.c:240:scheme=file C040EAB3627F0000:error::system library:file_open:No such file or directory:../openssl/providers/implementations/storemgmt/file_store.c:278:calling stat(test.cert.pem) cmp_main:../openssl/apps/cmp.c:2841:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2688:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2286:CMP warning: argument of -proxy option is empty string, resetting option # opt_str:../openssl/apps/cmp.c:2286:CMP warning: argument of -subject option is empty string, resetting option # opt_str:../openssl/apps/cmp.c:2286:CMP warning: argument of -secret option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 1 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ # Looks like you failed 31 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-des/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 30-test_evp.t (Wstat: 768 Tests: 84 Failed: 3) Failed tests: 12, 36, 69 Non-zero exit status: 3 30-test_evp_kdf.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=211, Tests=3411, 689 wallclock secs (13.45 usr 1.43 sys + 623.64 cusr 56.77 csys = 695.29 CPU) Result: FAIL Makefile:3141: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' Makefile:3139: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Sep 9 06:50:38 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 Sep 2020 06:50:38 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1599634238.214497.29149.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=211, Tests=3557, 680 wallclock secs (13.66 usr 1.42 sys + 607.35 cusr 58.60 csys = 681.03 CPU) Result: FAIL Makefile:3183: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3181: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Sep 9 07:12:27 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 Sep 2020 07:12:27 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh Message-ID: <1599635547.096306.17120.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. skipped: dh is not supported by this OpenSSL build 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. skipped: dh is not supported by this OpenSSL build 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 30-test_evp.t (Wstat: 512 Tests: 84 Failed: 2) Failed tests: 20, 44 Non-zero exit status: 2 Files=211, Tests=3544, 699 wallclock secs (14.10 usr 1.32 sys + 616.68 cusr 65.04 csys = 697.14 CPU) Result: FAIL Makefile:3164: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dh' Makefile:3162: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Sep 9 07:33:15 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 Sep 2020 07:33:15 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1599636795.940348.2360.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 30-test_evp.t (Wstat: 512 Tests: 84 Failed: 2) Failed tests: 15, 39 Non-zero exit status: 2 Files=211, Tests=3478, 658 wallclock secs (13.50 usr 1.16 sys + 589.64 cusr 64.71 csys = 669.01 CPU) Result: FAIL Makefile:3160: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dsa' Makefile:3158: recipe for target 'tests' failed make: *** [tests] Error 2 From pauli at openssl.org Wed Sep 9 08:00:30 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 09 Sep 2020 08:00:30 +0000 Subject: [openssl] master update Message-ID: <1599638430.696077.3753.nullmailer@dev.openssl.org> The branch master has been updated via e942111267f292070cbc8397e0cc5fddaf8371a0 (commit) via 5c97eeb726dac6194e7a3aecf8231a512e0243ea (commit) via b924d1b6e1b66def84979dbbf3c79059cff1d554 (commit) via 81661a14bcf9fb92eadedb15de75c3eb5b4e97a8 (commit) via b250fc7be771d912460b60285ad7124e0b38ef94 (commit) from b434b2c08d2025936fb8b7ece3a5908613333f6b (commit) - Log ----------------------------------------------------------------- commit e942111267f292070cbc8397e0cc5fddaf8371a0 Author: Pauli Date: Sun Sep 6 20:39:12 2020 +1000 In a non-shared build, don't include the md5 object files in legacy provider Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11961) commit 5c97eeb726dac6194e7a3aecf8231a512e0243ea Author: Pauli Date: Sun Sep 6 17:14:38 2020 +1000 TLS fixes for CBC mode and no-deprecated Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11961) commit b924d1b6e1b66def84979dbbf3c79059cff1d554 Author: Pauli Date: Sun Sep 6 13:44:08 2020 +1000 TLS: remove legacy code path supporting special CBC mode Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11961) commit 81661a14bcf9fb92eadedb15de75c3eb5b4e97a8 Author: Pauli Date: Tue May 26 20:20:09 2020 +1000 legacy: include MD5 code in legacy provider Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11961) commit b250fc7be771d912460b60285ad7124e0b38ef94 Author: Pauli Date: Tue May 26 19:38:23 2020 +1000 Deprecate SHA and MD5 again. This reverts commit a978dc3bffb63e6bfc40fe6955e8798bdffb4e7e. Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11961) ----------------------------------------------------------------------- Summary of changes: crypto/md5/build.info | 11 ++++++ include/openssl/md5.h | 35 ++++++++++-------- include/openssl/sha.h | 96 +++++++++++++++++++++++++++--------------------- ssl/build.info | 5 ++- ssl/record/ssl3_record.c | 23 ++++++++++++ ssl/s3_cbc.c | 19 ---------- util/libcrypto.num | 56 ++++++++++++++-------------- 7 files changed, 141 insertions(+), 104 deletions(-) diff --git a/crypto/md5/build.info b/crypto/md5/build.info index afcf7c4426..bbb70fde3c 100644 --- a/crypto/md5/build.info +++ b/crypto/md5/build.info @@ -18,10 +18,21 @@ $COMMON=md5_dgst.c md5_one.c md5_sha1.c $MD5ASM SOURCE[../../libcrypto]=$COMMON SOURCE[../../providers/libimplementations.a]=$COMMON +# A no-deprecated no-shared build ends up with double function definitions +# without conditioning this on dso. The issue is MD5 which is needed in the +# legacy provider for one of the spliced algorithms, however it resides in the +# default provider. A no-deprecated build removes the external definition from +# libcrypto and this means that the code needs to be in liblegacy. However, +# when building without 'dso', liblegacy is included in libcrypto. +IF[{- !$disabled{dso} -}] + SOURCE[../../providers/liblegacy.a]=$COMMON +ENDIF + # Implementations are now spread across several libraries, so the defines # need to be applied to all affected libraries and modules. DEFINE[../../libcrypto]=$MD5DEF DEFINE[../../providers/libimplementations.a]=$MD5DEF +DEFINE[../../providers/liblegacy.a]=$MD5DEF GENERATE[md5-586.s]=asm/md5-586.pl diff --git a/include/openssl/md5.h b/include/openssl/md5.h index 0a75b084a2..c61b3d94c8 100644 --- a/include/openssl/md5.h +++ b/include/openssl/md5.h @@ -19,22 +19,24 @@ # include # ifndef OPENSSL_NO_MD5 -# include -# include -# ifdef __cplusplus +# include +# include +# ifdef __cplusplus extern "C" { -# endif +# endif + +# define MD5_DIGEST_LENGTH 16 +# if !defined(OPENSSL_NO_DEPRECATED_3_0) /* * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * ! MD5_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -# define MD5_LONG unsigned int +# define MD5_LONG unsigned int -# define MD5_CBLOCK 64 -# define MD5_LBLOCK (MD5_CBLOCK/4) -# define MD5_DIGEST_LENGTH 16 +# define MD5_CBLOCK 64 +# define MD5_LBLOCK (MD5_CBLOCK/4) typedef struct MD5state_st { MD5_LONG A, B, C, D; @@ -42,15 +44,18 @@ typedef struct MD5state_st { MD5_LONG data[MD5_LBLOCK]; unsigned int num; } MD5_CTX; +# endif -int MD5_Init(MD5_CTX *c); -int MD5_Update(MD5_CTX *c, const void *data, size_t len); -int MD5_Final(unsigned char *md, MD5_CTX *c); -unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md); -void MD5_Transform(MD5_CTX *c, const unsigned char *b); -# ifdef __cplusplus +DEPRECATEDIN_3_0(int MD5_Init(MD5_CTX *c)) +DEPRECATEDIN_3_0(int MD5_Update(MD5_CTX *c, const void *data, size_t len)) +DEPRECATEDIN_3_0(int MD5_Final(unsigned char *md, MD5_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *MD5(const unsigned char *d, size_t n, + unsigned char *md)) +DEPRECATEDIN_3_0(void MD5_Transform(MD5_CTX *c, const unsigned char *b)) + +# ifdef __cplusplus } -# endif +# endif # endif #endif diff --git a/include/openssl/sha.h b/include/openssl/sha.h index 18e584a161..eac7cdbba3 100644 --- a/include/openssl/sha.h +++ b/include/openssl/sha.h @@ -23,19 +23,21 @@ extern "C" { # endif +# define SHA_DIGEST_LENGTH 20 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 /*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * ! SHA_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -# define SHA_LONG unsigned int +# define SHA_LONG unsigned int -# define SHA_LBLOCK 16 -# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a - * contiguous array of 32 bit wide - * big-endian values. */ -# define SHA_LAST_BLOCK (SHA_CBLOCK-8) -# define SHA_DIGEST_LENGTH 20 +# define SHA_LBLOCK 16 +# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ +# define SHA_LAST_BLOCK (SHA_CBLOCK-8) typedef struct SHAstate_st { SHA_LONG h0, h1, h2, h3, h4; @@ -43,14 +45,17 @@ typedef struct SHAstate_st { SHA_LONG data[SHA_LBLOCK]; unsigned int num; } SHA_CTX; +# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */ -int SHA1_Init(SHA_CTX *c); -int SHA1_Update(SHA_CTX *c, const void *data, size_t len); -int SHA1_Final(unsigned char *md, SHA_CTX *c); -unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); -void SHA1_Transform(SHA_CTX *c, const unsigned char *data); +DEPRECATEDIN_3_0(int SHA1_Init(SHA_CTX *c)) +DEPRECATEDIN_3_0(int SHA1_Update(SHA_CTX *c, const void *data, size_t len)) +DEPRECATEDIN_3_0(int SHA1_Final(unsigned char *md, SHA_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *SHA1(const unsigned char *d, size_t n, + unsigned char *md)) +DEPRECATEDIN_3_0(void SHA1_Transform(SHA_CTX *c, const unsigned char *data)) -# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a * contiguous array of 32 bit wide * big-endian values. */ @@ -60,22 +65,27 @@ typedef struct SHA256state_st { SHA_LONG data[SHA_LBLOCK]; unsigned int num, md_len; } SHA256_CTX; - -int SHA224_Init(SHA256_CTX *c); -int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); -int SHA224_Final(unsigned char *md, SHA256_CTX *c); -unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); -int SHA256_Init(SHA256_CTX *c); -int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); -int SHA256_Final(unsigned char *md, SHA256_CTX *c); -unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); -void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); +# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */ + +DEPRECATEDIN_3_0(int SHA224_Init(SHA256_CTX *c)) +DEPRECATEDIN_3_0(int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)) +DEPRECATEDIN_3_0(int SHA224_Final(unsigned char *md, SHA256_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *SHA224(const unsigned char *d, size_t n, + unsigned char *md)) +DEPRECATEDIN_3_0(int SHA256_Init(SHA256_CTX *c)) +DEPRECATEDIN_3_0(int SHA256_Update(SHA256_CTX *c, const void *data, size_t len)) +DEPRECATEDIN_3_0(int SHA256_Final(unsigned char *md, SHA256_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *SHA256(const unsigned char *d, size_t n, + unsigned char *md)) +DEPRECATEDIN_3_0(void SHA256_Transform(SHA256_CTX *c, + const unsigned char *data)) # define SHA224_DIGEST_LENGTH 28 # define SHA256_DIGEST_LENGTH 32 # define SHA384_DIGEST_LENGTH 48 # define SHA512_DIGEST_LENGTH 64 +# ifndef OPENSSL_NO_DEPRECATED_3_0 /* * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 * being exactly 64-bit wide. See Implementation Notes in sha512.c @@ -86,14 +96,14 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); * contiguous array of 64 bit * wide big-endian values. */ -# define SHA512_CBLOCK (SHA_LBLOCK*8) -# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -# define SHA_LONG64 unsigned __int64 -# elif defined(__arch64__) -# define SHA_LONG64 unsigned long -# else -# define SHA_LONG64 unsigned long long -# endif +# define SHA512_CBLOCK (SHA_LBLOCK*8) +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define SHA_LONG64 unsigned __int64 +# elif defined(__arch64__) +# define SHA_LONG64 unsigned long +# else +# define SHA_LONG64 unsigned long long +# endif typedef struct SHA512state_st { SHA_LONG64 h[8]; @@ -104,16 +114,20 @@ typedef struct SHA512state_st { } u; unsigned int num, md_len; } SHA512_CTX; - -int SHA384_Init(SHA512_CTX *c); -int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); -int SHA384_Final(unsigned char *md, SHA512_CTX *c); -unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md); -int SHA512_Init(SHA512_CTX *c); -int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); -int SHA512_Final(unsigned char *md, SHA512_CTX *c); -unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); -void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); +# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */ + +DEPRECATEDIN_3_0(int SHA384_Init(SHA512_CTX *c)) +DEPRECATEDIN_3_0(int SHA384_Update(SHA512_CTX *c, const void *data, size_t len)) +DEPRECATEDIN_3_0(int SHA384_Final(unsigned char *md, SHA512_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *SHA384(const unsigned char *d, size_t n, + unsigned char *md)) +DEPRECATEDIN_3_0(int SHA512_Init(SHA512_CTX *c)) +DEPRECATEDIN_3_0(int SHA512_Update(SHA512_CTX *c, const void *data, size_t len)) +DEPRECATEDIN_3_0(int SHA512_Final(unsigned char *md, SHA512_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *SHA512(const unsigned char *d, size_t n, + unsigned char *md)) +DEPRECATEDIN_3_0(void SHA512_Transform(SHA512_CTX *c, + const unsigned char *data)) # ifdef __cplusplus } diff --git a/ssl/build.info b/ssl/build.info index e5b7befbaa..fd9a16784e 100644 --- a/ssl/build.info +++ b/ssl/build.info @@ -23,7 +23,7 @@ SOURCE[../libssl]=\ pqueue.c ../crypto/packet.c \ statem/statem_srvr.c statem/statem_clnt.c s3_lib.c s3_enc.c record/rec_layer_s3.c \ statem/statem_lib.c statem/extensions.c statem/extensions_srvr.c \ - statem/extensions_clnt.c statem/extensions_cust.c s3_cbc.c s3_msg.c \ + statem/extensions_clnt.c statem/extensions_cust.c s3_msg.c \ methods.c t1_lib.c t1_enc.c tls13_enc.c \ d1_lib.c record/rec_layer_d1.c d1_msg.c \ statem/statem_dtls.c d1_srtp.c \ @@ -34,6 +34,9 @@ SOURCE[../libssl]=\ record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c \ statem/statem.c record/ssl3_record_tls13.c record/tls_pad.c \ $KTLSSRC +IF[{- !$disabled{'deprecated-3.0'} -}] + SOURCE[../libssl]=s3_cbc.c +ENDIF DEFINE[../libssl]=$AESDEF SOURCE[../providers/libcommon.a]=record/tls_pad.c diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index baa4f239bf..046d6f2054 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1307,6 +1307,25 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, return 1; } +/* + * ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function + * which ssl3_cbc_digest_record supports. + */ +char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) +{ + switch (EVP_MD_CTX_type(ctx)) { + case NID_md5: + case NID_sha1: + case NID_sha224: + case NID_sha256: + case NID_sha384: + case NID_sha512: + return 1; + default: + return 0; + } +} + int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) { unsigned char *mac_sec, *seq; @@ -1335,6 +1354,9 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) if (!sending && EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && ssl3_cbc_record_digest_supported(hash)) { +#ifdef OPENSSL_NO_DEPRECATED_3_0 + return 0; +#else /* * This is a CBC-encrypted record. We must avoid leaking any * timing-side channel information about how many blocks of data we @@ -1368,6 +1390,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) rec->length, rec->orig_len, mac_sec, md_size, 1) <= 0) return 0; +#endif } else { unsigned int md_size_u; /* Chop the digest off the end :-) */ diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 4895f43568..26f12654e4 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -132,25 +132,6 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out) #undef LARGEST_DIGEST_CTX #define LARGEST_DIGEST_CTX SHA512_CTX -/* - * ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function - * which ssl3_cbc_digest_record supports. - */ -char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) -{ - switch (EVP_MD_CTX_type(ctx)) { - case NID_md5: - case NID_sha1: - case NID_sha224: - case NID_sha256: - case NID_sha384: - case NID_sha512: - return 1; - default: - return 0; - } -} - /*- * ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS * record. diff --git a/util/libcrypto.num b/util/libcrypto.num index 777d8ce8a8..e3ca2fe625 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -1001,7 +1001,7 @@ i2d_PKCS8PrivateKey_nid_bio 1026 3_0_0 EXIST::FUNCTION: ERR_put_error 1027 3_0_0 NOEXIST::FUNCTION: ERR_add_error_data 1028 3_0_0 EXIST::FUNCTION: X509_ALGORS_it 1029 3_0_0 EXIST::FUNCTION: -MD5_Update 1030 3_0_0 EXIST::FUNCTION:MD5 +MD5_Update 1030 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD5 X509_policy_check 1031 3_0_0 EXIST::FUNCTION: X509_CRL_METHOD_new 1032 3_0_0 EXIST::FUNCTION: ASN1_ANY_it 1033 3_0_0 EXIST::FUNCTION: @@ -1145,7 +1145,7 @@ BN_security_bits 1171 3_0_0 EXIST::FUNCTION: X509_PURPOSE_get0_name 1172 3_0_0 EXIST::FUNCTION: TS_TST_INFO_get_serial 1173 3_0_0 EXIST::FUNCTION:TS ASN1_PCTX_get_str_flags 1174 3_0_0 EXIST::FUNCTION: -SHA256 1175 3_0_0 EXIST::FUNCTION: +SHA256 1175 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_LOOKUP_hash_dir 1176 3_0_0 EXIST::FUNCTION: ASN1_BIT_STRING_check 1177 3_0_0 EXIST::FUNCTION: ENGINE_set_default_RAND 1178 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE @@ -1252,7 +1252,7 @@ ASN1_INTEGER_set_int64 1280 3_0_0 EXIST::FUNCTION: ASN1_TIME_free 1281 3_0_0 EXIST::FUNCTION: i2o_SCT_LIST 1282 3_0_0 EXIST::FUNCTION:CT AES_encrypt 1283 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -MD5_Init 1284 3_0_0 EXIST::FUNCTION:MD5 +MD5_Init 1284 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD5 UI_add_error_string 1285 3_0_0 EXIST::FUNCTION: X509_TRUST_cleanup 1286 3_0_0 EXIST::FUNCTION: PEM_read_X509 1287 3_0_0 EXIST::FUNCTION:STDIO @@ -1376,7 +1376,7 @@ EVP_MD_meth_get_cleanup 1408 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ SRP_Calc_server_key 1409 3_0_0 EXIST::FUNCTION:SRP BN_mod_exp_simple 1410 3_0_0 EXIST::FUNCTION: BIO_set_ex_data 1411 3_0_0 EXIST::FUNCTION: -SHA512 1412 3_0_0 EXIST::FUNCTION: +SHA512 1412 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_STORE_CTX_get_explicit_policy 1413 3_0_0 EXIST::FUNCTION: EVP_DecodeBlock 1414 3_0_0 EXIST::FUNCTION: OCSP_REQ_CTX_http 1415 3_0_0 EXIST::FUNCTION: @@ -1441,7 +1441,7 @@ X509V3_section_free 1474 3_0_0 EXIST::FUNCTION: CRYPTO_mem_debug_free 1475 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0 d2i_OCSP_REQUEST 1476 3_0_0 EXIST::FUNCTION:OCSP ENGINE_get_cipher_engine 1477 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE -SHA384_Final 1478 3_0_0 EXIST::FUNCTION: +SHA384_Final 1478 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 TS_RESP_CTX_set_certs 1479 3_0_0 EXIST::FUNCTION:TS BN_MONT_CTX_free 1480 3_0_0 EXIST::FUNCTION: BN_GF2m_mod_solve_quad_arr 1481 3_0_0 EXIST::FUNCTION:EC2M @@ -1467,7 +1467,7 @@ ASYNC_get_wait_ctx 1500 3_0_0 EXIST::FUNCTION: ENGINE_set_load_privkey_function 1501 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE CRYPTO_ccm128_setiv 1502 3_0_0 EXIST::FUNCTION: PKCS7_dataFinal 1503 3_0_0 EXIST::FUNCTION: -SHA1_Final 1504 3_0_0 EXIST::FUNCTION: +SHA1_Final 1504 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 i2a_ASN1_STRING 1505 3_0_0 EXIST::FUNCTION: EVP_CIPHER_CTX_rand_key 1506 3_0_0 EXIST::FUNCTION: AES_set_encrypt_key 1507 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 @@ -1835,7 +1835,7 @@ RSA_verify_ASN1_OCTET_STRING 1877 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ SCT_set_log_entry_type 1878 3_0_0 EXIST::FUNCTION:CT BN_new 1879 3_0_0 EXIST::FUNCTION: X509_OBJECT_retrieve_by_subject 1880 3_0_0 EXIST::FUNCTION: -MD5_Final 1881 3_0_0 EXIST::FUNCTION:MD5 +MD5_Final 1881 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD5 X509_STORE_set_verify_cb 1882 3_0_0 EXIST::FUNCTION: OCSP_REQUEST_print 1883 3_0_0 EXIST::FUNCTION:OCSP CMS_add1_crl 1884 3_0_0 EXIST::FUNCTION:CMS @@ -1876,7 +1876,7 @@ CMS_SignedData_init 1920 3_0_0 EXIST::FUNCTION:CMS X509_REQ_free 1921 3_0_0 EXIST::FUNCTION: ASN1_INTEGER_set 1922 3_0_0 EXIST::FUNCTION: EVP_DecodeFinal 1923 3_0_0 EXIST::FUNCTION: -MD5_Transform 1925 3_0_0 EXIST::FUNCTION:MD5 +MD5_Transform 1925 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD5 SRP_create_verifier_BN 1926 3_0_0 EXIST::FUNCTION:SRP ENGINE_register_all_EC 1927 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_camellia_128_ofb 1928 3_0_0 EXIST::FUNCTION:CAMELLIA @@ -1893,7 +1893,7 @@ PKCS5_PBE_keyivgen 1938 3_0_0 EXIST::FUNCTION: i2d_OCSP_SERVICELOC 1939 3_0_0 EXIST::FUNCTION:OCSP EC_POINT_copy 1940 3_0_0 EXIST::FUNCTION:EC X509V3_EXT_CRL_add_nconf 1941 3_0_0 EXIST::FUNCTION: -SHA256_Init 1942 3_0_0 EXIST::FUNCTION: +SHA256_Init 1942 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_NAME_ENTRY_get_object 1943 3_0_0 EXIST::FUNCTION: ASN1_ENUMERATED_free 1944 3_0_0 EXIST::FUNCTION: X509_CRL_set_meth_data 1945 3_0_0 EXIST::FUNCTION: @@ -1914,7 +1914,7 @@ EVP_PKEY_add1_attr 1959 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_purpose_inherit 1960 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_get_keygen 1961 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ENGINE_get_pkey_asn1_meth 1962 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE -SHA256_Update 1963 3_0_0 EXIST::FUNCTION: +SHA256_Update 1963 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 d2i_PKCS7_ISSUER_AND_SERIAL 1964 3_0_0 EXIST::FUNCTION: PKCS12_unpack_authsafes 1965 3_0_0 EXIST::FUNCTION: X509_CRL_it 1966 3_0_0 EXIST::FUNCTION: @@ -2073,7 +2073,7 @@ BIO_s_file 2118 3_0_0 EXIST::FUNCTION: RSA_X931_derive_ex 2119 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EVP_PKEY_decrypt_init 2120 3_0_0 EXIST::FUNCTION: ENGINE_get_destroy_function 2121 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE -SHA224_Init 2122 3_0_0 EXIST::FUNCTION: +SHA224_Init 2122 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509V3_EXT_add_conf 2123 3_0_0 EXIST::FUNCTION: ASN1_object_size 2124 3_0_0 EXIST::FUNCTION: X509_REVOKED_free 2125 3_0_0 EXIST::FUNCTION: @@ -2191,7 +2191,7 @@ PEM_write_bio_PKCS8_PRIV_KEY_INFO 2238 3_0_0 EXIST::FUNCTION: EC_GROUP_set_curve_GF2m 2239 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC2M ENGINE_load_builtin_engines 2240 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE SRP_VBASE_init 2241 3_0_0 EXIST::FUNCTION:SRP -SHA224_Final 2242 3_0_0 EXIST::FUNCTION: +SHA224_Final 2242 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OCSP_CERTSTATUS_free 2243 3_0_0 EXIST::FUNCTION:OCSP d2i_TS_TST_INFO 2244 3_0_0 EXIST::FUNCTION:TS IPAddressOrRange_it 2245 3_0_0 EXIST::FUNCTION:RFC3779 @@ -2201,7 +2201,7 @@ TS_OBJ_print_bio 2248 3_0_0 EXIST::FUNCTION:TS X509_time_adj_ex 2249 3_0_0 EXIST::FUNCTION: OCSP_request_add1_cert 2250 3_0_0 EXIST::FUNCTION:OCSP ERR_load_X509_strings 2251 3_0_0 EXIST::FUNCTION: -SHA1_Transform 2252 3_0_0 EXIST::FUNCTION: +SHA1_Transform 2252 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 CMS_signed_get_attr_by_NID 2253 3_0_0 EXIST::FUNCTION:CMS X509_STORE_CTX_get_by_subject 2254 3_0_0 EXIST::FUNCTION: ASN1_OCTET_STRING_it 2255 3_0_0 EXIST::FUNCTION: @@ -2461,7 +2461,7 @@ BN_generate_dsa_nonce 2512 3_0_0 EXIST::FUNCTION: X509_verify_cert 2513 3_0_0 EXIST::FUNCTION: X509_policy_level_get0_node 2514 3_0_0 EXIST::FUNCTION: X509_REQ_get_attr 2515 3_0_0 EXIST::FUNCTION: -SHA1 2516 3_0_0 EXIST::FUNCTION: +SHA1 2516 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_print 2517 3_0_0 EXIST::FUNCTION: d2i_AutoPrivateKey 2518 3_0_0 EXIST::FUNCTION: X509_REQ_new 2519 3_0_0 EXIST::FUNCTION: @@ -2497,7 +2497,7 @@ d2i_NETSCAPE_CERT_SEQUENCE 2550 3_0_0 EXIST::FUNCTION: X509_CRL_set_version 2551 3_0_0 EXIST::FUNCTION: ASN1_PCTX_set_cert_flags 2552 3_0_0 EXIST::FUNCTION: PKCS8_PRIV_KEY_INFO_free 2553 3_0_0 EXIST::FUNCTION: -SHA224_Update 2554 3_0_0 EXIST::FUNCTION: +SHA224_Update 2554 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EC_GROUP_new_by_curve_name 2555 3_0_0 EXIST::FUNCTION:EC X509_STORE_set_purpose 2556 3_0_0 EXIST::FUNCTION: X509_CRL_get0_signature 2557 3_0_0 EXIST::FUNCTION: @@ -2728,7 +2728,7 @@ CMS_RecipientInfo_encrypt 2786 3_0_0 EXIST::FUNCTION:CMS X509_get_pubkey_parameters 2787 3_0_0 EXIST::FUNCTION: PKCS12_setup_mac 2788 3_0_0 EXIST::FUNCTION: PEM_read_bio_PKCS7 2789 3_0_0 EXIST::FUNCTION: -SHA512_Final 2790 3_0_0 EXIST::FUNCTION: +SHA512_Final 2790 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_VERIFY_PARAM_set1_host 2791 3_0_0 EXIST::FUNCTION: OCSP_resp_find_status 2792 3_0_0 EXIST::FUNCTION:OCSP d2i_ASN1_T61STRING 2793 3_0_0 EXIST::FUNCTION: @@ -2902,14 +2902,14 @@ EC_curve_nid2nist 2964 3_0_0 EXIST::FUNCTION:EC ENGINE_get_finish_function 2965 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EC_POINT_add 2966 3_0_0 EXIST::FUNCTION:EC EC_KEY_oct2key 2967 3_0_0 EXIST::FUNCTION:EC -SHA384_Init 2968 3_0_0 EXIST::FUNCTION: +SHA384_Init 2968 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ASN1_UNIVERSALSTRING_new 2969 3_0_0 EXIST::FUNCTION: EVP_PKEY_print_private 2970 3_0_0 EXIST::FUNCTION: ASN1_INTEGER_new 2971 3_0_0 EXIST::FUNCTION: NAME_CONSTRAINTS_it 2972 3_0_0 EXIST::FUNCTION: TS_REQ_get_cert_req 2973 3_0_0 EXIST::FUNCTION:TS BIO_pop 2974 3_0_0 EXIST::FUNCTION: -SHA256_Final 2975 3_0_0 EXIST::FUNCTION: +SHA256_Final 2975 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_PKEY_set1_DH 2976 3_0_0 EXIST::FUNCTION:DH DH_get_ex_data 2977 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH CRYPTO_secure_malloc 2978 3_0_0 EXIST::FUNCTION: @@ -2929,7 +2929,7 @@ EC_GROUP_set_asn1_flag 2991 3_0_0 EXIST::FUNCTION:EC EVP_PKEY_new 2992 3_0_0 EXIST::FUNCTION: i2d_POLICYINFO 2993 3_0_0 EXIST::FUNCTION: BN_get_flags 2994 3_0_0 EXIST::FUNCTION: -SHA384 2995 3_0_0 EXIST::FUNCTION: +SHA384 2995 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 NCONF_get_string 2996 3_0_0 EXIST::FUNCTION: d2i_PROXY_CERT_INFO_EXTENSION 2997 3_0_0 EXIST::FUNCTION: EC_POINT_point2buf 2998 3_0_0 EXIST::FUNCTION:EC @@ -2981,7 +2981,7 @@ i2d_X509_PUBKEY 3045 3_0_0 EXIST::FUNCTION: EVP_DecryptUpdate 3046 3_0_0 EXIST::FUNCTION: CAST_cbc_encrypt 3047 3_0_0 EXIST::FUNCTION:CAST,DEPRECATEDIN_3_0 BN_BLINDING_invert 3048 3_0_0 EXIST::FUNCTION: -SHA512_Update 3049 3_0_0 EXIST::FUNCTION: +SHA512_Update 3049 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ESS_ISSUER_SERIAL_new 3050 3_0_0 EXIST::FUNCTION: PKCS12_SAFEBAG_get0_pkcs8 3051 3_0_0 EXIST::FUNCTION: X509_get_ext_by_NID 3052 3_0_0 EXIST::FUNCTION: @@ -3003,7 +3003,7 @@ EVP_des_ede_cfb64 3067 3_0_0 EXIST::FUNCTION:DES d2i_RSAPrivateKey 3068 3_0_0 EXIST::FUNCTION:RSA ERR_load_BN_strings 3069 3_0_0 EXIST::FUNCTION: BF_encrypt 3070 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0 -MD5 3071 3_0_0 EXIST::FUNCTION:MD5 +MD5 3071 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD5 BN_GF2m_arr2poly 3072 3_0_0 EXIST::FUNCTION:EC2M EVP_PKEY_meth_get_ctrl 3073 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 i2d_X509_REQ_bio 3074 3_0_0 EXIST::FUNCTION: @@ -3326,7 +3326,7 @@ d2i_PKCS8_PRIV_KEY_INFO_fp 3395 3_0_0 EXIST::FUNCTION:STDIO X509_OBJECT_retrieve_match 3396 3_0_0 EXIST::FUNCTION: EVP_aes_128_ctr 3397 3_0_0 EXIST::FUNCTION: EVP_PBE_find 3398 3_0_0 EXIST::FUNCTION: -SHA512_Transform 3399 3_0_0 EXIST::FUNCTION: +SHA512_Transform 3399 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ERR_add_error_vdata 3400 3_0_0 EXIST::FUNCTION: OCSP_REQUEST_get_ext 3401 3_0_0 EXIST::FUNCTION:OCSP NETSCAPE_SPKAC_new 3402 3_0_0 EXIST::FUNCTION: @@ -3363,7 +3363,7 @@ EVP_OpenFinal 3432 3_0_0 EXIST::FUNCTION:RSA RAND_egd_bytes 3433 3_0_0 EXIST::FUNCTION:EGD UI_method_get_writer 3434 3_0_0 EXIST::FUNCTION: BN_secure_new 3435 3_0_0 EXIST::FUNCTION: -SHA1_Update 3437 3_0_0 EXIST::FUNCTION: +SHA1_Update 3437 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 BIO_s_connect 3438 3_0_0 EXIST::FUNCTION:SOCK EVP_MD_meth_get_init 3439 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ASN1_BIT_STRING_free 3440 3_0_0 EXIST::FUNCTION: @@ -3513,7 +3513,7 @@ EVP_MD_meth_dup 3588 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ ENGINE_unregister_ciphers 3589 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_issuer_and_serial_cmp 3590 3_0_0 EXIST::FUNCTION: OCSP_response_create 3591 3_0_0 EXIST::FUNCTION:OCSP -SHA224 3592 3_0_0 EXIST::FUNCTION: +SHA224 3592 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 MD2_options 3593 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2 X509_REQ_it 3595 3_0_0 EXIST::FUNCTION: RAND_bytes 3596 3_0_0 EXIST::FUNCTION: @@ -3554,7 +3554,7 @@ PKCS5_pbe_set 3631 3_0_0 EXIST::FUNCTION: TS_RESP_CTX_free 3632 3_0_0 EXIST::FUNCTION:TS d2i_PUBKEY 3633 3_0_0 EXIST::FUNCTION: ASYNC_cleanup_thread 3634 3_0_0 EXIST::FUNCTION: -SHA384_Update 3635 3_0_0 EXIST::FUNCTION: +SHA384_Update 3635 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 CRYPTO_cfb128_1_encrypt 3636 3_0_0 EXIST::FUNCTION: BIO_set_cipher 3637 3_0_0 EXIST::FUNCTION: PEM_read_PUBKEY 3638 3_0_0 EXIST::FUNCTION:STDIO @@ -3576,7 +3576,7 @@ Camellia_ecb_encrypt 3654 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPR ENGINE_set_default_RSA 3655 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_EncodeBlock 3656 3_0_0 EXIST::FUNCTION: SXNETID_free 3657 3_0_0 EXIST::FUNCTION: -SHA1_Init 3658 3_0_0 EXIST::FUNCTION: +SHA1_Init 3658 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 CRYPTO_atomic_add 3659 3_0_0 EXIST::FUNCTION: TS_CONF_load_certs 3660 3_0_0 EXIST::FUNCTION:TS PEM_write_bio_DSAPrivateKey 3661 3_0_0 EXIST::FUNCTION:DSA @@ -3599,7 +3599,7 @@ CRYPTO_mem_ctrl 3678 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG ASN1_verify 3679 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 DSA_generate_parameters_ex 3680 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA X509_sign 3681 3_0_0 EXIST::FUNCTION: -SHA256_Transform 3682 3_0_0 EXIST::FUNCTION: +SHA256_Transform 3682 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 BIO_ADDR_free 3683 3_0_0 EXIST::FUNCTION:SOCK ASN1_STRING_free 3684 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_inherit 3685 3_0_0 EXIST::FUNCTION: @@ -3816,7 +3816,7 @@ CRL_DIST_POINTS_free 3899 3_0_0 EXIST::FUNCTION: d2i_OCSP_SINGLERESP 3900 3_0_0 EXIST::FUNCTION:OCSP EVP_CIPHER_CTX_num 3901 3_0_0 EXIST::FUNCTION: EVP_PKEY_verify_recover_init 3902 3_0_0 EXIST::FUNCTION: -SHA512_Init 3903 3_0_0 EXIST::FUNCTION: +SHA512_Init 3903 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 TS_MSG_IMPRINT_set_msg 3904 3_0_0 EXIST::FUNCTION:TS CMS_unsigned_add1_attr 3905 3_0_0 EXIST::FUNCTION:CMS OPENSSL_LH_doall 3906 3_0_0 EXIST::FUNCTION: From pauli at openssl.org Wed Sep 9 08:01:46 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 09 Sep 2020 08:01:46 +0000 Subject: [openssl] master update Message-ID: <1599638506.442327.4950.nullmailer@dev.openssl.org> The branch master has been updated via b7a8fb52a95d606e073a6f232262cc121659a1fe (commit) from e942111267f292070cbc8397e0cc5fddaf8371a0 (commit) - Log ----------------------------------------------------------------- commit b7a8fb52a95d606e073a6f232262cc121659a1fe Author: Pauli Date: Tue Sep 8 07:35:29 2020 +1000 s_time: check return values better Reviewed-by: Dmitry Belyavskiy Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12808) ----------------------------------------------------------------------- Summary of changes: apps/s_time.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/apps/s_time.c b/apps/s_time.c index ac9c72e622..3730ca540a 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -416,12 +416,19 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) if ((conn = BIO_new(BIO_s_connect())) == NULL) return NULL; - BIO_set_conn_hostname(conn, host); - BIO_set_conn_mode(conn, BIO_SOCK_NODELAY); + if (BIO_set_conn_hostname(conn, host) <= 0 + || BIO_set_conn_mode(conn, BIO_SOCK_NODELAY) <= 0) { + BIO_free(conn); + return NULL; + } - if (scon == NULL) + if (scon == NULL) { serverCon = SSL_new(ctx); - else { + if (serverCon == NULL) { + BIO_free(conn); + return NULL; + } + } else { serverCon = scon; SSL_set_connect_state(serverCon); } From openssl at openssl.org Wed Sep 9 08:49:52 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 Sep 2020 08:49:52 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1599641392.594086.14407.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 30-test_evp.t (Wstat: 2048 Tests: 84 Failed: 8) Failed tests: 16-17, 21, 23, 40-41, 45, 47 Non-zero exit status: 8 Files=211, Tests=2558, 551 wallclock secs (11.96 usr 1.23 sys + 496.64 cusr 52.32 csys = 562.15 CPU) Result: FAIL Makefile:3189: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' Makefile:3187: recipe for target 'tests' failed make: *** [tests] Error 2 From shane.lontis at oracle.com Wed Sep 9 09:09:50 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Wed, 09 Sep 2020 09:09:50 +0000 Subject: [openssl] master update Message-ID: <1599642590.117163.17973.nullmailer@dev.openssl.org> The branch master has been updated via ce43db7a3fcd18866385a4552f5e4a83adfc0979 (commit) from b7a8fb52a95d606e073a6f232262cc121659a1fe (commit) - Log ----------------------------------------------------------------- commit ce43db7a3fcd18866385a4552f5e4a83adfc0979 Author: Jon Spillett Date: Tue Sep 8 10:33:28 2020 +1000 Fix up issue on AIX caused by broken compiler handling of macro expansion Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12812) ----------------------------------------------------------------------- Summary of changes: providers/baseprov.c | 4 ++-- providers/defltprov.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/providers/baseprov.c b/providers/baseprov.c index 38d9090bb3..e9502f68cd 100644 --- a/providers/baseprov.c +++ b/providers/baseprov.c @@ -87,8 +87,8 @@ static const OSSL_ALGORITHM base_decoder[] = { #undef DECODER static const OSSL_ALGORITHM base_store[] = { -#define STORE(name, fips, func_table) \ - { name, "provider=base,fips=" fips, (func_table) }, +#define STORE(name, _fips, func_table) \ + { name, "provider=base,fips=" _fips, (func_table) }, #include "stores.inc" { NULL, NULL, NULL } diff --git a/providers/defltprov.c b/providers/defltprov.c index beaf60bb1e..371d942f4a 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -434,8 +434,8 @@ static const OSSL_ALGORITHM deflt_decoder[] = { #undef DECODER static const OSSL_ALGORITHM deflt_store[] = { -#define STORE(name, fips, func_table) \ - { name, "provider=default,fips=" fips, (func_table) }, +#define STORE(name, _fips, func_table) \ + { name, "provider=default,fips=" _fips, (func_table) }, #include "stores.inc" { NULL, NULL, NULL } From openssl at openssl.org Wed Sep 9 10:38:50 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 Sep 2020 10:38:50 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine Message-ID: <1599647930.621771.13943.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -certs -noout ../../../../openssl/test/testcrl.pem => 1 not ok 410 - Checking that -certs returns 0 objects on a CRL file # ------------------------------------------------------------------------------ # Failed test 'Checking that -certs returns 0 objects on a CRL file' # at ../openssl/test/recipes/90-test_store.t line 208. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -crls -noout ../../../../openssl/test/testx509.pem => 1 not ok 411 - Checking that -crls returns 0 objects on a certificate file # ------------------------------------------------------------------------------ # Failed test 'Checking that -crls returns 0 objects on a certificate file' # at ../openssl/test/recipes/90-test_store.t line 212. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -crls -noout ../../../../openssl/test/testcrl.pem => 1 not ok 412 - Checking that -crls returns 1 object on a CRL file # ------------------------------------------------------------------------------ # Failed test 'Checking that -crls returns 1 object on a CRL file' # at ../openssl/test/recipes/90-test_store.t line 215. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1 not ok 413 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 226. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -subject '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' rehash => 1 not ok 414 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 229. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -certs -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1 not ok 415 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 233. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -crls -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1 not ok 416 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 236. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -certs -subject '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' rehash => 1 not ok 417 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 239. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -crls -subject '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' rehash => 1 not ok 418 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 243. # Looks like you failed 157 tests of 418.90-test_store.t .................... Dubious, test returned 157 (wstat 40192, 0x9d00) Failed 157/418 subtests 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 20-test_pkeyutl.t (Wstat: 512 Tests: 11 Failed: 2) Failed tests: 1-2 Non-zero exit status: 2 25-test_req.t (Wstat: 768 Tests: 16 Failed: 3) Failed tests: 11-12, 14 Non-zero exit status: 3 90-test_store.t (Wstat: 40192 Tests: 418 Failed: 157) Failed tests: 216-220, 222-226, 228-232, 234-238, 240-244 246-248, 250-252, 254-256, 258-260, 262-264 266-268, 270-272, 274-276, 278-280, 282-284 286-288, 290-292, 294-296, 298-300, 302-304 306-308, 310-312, 314-316, 318-320, 322-324 326-328, 330-332, 334-336, 338-340, 342-344 346-348, 350-352, 354-356, 358-360, 362-364 366-368, 370-372, 374-376, 378-380, 382-384 386-388, 390-392, 394-396, 398-402, 405-407 409-418 Non-zero exit status: 157 Files=211, Tests=3368, 691 wallclock secs (10.72 usr 1.21 sys + 629.70 cusr 62.41 csys = 704.04 CPU) Result: FAIL Makefile:3140: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-engine' Makefile:3138: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Sep 9 11:33:19 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 Sep 2020 11:33:19 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1599651199.709614.11454.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=211, Tests=3423, 710 wallclock secs (13.68 usr 1.17 sys + 640.76 cusr 65.62 csys = 721.23 CPU) Result: FAIL Makefile:3192: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3190: recipe for target 'tests' failed make: *** [tests] Error 2 From mark at openssl.org Wed Sep 9 12:31:31 2020 From: mark at openssl.org (Mark J. Cox) Date: Wed, 09 Sep 2020 12:31:31 +0000 Subject: [web] master update Message-ID: <1599654691.734888.18760.nullmailer@dev.openssl.org> The branch master has been updated via 4a2dac4738e42fc30f7f38d9292a9391f715757e (commit) from 9b73985f37ba01f63b9aeb5c25560d2f6409dba4 (commit) - Log ----------------------------------------------------------------- commit 4a2dac4738e42fc30f7f38d9292a9391f715757e Author: Mark J. Cox Date: Wed Sep 9 12:59:40 2020 +0100 Add Racoon advisory, vulnerability db entry, and newsflash pointing to the advisory ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + news/secadv/20200909.txt | 76 ++++++++++++++++++++++++++++++++++++++++++++++++ news/vulnerabilities.xml | 47 +++++++++++++++++++++++++++++- 3 files changed, 123 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20200909.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index edc8cc8..c1820fa 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +09-Sep-2020: Security Advisory: Raccoon attack 05-Sep-2020: New Blog post: OpenSSL Is Looking for a Full Time Administrator and Manager 06-Aug-2020: Alpha 6 of OpenSSL 3.0 is now available: please download and test it 16-Jul-2020: Alpha 5 of OpenSSL 3.0 is now available: please download and test it diff --git a/news/secadv/20200909.txt b/news/secadv/20200909.txt new file mode 100644 index 0000000..bbe32dd --- /dev/null +++ b/news/secadv/20200909.txt @@ -0,0 +1,76 @@ +OpenSSL Security Advisory [09 September 2020] +============================================= + +Raccoon Attack (CVE-2020-1968) +============================== + +Severity: Low + +The Raccoon attack exploits a flaw in the TLS specification which can lead to +an attacker being able to compute the pre-master secret in connections which +have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would +result in the attacker being able to eavesdrop on all encrypted communications +sent over that TLS connection. The attack can only be exploited if an +implementation re-uses a DH secret across multiple TLS connections. Note that +this issue only impacts DH ciphersuites and not ECDH ciphersuites. + +OpenSSL 1.1.1 is not vulnerable to this issue: it never reuses a DH secret and +does not implement any "static" DH ciphersuites. + +OpenSSL 1.0.2f and above will only reuse a DH secret if a "static" DH +ciphersuite is used. These static "DH" ciphersuites are ones that start with the +text "DH-" (for example "DH-RSA-AES256-SHA"). The standard IANA names for these +ciphersuites all start with "TLS_DH_" but excludes those that start with +"TLS_DH_anon_". + +OpenSSL 1.0.2e and below would reuse the DH secret across multiple TLS +connections in server processes unless the SSL_OP_SINGLE_DH_USE option was +explicitly configured. Therefore all ciphersuites that use DH in servers +(including ephemeral DH) are vulnerable in these versions. In OpenSSL 1.0.2f +SSL_OP_SINGLE_DH_USE was made the default and it could not be turned off as a +response to CVE-2016-0701. + +Since the vulnerability lies in the TLS specification, fixing the affected +ciphersuites is not viable. For this reason 1.0.2w moves the affected +ciphersuites into the "weak-ssl-ciphers" list. Support for the +"weak-ssl-ciphers" is not compiled in by default. This is unlikely to cause +interoperability problems in most cases since use of these ciphersuites is rare. +Support for the "weak-ssl-ciphers" can be added back by configuring OpenSSL at +compile time with the "enable-weak-ssl-ciphers" option. This is not recommended. + +OpenSSL 1.0.2 is out of support and no longer receiving public updates. + +Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2w. If +upgrading is not viable then users of OpenSSL 1.0.2v or below should ensure +that affected ciphersuites are disabled through runtime configuration. Also +note that the affected ciphersuites are only available on the server side if a +DH certificate has been configured. These certificates are very rarely used and +for this reason this issue has been classified as LOW severity. + +This issue was found by Robert Merget, Marcus Brinkmann, Nimrod Aviram and Juraj +Somorovsky and reported to OpenSSL on 28th May 2020 under embargo in order to +allow co-ordinated disclosure with other implementations. + +Note +==== + +OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended +support is available for premium support customers: +https://www.openssl.org/support/contracts.html + +OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind. +The impact of this issue on OpenSSL 1.1.0 has not been analysed. + +Users of these versions should upgrade to OpenSSL 1.1.1. + +References +========== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20200909.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 697c3c9..9b7dcb6 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -7,7 +7,52 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Protocol flaw + Raccoon attack + +The Raccoon attack exploits a flaw in the TLS specification which can lead to +an attacker being able to compute the pre-master secret in connections which +have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would +result in the attacker being able to eavesdrop on all encrypted communications +sent over that TLS connection. The attack can only be exploited if an +implementation re-uses a DH secret across multiple TLS connections. Note that +this issue only impacts DH ciphersuites and not ECDH ciphersuites. + +This issue affects OpenSSL 1.0.2 which is out of support and no longer +receiving public updates. OpenSSL 1.1.1 is not vulnerable to this +issue. + + + + From no-reply at appveyor.com Wed Sep 9 13:52:12 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 09 Sep 2020 13:52:12 +0000 Subject: Build failed: openssl master.36780 Message-ID: <20200909135212.1.EBA49B1C346711C3@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed Sep 9 14:36:36 2020 From: levitte at openssl.org (Richard Levitte) Date: Wed, 09 Sep 2020 14:36:36 +0000 Subject: [openssl] master update Message-ID: <1599662196.655990.8103.nullmailer@dev.openssl.org> The branch master has been updated via 8ae40cf57d2138af92a3479e23f35037ae8c5c30 (commit) from ce43db7a3fcd18866385a4552f5e4a83adfc0979 (commit) - Log ----------------------------------------------------------------- commit 8ae40cf57d2138af92a3479e23f35037ae8c5c30 Author: Richard Levitte Date: Mon Sep 7 12:25:17 2020 +0200 ENCODER: Refactor provider implementations, and some cleanup The encoder implementations were implemented by unnecessarily copying code into numerous topical source files, making them hard to maintain. This changes merges all those into two source files, one that encodes into DER and PEM, the other to text. Diverse small cleanups are included. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12803) ----------------------------------------------------------------------- Summary of changes: crypto/encode_decode/encoder_pkey.c | 7 +- crypto/err/openssl.txt | 1 + include/openssl/core_dispatch.h | 2 +- providers/common/include/prov/providercommonerr.h | 1 + providers/common/provider_err.c | 1 + providers/encoders.inc | 205 +++-- providers/implementations/encode_decode/build.info | 20 +- .../implementations/encode_decode/decode_common.c | 116 --- .../implementations/encode_decode/decode_der2key.c | 68 +- .../implementations/encode_decode/decode_ms2key.c | 43 +- .../implementations/encode_decode/decode_pem2der.c | 17 +- .../implementations/encode_decode/encode_key2any.c | 924 +++++++++++++++++++++ .../encode_decode/encode_key2text.c | 891 ++++++++++++++++++++ .../implementations/encode_decode/encoder_common.c | 397 --------- .../implementations/encode_decode/encoder_dh.c | 166 ---- .../encode_decode/encoder_dh_param.c | 186 ----- .../encode_decode/encoder_dh_priv.c | 295 ------- .../implementations/encode_decode/encoder_dh_pub.c | 196 ----- .../implementations/encode_decode/encoder_dsa.c | 173 ---- .../encode_decode/encoder_dsa_param.c | 187 ----- .../encode_decode/encoder_dsa_priv.c | 293 ------- .../encode_decode/encoder_dsa_pub.c | 205 ----- .../implementations/encode_decode/encoder_ec.c | 293 ------- .../encode_decode/encoder_ec_param.c | 184 ---- .../encode_decode/encoder_ec_priv.c | 290 ------- .../implementations/encode_decode/encoder_ec_pub.c | 192 ----- .../implementations/encode_decode/encoder_ecx.c | 145 ---- .../encode_decode/encoder_ecx_priv.c | 307 ------- .../encode_decode/encoder_ecx_pub.c | 226 ----- .../encode_decode/encoder_ffc_params.c | 63 -- .../implementations/encode_decode/encoder_local.h | 183 ---- .../implementations/encode_decode/encoder_rsa.c | 277 ------ .../encode_decode/encoder_rsa_priv.c | 297 ------- .../encode_decode/encoder_rsa_pub.c | 196 ----- .../encode_decode/endecoder_common.c | 84 ++ .../encode_decode/endecoder_local.h | 26 + .../implementations/include/prov/implementations.h | 115 +-- 37 files changed, 2239 insertions(+), 5033 deletions(-) delete mode 100644 providers/implementations/encode_decode/decode_common.c create mode 100644 providers/implementations/encode_decode/encode_key2any.c create mode 100644 providers/implementations/encode_decode/encode_key2text.c delete mode 100644 providers/implementations/encode_decode/encoder_common.c delete mode 100644 providers/implementations/encode_decode/encoder_dh.c delete mode 100644 providers/implementations/encode_decode/encoder_dh_param.c delete mode 100644 providers/implementations/encode_decode/encoder_dh_priv.c delete mode 100644 providers/implementations/encode_decode/encoder_dh_pub.c delete mode 100644 providers/implementations/encode_decode/encoder_dsa.c delete mode 100644 providers/implementations/encode_decode/encoder_dsa_param.c delete mode 100644 providers/implementations/encode_decode/encoder_dsa_priv.c delete mode 100644 providers/implementations/encode_decode/encoder_dsa_pub.c delete mode 100644 providers/implementations/encode_decode/encoder_ec.c delete mode 100644 providers/implementations/encode_decode/encoder_ec_param.c delete mode 100644 providers/implementations/encode_decode/encoder_ec_priv.c delete mode 100644 providers/implementations/encode_decode/encoder_ec_pub.c delete mode 100644 providers/implementations/encode_decode/encoder_ecx.c delete mode 100644 providers/implementations/encode_decode/encoder_ecx_priv.c delete mode 100644 providers/implementations/encode_decode/encoder_ecx_pub.c delete mode 100644 providers/implementations/encode_decode/encoder_ffc_params.c delete mode 100644 providers/implementations/encode_decode/encoder_local.h delete mode 100644 providers/implementations/encode_decode/encoder_rsa.c delete mode 100644 providers/implementations/encode_decode/encoder_rsa_priv.c delete mode 100644 providers/implementations/encode_decode/encoder_rsa_pub.c create mode 100644 providers/implementations/encode_decode/endecoder_common.c create mode 100644 providers/implementations/encode_decode/endecoder_local.h diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c index 176f4fab95..76b8386e0c 100644 --- a/crypto/encode_decode/encoder_pkey.c +++ b/crypto/encode_decode/encoder_pkey.c @@ -40,12 +40,7 @@ int OSSL_ENCODER_CTX_set_passphrase(OSSL_ENCODER_CTX *ctx, const unsigned char *kstr, size_t klen) { - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = OSSL_PARAM_construct_octet_string(OSSL_ENCODER_PARAM_PASS, - (void *)kstr, klen); - - return OSSL_ENCODER_CTX_set_params(ctx, params); + return ossl_pw_set_passphrase(&ctx->pwdata, kstr, klen); } int OSSL_ENCODER_CTX_set_passphrase_ui(OSSL_ENCODER_CTX *ctx, diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 44e36805f6..df8a7af26c 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2934,6 +2934,7 @@ PROV_R_MODULE_INTEGRITY_FAILURE:214:module integrity failure PROV_R_NOT_A_PRIVATE_KEY:221:not a private key PROV_R_NOT_A_PUBLIC_KEY:220:not a public key PROV_R_NOT_INSTANTIATED:193:not instantiated +PROV_R_NOT_PARAMETERS:224:not parameters PROV_R_NOT_SUPPORTED:136:not supported PROV_R_NOT_XOF_OR_INVALID_LENGTH:113:not xof or invalid length PROV_R_NO_KEY_SET:114:no key set diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h index ac83f88cc4..ad1df714ea 100644 --- a/include/openssl/core_dispatch.h +++ b/include/openssl/core_dispatch.h @@ -735,7 +735,7 @@ OSSL_CORE_MAKE_FUNC(int, encoder_encode_data, (void *ctx, const OSSL_PARAM[], OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)) OSSL_CORE_MAKE_FUNC(int, encoder_encode_object, - (void *ctx, void *obj, OSSL_CORE_BIO *out, + (void *ctx, const void *obj, OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)) # define OSSL_FUNC_DECODER_NEWCTX 1 diff --git a/providers/common/include/prov/providercommonerr.h b/providers/common/include/prov/providercommonerr.h index 82eea21049..68bcfb4828 100644 --- a/providers/common/include/prov/providercommonerr.h +++ b/providers/common/include/prov/providercommonerr.h @@ -131,6 +131,7 @@ int ERR_load_PROV_strings(void); # define PROV_R_NOT_A_PRIVATE_KEY 221 # define PROV_R_NOT_A_PUBLIC_KEY 220 # define PROV_R_NOT_INSTANTIATED 193 +# define PROV_R_NOT_PARAMETERS 224 # define PROV_R_NOT_SUPPORTED 136 # define PROV_R_NOT_XOF_OR_INVALID_LENGTH 113 # define PROV_R_NO_KEY_SET 114 diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index 6d6a254dd6..75f24f88d7 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -136,6 +136,7 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_A_PRIVATE_KEY), "not a private key"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_A_PUBLIC_KEY), "not a public key"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_INSTANTIATED), "not instantiated"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_PARAMETERS), "not parameters"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_SUPPORTED), "not supported"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_XOF_OR_INVALID_LENGTH), "not xof or invalid length"}, diff --git a/providers/encoders.inc b/providers/encoders.inc index 4d894a73e5..284703c6e8 100644 --- a/providers/encoders.inc +++ b/providers/encoders.inc @@ -11,102 +11,161 @@ # error Macro ENCODER undefined #endif - ENCODER("RSA", "yes", "text", "private", rsa_priv_text_encoder_functions), - ENCODER("RSA", "yes", "text", "public", rsa_pub_text_encoder_functions), - ENCODER("RSA", "yes", "der", "private", rsa_priv_der_encoder_functions), - ENCODER("RSA", "yes", "der", "public", rsa_pub_der_encoder_functions), - ENCODER("RSA", "yes", "pem", "private", rsa_priv_pem_encoder_functions), - ENCODER("RSA", "yes", "pem", "public", rsa_pub_pem_encoder_functions), + ENCODER("RSA", "yes", "text", "private", + rsa_priv_to_text_encoder_functions), + ENCODER("RSA", "yes", "text", "public", + rsa_pub_to_text_encoder_functions), + ENCODER("RSA", "yes", "der", "private", + rsa_priv_to_der_encoder_functions), + ENCODER("RSA", "yes", "der", "public", + rsa_pub_to_der_encoder_functions), + ENCODER("RSA", "yes", "pem", "private", + rsa_priv_to_pem_encoder_functions), + ENCODER("RSA", "yes", "pem", "public", + rsa_pub_to_pem_encoder_functions), ENCODER("RSA-PSS", "yes", "text", "private", - rsa_priv_text_encoder_functions), - ENCODER("RSA-PSS", "yes", "text", "public", rsa_pub_text_encoder_functions), - ENCODER("RSA-PSS", "yes", "der", "private", rsa_priv_der_encoder_functions), - ENCODER("RSA-PSS", "yes", "der", "public", rsa_pub_der_encoder_functions), - ENCODER("RSA-PSS", "yes", "pem", "private", rsa_priv_pem_encoder_functions), - ENCODER("RSA-PSS", "yes", "pem", "public", rsa_pub_pem_encoder_functions), + rsa_priv_to_text_encoder_functions), + ENCODER("RSA-PSS", "yes", "text", "public", + rsa_pub_to_text_encoder_functions), + ENCODER("RSA-PSS", "yes", "der", "private", + rsa_priv_to_der_encoder_functions), + ENCODER("RSA-PSS", "yes", "der", "public", + rsa_pub_to_der_encoder_functions), + ENCODER("RSA-PSS", "yes", "pem", "private", + rsa_priv_to_pem_encoder_functions), + ENCODER("RSA-PSS", "yes", "pem", "public", + rsa_pub_to_pem_encoder_functions), #ifndef OPENSSL_NO_DH - ENCODER("DH", "yes", "text", "private", dh_priv_text_encoder_functions), - ENCODER("DH", "yes", "text", "public", dh_pub_text_encoder_functions), - ENCODER("DH", "yes", "text", "parameters", dh_param_text_encoder_functions), - ENCODER("DH", "yes", "der", "private", dh_priv_der_encoder_functions), - ENCODER("DH", "yes", "der", "public", dh_pub_der_encoder_functions), - ENCODER("DH", "yes", "der", "parameters", dh_param_der_encoder_functions), - ENCODER("DH", "yes", "pem", "private", dh_priv_pem_encoder_functions), - ENCODER("DH", "yes", "pem", "public", dh_pub_pem_encoder_functions), - ENCODER("DH", "yes", "pem", "parameters", dh_param_pem_encoder_functions), + ENCODER("DH", "yes", "text", "private", + dh_priv_to_text_encoder_functions), + ENCODER("DH", "yes", "text", "public", + dh_pub_to_text_encoder_functions), + ENCODER("DH", "yes", "text", "parameters", + dh_param_to_text_encoder_functions), + ENCODER("DH", "yes", "der", "private", + dh_priv_to_der_encoder_functions), + ENCODER("DH", "yes", "der", "public", + dh_pub_to_der_encoder_functions), + ENCODER("DH", "yes", "der", "parameters", + dh_param_to_der_encoder_functions), + ENCODER("DH", "yes", "pem", "private", + dh_priv_to_pem_encoder_functions), + ENCODER("DH", "yes", "pem", "public", + dh_pub_to_pem_encoder_functions), + ENCODER("DH", "yes", "pem", "parameters", + dh_param_to_pem_encoder_functions), - ENCODER("DHX", "yes", "text", "private", dh_priv_text_encoder_functions), - ENCODER("DHX", "yes", "text", "public", dh_pub_text_encoder_functions), - ENCODER("DHX", "yes", "text", "parameters", dh_param_text_encoder_functions), - ENCODER("DHX", "yes", "der", "private", dh_priv_der_encoder_functions), - ENCODER("DHX", "yes", "der", "public", dh_pub_der_encoder_functions), - ENCODER("DHX", "yes", "der", "parameters", dh_param_der_encoder_functions), - ENCODER("DHX", "yes", "pem", "private", dh_priv_pem_encoder_functions), - ENCODER("DHX", "yes", "pem", "public", dh_pub_pem_encoder_functions), - ENCODER("DHX", "yes", "pem", "parameters", dh_param_pem_encoder_functions), + ENCODER("DHX", "yes", "text", "private", + dh_priv_to_text_encoder_functions), + ENCODER("DHX", "yes", "text", "public", + dh_pub_to_text_encoder_functions), + ENCODER("DHX", "yes", "text", "parameters", + dh_param_to_text_encoder_functions), + ENCODER("DHX", "yes", "der", "private", + dh_priv_to_der_encoder_functions), + ENCODER("DHX", "yes", "der", "public", + dh_pub_to_der_encoder_functions), + ENCODER("DHX", "yes", "der", "parameters", + dh_param_to_der_encoder_functions), + ENCODER("DHX", "yes", "pem", "private", + dh_priv_to_pem_encoder_functions), + ENCODER("DHX", "yes", "pem", "public", + dh_pub_to_pem_encoder_functions), + ENCODER("DHX", "yes", "pem", "parameters", + dh_param_to_pem_encoder_functions), #endif #ifndef OPENSSL_NO_DSA - ENCODER("DSA", "yes", "text", "private", dsa_priv_text_encoder_functions), - ENCODER("DSA", "yes", "text", "public", dsa_pub_text_encoder_functions), + ENCODER("DSA", "yes", "text", "private", + dsa_priv_to_text_encoder_functions), + ENCODER("DSA", "yes", "text", "public", + dsa_pub_to_text_encoder_functions), ENCODER("DSA", "yes", "text", "parameters", - dsa_param_text_encoder_functions), - ENCODER("DSA", "yes", "der", "private", dsa_priv_der_encoder_functions), - ENCODER("DSA", "yes", "der", "public", dsa_pub_der_encoder_functions), - ENCODER("DSA", "yes", "der", "parameters", dsa_param_der_encoder_functions), - ENCODER("DSA", "yes", "pem", "private", dsa_priv_pem_encoder_functions), - ENCODER("DSA", "yes", "pem", "public", dsa_pub_pem_encoder_functions), - ENCODER("DSA", "yes", "pem", "parameters", dsa_param_pem_encoder_functions), + dsa_param_to_text_encoder_functions), + ENCODER("DSA", "yes", "der", "private", + dsa_priv_to_der_encoder_functions), + ENCODER("DSA", "yes", "der", "public", + dsa_pub_to_der_encoder_functions), + ENCODER("DSA", "yes", "der", "parameters", + dsa_param_to_der_encoder_functions), + ENCODER("DSA", "yes", "pem", "private", + dsa_priv_to_pem_encoder_functions), + ENCODER("DSA", "yes", "pem", "public", + dsa_pub_to_pem_encoder_functions), + ENCODER("DSA", "yes", "pem", "parameters", + dsa_param_to_pem_encoder_functions), #endif #ifndef OPENSSL_NO_EC ENCODER("X25519", "yes", "text", "private", - x25519_priv_print_encoder_functions), + x25519_priv_to_text_encoder_functions), ENCODER("X25519", "yes", "text", "public", - x25519_pub_print_encoder_functions), + x25519_pub_to_text_encoder_functions), ENCODER("X25519", "yes", "der", "private", - x25519_priv_der_encoder_functions), - ENCODER("X25519", "yes", "der", "public", x25519_pub_der_encoder_functions), + x25519_priv_to_der_encoder_functions), + ENCODER("X25519", "yes", "der", "public", + x25519_pub_to_der_encoder_functions), ENCODER("X25519", "yes", "pem", "private", - x25519_priv_pem_encoder_functions), - ENCODER("X25519", "yes", "pem", "public", x25519_pub_pem_encoder_functions), + x25519_priv_to_pem_encoder_functions), + ENCODER("X25519", "yes", "pem", "public", + x25519_pub_to_pem_encoder_functions), - ENCODER("X448", "no", "text", "private", x448_priv_print_encoder_functions), - ENCODER("X448", "no", "text", "public", x448_pub_print_encoder_functions), - ENCODER("X448", "no", "der", "private", x448_priv_der_encoder_functions), - ENCODER("X448", "no", "der", "public", x448_pub_der_encoder_functions), - ENCODER("X448", "no", "pem", "private", x448_priv_pem_encoder_functions), - ENCODER("X448", "no", "pem", "public", x448_pub_pem_encoder_functions), + ENCODER("X448", "yes", "text", "private", + x448_priv_to_text_encoder_functions), + ENCODER("X448", "yes", "text", "public", + x448_pub_to_text_encoder_functions), + ENCODER("X448", "yes", "der", "private", + x448_priv_to_der_encoder_functions), + ENCODER("X448", "yes", "der", "public", + x448_pub_to_der_encoder_functions), + ENCODER("X448", "yes", "pem", "private", + x448_priv_to_pem_encoder_functions), + ENCODER("X448", "yes", "pem", "public", + x448_pub_to_pem_encoder_functions), ENCODER("ED25519", "yes", "text", "private", - ed25519_priv_print_encoder_functions), + ed25519_priv_to_text_encoder_functions), ENCODER("ED25519", "yes", "text", "public", - ed25519_pub_print_encoder_functions), + ed25519_pub_to_text_encoder_functions), ENCODER("ED25519", "yes", "der", "private", - ed25519_priv_der_encoder_functions), + ed25519_priv_to_der_encoder_functions), ENCODER("ED25519", "yes", "der", "public", - ed25519_pub_der_encoder_functions), + ed25519_pub_to_der_encoder_functions), ENCODER("ED25519", "yes", "pem", "private", - ed25519_priv_pem_encoder_functions), + ed25519_priv_to_pem_encoder_functions), ENCODER("ED25519", "yes", "pem", "public", - ed25519_pub_pem_encoder_functions), + ed25519_pub_to_pem_encoder_functions), - ENCODER("ED448", "no", "text", "private", - ed448_priv_print_encoder_functions), - ENCODER("ED448", "no", "text", "public", ed448_pub_print_encoder_functions), - ENCODER("ED448", "no", "der", "private", ed448_priv_der_encoder_functions), - ENCODER("ED448", "no", "der", "public", ed448_pub_der_encoder_functions), - ENCODER("ED448", "no", "pem", "private", ed448_priv_pem_encoder_functions), - ENCODER("ED448", "no", "pem", "public", ed448_pub_pem_encoder_functions), + ENCODER("ED448", "yes", "text", "private", + ed448_priv_to_text_encoder_functions), + ENCODER("ED448", "yes", "text", "public", + ed448_pub_to_text_encoder_functions), + ENCODER("ED448", "yes", "der", "private", + ed448_priv_to_der_encoder_functions), + ENCODER("ED448", "yes", "der", "public", + ed448_pub_to_der_encoder_functions), + ENCODER("ED448", "yes", "pem", "private", + ed448_priv_to_pem_encoder_functions), + ENCODER("ED448", "yes", "pem", "public", + ed448_pub_to_pem_encoder_functions), - ENCODER("EC", "yes", "text", "private", ec_priv_text_encoder_functions), - ENCODER("EC", "yes", "text", "public", ec_pub_text_encoder_functions), - ENCODER("EC", "yes", "text", "parameters", ec_param_text_encoder_functions), - ENCODER("EC", "yes", "der", "private", ec_priv_der_encoder_functions), - ENCODER("EC", "yes", "der", "public", ec_pub_der_encoder_functions), - ENCODER("EC", "yes", "der", "parameters", ec_param_der_encoder_functions), - ENCODER("EC", "yes", "pem", "private", ec_priv_pem_encoder_functions), - ENCODER("EC", "yes", "pem", "public", ec_pub_pem_encoder_functions), - ENCODER("EC", "yes", "pem", "parameters", ec_param_pem_encoder_functions), + ENCODER("EC", "yes", "text", "private", + ec_priv_to_text_encoder_functions), + ENCODER("EC", "yes", "text", "public", + ec_pub_to_text_encoder_functions), + ENCODER("EC", "yes", "text", "parameters", + ec_param_to_text_encoder_functions), + ENCODER("EC", "yes", "der", "private", + ec_priv_to_der_encoder_functions), + ENCODER("EC", "yes", "der", "public", + ec_pub_to_der_encoder_functions), + ENCODER("EC", "yes", "der", "parameters", + ec_param_to_der_encoder_functions), + ENCODER("EC", "yes", "pem", "private", + ec_priv_to_pem_encoder_functions), + ENCODER("EC", "yes", "pem", "public", + ec_pub_to_pem_encoder_functions), + ENCODER("EC", "yes", "pem", "parameters", + ec_param_to_pem_encoder_functions), #endif diff --git a/providers/implementations/encode_decode/build.info b/providers/implementations/encode_decode/build.info index 3e78849dfc..97e2264418 100644 --- a/providers/implementations/encode_decode/build.info +++ b/providers/implementations/encode_decode/build.info @@ -10,26 +10,12 @@ $DSA_GOAL=../../libimplementations.a $ECX_GOAL=../../libimplementations.a $EC_GOAL=../../libimplementations.a -SOURCE[$ENCODER_GOAL]=encoder_common.c decode_common.c +SOURCE[$ENCODER_GOAL]=endecoder_common.c SOURCE[$DECODER_GOAL]=decode_der2key.c decode_pem2der.c IF[{- !$disabled{dsa} -}] SOURCE[$DECODER_GOAL]=decode_ms2key.c ENDIF -SOURCE[$RSA_GOAL]=encoder_rsa.c encoder_rsa_priv.c encoder_rsa_pub.c -DEPEND[encoder_rsa.o]=../../common/include/prov/der_rsa.h - -IF[{- !$disabled{"dh"} || !$disabled{"dsa"} -}] - SOURCE[$FFC_GOAL]=encoder_ffc_params.c -ENDIF -IF[{- !$disabled{dh} -}] - SOURCE[$DH_GOAL]=encoder_dh.c encoder_dh_priv.c encoder_dh_pub.c encoder_dh_param.c -ENDIF -IF[{- !$disabled{dsa} -}] - SOURCE[$DSA_GOAL]=encoder_dsa.c encoder_dsa_priv.c encoder_dsa_pub.c encoder_dsa_param.c -ENDIF -IF[{- !$disabled{ec} -}] - SOURCE[$ECX_GOAL]=encoder_ecx.c encoder_ecx_priv.c encoder_ecx_pub.c - SOURCE[$EC_GOAL]=encoder_ec.c encoder_ec_priv.c encoder_ec_pub.c encoder_ec_param.c -ENDIF +SOURCE[$DECODER_GOAL]=encode_key2any.c encode_key2text.c +DEPEND[encode_key2any.o]=../../common/include/prov/der_rsa.h diff --git a/providers/implementations/encode_decode/decode_common.c b/providers/implementations/encode_decode/decode_common.c deleted file mode 100644 index 798d8f10b2..0000000000 --- a/providers/implementations/encode_decode/decode_common.c +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include /* For public PEM and PVK functions */ -#include -#include "internal/pem.h" /* For internal PVK and "blob" functions */ -#include "internal/cryptlib.h" -#include "internal/asn1.h" -#include "internal/passphrase.h" -#include "prov/bio.h" /* ossl_prov_bio_printf() */ -#include "prov/providercommonerr.h" /* PROV_R_READ_KEY */ -#include "encoder_local.h" - -int ossl_prov_read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin, - unsigned char **data, long *len) -{ - BUF_MEM *mem = NULL; - BIO *in = bio_new_from_core_bio(provctx, cin); - int ok = (asn1_d2i_read_bio(in, &mem) >= 0); - - if (ok) { - *data = (unsigned char *)mem->data; - *len = (long)mem->length; - OPENSSL_free(mem); - } - BIO_free(in); - return ok; -} - -int ossl_prov_read_pem(PROV_CTX *provctx, OSSL_CORE_BIO *cin, - char **pem_name, char **pem_header, - unsigned char **data, long *len) -{ - BIO *in = bio_new_from_core_bio(provctx, cin); - int ok = (PEM_read_bio(in, pem_name, pem_header, data, len) > 0); - - BIO_free(in); - return ok; -} - -#ifndef OPENSSL_NO_DSA -EVP_PKEY *ossl_prov_read_msblob(PROV_CTX *provctx, OSSL_CORE_BIO *cin, - int *ispub) -{ - BIO *in = bio_new_from_core_bio(provctx, cin); - EVP_PKEY *pkey = ossl_b2i_bio(in, ispub); - - BIO_free(in); - return pkey; -} - -# ifndef OPENSSL_NO_RC4 -EVP_PKEY *ossl_prov_read_pvk(PROV_CTX *provctx, OSSL_CORE_BIO *cin, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) -{ - BIO *in = NULL; - EVP_PKEY *pkey = NULL; - struct ossl_passphrase_data_st pwdata; - - memset(&pwdata, 0, sizeof(pwdata)); - if (!ossl_pw_set_ossl_passphrase_cb(&pwdata, pw_cb, pw_cbarg)) - return NULL; - - in = bio_new_from_core_bio(provctx, cin); - pkey = b2i_PVK_bio(in, ossl_pw_pem_password, &pwdata); - BIO_free(in); - - return pkey; -} -# endif -#endif - -int ossl_prov_der_from_p8(unsigned char **new_der, long *new_der_len, - unsigned char *input_der, long input_der_len, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) -{ - const unsigned char *derp; - X509_SIG *p8 = NULL; - int ok = 0; - - if (!ossl_assert(new_der != NULL && *new_der == NULL) - || !ossl_assert(new_der_len != NULL)) - return 0; - - derp = input_der; - if ((p8 = d2i_X509_SIG(NULL, &derp, input_der_len)) != NULL) { - char pbuf[PEM_BUFSIZE]; - size_t plen = 0; - - if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) { - ERR_raise(ERR_LIB_PROV, PROV_R_READ_KEY); - } else { - const X509_ALGOR *alg = NULL; - const ASN1_OCTET_STRING *oct = NULL; - int len = 0; - - X509_SIG_get0(p8, &alg, &oct); - if (PKCS12_pbe_crypt(alg, pbuf, plen, oct->data, oct->length, - new_der, &len, 0) != NULL) - ok = 1; - *new_der_len = len; - } - } - X509_SIG_free(p8); - return ok; -} diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index b8b268217d..011f05803d 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -17,13 +17,71 @@ #include #include #include +#include #include +#include /* PEM_BUFSIZE and public PEM functions */ +#include #include +#include "internal/cryptlib.h" /* ossl_assert() */ +#include "internal/asn1.h" +#include "crypto/ecx.h" #include "prov/bio.h" #include "prov/implementations.h" -#include "encoder_local.h" +#include "prov/providercommonerr.h" +#include "endecoder_local.h" -static OSSL_FUNC_decoder_newctx_fn der2rsa_newctx; +static int read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin, + unsigned char **data, long *len) +{ + BUF_MEM *mem = NULL; + BIO *in = bio_new_from_core_bio(provctx, cin); + int ok = (asn1_d2i_read_bio(in, &mem) >= 0); + + if (ok) { + *data = (unsigned char *)mem->data; + *len = (long)mem->length; + OPENSSL_free(mem); + } + BIO_free(in); + return ok; +} + +static int der_from_p8(unsigned char **new_der, long *new_der_len, + unsigned char *input_der, long input_der_len, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) +{ + const unsigned char *derp; + X509_SIG *p8 = NULL; + int ok = 0; + + if (!ossl_assert(new_der != NULL && *new_der == NULL) + || !ossl_assert(new_der_len != NULL)) + return 0; + + derp = input_der; + if ((p8 = d2i_X509_SIG(NULL, &derp, input_der_len)) != NULL) { + char pbuf[PEM_BUFSIZE]; + size_t plen = 0; + + if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) { + ERR_raise(ERR_LIB_PROV, PROV_R_READ_KEY); + } else { + const X509_ALGOR *alg = NULL; + const ASN1_OCTET_STRING *oct = NULL; + int len = 0; + + X509_SIG_get0(p8, &alg, &oct); + if (PKCS12_pbe_crypt(alg, pbuf, plen, oct->data, oct->length, + new_der, &len, 0) != NULL) + ok = 1; + *new_der_len = len; + } + } + X509_SIG_free(p8); + return ok; +} + +/* ---------------------------------------------------------------------- */ static OSSL_FUNC_decoder_freectx_fn der2key_freectx; static OSSL_FUNC_decoder_gettable_params_fn der2key_gettable_params; @@ -109,15 +167,14 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, void *key = NULL; int ok = 0; - if (!ossl_prov_read_der(ctx->provctx, cin, &der, &der_len)) + if (!read_der(ctx->provctx, cin, &der, &der_len)) return 0; /* * Opportunistic attempt to decrypt. If it doesn't work, we try to * decode our input unencrypted. */ - if (ossl_prov_der_from_p8(&new_der, &new_der_len, der, der_len, - pw_cb, pw_cbarg)) { + if (der_from_p8(&new_der, &new_der_len, der, der_len, pw_cb, pw_cbarg)) { OPENSSL_free(der); der = new_der; der_len = new_der_len; @@ -203,6 +260,7 @@ static int der2key_export_object(void *vctx, { EVP_PKEY_##KEYTYPE, KEYTYPEstr, keytype##_keymgmt_functions, \ (extract_key_fn *)extract, \ (free_key_fn *)free }; \ + static OSSL_FUNC_decoder_newctx_fn der2##keytype##_newctx; \ static void *der2##keytype##_newctx(void *provctx) \ { \ return der2key_newctx(provctx, &keytype##_desc); \ diff --git a/providers/implementations/encode_decode/decode_ms2key.c b/providers/implementations/encode_decode/decode_ms2key.c index d8aa813ced..707e6bc08f 100644 --- a/providers/implementations/encode_decode/decode_ms2key.c +++ b/providers/implementations/encode_decode/decode_ms2key.c @@ -13,16 +13,51 @@ */ #include "internal/deprecated.h" +#include + #include #include #include #include #include +#include /* For public PVK functions */ #include -#include "internal/pem.h" /* For PVK and "blob" PEM headers */ +#include "internal/pem.h" /* For internal PVK and "blob" headers */ +#include "internal/passphrase.h" #include "prov/bio.h" #include "prov/implementations.h" -#include "encoder_local.h" +#include "endecoder_local.h" + +#ifndef OPENSSL_NO_DSA +static EVP_PKEY *read_msblob(PROV_CTX *provctx, OSSL_CORE_BIO *cin, int *ispub) +{ + BIO *in = bio_new_from_core_bio(provctx, cin); + EVP_PKEY *pkey = ossl_b2i_bio(in, ispub); + + BIO_free(in); + return pkey; +} + +# ifndef OPENSSL_NO_RC4 +static EVP_PKEY *read_pvk(PROV_CTX *provctx, OSSL_CORE_BIO *cin, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) +{ + BIO *in = NULL; + EVP_PKEY *pkey = NULL; + struct ossl_passphrase_data_st pwdata; + + memset(&pwdata, 0, sizeof(pwdata)); + if (!ossl_pw_set_ossl_passphrase_cb(&pwdata, pw_cb, pw_cbarg)) + return NULL; + + in = bio_new_from_core_bio(provctx, cin); + pkey = b2i_PVK_bio(in, ossl_pw_pem_password, &pwdata); + BIO_free(in); + + return pkey; +} +# endif +#endif static OSSL_FUNC_decoder_freectx_fn ms2key_freectx; static OSSL_FUNC_decoder_gettable_params_fn ms2key_gettable_params; @@ -159,7 +194,7 @@ static int msblob2key_decode(void *vctx, OSSL_CORE_BIO *cin, { struct ms2key_ctx_st *ctx = vctx; int ispub = -1; - EVP_PKEY *pkey = ossl_prov_read_msblob(ctx->provctx, cin, &ispub); + EVP_PKEY *pkey = read_msblob(ctx->provctx, cin, &ispub); int ok = ms2key_post(ctx, pkey, data_cb, data_cbarg); EVP_PKEY_free(pkey); @@ -172,7 +207,7 @@ static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin, OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { struct ms2key_ctx_st *ctx = vctx; - EVP_PKEY *pkey = ossl_prov_read_pvk(ctx->provctx, cin, pw_cb, pw_cbarg); + EVP_PKEY *pkey = read_pvk(ctx->provctx, cin, pw_cb, pw_cbarg); int ok = ms2key_post(ctx, pkey, data_cb, data_cbarg); EVP_PKEY_free(pkey); diff --git a/providers/implementations/encode_decode/decode_pem2der.c b/providers/implementations/encode_decode/decode_pem2der.c index cbee397982..6e669884de 100644 --- a/providers/implementations/encode_decode/decode_pem2der.c +++ b/providers/implementations/encode_decode/decode_pem2der.c @@ -24,7 +24,18 @@ #include "prov/bio.h" #include "prov/implementations.h" #include "prov/providercommonerr.h" -#include "encoder_local.h" +#include "endecoder_local.h" + +static int read_pem(PROV_CTX *provctx, OSSL_CORE_BIO *cin, + char **pem_name, char **pem_header, + unsigned char **data, long *len) +{ + BIO *in = bio_new_from_core_bio(provctx, cin); + int ok = (PEM_read_bio(in, pem_name, pem_header, data, len) > 0); + + BIO_free(in); + return ok; +} static OSSL_FUNC_decoder_newctx_fn pem2der_newctx; static OSSL_FUNC_decoder_freectx_fn pem2der_freectx; @@ -104,8 +115,8 @@ static int pem2der_decode(void *vctx, OSSL_CORE_BIO *cin, long der_len = 0; int ok = 0; - if (ossl_prov_read_pem(ctx->provctx, cin, &pem_name, &pem_header, - &der, &der_len) <= 0) + if (read_pem(ctx->provctx, cin, &pem_name, &pem_header, + &der, &der_len) <= 0) return 0; /* diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c new file mode 100644 index 0000000000..ba240aa094 --- /dev/null +++ b/providers/implementations/encode_decode/encode_key2any.c @@ -0,0 +1,924 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Low level APIs are deprecated for public use, but still ok for internal use. + */ +#include "internal/deprecated.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include /* PKCS8_encrypt() */ +#include +#include +#include +#include "internal/passphrase.h" +#include "internal/cryptlib.h" +#include "crypto/ecx.h" +#include "crypto/rsa.h" +#include "prov/implementations.h" +#include "prov/providercommonerr.h" +#include "prov/bio.h" +#include "prov/provider_ctx.h" +#include "prov/der_rsa.h" +#include "endecoder_local.h" + +struct key2any_ctx_st { + PROV_CTX *provctx; + + /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */ + int cipher_intent; + + EVP_CIPHER *cipher; + + struct ossl_passphrase_data_st pwdata; +}; + +typedef int key_to_paramstring_fn(const void *key, int nid, + void **str, int *strtype); +typedef int key_to_der_fn(BIO *out, const void *key, int key_nid, + key_to_paramstring_fn *p2s, i2d_of_void *k2d, + struct key2any_ctx_st *ctx); +typedef int write_bio_of_void_fn(BIO *bp, const void *x); + +static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid, + void *params, int params_type, + i2d_of_void *k2d) +{ + /* der, derlen store the key DER output and its length */ + unsigned char *der = NULL; + int derlen; + /* The final PKCS#8 info */ + PKCS8_PRIV_KEY_INFO *p8info = NULL; + + + if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL + || (derlen = k2d(key, &der)) <= 0 + || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0, + params_type, params, der, derlen)) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + PKCS8_PRIV_KEY_INFO_free(p8info); + OPENSSL_free(der); + p8info = NULL; + } + + return p8info; +} + +static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info, + struct key2any_ctx_st *ctx) +{ + X509_SIG *p8 = NULL; + char kstr[PEM_BUFSIZE]; + size_t klen = 0; + + if (ctx->cipher == NULL) + return NULL; + + if (!ossl_pw_get_passphrase(kstr, sizeof(kstr), &klen, NULL, 1, + &ctx->pwdata)) { + ERR_raise(ERR_LIB_PROV, PROV_R_READ_KEY); + return NULL; + } + /* First argument == -1 means "standard" */ + p8 = PKCS8_encrypt(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info); + OPENSSL_cleanse(kstr, klen); + return p8; +} + +static X509_SIG *key_to_encp8(const void *key, int key_nid, + void *params, int params_type, + i2d_of_void *k2d, struct key2any_ctx_st *ctx) +{ + PKCS8_PRIV_KEY_INFO *p8info = + key_to_p8info(key, key_nid, params, params_type, k2d); + X509_SIG *p8 = p8info_to_encp8(p8info, ctx); + + PKCS8_PRIV_KEY_INFO_free(p8info); + return p8; +} + +static X509_PUBKEY *key_to_pubkey(const void *key, int key_nid, + void *params, int params_type, + i2d_of_void k2d) +{ + /* der, derlen store the key DER output and its length */ + unsigned char *der = NULL; + int derlen; + /* The final X509_PUBKEY */ + X509_PUBKEY *xpk = NULL; + + + if ((xpk = X509_PUBKEY_new()) == NULL + || (derlen = k2d(key, &der)) <= 0 + || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid), + params_type, params, der, derlen)) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + X509_PUBKEY_free(xpk); + OPENSSL_free(der); + xpk = NULL; + } + + return xpk; +} + +static int key_to_der_pkcs8_bio(BIO *out, const void *key, int key_nid, + key_to_paramstring_fn *p2s, i2d_of_void *k2d, + struct key2any_ctx_st *ctx) +{ + int ret = 0; + void *str = NULL; + int strtype = V_ASN1_UNDEF; + + if (p2s != NULL && !p2s(key, key_nid, &str, &strtype)) + return 0; + + if (ctx->cipher_intent) { + X509_SIG *p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); + + if (p8 != NULL) + ret = i2d_PKCS8_bio(out, p8); + + X509_SIG_free(p8); + } else { + PKCS8_PRIV_KEY_INFO *p8info = + key_to_p8info(key, key_nid, str, strtype, k2d); + + if (p8info != NULL) + ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info); + + PKCS8_PRIV_KEY_INFO_free(p8info); + } + + return ret; +} + +static int key_to_pem_pkcs8_bio(BIO *out, const void *key, int key_nid, + key_to_paramstring_fn *p2s, i2d_of_void *k2d, + struct key2any_ctx_st *ctx) +{ + int ret = 0; + void *str = NULL; + int strtype = V_ASN1_UNDEF; + + if (p2s != NULL && !p2s(key, key_nid, &str, &strtype)) + return 0; + + if (ctx->cipher_intent) { + X509_SIG *p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); + + if (p8 != NULL) + ret = PEM_write_bio_PKCS8(out, p8); + + X509_SIG_free(p8); + } else { + PKCS8_PRIV_KEY_INFO *p8info = + key_to_p8info(key, key_nid, str, strtype, k2d); + + if (p8info != NULL) + ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info); + + PKCS8_PRIV_KEY_INFO_free(p8info); + } + + return ret; +} + +static int key_to_der_pubkey_bio(BIO *out, const void *key, int key_nid, + key_to_paramstring_fn *p2s, i2d_of_void *k2d, + struct key2any_ctx_st *ctx) +{ + int ret = 0; + void *str = NULL; + int strtype = V_ASN1_UNDEF; + X509_PUBKEY *xpk = NULL; + + if (p2s != NULL && !p2s(key, key_nid, &str, &strtype)) + return 0; + + xpk = key_to_pubkey(key, key_nid, str, strtype, k2d); + + if (xpk != NULL) + ret = i2d_X509_PUBKEY_bio(out, xpk); + + /* Also frees |str| */ + X509_PUBKEY_free(xpk); + return ret; +} + +static int key_to_pem_pubkey_bio(BIO *out, const void *key, int key_nid, + key_to_paramstring_fn *p2s, i2d_of_void *k2d, + struct key2any_ctx_st *ctx) +{ + int ret = 0; + void *str = NULL; + int strtype = V_ASN1_UNDEF; + X509_PUBKEY *xpk = NULL; + + if (p2s != NULL && !p2s(key, key_nid, &str, &strtype)) + return 0; + + xpk = key_to_pubkey(key, key_nid, str, strtype, k2d); + + if (xpk != NULL) + ret = PEM_write_bio_X509_PUBKEY(out, xpk); + + /* Also frees |str| */ + X509_PUBKEY_free(xpk); + return ret; +} + +/* ---------------------------------------------------------------------- */ + +#ifndef OPENSSL_NO_DH +# define dh_param_selection OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS +# define dh_pub_selection (OSSL_KEYMGMT_SELECT_PUBLIC_KEY \ + | dh_param_selection) +# define dh_priv_selection (OSSL_KEYMGMT_SELECT_KEYPAIR \ + | dh_param_selection) + +static int dh_type_to_evp(const DH *dh) +{ + return DH_test_flags(dh, DH_FLAG_TYPE_DHX) ? EVP_PKEY_DHX : EVP_PKEY_DH; +} + +static int prepare_dh_params(const void *dh, int nid, + void **pstr, int *pstrtype) +{ + ASN1_STRING *params = ASN1_STRING_new(); + + if (params == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (nid == EVP_PKEY_DHX) + params->length = i2d_DHxparams(dh, ¶ms->data); + else + params->length = i2d_DHparams(dh, ¶ms->data); + + if (params->length <= 0) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + ASN1_STRING_free(params); + return 0; + } + params->type = V_ASN1_SEQUENCE; + + *pstr = params; + *pstrtype = V_ASN1_SEQUENCE; + return 1; +} + +static int dh_pub_to_der(const void *dh, unsigned char **pder) +{ + const BIGNUM *bn = NULL; + ASN1_INTEGER *pub_key = NULL; + int ret; + + if ((bn = DH_get0_pub_key(dh)) == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); + return 0; + } + if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); + return 0; + } + + ret = i2d_ASN1_INTEGER(pub_key, pder); + + ASN1_STRING_clear_free(pub_key); + return ret; +} + +static int dh_priv_to_der(const void *dh, unsigned char **pder) +{ + const BIGNUM *bn = NULL; + ASN1_INTEGER *priv_key = NULL; + int ret; + + if ((bn = DH_get0_priv_key(dh)) == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); + return 0; + } + if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); + return 0; + } + + ret = i2d_ASN1_INTEGER(priv_key, pder); + + ASN1_STRING_clear_free(priv_key); + return ret; +} + +static int dh_params_to_der_bio(BIO *out, const void *key) +{ + return i2d_DHparams_bio(out, key); +} + +static int dh_params_to_pem_bio(BIO *out, const void *key) +{ + return PEM_write_bio_DHparams(out, key); +} +#endif + +/* ---------------------------------------------------------------------- */ + +#ifndef OPENSSL_NO_DSA +# define dsa_param_selection OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS +# define dsa_pub_selection (OSSL_KEYMGMT_SELECT_PUBLIC_KEY \ + | dsa_param_selection) +# define dsa_priv_selection (OSSL_KEYMGMT_SELECT_KEYPAIR \ + | dsa_param_selection) + +# define dsa_type_to_evp(key) EVP_PKEY_DSA + +static int prepare_some_dsa_params(const void *dsa, int nid, + void **pstr, int *pstrtype) +{ + ASN1_STRING *params = ASN1_STRING_new(); + + if (params == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return 0; + } + + params->length = i2d_DSAparams(dsa, ¶ms->data); + + if (params->length <= 0) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + ASN1_STRING_free(params); + return 0; + } + + *pstrtype = V_ASN1_SEQUENCE; + *pstr = params; + return 1; +} + +static int prepare_all_dsa_params(const void *dsa, int nid, + void **pstr, int *pstrtype) +{ + const BIGNUM *p = DSA_get0_p(dsa); + const BIGNUM *q = DSA_get0_q(dsa); + const BIGNUM *g = DSA_get0_g(dsa); + + if (p != NULL && q != NULL && g != NULL) + return prepare_some_dsa_params(dsa, nid, pstr, pstrtype); + + *pstr = NULL; + *pstrtype = V_ASN1_UNDEF; + return 1; +} + +static int prepare_dsa_params(const void *dsa, int nid, + void **pstr, int *pstrtype) +{ + /* + * TODO(v3.0) implement setting save_parameters, see dsa_pub_encode() + * in crypto/dsa/dsa_ameth.c + */ + int save_parameters = 1; + + return save_parameters + ? prepare_all_dsa_params(dsa, nid, pstr, pstrtype) + : prepare_some_dsa_params(dsa, nid, pstr, pstrtype); +} + +static int dsa_pub_to_der(const void *dsa, unsigned char **pder) +{ + const BIGNUM *bn = NULL; + ASN1_INTEGER *pub_key = NULL; + int ret; + + if ((bn = DSA_get0_pub_key(dsa)) == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); + return 0; + } + if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); + return 0; + } + + ret = i2d_ASN1_INTEGER(pub_key, pder); + + ASN1_STRING_clear_free(pub_key); + return ret; +} + +static int dsa_priv_to_der(const void *dsa, unsigned char **pder) +{ + const BIGNUM *bn = NULL; + ASN1_INTEGER *priv_key = NULL; + int ret; + + if ((bn = DSA_get0_priv_key(dsa)) == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); + return 0; + } + if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); + return 0; + } + + ret = i2d_ASN1_INTEGER(priv_key, pder); + + ASN1_STRING_clear_free(priv_key); + return ret; +} + +static int dsa_params_to_der_bio(BIO *out, const void *key) +{ + return i2d_DSAparams_bio(out, key); +} + +static int dsa_params_to_pem_bio(BIO *out, const void *key) +{ + return PEM_write_bio_DSAparams(out, key); +} +#endif + +/* ---------------------------------------------------------------------- */ + +#ifndef OPENSSL_NO_EC +# define ec_param_selection OSSL_KEYMGMT_SELECT_ALL_PARAMETERS +# define ec_pub_selection (OSSL_KEYMGMT_SELECT_PUBLIC_KEY \ + | ec_param_selection) +# define ec_priv_selection (OSSL_KEYMGMT_SELECT_KEYPAIR \ + | ec_param_selection) + +# define ec_type_to_evp(key) EVP_PKEY_EC + +static int prepare_ec_explicit_params(const void *eckey, + void **pstr, int *pstrtype) +{ + ASN1_STRING *params = ASN1_STRING_new(); + + if (params == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return 0; + } + + params->length = i2d_ECParameters(eckey, ¶ms->data); + if (params->length <= 0) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + ASN1_STRING_free(params); + return 0; + } + + *pstrtype = V_ASN1_SEQUENCE; + *pstr = params; + return 1; +} + +static int prepare_ec_params(const void *eckey, int nid, + void **pstr, int *pstrtype) +{ + int curve_nid; + const EC_GROUP *group = EC_KEY_get0_group(eckey); + ASN1_OBJECT *params = NULL; + + if (group == NULL) + return 0; + curve_nid = EC_GROUP_get_curve_name(group); + if (curve_nid != NID_undef) { + params = OBJ_nid2obj(curve_nid); + if (params == NULL) + return 0; + } + + if (curve_nid != NID_undef + && (EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE)) { + if (OBJ_length(params) == 0) { + /* Some curves might not have an associated OID */ + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_OID); + ASN1_OBJECT_free(params); + return 0; + } + *pstr = params; + *pstrtype = V_ASN1_OBJECT; + return 1; + } else { + return prepare_ec_explicit_params(eckey, pstr, pstrtype); + } +} + +static int ec_params_to_der_bio(BIO *out, const void *eckey) +{ + return i2d_ECPKParameters_bio(out, EC_KEY_get0_group(eckey)); +} + +static int ec_params_to_pem_bio(BIO *out, const void *eckey) +{ + return PEM_write_bio_ECPKParameters(out, EC_KEY_get0_group(eckey)); +} + +static int ec_pub_to_der(const void *eckey, unsigned char **pder) +{ + return i2o_ECPublicKey(eckey, pder); +} + +static int ec_priv_to_der(const void *veckey, unsigned char **pder) +{ + EC_KEY *eckey = (EC_KEY *)veckey; + unsigned int old_flags; + int ret = 0; + + /* + * For PKCS8 the curve name appears in the PKCS8_PRIV_KEY_INFO object + * as the pkeyalg->parameter field. (For a named curve this is an OID) + * The pkey field is an octet string that holds the encoded + * ECPrivateKey SEQUENCE with the optional parameters field omitted. + * We omit this by setting the EC_PKEY_NO_PARAMETERS flag. + */ + old_flags = EC_KEY_get_enc_flags(eckey); /* save old flags */ + EC_KEY_set_enc_flags(eckey, old_flags | EC_PKEY_NO_PARAMETERS); + ret = i2d_ECPrivateKey(eckey, pder); + EC_KEY_set_enc_flags(eckey, old_flags); /* restore old flags */ + return ret; /* return the length of the der encoded data */ +} +#endif + +/* ---------------------------------------------------------------------- */ + +#ifndef OPENSSL_NO_EC +# define ecx_pub_selection OSSL_KEYMGMT_SELECT_PUBLIC_KEY +# define ecx_priv_selection OSSL_KEYMGMT_SELECT_KEYPAIR + +# define ed25519_type_to_evp(key) EVP_PKEY_ED25519 +# define ed448_type_to_evp(key) EVP_PKEY_ED448 +# define x25519_type_to_evp(key) EVP_PKEY_X25519 +# define x448_type_to_evp(key) EVP_PKEY_X448 + +# define prepare_ecx_params NULL + +static int ecx_pub_to_der(const void *vecxkey, unsigned char **pder) +{ + const ECX_KEY *ecxkey = vecxkey; + unsigned char *keyblob; + + if (ecxkey == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + keyblob = OPENSSL_memdup(ecxkey->pubkey, ecxkey->keylen); + if (keyblob == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return 0; + } + + *pder = keyblob; + return ecxkey->keylen; +} + +static int ecx_priv_to_der(const void *vecxkey, unsigned char **pder) +{ + const ECX_KEY *ecxkey = vecxkey; + ASN1_OCTET_STRING oct; + int keybloblen; + + if (ecxkey == NULL || ecxkey->privkey == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + oct.data = ecxkey->privkey; + oct.length = ecxkey->keylen; + oct.flags = 0; + + keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder); + if (keybloblen < 0) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return 0; + } + + return keybloblen; +} + +# define ecx_params_to_der_bio NULL +# define ecx_params_to_pem_bio NULL +#endif + +/* ---------------------------------------------------------------------- */ + +#define rsa_param_selection OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS +#define rsa_pub_selection (OSSL_KEYMGMT_SELECT_PUBLIC_KEY \ + | rsa_param_selection) +#define rsa_priv_selection (OSSL_KEYMGMT_SELECT_KEYPAIR \ + | rsa_param_selection) + +static int rsa_type_to_evp(const RSA *rsa) +{ + switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { + case RSA_FLAG_TYPE_RSA: + return EVP_PKEY_RSA; + case RSA_FLAG_TYPE_RSASSAPSS: + return EVP_PKEY_RSA_PSS; + } + + /* Currently unsupported RSA key type */ + return EVP_PKEY_NONE; +} + +/* + * Helper functions to prepare RSA-PSS params for encoding. We would + * have simply written the whole AlgorithmIdentifier, but existing libcrypto + * functionality doesn't allow that. + */ + +static int prepare_rsa_params(const void *rsa, int nid, + void **pstr, int *pstrtype) +{ + const RSA_PSS_PARAMS_30 *pss = rsa_get0_pss_params_30((RSA *)rsa); + + *pstr = NULL; + + switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { + case RSA_FLAG_TYPE_RSA: + /* If plain RSA, the parameters shall be NULL */ + *pstrtype = V_ASN1_NULL; + return 1; + case RSA_FLAG_TYPE_RSASSAPSS: + if (rsa_pss_params_30_is_unrestricted(pss)) { + *pstrtype = V_ASN1_UNDEF; + return 1; + } else { + ASN1_STRING *astr = NULL; + WPACKET pkt; + unsigned char *str = NULL; + size_t str_sz = 0; + int i; + + for (i = 0; i < 2; i++) { + switch (i) { + case 0: + if (!WPACKET_init_null_der(&pkt)) + goto err; + break; + case 1: + if ((str = OPENSSL_malloc(str_sz)) == NULL + || !WPACKET_init_der(&pkt, str, str_sz)) { + goto err; + } + break; + } + if (!DER_w_RSASSA_PSS_params(&pkt, -1, pss) + || !WPACKET_finish(&pkt) + || !WPACKET_get_total_written(&pkt, &str_sz)) + goto err; + WPACKET_cleanup(&pkt); + + /* + * If no PSS parameters are going to be written, there's no + * point going for another iteration. + * This saves us from getting |str| allocated just to have it + * immediately de-allocated. + */ + if (str_sz == 0) + break; + } + + if ((astr = ASN1_STRING_new()) == NULL) + goto err; + *pstrtype = V_ASN1_SEQUENCE; + ASN1_STRING_set0(astr, str, (int)str_sz); + *pstr = astr; + + return 1; + err: + OPENSSL_free(str); + return 0; + } + } + + /* Currently unsupported RSA key type */ + return 0; +} + +#define rsa_params_to_der_bio NULL +#define rsa_params_to_pem_bio NULL +#define rsa_priv_to_der (i2d_of_void *)i2d_RSAPrivateKey +#define rsa_pub_to_der (i2d_of_void *)i2d_RSAPublicKey + +/* ---------------------------------------------------------------------- */ + +static OSSL_FUNC_decoder_newctx_fn key2any_newctx; +static OSSL_FUNC_decoder_freectx_fn key2any_freectx; + +static void *key2any_newctx(void *provctx) +{ + struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx != NULL) + ctx->provctx = provctx; + + return ctx; +} + +static void key2any_freectx(void *vctx) +{ + struct key2any_ctx_st *ctx = vctx; + + ossl_pw_clear_passphrase_data(&ctx->pwdata); + EVP_CIPHER_free(ctx->cipher); + OPENSSL_free(ctx); +} + +static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx) +{ + static const OSSL_PARAM settables[] = { + OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_END, + }; + + return settables; +} + +static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + struct key2any_ctx_st *ctx = vctx; + OPENSSL_CTX *libctx = PROV_CTX_get0_library_context(ctx->provctx); + const OSSL_PARAM *cipherp = + OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER); + const OSSL_PARAM *propsp = + OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES); + + if (cipherp != NULL) { + const char *ciphername = NULL; + const char *props = NULL; + + if (!OSSL_PARAM_get_utf8_string_ptr(cipherp, &ciphername)) + return 0; + if (propsp != NULL && !OSSL_PARAM_get_utf8_string_ptr(propsp, &props)) + return 0; + + EVP_CIPHER_free(ctx->cipher); + ctx->cipher_intent = ciphername != NULL; + if (ciphername != NULL + && ((ctx->cipher = + EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL)) + return 0; + } + return 1; +} + +static int key2any_encode(struct key2any_ctx_st *ctx, + const void *key, int type, + OSSL_CORE_BIO *cout, key_to_der_fn *writer, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg, + key_to_paramstring_fn *key2paramstring, + i2d_of_void *key2der) +{ + BIO *out = bio_new_from_core_bio(ctx->provctx, cout); + int ret = 0; + + if (out != NULL + && writer != NULL + && ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, cb, cbarg)) + ret = writer(out, key, type, key2paramstring, key2der, ctx); + + BIO_free(out); + return ret; +} + +static int key2any_encode_params(struct key2any_ctx_st *ctx, const void *key, + OSSL_CORE_BIO *cout, + write_bio_of_void_fn *writer) +{ + int ret = 0; + BIO *out = bio_new_from_core_bio(ctx->provctx, cout); + + if (out != NULL && writer != NULL) + ret = writer(out, key); + + BIO_free(out); + + return ret; +} + +#define ALLOWED_SELECTORS \ + (OSSL_KEYMGMT_SELECT_ALL_PARAMETERS | OSSL_KEYMGMT_SELECT_KEYPAIR) + +#define MAKE_ENCODER_KIND(impl, kind, type, evp_type, output) \ + static OSSL_FUNC_encoder_encode_data_fn \ + impl##_##kind##2##output##_encode_d; \ + static OSSL_FUNC_encoder_encode_object_fn \ + impl##_##kind##2##output##_encode_o; \ + static int \ + impl##_##kind##2##output##_encode_d(void *vctx, \ + const OSSL_PARAM params[], \ + OSSL_CORE_BIO *cout, \ + OSSL_PASSPHRASE_CALLBACK *cb, \ + void *cbarg) \ + { \ + struct key2any_ctx_st *ctx = vctx; \ + int selection = type##_##kind##_selection; \ + void *key = ossl_prov_import_key(impl##_keymgmt_functions, \ + ctx->provctx, selection, \ + params); \ + int ret; \ + \ + if (key == NULL) \ + return 0; \ + \ + ret = impl##_##kind##2##output##_encode_o(ctx, key, cout, \ + cb, cbarg); \ + ossl_prov_free_key(impl##_keymgmt_functions, key); \ + return ret; \ + } \ + static int \ + impl##_##kind##2##output##_encode_o(void *vctx, const void *key, \ + OSSL_CORE_BIO *cout, \ + OSSL_PASSPHRASE_CALLBACK *cb, \ + void *cbarg) \ + { \ + int selection = type##_##kind##_selection; \ + \ + if (!ossl_assert(selection != 0) \ + || !ossl_assert((selection & ~ALLOWED_SELECTORS) == 0)) { \ + ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); \ + return 0; \ + } \ + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) \ + return key2any_encode(vctx, key, impl##_type_to_evp(key), \ + cout, key_to_##output##_pkcs8_bio, \ + cb, cbarg, \ + prepare_##type##_params, \ + type##_priv_to_der); \ + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) \ + return key2any_encode(vctx, key, impl##_type_to_evp(key), \ + cout, key_to_##output##_pubkey_bio, \ + cb, cbarg, \ + prepare_##type##_params, \ + type##_pub_to_der); \ + return key2any_encode_params(vctx, key, cout, \ + type##_params_to_##output##_bio); \ + } \ + const OSSL_DISPATCH \ + impl##_##kind##_to_##output##_encoder_functions[] = { \ + { OSSL_FUNC_ENCODER_NEWCTX, \ + (void (*)(void))key2any_newctx }, \ + { OSSL_FUNC_ENCODER_FREECTX, \ + (void (*)(void))key2any_freectx }, \ + { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))key2any_settable_ctx_params }, \ + { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \ + (void (*)(void))key2any_set_ctx_params }, \ + { OSSL_FUNC_ENCODER_ENCODE_DATA, \ + (void (*)(void))impl##_##kind##2##output##_encode_d }, \ + { OSSL_FUNC_ENCODER_ENCODE_OBJECT, \ + (void (*)(void))impl##_##kind##2##output##_encode_o }, \ + { 0, NULL } \ + } + +#define MAKE_ENCODER(impl, type, evp_type, output) \ + MAKE_ENCODER_KIND(impl, param, type, evp_type, output); \ + MAKE_ENCODER_KIND(impl, pub, type, evp_type, output); \ + MAKE_ENCODER_KIND(impl, priv, type, evp_type, output) + +#define MAKE_ENCODER_NOPARAM(impl, type, evp_type, output) \ + MAKE_ENCODER_KIND(impl, pub, type, evp_type, output); \ + MAKE_ENCODER_KIND(impl, priv, type, evp_type, output) + +#ifndef OPENSSL_NO_DH +MAKE_ENCODER(dh, dh, EVP_PKEY_DH, der); +MAKE_ENCODER(dh, dh, EVP_PKEY_DH, pem); +#endif +#ifndef OPENSSL_NO_DSA +MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, der); +MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, pem); +#endif +#ifndef OPENSSL_NO_EC +MAKE_ENCODER(ec, ec, EVP_PKEY_EC, der); +MAKE_ENCODER(ec, ec, EVP_PKEY_EC, pem); +MAKE_ENCODER_NOPARAM(ed25519, ecx, EVP_PKEY_ED25519, der); +MAKE_ENCODER_NOPARAM(ed25519, ecx, EVP_PKEY_ED25519, pem); +MAKE_ENCODER_NOPARAM(ed448, ecx, EVP_PKEY_ED448, der); +MAKE_ENCODER_NOPARAM(ed448, ecx, EVP_PKEY_ED448, pem); +MAKE_ENCODER_NOPARAM(x25519, ecx, EVP_PKEY_X25519, der); +MAKE_ENCODER_NOPARAM(x25519, ecx, EVP_PKEY_X25519, pem); +MAKE_ENCODER_NOPARAM(x448, ecx, EVP_PKEY_ED448, der); +MAKE_ENCODER_NOPARAM(x448, ecx, EVP_PKEY_ED448, pem); +#endif +/* + * RSA-PSS does have parameters, but we don't have a separate output for them, + * so we don't pretend we do. Parameter handling remains internal within the + * RSA helper functions. + */ +MAKE_ENCODER_NOPARAM(rsa, rsa, EVP_PKEY_RSA, der); +MAKE_ENCODER_NOPARAM(rsa, rsa, EVP_PKEY_RSA, pem); diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c new file mode 100644 index 0000000000..7f5ca2b7b7 --- /dev/null +++ b/providers/implementations/encode_decode/encode_key2text.c @@ -0,0 +1,891 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Low level APIs are deprecated for public use, but still ok for internal use. + */ +#include "internal/deprecated.h" + +#include + +#include +#include +#include +#include +#include +#include +#include "internal/ffc.h" +#include "crypto/bn.h" /* bn_get_words() */ +#include "crypto/dh.h" /* dh_get0_params() */ +#include "crypto/dsa.h" /* dsa_get0_params() */ +#include "crypto/ec.h" /* ec_key_get_libctx */ +#include "crypto/ecx.h" /* ECX_KEY, etc... */ +#include "crypto/rsa.h" /* RSA_PSS_PARAMS_30, etc... */ +#include "prov/bio.h" +#include "prov/implementations.h" +#include "prov/providercommonerr.h" +#include "endecoder_local.h" + +DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) + +# ifdef SIXTY_FOUR_BIT_LONG +# define BN_FMTu "%lu" +# define BN_FMTx "%lx" +# endif + +# ifdef SIXTY_FOUR_BIT +# define BN_FMTu "%llu" +# define BN_FMTx "%llx" +# endif + +# ifdef THIRTY_TWO_BIT +# define BN_FMTu "%u" +# define BN_FMTx "%x" +# endif + +static int print_labeled_bignum(BIO *out, const char *label, const BIGNUM *bn) +{ + int ret = 0, use_sep = 0; + char *hex_str = NULL, *p; + const char spaces[] = " "; + const char *post_label_spc = " "; + + const char *neg = ""; + int bytes; + + if (bn == NULL) + return 0; + if (label == NULL) { + label = ""; + post_label_spc = ""; + } + + if (BN_is_zero(bn)) + return BIO_printf(out, "%s%s0\n", label, post_label_spc); + + if (BN_num_bytes(bn) <= BN_BYTES) { + BN_ULONG *words = bn_get_words(bn); + + if (BN_is_negative(bn)) + neg = "-"; + + return BIO_printf(out, "%s%s%s" BN_FMTu " (%s0x" BN_FMTx ")\n", + label, post_label_spc, neg, words[0], neg, words[0]); + } + + hex_str = BN_bn2hex(bn); + p = hex_str; + if (*p == '-') { + ++p; + neg = " (Negative)"; + } + if (BIO_printf(out, "%s%s\n", label, neg) <= 0) + goto err; + + /* Keep track of how many bytes we have printed out so far */ + bytes = 0; + + if (BIO_printf(out, "%s", spaces) <= 0) + goto err; + + /* Add a leading 00 if the top bit is set */ + if (*p >= '8') { + if (BIO_printf(out, "%02x", 0) <= 0) + goto err; + ++bytes; + use_sep = 1; + } + while (*p != '\0') { + /* Do a newline after every 15 hex bytes + add the space indent */ + if ((bytes % 15) == 0 && bytes > 0) { + if (BIO_printf(out, ":\n%s", spaces) <= 0) + goto err; + use_sep = 0; /* The first byte on the next line doesnt have a : */ + } + if (BIO_printf(out, "%s%c%c", use_sep ? ":" : "", + tolower(p[0]), tolower(p[1])) <= 0) + goto err; + ++bytes; + p += 2; + use_sep = 1; + } + if (BIO_printf(out, "\n") <= 0) + goto err; + ret = 1; +err: + OPENSSL_free(hex_str); + return ret; +} + +/* Number of octets per line */ +#define LABELED_BUF_PRINT_WIDTH 15 + +static int print_labeled_buf(BIO *out, const char *label, + const unsigned char *buf, size_t buflen) +{ + size_t i; + + if (BIO_printf(out, "%s\n", label) <= 0) + return 0; + + for (i = 0; i < buflen; i++) { + if ((i % LABELED_BUF_PRINT_WIDTH) == 0) { + if (i > 0 && BIO_printf(out, "\n") <= 0) + return 0; + if (BIO_printf(out, " ") <= 0) + return 0; + } + + if (BIO_printf(out, "%02x%s", buf[i], + (i == buflen - 1) ? "" : ":") <= 0) + return 0; + } + if (BIO_printf(out, "\n") <= 0) + return 0; + + return 1; +} + +#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) +static int ffc_params_to_text(BIO *out, const FFC_PARAMS *ffc) +{ + if (ffc->nid != NID_undef) { +#ifndef OPENSSL_NO_DH + const char *name = ffc_named_group_from_uid(ffc->nid); + + if (name == NULL) + goto err; + if (BIO_printf(out, "GROUP: %s\n", name) <= 0) + goto err; + return 1; +#else + /* How could this be? We should not have a nid in a no-dh build. */ + goto err; +#endif + } + + if (!print_labeled_bignum(out, "P: ", ffc->p)) + goto err; + if (ffc->q != NULL) { + if (!print_labeled_bignum(out, "Q: ", ffc->q)) + goto err; + } + if (!print_labeled_bignum(out, "G: ", ffc->g)) + goto err; + if (ffc->j != NULL) { + if (!print_labeled_bignum(out, "J: ", ffc->j)) + goto err; + } + if (ffc->seed != NULL) { + if (!print_labeled_buf(out, "SEED:", ffc->seed, ffc->seedlen)) + goto err; + } + if (ffc->gindex != -1) { + if (BIO_printf(out, "gindex: %d\n", ffc->gindex) <= 0) + goto err; + } + if (ffc->pcounter != -1) { + if (BIO_printf(out, "pcounter: %d\n", ffc->pcounter) <= 0) + goto err; + } + if (ffc->h != 0) { + if (BIO_printf(out, "h: %d\n", ffc->h) <= 0) + goto err; + } + return 1; +err: + return 0; +} +#endif + +/* ---------------------------------------------------------------------- */ + +#ifndef OPENSSL_NO_DH +# define dh_param_selection OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS +# define dh_pub_selection (OSSL_KEYMGMT_SELECT_PUBLIC_KEY \ + | dh_param_selection) +# define dh_priv_selection (OSSL_KEYMGMT_SELECT_KEYPAIR \ + | dh_param_selection) + +static int dh_to_text(BIO *out, const void *key, int selection) +{ + const DH *dh = key; + const char *type_label = NULL; + const BIGNUM *priv_key = NULL, *pub_key = NULL; + const FFC_PARAMS *params = NULL; + const BIGNUM *p = NULL; + + if (out == NULL || dh == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) + type_label = "DH Private-Key"; + else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) + type_label = "DH Public-Key"; + else if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) + type_label = "DH Parameters"; + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + priv_key = DH_get0_priv_key(dh); + if (priv_key == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); + return 0; + } + } + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + pub_key = DH_get0_pub_key(dh); + if (pub_key == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); + return 0; + } + } + if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { + params = dh_get0_params((DH *)dh); + if (params == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_PARAMETERS); + return 0; + } + } + + p = DH_get0_p(dh); + if (p == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + return 0; + } + + if (BIO_printf(out, "%s: (%d bit)\n", type_label, BN_num_bits(p)) <= 0) + return 0; + if (priv_key != NULL + && !print_labeled_bignum(out, "private-key:", priv_key)) + return 0; + if (pub_key != NULL + && !print_labeled_bignum(out, "public-key:", pub_key)) + return 0; + if (params != NULL + && !ffc_params_to_text(out, params)) + return 0; + + return 1; +} +#endif + +/* ---------------------------------------------------------------------- */ + +#ifndef OPENSSL_NO_DSA +# define dsa_param_selection OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS +# define dsa_pub_selection (OSSL_KEYMGMT_SELECT_PUBLIC_KEY \ + | dsa_param_selection) +# define dsa_priv_selection (OSSL_KEYMGMT_SELECT_KEYPAIR \ + | dsa_param_selection) + +static int dsa_to_text(BIO *out, const void *key, int selection) +{ + const DSA *dsa = key; + const char *type_label = NULL; + const BIGNUM *priv_key = NULL, *pub_key = NULL; + const FFC_PARAMS *params = NULL; + const BIGNUM *p = NULL; + + if (out == NULL || dsa == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) + type_label = "Private-Key"; + else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) + type_label = "Public-Key"; + else if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) + type_label = "DSA-Parameters"; + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + priv_key = DSA_get0_priv_key(dsa); + if (priv_key == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); + return 0; + } + } + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + pub_key = DSA_get0_pub_key(dsa); + if (pub_key == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); + return 0; + } + } + if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { + params = dsa_get0_params((DSA *)dsa); + if (params == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_PARAMETERS); + return 0; + } + } + + p = DSA_get0_p(dsa); + if (p == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + return 0; + } + + if (BIO_printf(out, "%s: (%d bit)\n", type_label, BN_num_bits(p)) <= 0) + return 0; + if (priv_key != NULL + && !print_labeled_bignum(out, "priv:", priv_key)) + return 0; + if (pub_key != NULL + && !print_labeled_bignum(out, "pub: ", pub_key)) + return 0; + if (params != NULL + && !ffc_params_to_text(out, params)) + return 0; + + return 1; +} +#endif + +/* ---------------------------------------------------------------------- */ + +#ifndef OPENSSL_NO_EC +# define ec_param_selection OSSL_KEYMGMT_SELECT_ALL_PARAMETERS +# define ec_pub_selection (OSSL_KEYMGMT_SELECT_PUBLIC_KEY \ + | ec_param_selection) +# define ec_priv_selection (OSSL_KEYMGMT_SELECT_KEYPAIR \ + | ec_param_selection) + +static int ec_param_explicit_curve_to_text(BIO *out, const EC_GROUP *group, + BN_CTX *ctx) +{ + const char *plabel = "Prime:"; + BIGNUM *p = NULL, *a = NULL, *b = NULL; + + p = BN_CTX_get(ctx); + a = BN_CTX_get(ctx); + b = BN_CTX_get(ctx); + if (b == NULL + || !EC_GROUP_get_curve(group, p, a, b, ctx)) + return 0; + + if (EC_GROUP_get_field_type(group) == NID_X9_62_characteristic_two_field) { + int basis_type = EC_GROUP_get_basis_type(group); + + /* print the 'short name' of the base type OID */ + if (basis_type == NID_undef + || BIO_printf(out, "Basis Type: %s\n", OBJ_nid2sn(basis_type)) <= 0) + return 0; + plabel = "Polynomial:"; + } + return print_labeled_bignum(out, plabel, p) + && print_labeled_bignum(out, "A: ", a) + && print_labeled_bignum(out, "B: ", b); +} + +static int ec_param_explicit_gen_to_text(BIO *out, const EC_GROUP *group, + BN_CTX *ctx) +{ + const EC_POINT *point = NULL; + BIGNUM *gen = NULL; + const char *glabel = NULL; + point_conversion_form_t form; + + form = EC_GROUP_get_point_conversion_form(group); + point = EC_GROUP_get0_generator(group); + gen = BN_CTX_get(ctx); + + if (gen == NULL + || point == NULL + || EC_POINT_point2bn(group, point, form, gen, ctx) == NULL) + return 0; + + if (gen != NULL) { + switch (form) { + case POINT_CONVERSION_COMPRESSED: + glabel = "Generator (compressed):"; + break; + case POINT_CONVERSION_UNCOMPRESSED: + glabel = "Generator (uncompressed):"; + break; + case POINT_CONVERSION_HYBRID: + glabel = "Generator (hybrid):"; + break; + default: + return 0; + } + return print_labeled_bignum(out, glabel, gen); + } + return 1; +} + +/* Print explicit parameters */ +static int ec_param_explicit_to_text(BIO *out, const EC_GROUP *group, + OPENSSL_CTX *libctx) +{ + int ret = 0, tmp_nid; + BN_CTX *ctx = NULL; + const BIGNUM *order = NULL, *cofactor = NULL; + const unsigned char *seed; + size_t seed_len = 0; + + ctx = BN_CTX_new_ex(libctx); + if (ctx == NULL) + return 0; + BN_CTX_start(ctx); + + tmp_nid = EC_GROUP_get_field_type(group); + order = EC_GROUP_get0_order(group); + if (order == NULL) + goto err; + + seed = EC_GROUP_get0_seed(group); + if (seed != NULL) + seed_len = EC_GROUP_get_seed_len(group); + cofactor = EC_GROUP_get0_cofactor(group); + + /* print the 'short name' of the field type */ + if (BIO_printf(out, "Field Type: %s\n", OBJ_nid2sn(tmp_nid)) <= 0 + || !ec_param_explicit_curve_to_text(out, group, ctx) + || !ec_param_explicit_gen_to_text(out, group, ctx) + || !print_labeled_bignum(out, "Order: ", order) + || (cofactor != NULL + && !print_labeled_bignum(out, "Cofactor: ", cofactor)) + || (seed != NULL + && !print_labeled_buf(out, "Seed:", seed, seed_len))) + goto err; + ret = 1; +err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return ret; +} + +static int ec_param_to_text(BIO *out, const EC_GROUP *group, + OPENSSL_CTX *libctx) +{ + if (EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE) { + const char *curve_name; + int curve_nid = EC_GROUP_get_curve_name(group); + + /* Explicit parameters */ + if (curve_nid == NID_undef) + return 0; + + if (BIO_printf(out, "%s: %s\n", "ASN1 OID", OBJ_nid2sn(curve_nid)) <= 0) + return 0; + + curve_name = EC_curve_nid2nist(curve_nid); + return (curve_name == NULL + || BIO_printf(out, "%s: %s\n", "NIST CURVE", curve_name) > 0); + } else { + return ec_param_explicit_to_text(out, group, libctx); + } +} + +static int ec_to_text(BIO *out, const void *key, int selection) +{ + const EC_KEY *ec = key; + const char *type_label = NULL; + unsigned char *priv = NULL, *pub = NULL; + size_t priv_len = 0, pub_len = 0; + const EC_GROUP *group; + int ret = 0; + + if (out == NULL || ec == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if ((group = EC_KEY_get0_group(ec)) == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + return 0; + } + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) + type_label = "Private-Key"; + else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) + type_label = "Public-Key"; + else if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) + type_label = "EC-Parameters"; + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + const BIGNUM *priv_key = EC_KEY_get0_private_key(ec); + + if (priv_key == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); + goto err; + } + priv_len = EC_KEY_priv2buf(ec, &priv); + if (priv_len == 0) + goto err; + } + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + const EC_POINT *pub_pt = EC_KEY_get0_public_key(ec); + + if (pub_pt == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); + goto err; + } + + pub_len = EC_KEY_key2buf(ec, EC_KEY_get_conv_form(ec), &pub, NULL); + if (pub_len == 0) + goto err; + } + + if (BIO_printf(out, "%s: (%d bit)\n", type_label, + EC_GROUP_order_bits(group)) <= 0) + goto err; + if (priv != NULL + && !print_labeled_buf(out, "priv:", priv, priv_len)) + goto err; + if (pub != NULL + && !print_labeled_buf(out, "pub:", pub, pub_len)) + goto err; + if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) + ret = ec_param_to_text(out, group, ec_key_get_libctx(ec)); +err: + OPENSSL_clear_free(priv, priv_len); + OPENSSL_free(pub); + return ret; +} +#endif + +/* ---------------------------------------------------------------------- */ + +#ifndef OPENSSL_NO_EC +# define ecx_pub_selection OSSL_KEYMGMT_SELECT_PUBLIC_KEY +# define ecx_priv_selection OSSL_KEYMGMT_SELECT_KEYPAIR + +static int ecx_to_text(BIO *out, const void *key, int selection) +{ + const ECX_KEY *ecx = key; + const char *type_label = NULL; + + if (out == NULL || ecx == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + if (ecx->privkey == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); + return 0; + } + + switch (ecx->type) { + case ECX_KEY_TYPE_X25519: + type_label = "X25519 Private-Key"; + break; + case ECX_KEY_TYPE_X448: + type_label = "X448 Private-Key"; + break; + case ECX_KEY_TYPE_ED25519: + type_label = "ED25519 Private-Key"; + break; + case ECX_KEY_TYPE_ED448: + type_label = "ED448 Private-Key"; + break; + } + } else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + /* ecx->pubkey is an array, not a pointer... */ + if (!ecx->haspubkey) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); + return 0; + } + + switch (ecx->type) { + case ECX_KEY_TYPE_X25519: + type_label = "X25519 Public-Key"; + break; + case ECX_KEY_TYPE_X448: + type_label = "X448 Public-Key"; + break; + case ECX_KEY_TYPE_ED25519: + type_label = "ED25519 Public-Key"; + break; + case ECX_KEY_TYPE_ED448: + type_label = "ED448 Public-Key"; + break; + } + } + + if (BIO_printf(out, "%s:\n", type_label) <= 0) + return 0; + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 + && !print_labeled_buf(out, "priv:", ecx->privkey, ecx->keylen)) + return 0; + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0 + && !print_labeled_buf(out, "pub:", ecx->pubkey, ecx->keylen)) + return 0; + + return 1; +} +#endif + +/* ---------------------------------------------------------------------- */ + +#define rsa_param_selection OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS +#define rsa_pub_selection (OSSL_KEYMGMT_SELECT_PUBLIC_KEY \ + | rsa_param_selection) +#define rsa_priv_selection (OSSL_KEYMGMT_SELECT_KEYPAIR \ + | rsa_param_selection) + +static int rsa_to_text(BIO *out, const void *key, int selection) +{ + const RSA *rsa = key; + const char *type_label = "RSA key"; + const char *modulus_label; + const char *exponent_label; + const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL; + STACK_OF(BIGNUM_const) *factors = NULL; + STACK_OF(BIGNUM_const) *exps = NULL; + STACK_OF(BIGNUM_const) *coeffs = NULL; + int primes; + const RSA_PSS_PARAMS_30 *pss_params = rsa_get0_pss_params_30((RSA *)rsa); + int ret = 0; + + if (out == NULL || rsa == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + goto err; + } + + factors = sk_BIGNUM_const_new_null(); + exps = sk_BIGNUM_const_new_null(); + coeffs = sk_BIGNUM_const_new_null(); + + if (factors == NULL || exps == NULL || coeffs == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + goto err; + } + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + type_label = "Private-Key"; + modulus_label = "modulus:"; + exponent_label = "publicExponent:"; + } else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + type_label = "Public-Key"; + modulus_label = "Modulus:"; + exponent_label = "Exponent:"; + } + + RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d); + rsa_get0_all_params((RSA *)rsa, factors, exps, coeffs); + primes = sk_BIGNUM_const_num(factors); + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + if (BIO_printf(out, "%s: (%d bit, %d primes)\n", + type_label, BN_num_bits(rsa_n), primes) <= 0) + goto err; + } else { + if (BIO_printf(out, "%s: (%d bit)\n", + type_label, BN_num_bits(rsa_n)) <= 0) + goto err; + } + + if (!print_labeled_bignum(out, modulus_label, rsa_n)) + goto err; + if (!print_labeled_bignum(out, exponent_label, rsa_e)) + goto err; + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + int i; + + if (!print_labeled_bignum(out, "privateExponent:", rsa_d)) + goto err; + if (!print_labeled_bignum(out, "prime1:", + sk_BIGNUM_const_value(factors, 0))) + goto err; + if (!print_labeled_bignum(out, "prime2:", + sk_BIGNUM_const_value(factors, 1))) + goto err; + if (!print_labeled_bignum(out, "exponent1:", + sk_BIGNUM_const_value(exps, 0))) + goto err; + if (!print_labeled_bignum(out, "exponent2:", + sk_BIGNUM_const_value(exps, 1))) + goto err; + if (!print_labeled_bignum(out, "coefficient:", + sk_BIGNUM_const_value(coeffs, 0))) + goto err; + for (i = 2; i < sk_BIGNUM_const_num(factors); i++) { + if (BIO_printf(out, "prime%d:", i + 1) <= 0) + goto err; + if (!print_labeled_bignum(out, NULL, + sk_BIGNUM_const_value(factors, i))) + goto err; + if (BIO_printf(out, "exponent%d:", i + 1) <= 0) + goto err; + if (!print_labeled_bignum(out, NULL, + sk_BIGNUM_const_value(exps, i))) + goto err; + if (BIO_printf(out, "coefficient%d:", i + 1) <= 0) + goto err; + if (!print_labeled_bignum(out, NULL, + sk_BIGNUM_const_value(coeffs, i - 1))) + goto err; + } + } + + if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) { + switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { + case RSA_FLAG_TYPE_RSA: + if (!rsa_pss_params_30_is_unrestricted(pss_params)) { + if (BIO_printf(out, "(INVALID PSS PARAMETERS)\n") <= 0) + goto err; + } + break; + case RSA_FLAG_TYPE_RSASSAPSS: + if (rsa_pss_params_30_is_unrestricted(pss_params)) { + if (BIO_printf(out, "No PSS parameter restrictions\n") <= 0) + goto err; + } else { + int hashalg_nid = rsa_pss_params_30_hashalg(pss_params); + int maskgenalg_nid = rsa_pss_params_30_maskgenalg(pss_params); + int maskgenhashalg_nid = + rsa_pss_params_30_maskgenhashalg(pss_params); + int saltlen = rsa_pss_params_30_saltlen(pss_params); + int trailerfield = rsa_pss_params_30_trailerfield(pss_params); + + if (BIO_printf(out, "PSS parameter restrictions:\n") <= 0) + goto err; + if (BIO_printf(out, " Hash Algorithm: %s%s\n", + rsa_oaeppss_nid2name(hashalg_nid), + (hashalg_nid == NID_sha1 + ? " (default)" : "")) <= 0) + goto err; + if (BIO_printf(out, " Mask Algorithm: %s with %s%s\n", + rsa_mgf_nid2name(maskgenalg_nid), + rsa_oaeppss_nid2name(maskgenhashalg_nid), + (maskgenalg_nid == NID_mgf1 + && maskgenhashalg_nid == NID_sha1 + ? " (default)" : "")) <= 0) + goto err; + if (BIO_printf(out, " Minimum Salt Length: %d%s\n", + saltlen, + (saltlen == 20 ? " (default)" : "")) <= 0) + goto err; + /* + * TODO(3.0) Should we show the ASN.1 trailerField value, or + * the actual trailerfield byte (i.e. 0xBC for 1)? + * crypto/rsa/rsa_ameth.c isn't very clear on that, as it + * does display 0xBC when the default applies, but the ASN.1 + * trailerField value otherwise... + */ + if (BIO_printf(out, " Trailer Field: 0x%x%s\n", + trailerfield, + (trailerfield == 1 ? " (default)" : "")) <= 0) + goto err; + } + break; + } + } + + ret = 1; + err: + sk_BIGNUM_const_free(factors); + sk_BIGNUM_const_free(exps); + sk_BIGNUM_const_free(coeffs); + return ret; +} + +/* ---------------------------------------------------------------------- */ + +static void *key2text_newctx(void *provctx) +{ + return provctx; +} + +static void key2text_freectx(ossl_unused void *vctx) +{ +} + +static int key2text_encode(void *vctx, const void *key, int selection, + OSSL_CORE_BIO *cout, + int (*key2text)(BIO *out, const void *key, + int selection), + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) +{ + BIO *out = bio_new_from_core_bio(vctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = key2text(out, key, selection); + BIO_free(out); + + return ret; +} + +#define MAKE_TEXT_ENCODER_KIND(impl, kind, type) \ + static OSSL_FUNC_encoder_encode_data_fn \ + impl##_##kind##2text_encode_d; \ + static OSSL_FUNC_encoder_encode_object_fn \ + impl##_##kind##2text_encode_o; \ + static int \ + impl##_##kind##2text_encode_d(void *ctx, const OSSL_PARAM params[], \ + OSSL_CORE_BIO *cout, \ + OSSL_PASSPHRASE_CALLBACK *cb, \ + void *cbarg) \ + { \ + int selection = type##_##kind##_selection; \ + void *key = ossl_prov_import_key(impl##_keymgmt_functions, \ + ctx, selection, params); \ + int ret; \ + \ + if (key == NULL) \ + return 0; \ + \ + ret = impl##_##kind##2text_encode_o(ctx, key, cout, cb, cbarg); \ + ossl_prov_free_key(impl##_keymgmt_functions, key); \ + return ret; \ + } \ + static int \ + impl##_##kind##2text_encode_o(void *vctx, const void *key, \ + OSSL_CORE_BIO *cout, \ + OSSL_PASSPHRASE_CALLBACK *cb, \ + void *cbarg) \ + { \ + int selection = type##_##kind##_selection; \ + \ + return key2text_encode(vctx, key, selection, cout, \ + type##_to_text, cb, cbarg); \ + } \ + const OSSL_DISPATCH impl##_##kind##_to_text_encoder_functions[] = { \ + { OSSL_FUNC_ENCODER_NEWCTX, \ + (void (*)(void))key2text_newctx }, \ + { OSSL_FUNC_ENCODER_FREECTX, \ + (void (*)(void))key2text_freectx }, \ + { OSSL_FUNC_ENCODER_ENCODE_DATA, \ + (void (*)(void))impl##_##kind##2text_encode_d }, \ + { OSSL_FUNC_ENCODER_ENCODE_OBJECT, \ + (void (*)(void))impl##_##kind##2text_encode_o }, \ + { 0, NULL } \ + } + +#define MAKE_TEXT_ENCODER(impl, type) \ + MAKE_TEXT_ENCODER_KIND(impl, param, type); \ + MAKE_TEXT_ENCODER_KIND(impl, pub, type); \ + MAKE_TEXT_ENCODER_KIND(impl, priv, type) + +#define MAKE_TEXT_ENCODER_NOPARAM(impl, type) \ + MAKE_TEXT_ENCODER_KIND(impl, pub, type); \ + MAKE_TEXT_ENCODER_KIND(impl, priv, type) + +#ifndef OPENSSL_NO_DH +MAKE_TEXT_ENCODER(dh, dh); +#endif +#ifndef OPENSSL_NO_DSA +MAKE_TEXT_ENCODER(dsa, dsa); +#endif +#ifndef OPENSSL_NO_EC +MAKE_TEXT_ENCODER(ec, ec); +MAKE_TEXT_ENCODER_NOPARAM(ed25519, ecx); +MAKE_TEXT_ENCODER_NOPARAM(ed448, ecx); +MAKE_TEXT_ENCODER_NOPARAM(x25519, ecx); +MAKE_TEXT_ENCODER_NOPARAM(x448, ecx); +#endif +MAKE_TEXT_ENCODER_NOPARAM(rsa, rsa); diff --git a/providers/implementations/encode_decode/encoder_common.c b/providers/implementations/encode_decode/encoder_common.c deleted file mode 100644 index 4d8348b3fc..0000000000 --- a/providers/implementations/encode_decode/encoder_common.c +++ /dev/null @@ -1,397 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include /* SIXTY_FOUR_BIT_LONG, ... */ -#include -#include /* PEM_BUFSIZE */ -#include /* PKCS8_encrypt() */ -#include -#include /* i2d_X509_PUBKEY_bio() */ -#include "crypto/bn.h" /* bn_get_words() */ -#include "crypto/ctype.h" -#include "crypto/ecx.h" -#include "prov/bio.h" /* ossl_prov_bio_printf() */ -#include "prov/implementations.h" -#include "prov/providercommonerr.h" /* PROV_R_READ_KEY */ -#include "encoder_local.h" - -static PKCS8_PRIV_KEY_INFO * -ossl_prov_p8info_from_obj(const void *obj, int obj_nid, - void *params, - int params_type, - int (*k2d)(const void *obj, - unsigned char **pder)) -{ - /* der, derlen store the key DER output and its length */ - unsigned char *der = NULL; - int derlen; - /* The final PKCS#8 info */ - PKCS8_PRIV_KEY_INFO *p8info = NULL; - - - if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL - || (derlen = k2d(obj, &der)) <= 0 - || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(obj_nid), 0, - params_type, params, der, derlen)) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - PKCS8_PRIV_KEY_INFO_free(p8info); - OPENSSL_free(der); - p8info = NULL; - } - - return p8info; -} - -static X509_SIG *ossl_prov_encp8_from_p8info(PKCS8_PRIV_KEY_INFO *p8info, - struct pkcs8_encrypt_ctx_st *ctx) -{ - X509_SIG *p8 = NULL; - char buf[PEM_BUFSIZE]; - const void *kstr = ctx->cipher_pass; - size_t klen = ctx->cipher_pass_length; - - if (ctx->cipher == NULL) - return NULL; - - if (kstr == NULL) { - if (!ctx->cb(buf, sizeof(buf), &klen, NULL, ctx->cbarg)) { - ERR_raise(ERR_LIB_PROV, PROV_R_READ_KEY); - return NULL; - } - kstr = buf; - } - /* NID == -1 means "standard" */ - p8 = PKCS8_encrypt(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info); - if (kstr == buf) - OPENSSL_cleanse(buf, klen); - return p8; -} - -static X509_SIG *ossl_prov_encp8_from_obj(const void *obj, int obj_nid, - void *params, - int params_type, - int (*k2d)(const void *obj, - unsigned char **pder), - struct pkcs8_encrypt_ctx_st *ctx) -{ - PKCS8_PRIV_KEY_INFO *p8info = - ossl_prov_p8info_from_obj(obj, obj_nid, params, params_type, k2d); - X509_SIG *p8 = ossl_prov_encp8_from_p8info(p8info, ctx); - - PKCS8_PRIV_KEY_INFO_free(p8info); - return p8; -} - -static X509_PUBKEY *ossl_prov_pubkey_from_obj(const void *obj, int obj_nid, - void *params, - int params_type, - int (*k2d)(const void *obj, - unsigned char **pder)) -{ - /* der, derlen store the key DER output and its length */ - unsigned char *der = NULL; - int derlen; - /* The final X509_PUBKEY */ - X509_PUBKEY *xpk = NULL; - - - if ((xpk = X509_PUBKEY_new()) == NULL - || (derlen = k2d(obj, &der)) <= 0 - || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(obj_nid), - params_type, params, der, derlen)) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - X509_PUBKEY_free(xpk); - OPENSSL_free(der); - xpk = NULL; - } - - return xpk; -} - -OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_new(const OSSL_DISPATCH *fns) -{ - /* Pilfer the keymgmt dispatch table */ - for (; fns->function_id != 0; fns++) - if (fns->function_id == OSSL_FUNC_KEYMGMT_NEW) - return OSSL_FUNC_keymgmt_new(fns); - - return NULL; -} - -OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_free(const OSSL_DISPATCH *fns) -{ - /* Pilfer the keymgmt dispatch table */ - for (; fns->function_id != 0; fns++) - if (fns->function_id == OSSL_FUNC_KEYMGMT_FREE) - return OSSL_FUNC_keymgmt_free(fns); - - return NULL; -} - -OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_import(const OSSL_DISPATCH *fns) -{ - /* Pilfer the keymgmt dispatch table */ - for (; fns->function_id != 0; fns++) - if (fns->function_id == OSSL_FUNC_KEYMGMT_IMPORT) - return OSSL_FUNC_keymgmt_import(fns); - - return NULL; -} - -OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_export(const OSSL_DISPATCH *fns) -{ - /* Pilfer the keymgmt dispatch table */ - for (; fns->function_id != 0; fns++) - if (fns->function_id == OSSL_FUNC_KEYMGMT_EXPORT) - return OSSL_FUNC_keymgmt_export(fns); - - return NULL; -} - -# ifdef SIXTY_FOUR_BIT_LONG -# define BN_FMTu "%lu" -# define BN_FMTx "%lx" -# endif - -# ifdef SIXTY_FOUR_BIT -# define BN_FMTu "%llu" -# define BN_FMTx "%llx" -# endif - -# ifdef THIRTY_TWO_BIT -# define BN_FMTu "%u" -# define BN_FMTx "%x" -# endif - -int ossl_prov_print_labeled_bignum(BIO *out, const char *label, - const BIGNUM *bn) -{ - int ret = 0, use_sep = 0; - char *hex_str = NULL, *p; - const char spaces[] = " "; - const char *post_label_spc = " "; - - const char *neg = ""; - int bytes; - - if (bn == NULL) - return 0; - if (label == NULL) { - label = ""; - post_label_spc = ""; - } - - if (BN_is_zero(bn)) - return BIO_printf(out, "%s%s0\n", label, post_label_spc); - - if (BN_num_bytes(bn) <= BN_BYTES) { - BN_ULONG *words = bn_get_words(bn); - - if (BN_is_negative(bn)) - neg = "-"; - - return BIO_printf(out, "%s%s%s" BN_FMTu " (%s0x" BN_FMTx ")\n", - label, post_label_spc, neg, words[0], neg, words[0]); - } - - hex_str = BN_bn2hex(bn); - p = hex_str; - if (*p == '-') { - ++p; - neg = " (Negative)"; - } - if (BIO_printf(out, "%s%s\n", label, neg) <= 0) - goto err; - - /* Keep track of how many bytes we have printed out so far */ - bytes = 0; - - if (BIO_printf(out, "%s", spaces) <= 0) - goto err; - - /* Add a leading 00 if the top bit is set */ - if (*p >= '8') { - if (BIO_printf(out, "%02x", 0) <= 0) - goto err; - ++bytes; - use_sep = 1; - } - while (*p != '\0') { - /* Do a newline after every 15 hex bytes + add the space indent */ - if ((bytes % 15) == 0 && bytes > 0) { - if (BIO_printf(out, ":\n%s", spaces) <= 0) - goto err; - use_sep = 0; /* The first byte on the next line doesnt have a : */ - } - if (BIO_printf(out, "%s%c%c", use_sep ? ":" : "", - ossl_tolower(p[0]), ossl_tolower(p[1])) <= 0) - goto err; - ++bytes; - p += 2; - use_sep = 1; - } - if (BIO_printf(out, "\n") <= 0) - goto err; - ret = 1; -err: - OPENSSL_free(hex_str); - return ret; -} - -/* Number of octets per line */ -#define LABELED_BUF_PRINT_WIDTH 15 - -int ossl_prov_print_labeled_buf(BIO *out, const char *label, - const unsigned char *buf, size_t buflen) -{ - size_t i; - - if (BIO_printf(out, "%s\n", label) <= 0) - return 0; - - for (i = 0; i < buflen; i++) { - if ((i % LABELED_BUF_PRINT_WIDTH) == 0) { - if (i > 0 && BIO_printf(out, "\n") <= 0) - return 0; - if (BIO_printf(out, " ") <= 0) - return 0; - } - - if (BIO_printf(out, "%02x%s", buf[i], - (i == buflen - 1) ? "" : ":") <= 0) - return 0; - } - if (BIO_printf(out, "\n") <= 0) - return 0; - - return 1; -} - -/* p2s = param to asn1, k2d = key to der */ -int ossl_prov_write_priv_der_from_obj(BIO *out, const void *obj, int obj_nid, - int (*p2s)(const void *obj, int nid, - void **str, - int *strtype), - int (*k2d)(const void *obj, - unsigned char **pder), - struct pkcs8_encrypt_ctx_st *ctx) -{ - int ret = 0; - void *str = NULL; - int strtype = V_ASN1_UNDEF; - - if (p2s != NULL && !p2s(obj, obj_nid, &str, &strtype)) - return 0; - - if (ctx->cipher_intent) { - X509_SIG *p8 = - ossl_prov_encp8_from_obj(obj, obj_nid, str, strtype, k2d, ctx); - - if (p8 != NULL) - ret = i2d_PKCS8_bio(out, p8); - - X509_SIG_free(p8); - } else { - PKCS8_PRIV_KEY_INFO *p8info = - ossl_prov_p8info_from_obj(obj, obj_nid, str, strtype, k2d); - - if (p8info != NULL) - ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info); - - PKCS8_PRIV_KEY_INFO_free(p8info); - } - - return ret; -} - -int ossl_prov_write_priv_pem_from_obj(BIO *out, const void *obj, int obj_nid, - int (*p2s)(const void *obj, int nid, - void **str, - int *strtype), - int (*k2d)(const void *obj, - unsigned char **pder), - struct pkcs8_encrypt_ctx_st *ctx) -{ - int ret = 0; - void *str = NULL; - int strtype = V_ASN1_UNDEF; - - if (p2s != NULL && !p2s(obj, obj_nid, &str, &strtype)) - return 0; - - if (ctx->cipher_intent) { - X509_SIG *p8 = ossl_prov_encp8_from_obj(obj, obj_nid, str, strtype, - k2d, ctx); - - if (p8 != NULL) - ret = PEM_write_bio_PKCS8(out, p8); - - X509_SIG_free(p8); - } else { - PKCS8_PRIV_KEY_INFO *p8info = - ossl_prov_p8info_from_obj(obj, obj_nid, str, strtype, k2d); - - if (p8info != NULL) - ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info); - - PKCS8_PRIV_KEY_INFO_free(p8info); - } - - return ret; -} - -int ossl_prov_write_pub_der_from_obj(BIO *out, const void *obj, int obj_nid, - int (*p2s)(const void *obj, int nid, - void **str, - int *strtype), - int (*k2d)(const void *obj, - unsigned char **pder)) -{ - int ret = 0; - void *str = NULL; - int strtype = V_ASN1_UNDEF; - X509_PUBKEY *xpk = NULL; - - if (p2s != NULL && !p2s(obj, obj_nid, &str, &strtype)) - return 0; - - xpk = ossl_prov_pubkey_from_obj(obj, obj_nid, str, strtype, k2d); - - if (xpk != NULL) - ret = i2d_X509_PUBKEY_bio(out, xpk); - - /* Also frees |str| */ - X509_PUBKEY_free(xpk); - return ret; -} - -int ossl_prov_write_pub_pem_from_obj(BIO *out, const void *obj, int obj_nid, - int (*p2s)(const void *obj, int nid, - void **str, - int *strtype), - int (*k2d)(const void *obj, - unsigned char **pder)) -{ - int ret = 0; - void *str = NULL; - int strtype = V_ASN1_UNDEF; - X509_PUBKEY *xpk = NULL; - - if (p2s != NULL && !p2s(obj, obj_nid, &str, &strtype)) - return 0; - - xpk = ossl_prov_pubkey_from_obj(obj, obj_nid, str, strtype, k2d); - - if (xpk != NULL) - ret = PEM_write_bio_X509_PUBKEY(out, xpk); - - /* Also frees |str| */ - X509_PUBKEY_free(xpk); - return ret; -} diff --git a/providers/implementations/encode_decode/encoder_dh.c b/providers/implementations/encode_decode/encoder_dh.c deleted file mode 100644 index d9578f46c4..0000000000 --- a/providers/implementations/encode_decode/encoder_dh.c +++ /dev/null @@ -1,166 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DH low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "prov/bio.h" /* ossl_prov_bio_printf() */ -#include "prov/implementations.h" /* rsa_keymgmt_functions */ -#include "prov/providercommonerr.h" /* PROV_R_BN_ERROR */ -#include "internal/ffc.h" -#include "crypto/dh.h" -#include "encoder_local.h" - -OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_dh_new(void) -{ - return ossl_prov_get_keymgmt_new(dh_keymgmt_functions); -} - -OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_dh_free(void) -{ - return ossl_prov_get_keymgmt_free(dh_keymgmt_functions); -} - -OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_dh_import(void) -{ - return ossl_prov_get_keymgmt_import(dh_keymgmt_functions); -} - -int ossl_prov_print_dh(BIO *out, DH *dh, enum dh_print_type type) -{ - const char *type_label = NULL; - const BIGNUM *priv_key = NULL, *pub_key = NULL; - const BIGNUM *p = NULL; - - switch (type) { - case dh_print_priv: - type_label = "DH Private-Key"; - break; - case dh_print_pub: - type_label = "DH Public-Key"; - break; - case dh_print_params: - type_label = "DH Parameters"; - break; - } - - if (type == dh_print_priv) { - priv_key = DH_get0_priv_key(dh); - if (priv_key == NULL) - goto null_err; - } - - if (type == dh_print_priv || type == dh_print_pub) { - pub_key = DH_get0_pub_key(dh); - if (pub_key == NULL) - goto null_err; - } - - p = DH_get0_p(dh); - if (p == NULL) - goto null_err; - - if (BIO_printf(out, "%s: (%d bit)\n", type_label, BN_num_bits(p)) - <= 0) - goto err; - if (priv_key != NULL - && !ossl_prov_print_labeled_bignum(out, "private-key:", priv_key)) - goto err; - if (pub_key != NULL - && !ossl_prov_print_labeled_bignum(out, "public-key:", pub_key)) - goto err; - if (!ffc_params_prov_print(out, dh_get0_params(dh))) - goto err; - - return 1; - err: - return 0; - null_err: - ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); - goto err; -} - -int ossl_prov_prepare_dh_params(const void *dh, int nid, - void **pstr, int *pstrtype) -{ - ASN1_STRING *params = ASN1_STRING_new(); - - if (params == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (nid == EVP_PKEY_DHX) - params->length = i2d_DHxparams(dh, ¶ms->data); - else - params->length = i2d_DHparams(dh, ¶ms->data); - - if (params->length <= 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - ASN1_STRING_free(params); - return 0; - } - params->type = V_ASN1_SEQUENCE; - - *pstr = params; - *pstrtype = V_ASN1_SEQUENCE; - return 1; -} - -int ossl_prov_dh_pub_to_der(const void *dh, unsigned char **pder) -{ - const BIGNUM *bn = NULL; - ASN1_INTEGER *pub_key = NULL; - int ret; - - if ((bn = DH_get0_pub_key(dh)) == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); - return 0; - } - if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); - return 0; - } - - ret = i2d_ASN1_INTEGER(pub_key, pder); - - ASN1_STRING_clear_free(pub_key); - return ret; -} - -int ossl_prov_dh_priv_to_der(const void *dh, unsigned char **pder) -{ - const BIGNUM *bn = NULL; - ASN1_INTEGER *priv_key = NULL; - int ret; - - if ((bn = DH_get0_priv_key(dh)) == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); - return 0; - } - if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); - return 0; - } - - ret = i2d_ASN1_INTEGER(priv_key, pder); - - ASN1_STRING_clear_free(priv_key); - return ret; -} - - -int ossl_prov_dh_type_to_evp(const DH *dh) -{ - return DH_test_flags(dh, DH_FLAG_TYPE_DHX) ? EVP_PKEY_DHX : EVP_PKEY_DH; -} diff --git a/providers/implementations/encode_decode/encoder_dh_param.c b/providers/implementations/encode_decode/encoder_dh_param.c deleted file mode 100644 index 32c8769b5e..0000000000 --- a/providers/implementations/encode_decode/encoder_dh_param.c +++ /dev/null @@ -1,186 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DH low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include "prov/bio.h" -#include "prov/implementations.h" -#include "prov/providercommonerr.h" -#include "prov/provider_ctx.h" -#include "encoder_local.h" - -static OSSL_FUNC_encoder_newctx_fn dh_param_newctx; -static OSSL_FUNC_encoder_freectx_fn dh_param_freectx; -static OSSL_FUNC_encoder_encode_data_fn dh_param_der_data; -static OSSL_FUNC_encoder_encode_object_fn dh_param_der; -static OSSL_FUNC_encoder_encode_data_fn dh_param_pem_data; -static OSSL_FUNC_encoder_encode_object_fn dh_param_pem; - -static OSSL_FUNC_encoder_encode_data_fn dh_param_print_data; -static OSSL_FUNC_encoder_encode_object_fn dh_param_print; - -/* Parameters : context */ - -/* - * There's no specific implementation context, so we use the provider context - */ -static void *dh_param_newctx(void *provctx) -{ - return provctx; -} - -static void dh_param_freectx(void *ctx) -{ -} - -/* Public key : DER */ -static int dh_param_der_data(void *ctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); - OSSL_FUNC_keymgmt_free_fn *dh_free = ossl_prov_get_keymgmt_dh_free(); - OSSL_FUNC_keymgmt_import_fn *dh_import = ossl_prov_get_keymgmt_dh_import(); - int ok = 0; - - if (dh_import != NULL) { - DH *dh; - - /* ctx == provctx */ - if ((dh = dh_new(ctx)) != NULL - && dh_import(dh, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, params) - && dh_param_der(ctx, dh, out, cb, cbarg)) - ok = 1; - dh_free(dh); - } - return ok; -} - -static int dh_param_der(void *ctx, void *dh, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - ret = i2d_DHparams_bio(out, dh); - BIO_free(out); - - return ret; -} - -/* Public key : PEM */ -static int dh_param_pem_data(void *ctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); - OSSL_FUNC_keymgmt_free_fn *dh_free = ossl_prov_get_keymgmt_dh_free(); - OSSL_FUNC_keymgmt_import_fn *dh_import = ossl_prov_get_keymgmt_dh_import(); - int ok = 0; - - if (dh_import != NULL) { - DH *dh; - - /* ctx == provctx */ - if ((dh = dh_new(ctx)) != NULL - && dh_import(dh, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, params) - && dh_param_pem(ctx, dh, out, cb, cbarg)) - ok = 1; - dh_free(dh); - } - return ok; -} - -static int dh_param_pem(void *ctx, void *dh, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = PEM_write_bio_DHparams(out, dh); - BIO_free(out); - - return ret; -} - -static int dh_param_print_data(void *ctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); - OSSL_FUNC_keymgmt_free_fn *dh_free = ossl_prov_get_keymgmt_dh_free(); - OSSL_FUNC_keymgmt_import_fn *dh_import = ossl_prov_get_keymgmt_dh_import(); - int ok = 0; - - if (dh_import != NULL) { - DH *dh; - - /* ctx == provctx */ - if ((dh = dh_new(ctx)) != NULL - && dh_import(dh, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, params) - && dh_param_print(ctx, dh, out, cb, cbarg)) - ok = 1; - dh_free(dh); - } - return ok; -} - -static int dh_param_print(void *ctx, void *dh, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_print_dh(out, dh, dh_print_params); - BIO_free(out); - - return ret; -} - -const OSSL_DISPATCH dh_param_der_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dh_param_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dh_param_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))dh_param_der_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dh_param_der }, - { 0, NULL } -}; - -const OSSL_DISPATCH dh_param_pem_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dh_param_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dh_param_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))dh_param_pem_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dh_param_pem }, - { 0, NULL } -}; - -const OSSL_DISPATCH dh_param_text_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dh_param_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dh_param_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dh_param_print }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, - (void (*)(void))dh_param_print_data }, - { 0, NULL } -}; diff --git a/providers/implementations/encode_decode/encoder_dh_priv.c b/providers/implementations/encode_decode/encoder_dh_priv.c deleted file mode 100644 index dd94223084..0000000000 --- a/providers/implementations/encode_decode/encoder_dh_priv.c +++ /dev/null @@ -1,295 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DH low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include -#include -#include "prov/bio.h" -#include "prov/implementations.h" -#include "prov/provider_ctx.h" -#include "encoder_local.h" - -#define DH_SELECT_PRIVATE_IMPORTABLE \ - (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) - -static OSSL_FUNC_encoder_newctx_fn dh_priv_newctx; -static OSSL_FUNC_encoder_freectx_fn dh_priv_freectx; -static OSSL_FUNC_encoder_set_ctx_params_fn dh_priv_set_ctx_params; -static OSSL_FUNC_encoder_settable_ctx_params_fn dh_priv_settable_ctx_params; -static OSSL_FUNC_encoder_encode_data_fn dh_priv_der_data; -static OSSL_FUNC_encoder_encode_object_fn dh_priv_der; -static OSSL_FUNC_encoder_encode_data_fn dh_pem_priv_data; -static OSSL_FUNC_encoder_encode_object_fn dh_pem_priv; - -static OSSL_FUNC_encoder_newctx_fn dh_print_newctx; -static OSSL_FUNC_encoder_freectx_fn dh_print_freectx; -static OSSL_FUNC_encoder_encode_data_fn dh_priv_print_data; -static OSSL_FUNC_encoder_encode_object_fn dh_priv_print; - -/* - * Context used for private key encoding. - */ -struct dh_priv_ctx_st { - void *provctx; - - struct pkcs8_encrypt_ctx_st sc; -}; - -/* Private key : context */ -static void *dh_priv_newctx(void *provctx) -{ - struct dh_priv_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx != NULL) { - ctx->provctx = provctx; - - /* -1 is the "whatever" indicator, i.e. the PKCS8 library default PBE */ - ctx->sc.pbe_nid = -1; - } - return ctx; -} - -static void dh_priv_freectx(void *vctx) -{ - struct dh_priv_ctx_st *ctx = vctx; - - EVP_CIPHER_free(ctx->sc.cipher); - OPENSSL_free(ctx->sc.cipher_pass); - OPENSSL_free(ctx); -} - -static const OSSL_PARAM *dh_priv_settable_ctx_params(ossl_unused void *provctx) -{ - static const OSSL_PARAM settables[] = { - OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0), - OSSL_PARAM_octet_string(OSSL_ENCODER_PARAM_PASS, NULL, 0), - OSSL_PARAM_END, - }; - - return settables; -} - -static int dh_priv_set_ctx_params(void *vctx, const OSSL_PARAM params[]) -{ - struct dh_priv_ctx_st *ctx = vctx; - const OSSL_PARAM *p; - - if ((p = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER)) - != NULL) { - const OSSL_PARAM *propsp = - OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES); - const char *props = NULL; - - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - if (propsp != NULL && propsp->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - props = (propsp != NULL ? propsp->data : NULL); - - EVP_CIPHER_free(ctx->sc.cipher); - ctx->sc.cipher_intent = p->data != NULL; - if (p->data != NULL - && ((ctx->sc.cipher = EVP_CIPHER_fetch(NULL, p->data, props)) - == NULL)) - return 0; - } - if ((p = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PASS)) - != NULL) { - OPENSSL_free(ctx->sc.cipher_pass); - ctx->sc.cipher_pass = NULL; - if (!OSSL_PARAM_get_octet_string(p, &ctx->sc.cipher_pass, 0, - &ctx->sc.cipher_pass_length)) - return 0; - } - return 1; -} - -/* Private key : DER */ -static int dh_priv_der_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct dh_priv_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); - OSSL_FUNC_keymgmt_free_fn *dh_free = ossl_prov_get_keymgmt_dh_free(); - OSSL_FUNC_keymgmt_import_fn *dh_import = ossl_prov_get_keymgmt_dh_import(); - int ok = 0; - - if (dh_import != NULL) { - DH *dh; - - if ((dh = dh_new(ctx->provctx)) != NULL - && dh_import(dh, DH_SELECT_PRIVATE_IMPORTABLE, params) - && dh_priv_der(ctx, dh, out, cb, cbarg)) - ok = 1; - dh_free(dh); - } - return ok; -} - -static int dh_priv_der(void *vctx, void *dh, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct dh_priv_ctx_st *ctx = vctx; - int ret; - BIO *out = bio_new_from_core_bio(ctx->provctx, cout); - - if (out == NULL) - return 0; - - ctx->sc.cb = cb; - ctx->sc.cbarg = cbarg; - - ret = ossl_prov_write_priv_der_from_obj(out, dh, - ossl_prov_dh_type_to_evp(dh), - ossl_prov_prepare_dh_params, - ossl_prov_dh_priv_to_der, - &ctx->sc); - BIO_free(out); - - return ret; -} - -/* Private key : PEM */ -static int dh_pem_priv_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct dh_priv_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); - OSSL_FUNC_keymgmt_free_fn *dh_free = ossl_prov_get_keymgmt_dh_free(); - OSSL_FUNC_keymgmt_import_fn *dh_import = ossl_prov_get_keymgmt_dh_import(); - int ok = 0; - - if (dh_import != NULL) { - DH *dh; - - if ((dh = dh_new(ctx->provctx)) != NULL - && dh_import(dh, DH_SELECT_PRIVATE_IMPORTABLE, params) - && dh_pem_priv(ctx->provctx, dh, out, cb, cbarg)) - ok = 1; - dh_free(dh); - } - return ok; -} - -static int dh_pem_priv(void *vctx, void *dh, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct dh_priv_ctx_st *ctx = vctx; - int ret; - BIO *out = bio_new_from_core_bio(ctx->provctx, cout); - - if (out == NULL) - return 0; - - ctx->sc.cb = cb; - ctx->sc.cbarg = cbarg; - - ret = ossl_prov_write_priv_pem_from_obj(out, dh, - ossl_prov_dh_type_to_evp(dh), - ossl_prov_prepare_dh_params, - ossl_prov_dh_priv_to_der, - &ctx->sc); - BIO_free(out); - - return ret; -} - -/* - * There's no specific print context, so we use the provider context - */ -static void *dh_print_newctx(void *provctx) -{ - return provctx; -} - -static void dh_print_freectx(void *ctx) -{ -} - -static int dh_priv_print_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct dh_priv_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); - OSSL_FUNC_keymgmt_free_fn *dh_free = ossl_prov_get_keymgmt_dh_free(); - OSSL_FUNC_keymgmt_import_fn *dh_import = ossl_prov_get_keymgmt_dh_import(); - int ok = 0; - - if (dh_import != NULL) { - DH *dh; - - if ((dh = dh_new(ctx->provctx)) != NULL - && dh_import(dh, DH_SELECT_PRIVATE_IMPORTABLE, params) - && dh_priv_print(ctx, dh, out, cb, cbarg)) - ok = 1; - dh_free(dh); - } - return ok; -} - -static int dh_priv_print(void *ctx, void *dh, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_print_dh(out, dh, dh_print_priv); - BIO_free(out); - - return ret; -} - -const OSSL_DISPATCH dh_priv_der_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dh_priv_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dh_priv_freectx }, - { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, - (void (*)(void))dh_priv_set_ctx_params }, - { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, - (void (*)(void))dh_priv_settable_ctx_params }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))dh_priv_der_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dh_priv_der }, - { 0, NULL } -}; - -const OSSL_DISPATCH dh_priv_pem_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dh_priv_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dh_priv_freectx }, - { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, - (void (*)(void))dh_priv_set_ctx_params }, - { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, - (void (*)(void))dh_priv_settable_ctx_params }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))dh_pem_priv_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dh_pem_priv }, - { 0, NULL } -}; - -const OSSL_DISPATCH dh_priv_text_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dh_print_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dh_print_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dh_priv_print }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, - (void (*)(void))dh_priv_print_data }, - { 0, NULL } -}; diff --git a/providers/implementations/encode_decode/encoder_dh_pub.c b/providers/implementations/encode_decode/encoder_dh_pub.c deleted file mode 100644 index 583dcd9c5a..0000000000 --- a/providers/implementations/encode_decode/encoder_dh_pub.c +++ /dev/null @@ -1,196 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DH low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include -#include "prov/bio.h" -#include "prov/implementations.h" -#include "prov/provider_ctx.h" -#include "encoder_local.h" - -static OSSL_FUNC_encoder_newctx_fn dh_pub_newctx; -static OSSL_FUNC_encoder_freectx_fn dh_pub_freectx; -static OSSL_FUNC_encoder_encode_data_fn dh_pub_der_data; -static OSSL_FUNC_encoder_encode_object_fn dh_pub_der; -static OSSL_FUNC_encoder_encode_data_fn dh_pub_pem_data; -static OSSL_FUNC_encoder_encode_object_fn dh_pub_pem; - -static OSSL_FUNC_encoder_encode_data_fn dh_pub_print_data; -static OSSL_FUNC_encoder_encode_object_fn dh_pub_print; - -#define DH_SELECT_PUBLIC_IMPORTABLE \ - (OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) - -/* Public key : context */ - -/* - * There's no specific implementation context, so we use the provider context - */ -static void *dh_pub_newctx(void *provctx) -{ - return provctx; -} - -static void dh_pub_freectx(void *ctx) -{ -} - -/* Public key : DER */ -static int dh_pub_der_data(void *ctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); - OSSL_FUNC_keymgmt_free_fn *dh_free = ossl_prov_get_keymgmt_dh_free(); - OSSL_FUNC_keymgmt_import_fn *dh_import = ossl_prov_get_keymgmt_dh_import(); - int ok = 0; - - if (dh_import != NULL) { - DH *dh; - - /* ctx == provctx */ - if ((dh = dh_new(ctx)) != NULL - && dh_import(dh, DH_SELECT_PUBLIC_IMPORTABLE, params) - && dh_pub_der(ctx, dh, out, cb, cbarg)) - ok = 1; - dh_free(dh); - } - return ok; -} - -static int dh_pub_der(void *ctx, void *dh, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_write_pub_der_from_obj(out, dh, - ossl_prov_dh_type_to_evp(dh), - ossl_prov_prepare_dh_params, - ossl_prov_dh_pub_to_der); - BIO_free(out); - - return ret; -} - -/* Public key : PEM */ -static int dh_pub_pem_data(void *ctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); - OSSL_FUNC_keymgmt_free_fn *dh_free = ossl_prov_get_keymgmt_dh_free(); - OSSL_FUNC_keymgmt_import_fn *dh_import = ossl_prov_get_keymgmt_dh_import(); - int ok = 0; - - if (dh_import != NULL) { - DH *dh; - - /* ctx == provctx */ - if ((dh = dh_new(ctx)) != NULL - && dh_import(dh, DH_SELECT_PUBLIC_IMPORTABLE, params) - && dh_pub_pem(ctx, dh, out, cb, cbarg)) - ok = 1; - dh_free(dh); - } - return ok; -} - -static int dh_pub_pem(void *ctx, void *dh, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_write_pub_pem_from_obj(out, dh, - ossl_prov_dh_type_to_evp(dh), - ossl_prov_prepare_dh_params, - ossl_prov_dh_pub_to_der); - BIO_free(out); - - return ret; -} - -static int dh_pub_print_data(void *ctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); - OSSL_FUNC_keymgmt_free_fn *dh_free = ossl_prov_get_keymgmt_dh_free(); - OSSL_FUNC_keymgmt_import_fn *dh_import = ossl_prov_get_keymgmt_dh_import(); - int ok = 0; - - if (dh_import != NULL) { - DH *dh; - - /* ctx == provctx */ - if ((dh = dh_new(ctx)) != NULL - && dh_import(dh, DH_SELECT_PUBLIC_IMPORTABLE, params) - && dh_pub_print(ctx, dh, out, cb, cbarg)) - ok = 1; - dh_free(dh); - } - return ok; -} - -static int dh_pub_print(void *ctx, void *dh, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_print_dh(out, dh, dh_print_pub); - BIO_free(out); - - return ret; -} - -const OSSL_DISPATCH dh_pub_der_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dh_pub_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dh_pub_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))dh_pub_der_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dh_pub_der }, - { 0, NULL } -}; - -const OSSL_DISPATCH dh_pub_pem_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dh_pub_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dh_pub_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))dh_pub_pem_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dh_pub_pem }, - { 0, NULL } -}; - -const OSSL_DISPATCH dh_pub_text_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dh_pub_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dh_pub_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dh_pub_print }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, - (void (*)(void))dh_pub_print_data }, - { 0, NULL } -}; diff --git a/providers/implementations/encode_decode/encoder_dsa.c b/providers/implementations/encode_decode/encoder_dsa.c deleted file mode 100644 index 838079902e..0000000000 --- a/providers/implementations/encode_decode/encoder_dsa.c +++ /dev/null @@ -1,173 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include "prov/bio.h" /* ossl_prov_bio_printf() */ -#include "prov/implementations.h" /* rsa_keymgmt_functions */ -#include "prov/providercommonerr.h" /* PROV_R_BN_ERROR */ -#include "encoder_local.h" -#include "internal/ffc.h" -#include "crypto/dsa.h" - -OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_dsa_new(void) -{ - return ossl_prov_get_keymgmt_new(dsa_keymgmt_functions); -} - -OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_dsa_free(void) -{ - return ossl_prov_get_keymgmt_free(dsa_keymgmt_functions); -} - -OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_dsa_import(void) -{ - return ossl_prov_get_keymgmt_import(dsa_keymgmt_functions); -} - -int ossl_prov_print_dsa(BIO *out, DSA *dsa, enum dsa_print_type type) -{ - const char *type_label = NULL; - const BIGNUM *priv_key = NULL, *pub_key = NULL; - const BIGNUM *p = NULL; - - - switch (type) { - case dsa_print_priv: - type_label = "Private-Key"; - break; - case dsa_print_pub: - type_label = "Public-Key"; - break; - case dsa_print_params: - type_label = "DSA-Parameters"; - break; - } - - if (type == dsa_print_priv) { - priv_key = DSA_get0_priv_key(dsa); - if (priv_key == NULL) - goto null_err; - } - - if (type == dsa_print_priv || type == dsa_print_pub) { - pub_key = DSA_get0_pub_key(dsa); - if (pub_key == NULL) - goto null_err; - } - - - p = DSA_get0_p(dsa); - if (p == NULL) - goto null_err; - - if (BIO_printf(out, "%s: (%d bit)\n", type_label, BN_num_bits(p)) <= 0) - goto err; - if (priv_key != NULL - && !ossl_prov_print_labeled_bignum(out, "priv:", priv_key)) - goto err; - if (pub_key != NULL - && !ossl_prov_print_labeled_bignum(out, "pub: ", pub_key)) - goto err; - if (!ffc_params_prov_print(out, dsa_get0_params(dsa))) - goto err; - - return 1; - err: - return 0; - null_err: - ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); - goto err; -} - -int ossl_prov_prepare_dsa_params(const void *dsa, int nid, - void **pstr, int *pstrtype) -{ - ASN1_STRING *params = ASN1_STRING_new(); - - if (params == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - return 0; - } - - params->length = i2d_DSAparams(dsa, ¶ms->data); - - if (params->length <= 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - ASN1_STRING_free(params); - return 0; - } - - *pstrtype = V_ASN1_SEQUENCE; - *pstr = params; - return 1; -} - -int ossl_prov_prepare_all_dsa_params(const void *dsa, int nid, - void **pstr, int *pstrtype) -{ - const BIGNUM *p = DSA_get0_p(dsa); - const BIGNUM *q = DSA_get0_q(dsa); - const BIGNUM *g = DSA_get0_g(dsa); - - if (p != NULL && q != NULL && g != NULL) - return ossl_prov_prepare_dsa_params(dsa, nid, pstr, pstrtype); - - *pstr = NULL; - *pstrtype = V_ASN1_UNDEF; - return 1; -} - -int ossl_prov_dsa_pub_to_der(const void *dsa, unsigned char **pder) -{ - const BIGNUM *bn = NULL; - ASN1_INTEGER *pub_key = NULL; - int ret; - - if ((bn = DSA_get0_pub_key(dsa)) == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); - return 0; - } - if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); - return 0; - } - - ret = i2d_ASN1_INTEGER(pub_key, pder); - - ASN1_STRING_clear_free(pub_key); - return ret; -} - -int ossl_prov_dsa_priv_to_der(const void *dsa, unsigned char **pder) -{ - const BIGNUM *bn = NULL; - ASN1_INTEGER *priv_key = NULL; - int ret; - - if ((bn = DSA_get0_priv_key(dsa)) == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); - return 0; - } - if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); - return 0; - } - - ret = i2d_ASN1_INTEGER(priv_key, pder); - - ASN1_STRING_clear_free(priv_key); - return ret; -} diff --git a/providers/implementations/encode_decode/encoder_dsa_param.c b/providers/implementations/encode_decode/encoder_dsa_param.c deleted file mode 100644 index 0438b14cc8..0000000000 --- a/providers/implementations/encode_decode/encoder_dsa_param.c +++ /dev/null @@ -1,187 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include "prov/bio.h" -#include "prov/implementations.h" -#include "prov/providercommonerr.h" -#include "prov/provider_ctx.h" -#include "encoder_local.h" - -static OSSL_FUNC_encoder_newctx_fn dsa_param_newctx; -static OSSL_FUNC_encoder_freectx_fn dsa_param_freectx; -static OSSL_FUNC_encoder_encode_data_fn dsa_param_der_data; -static OSSL_FUNC_encoder_encode_object_fn dsa_param_der; -static OSSL_FUNC_encoder_encode_data_fn dsa_param_pem_data; -static OSSL_FUNC_encoder_encode_object_fn dsa_param_pem; - -static OSSL_FUNC_encoder_encode_data_fn dsa_param_print_data; -static OSSL_FUNC_encoder_encode_object_fn dsa_param_print; - -/* Parameters : context */ - -/* - * There's no specific implementation context, so we use the provider context - */ -static void *dsa_param_newctx(void *provctx) -{ - return provctx; -} - -static void dsa_param_freectx(void *ctx) -{ -} - -/* Public key : DER */ -static int dsa_param_der_data(void *ctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *dsa_new = ossl_prov_get_keymgmt_dsa_new(); - OSSL_FUNC_keymgmt_free_fn *dsa_free = ossl_prov_get_keymgmt_dsa_free(); - OSSL_FUNC_keymgmt_import_fn *dsa_import = ossl_prov_get_keymgmt_dsa_import(); - int ok = 0; - - if (dsa_import != NULL) { - DSA *dsa; - - /* ctx == provctx */ - if ((dsa = dsa_new(ctx)) != NULL - && dsa_import(dsa, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, params) - && dsa_param_der(ctx, dsa, out, cb, cbarg)) - ok = 1; - dsa_free(dsa); - } - return ok; -} - -static int dsa_param_der(void *ctx, void *dsa, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = i2d_DSAparams_bio(out, dsa); - BIO_free(out); - - return ret; -} - -/* Public key : PEM */ -static int dsa_param_pem_data(void *ctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *dsa_new = ossl_prov_get_keymgmt_dsa_new(); - OSSL_FUNC_keymgmt_free_fn *dsa_free = ossl_prov_get_keymgmt_dsa_free(); - OSSL_FUNC_keymgmt_import_fn *dsa_import = ossl_prov_get_keymgmt_dsa_import(); - int ok = 0; - - if (dsa_import != NULL) { - DSA *dsa; - - /* ctx == provctx */ - if ((dsa = dsa_new(ctx)) != NULL - && dsa_import(dsa, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, params) - && dsa_param_pem(ctx, dsa, out, cb, cbarg)) - ok = 1; - dsa_free(dsa); - } - return ok; -} - -static int dsa_param_pem(void *ctx, void *dsa, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = PEM_write_bio_DSAparams(out, dsa); - BIO_free(out); - - return ret; -} - -static int dsa_param_print_data(void *ctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *dsa_new = ossl_prov_get_keymgmt_dsa_new(); - OSSL_FUNC_keymgmt_free_fn *dsa_free = ossl_prov_get_keymgmt_dsa_free(); - OSSL_FUNC_keymgmt_import_fn *dsa_import = ossl_prov_get_keymgmt_dsa_import(); - int ok = 0; - - if (dsa_import != NULL) { - DSA *dsa; - - /* ctx == provctx */ - if ((dsa = dsa_new(ctx)) != NULL - && dsa_import(dsa, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, params) - && dsa_param_print(ctx, dsa, out, cb, cbarg)) - ok = 1; - dsa_free(dsa); - } - return ok; -} - -static int dsa_param_print(void *ctx, void *dsa, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_print_dsa(out, dsa, dsa_print_params); - BIO_free(out); - - return ret; -} - -const OSSL_DISPATCH dsa_param_der_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dsa_param_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dsa_param_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))dsa_param_der_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dsa_param_der }, - { 0, NULL } -}; - -const OSSL_DISPATCH dsa_param_pem_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dsa_param_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dsa_param_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))dsa_param_pem_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dsa_param_pem }, - { 0, NULL } -}; - -const OSSL_DISPATCH dsa_param_text_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dsa_param_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dsa_param_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dsa_param_print }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, - (void (*)(void))dsa_param_print_data }, - { 0, NULL } -}; diff --git a/providers/implementations/encode_decode/encoder_dsa_priv.c b/providers/implementations/encode_decode/encoder_dsa_priv.c deleted file mode 100644 index be5b7ee326..0000000000 --- a/providers/implementations/encode_decode/encoder_dsa_priv.c +++ /dev/null @@ -1,293 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include -#include -#include "prov/bio.h" -#include "prov/implementations.h" -#include "prov/provider_ctx.h" -#include "encoder_local.h" - -#define DSA_SELECT_PRIVATE_IMPORTABLE \ - (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) - -static OSSL_FUNC_encoder_newctx_fn dsa_priv_newctx; -static OSSL_FUNC_encoder_freectx_fn dsa_priv_freectx; -static OSSL_FUNC_encoder_set_ctx_params_fn dsa_priv_set_ctx_params; -static OSSL_FUNC_encoder_settable_ctx_params_fn dsa_priv_settable_ctx_params; -static OSSL_FUNC_encoder_encode_data_fn dsa_priv_der_data; -static OSSL_FUNC_encoder_encode_object_fn dsa_priv_der; -static OSSL_FUNC_encoder_encode_data_fn dsa_pem_priv_data; -static OSSL_FUNC_encoder_encode_object_fn dsa_pem_priv; - -static OSSL_FUNC_encoder_newctx_fn dsa_print_newctx; -static OSSL_FUNC_encoder_freectx_fn dsa_print_freectx; -static OSSL_FUNC_encoder_encode_data_fn dsa_priv_print_data; -static OSSL_FUNC_encoder_encode_object_fn dsa_priv_print; - -/* - * Context used for private key encoding. - */ -struct dsa_priv_ctx_st { - void *provctx; - - struct pkcs8_encrypt_ctx_st sc; -}; - -/* Private key : context */ -static void *dsa_priv_newctx(void *provctx) -{ - struct dsa_priv_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx != NULL) { - ctx->provctx = provctx; - - /* -1 is the "whatever" indicator, i.e. the PKCS8 library default PBE */ - ctx->sc.pbe_nid = -1; - } - return ctx; -} - -static void dsa_priv_freectx(void *vctx) -{ - struct dsa_priv_ctx_st *ctx = vctx; - - EVP_CIPHER_free(ctx->sc.cipher); - OPENSSL_free(ctx->sc.cipher_pass); - OPENSSL_free(ctx); -} - -static const OSSL_PARAM *dsa_priv_settable_ctx_params(ossl_unused void *provctx) -{ - static const OSSL_PARAM settables[] = { - OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0), - OSSL_PARAM_octet_string(OSSL_ENCODER_PARAM_PASS, NULL, 0), - OSSL_PARAM_END, - }; - - return settables; -} - -static int dsa_priv_set_ctx_params(void *vctx, const OSSL_PARAM params[]) -{ - struct dsa_priv_ctx_st *ctx = vctx; - const OSSL_PARAM *p; - - if ((p = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER)) - != NULL) { - const OSSL_PARAM *propsp = - OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES); - const char *props = NULL; - - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - if (propsp != NULL && propsp->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - props = (propsp != NULL ? propsp->data : NULL); - - EVP_CIPHER_free(ctx->sc.cipher); - ctx->sc.cipher_intent = p->data != NULL; - if (p->data != NULL - && ((ctx->sc.cipher = EVP_CIPHER_fetch(NULL, p->data, props)) - == NULL)) - return 0; - } - if ((p = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PASS)) - != NULL) { - OPENSSL_free(ctx->sc.cipher_pass); - ctx->sc.cipher_pass = NULL; - if (!OSSL_PARAM_get_octet_string(p, &ctx->sc.cipher_pass, 0, - &ctx->sc.cipher_pass_length)) - return 0; - } - return 1; -} - -/* Private key : DER */ -static int dsa_priv_der_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct dsa_priv_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *dsa_new = ossl_prov_get_keymgmt_dsa_new(); - OSSL_FUNC_keymgmt_free_fn *dsa_free = ossl_prov_get_keymgmt_dsa_free(); - OSSL_FUNC_keymgmt_import_fn *dsa_import = ossl_prov_get_keymgmt_dsa_import(); - int ok = 0; - - if (dsa_import != NULL) { - DSA *dsa; - - if ((dsa = dsa_new(ctx->provctx)) != NULL - && dsa_import(dsa, DSA_SELECT_PRIVATE_IMPORTABLE, params) - && dsa_priv_der(ctx, dsa, out, cb, cbarg)) - ok = 1; - dsa_free(dsa); - } - return ok; -} - -static int dsa_priv_der(void *vctx, void *dsa, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct dsa_priv_ctx_st *ctx = vctx; - BIO *out = bio_new_from_core_bio(ctx->provctx, cout); - int ret; - - if (out == NULL) - return 0; - - ctx->sc.cb = cb; - ctx->sc.cbarg = cbarg; - - ret = ossl_prov_write_priv_der_from_obj(out, dsa, EVP_PKEY_DSA, - ossl_prov_prepare_dsa_params, - ossl_prov_dsa_priv_to_der, - &ctx->sc); - BIO_free(out); - - return ret; -} - -/* Private key : PEM */ -static int dsa_pem_priv_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct dsa_priv_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *dsa_new = ossl_prov_get_keymgmt_dsa_new(); - OSSL_FUNC_keymgmt_free_fn *dsa_free = ossl_prov_get_keymgmt_dsa_free(); - OSSL_FUNC_keymgmt_import_fn *dsa_import = ossl_prov_get_keymgmt_dsa_import(); - int ok = 0; - - if (dsa_import != NULL) { - DSA *dsa; - - if ((dsa = dsa_new(ctx->provctx)) != NULL - && dsa_import(dsa, DSA_SELECT_PRIVATE_IMPORTABLE, params) - && dsa_pem_priv(ctx, dsa, out, cb, cbarg)) - ok = 1; - dsa_free(dsa); - } - return ok; -} - -static int dsa_pem_priv(void *vctx, void *dsa, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct dsa_priv_ctx_st *ctx = vctx; - BIO *out = bio_new_from_core_bio(ctx->provctx, cout); - int ret; - - if (out == NULL) - return 0; - - ctx->sc.cb = cb; - ctx->sc.cbarg = cbarg; - - ret = ossl_prov_write_priv_pem_from_obj(out, dsa, EVP_PKEY_DSA, - ossl_prov_prepare_dsa_params, - ossl_prov_dsa_priv_to_der, - &ctx->sc); - BIO_free(out); - - return ret; -} - -/* - * There's no specific print context, so we use the provider context - */ -static void *dsa_print_newctx(void *provctx) -{ - return provctx; -} - -static void dsa_print_freectx(void *ctx) -{ -} - -static int dsa_priv_print_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct dsa_priv_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *dsa_new = ossl_prov_get_keymgmt_dsa_new(); - OSSL_FUNC_keymgmt_free_fn *dsa_free = ossl_prov_get_keymgmt_dsa_free(); - OSSL_FUNC_keymgmt_import_fn *dsa_import = ossl_prov_get_keymgmt_dsa_import(); - int ok = 0; - - if (dsa_import != NULL) { - DSA *dsa; - - if ((dsa = dsa_new(ctx->provctx)) != NULL - && dsa_import(dsa, DSA_SELECT_PRIVATE_IMPORTABLE, params) - && dsa_priv_print(ctx, dsa, out, cb, cbarg)) - ok = 1; - dsa_free(dsa); - } - return ok; -} - -static int dsa_priv_print(void *ctx, void *dsa, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_print_dsa(out, dsa, dsa_print_priv); - BIO_free(out); - - return ret; -} - -const OSSL_DISPATCH dsa_priv_der_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dsa_priv_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dsa_priv_freectx }, - { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, - (void (*)(void))dsa_priv_set_ctx_params }, - { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, - (void (*)(void))dsa_priv_settable_ctx_params }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))dsa_priv_der_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dsa_priv_der }, - { 0, NULL } -}; - -const OSSL_DISPATCH dsa_priv_pem_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dsa_priv_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dsa_priv_freectx }, - { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, - (void (*)(void))dsa_priv_set_ctx_params }, - { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, - (void (*)(void))dsa_priv_settable_ctx_params }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))dsa_pem_priv_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dsa_pem_priv }, - { 0, NULL } -}; - -const OSSL_DISPATCH dsa_priv_text_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dsa_print_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dsa_print_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dsa_priv_print }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, - (void (*)(void))dsa_priv_print_data }, - { 0, NULL } -}; diff --git a/providers/implementations/encode_decode/encoder_dsa_pub.c b/providers/implementations/encode_decode/encoder_dsa_pub.c deleted file mode 100644 index e1201634b9..0000000000 --- a/providers/implementations/encode_decode/encoder_dsa_pub.c +++ /dev/null @@ -1,205 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include -#include "prov/bio.h" -#include "prov/implementations.h" -#include "prov/provider_ctx.h" -#include "encoder_local.h" - -#define DSA_SELECT_PUBLIC_IMPORTABLE \ - (OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) - -static OSSL_FUNC_encoder_newctx_fn dsa_pub_newctx; -static OSSL_FUNC_encoder_freectx_fn dsa_pub_freectx; -static OSSL_FUNC_encoder_encode_data_fn dsa_pub_der_data; -static OSSL_FUNC_encoder_encode_object_fn dsa_pub_der; -static OSSL_FUNC_encoder_encode_data_fn dsa_pub_pem_data; -static OSSL_FUNC_encoder_encode_object_fn dsa_pub_pem; -static OSSL_FUNC_encoder_encode_data_fn dsa_pub_print_data; -static OSSL_FUNC_encoder_encode_object_fn dsa_pub_print; - -/* Public key : context */ - -/* - * There's no specific implementation context, so we use the provider context - */ -static void *dsa_pub_newctx(void *provctx) -{ - return provctx; -} - -static void dsa_pub_freectx(void *ctx) -{ -} - -/* Public key : DER */ -static int dsa_pub_der_data(void *ctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *dsa_new = ossl_prov_get_keymgmt_dsa_new(); - OSSL_FUNC_keymgmt_free_fn *dsa_free = ossl_prov_get_keymgmt_dsa_free(); - OSSL_FUNC_keymgmt_import_fn *dsa_import = ossl_prov_get_keymgmt_dsa_import(); - int ok = 0; - - if (dsa_import != NULL) { - DSA *dsa; - - /* ctx == provctx */ - if ((dsa = dsa_new(ctx)) != NULL - && dsa_import(dsa, DSA_SELECT_PUBLIC_IMPORTABLE, params) - && dsa_pub_der(ctx, dsa, out, cb, cbarg)) - ok = 1; - dsa_free(dsa); - } - return ok; -} - -static int dsa_pub_der(void *ctx, void *dsa, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - /* - * TODO(v3.0) implement setting save_parameters, see dsa_pub_encode() - * in crypto/dsa/dsa_ameth.c - */ - int save_parameters = 1; - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = - save_parameters - ? ossl_prov_write_pub_der_from_obj(out, dsa, EVP_PKEY_DSA, - ossl_prov_prepare_all_dsa_params, - ossl_prov_dsa_pub_to_der) - : ossl_prov_write_pub_der_from_obj(out, dsa, EVP_PKEY_DSA, - ossl_prov_prepare_dsa_params, - ossl_prov_dsa_pub_to_der); - - BIO_free(out); - - return ret; -} - -/* Public key : PEM */ -static int dsa_pub_pem_data(void *ctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *dsa_new = ossl_prov_get_keymgmt_dsa_new(); - OSSL_FUNC_keymgmt_free_fn *dsa_free = ossl_prov_get_keymgmt_dsa_free(); - OSSL_FUNC_keymgmt_import_fn *dsa_import = ossl_prov_get_keymgmt_dsa_import(); - int ok = 0; - - if (dsa_import != NULL) { - DSA *dsa; - - /* ctx == provctx */ - if ((dsa = dsa_new(ctx)) != NULL - && dsa_import(dsa, DSA_SELECT_PUBLIC_IMPORTABLE, params) - && dsa_pub_pem(ctx, dsa, out, cb, cbarg)) - ok = 1; - dsa_free(dsa); - } - return ok; -} - -static int dsa_pub_pem(void *ctx, void *dsa, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_write_pub_pem_from_obj(out, dsa, EVP_PKEY_DSA, - ossl_prov_prepare_dsa_params, - ossl_prov_dsa_pub_to_der); - - BIO_free(out); - - return ret; -} - -static int dsa_pub_print_data(void *ctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *dsa_new = ossl_prov_get_keymgmt_dsa_new(); - OSSL_FUNC_keymgmt_free_fn *dsa_free = ossl_prov_get_keymgmt_dsa_free(); - OSSL_FUNC_keymgmt_import_fn *dsa_import = ossl_prov_get_keymgmt_dsa_import(); - int ok = 0; - - if (dsa_import != NULL) { - DSA *dsa; - - /* ctx == provctx */ - if ((dsa = dsa_new(ctx)) != NULL - && dsa_import(dsa, DSA_SELECT_PUBLIC_IMPORTABLE, params) - && dsa_pub_print(ctx, dsa, out, cb, cbarg)) - ok = 1; - dsa_free(dsa); - } - return ok; -} - -static int dsa_pub_print(void *ctx, void *dsa, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_print_dsa(out, dsa, dsa_print_pub); - BIO_free(out); - - return ret; -} - -const OSSL_DISPATCH dsa_pub_der_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dsa_pub_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dsa_pub_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))dsa_pub_der_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dsa_pub_der }, - { 0, NULL } -}; - -const OSSL_DISPATCH dsa_pub_pem_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dsa_pub_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dsa_pub_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))dsa_pub_pem_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dsa_pub_pem }, - { 0, NULL } -}; - -const OSSL_DISPATCH dsa_pub_text_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))dsa_pub_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))dsa_pub_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))dsa_pub_print }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, - (void (*)(void))dsa_pub_print_data }, - { 0, NULL } -}; diff --git a/providers/implementations/encode_decode/encoder_ec.c b/providers/implementations/encode_decode/encoder_ec.c deleted file mode 100644 index ab8e82eb6e..0000000000 --- a/providers/implementations/encode_decode/encoder_ec.c +++ /dev/null @@ -1,293 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/ec.h" -#include "prov/bio.h" /* ossl_prov_bio_printf() */ -#include "prov/implementations.h" /* ec_keymgmt_functions */ -#include "prov/providercommonerr.h" /* PROV_R_MISSING_OID */ -#include "encoder_local.h" - -void ec_get_new_free_import(OSSL_FUNC_keymgmt_new_fn **ec_new, - OSSL_FUNC_keymgmt_free_fn **ec_free, - OSSL_FUNC_keymgmt_import_fn **ec_import) -{ - *ec_new = ossl_prov_get_keymgmt_new(ec_keymgmt_functions); - *ec_free = ossl_prov_get_keymgmt_free(ec_keymgmt_functions); - *ec_import = ossl_prov_get_keymgmt_import(ec_keymgmt_functions); -} - -static int ossl_prov_print_ec_param_explicit_curve(BIO *out, - const EC_GROUP *group, - BN_CTX *ctx) -{ - const char *plabel = "Prime:"; - BIGNUM *p = NULL, *a = NULL, *b = NULL; - - p = BN_CTX_get(ctx); - a = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - if (b == NULL - || !EC_GROUP_get_curve(group, p, a, b, ctx)) - return 0; - - if (EC_GROUP_get_field_type(group) == NID_X9_62_characteristic_two_field) { - int basis_type = EC_GROUP_get_basis_type(group); - - /* print the 'short name' of the base type OID */ - if (basis_type == NID_undef - || BIO_printf(out, "Basis Type: %s\n", OBJ_nid2sn(basis_type)) <= 0) - return 0; - plabel = "Polynomial:"; - } - return ossl_prov_print_labeled_bignum(out, plabel, p) - && ossl_prov_print_labeled_bignum(out, "A: ", a) - && ossl_prov_print_labeled_bignum(out, "B: ", b); -} - -static int ossl_prov_print_ec_param_explicit_gen(BIO *out, - const EC_GROUP *group, - BN_CTX *ctx) -{ - const EC_POINT *point = NULL; - BIGNUM *gen = NULL; - const char *glabel = NULL; - point_conversion_form_t form; - - form = EC_GROUP_get_point_conversion_form(group); - point = EC_GROUP_get0_generator(group); - gen = BN_CTX_get(ctx); - - if (gen == NULL - || point == NULL - || EC_POINT_point2bn(group, point, form, gen, ctx) == NULL) - return 0; - - switch (form) { - case POINT_CONVERSION_COMPRESSED: - glabel = "Generator (compressed):"; - break; - case POINT_CONVERSION_UNCOMPRESSED: - glabel = "Generator (uncompressed):"; - break; - case POINT_CONVERSION_HYBRID: - glabel = "Generator (hybrid):"; - break; - default: - return 0; - } - return ossl_prov_print_labeled_bignum(out, glabel, gen); -} - -/* Print explicit parameters */ -static int ossl_prov_print_ec_param_explicit(BIO *out, const EC_GROUP *group, - OPENSSL_CTX *libctx) -{ - int ret = 0, tmp_nid; - BN_CTX *ctx = NULL; - const BIGNUM *order = NULL, *cofactor = NULL; - const unsigned char *seed; - size_t seed_len = 0; - - ctx = BN_CTX_new_ex(libctx); - if (ctx == NULL) - return 0; - BN_CTX_start(ctx); - - tmp_nid = EC_GROUP_get_field_type(group); - order = EC_GROUP_get0_order(group); - if (order == NULL) - goto err; - - seed = EC_GROUP_get0_seed(group); - if (seed != NULL) - seed_len = EC_GROUP_get_seed_len(group); - cofactor = EC_GROUP_get0_cofactor(group); - - /* print the 'short name' of the field type */ - if (BIO_printf(out, "Field Type: %s\n", OBJ_nid2sn(tmp_nid)) <= 0 - || !ossl_prov_print_ec_param_explicit_curve(out, group, ctx) - || !ossl_prov_print_ec_param_explicit_gen(out, group, ctx) - || !ossl_prov_print_labeled_bignum(out, "Order: ", order) - || (cofactor != NULL - && !ossl_prov_print_labeled_bignum(out, "Cofactor: ", cofactor)) - || (seed != NULL - && !ossl_prov_print_labeled_buf(out, "Seed:", seed, seed_len))) - goto err; - ret = 1; -err: - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return ret; -} - -static int ossl_prov_print_ec_param(BIO *out, const EC_GROUP *group, - OPENSSL_CTX *libctx) -{ - if (EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE) { - const char *curve_name; - int curve_nid = EC_GROUP_get_curve_name(group); - - /* Explicit parameters */ - if (curve_nid == NID_undef) - return 0; - - if (BIO_printf(out, "%s: %s\n", "ASN1 OID", OBJ_nid2sn(curve_nid)) <= 0) - return 0; - - /* TODO(3.0): Only named curves are currently supported */ - curve_name = EC_curve_nid2nist(curve_nid); - return (curve_name == NULL - || BIO_printf(out, "%s: %s\n", "NIST CURVE", curve_name) > 0); - } else { - return ossl_prov_print_ec_param_explicit(out, group, libctx); - } -} - -int ossl_prov_print_eckey(BIO *out, EC_KEY *eckey, enum ec_print_type type) -{ - int ret = 0; - const char *type_label = NULL; - unsigned char *priv = NULL, *pub = NULL; - size_t priv_len = 0, pub_len = 0; - const EC_GROUP *group; - - if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) - goto null_err; - - switch (type) { - case ec_print_priv: - type_label = "Private-Key"; - break; - case ec_print_pub: - type_label = "Public-Key"; - break; - case ec_print_params: - type_label = "EC-Parameters"; - break; - } - - if (type == ec_print_priv) { - const BIGNUM *priv_key = EC_KEY_get0_private_key(eckey); - - if (priv_key == NULL) - goto null_err; - priv_len = EC_KEY_priv2buf(eckey, &priv); - if (priv_len == 0) - goto err; - } - - if (type == ec_print_priv || type == ec_print_pub) { - const EC_POINT *pub_pt = EC_KEY_get0_public_key(eckey); - - if (pub_pt == NULL) - goto null_err; - - pub_len = EC_KEY_key2buf(eckey, EC_KEY_get_conv_form(eckey), &pub, NULL); - if (pub_len == 0) - goto err; - } - - if (BIO_printf(out, "%s: (%d bit)\n", type_label, - EC_GROUP_order_bits(group)) <= 0) - goto err; - if (priv != NULL - && !ossl_prov_print_labeled_buf(out, "priv:", priv, priv_len)) - goto err; - if (pub != NULL - && !ossl_prov_print_labeled_buf(out, "pub:", pub, pub_len)) - goto err; - ret = ossl_prov_print_ec_param(out, group, ec_key_get_libctx(eckey)); -err: - OPENSSL_clear_free(priv, priv_len); - OPENSSL_free(pub); - return ret; -null_err: - ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); - goto err; -} - -static int ossl_prov_prepare_ec_explicit_params(const void *eckey, - void **pstr, int *pstrtype) -{ - ASN1_STRING *params = ASN1_STRING_new(); - - if (params == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - return 0; - } - - params->length = i2d_ECParameters(eckey, ¶ms->data); - if (params->length <= 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - ASN1_STRING_free(params); - return 0; - } - - *pstrtype = V_ASN1_SEQUENCE; - *pstr = params; - return 1; -} - -int ossl_prov_prepare_ec_params(const void *eckey, int nid, - void **pstr, int *pstrtype) -{ - int curve_nid; - const EC_GROUP *group = EC_KEY_get0_group(eckey); - ASN1_OBJECT *params = NULL; - - if (group == NULL) - return 0; - curve_nid = EC_GROUP_get_curve_name(group); - if (curve_nid != NID_undef) { - params = OBJ_nid2obj(curve_nid); - if (params == NULL) - return 0; - } - - if (curve_nid != NID_undef - && (EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE)) { - if (OBJ_length(params) == 0) { - /* Some curves might not have an associated OID */ - ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_OID); - ASN1_OBJECT_free(params); - return 0; - } - *pstr = params; - *pstrtype = V_ASN1_OBJECT; - return 1; - } else { - return ossl_prov_prepare_ec_explicit_params(eckey, pstr, pstrtype); - } -} - -int ossl_prov_ec_pub_to_der(const void *eckey, unsigned char **pder) -{ - return i2o_ECPublicKey(eckey, pder); -} - -int ossl_prov_ec_priv_to_der(const void *veckey, unsigned char **pder) -{ - EC_KEY *eckey = (EC_KEY *)veckey; - unsigned int old_flags; - int ret = 0; - - /* - * For PKCS8 the curve name appears in the PKCS8_PRIV_KEY_INFO object - * as the pkeyalg->parameter field. (For a named curve this is an OID) - * The pkey field is an octet string that holds the encoded - * ECPrivateKey SEQUENCE with the optional parameters field omitted. - * We omit this by setting the EC_PKEY_NO_PARAMETERS flag. - */ - old_flags = EC_KEY_get_enc_flags(eckey); /* save old flags */ - EC_KEY_set_enc_flags(eckey, old_flags | EC_PKEY_NO_PARAMETERS); - ret = i2d_ECPrivateKey(eckey, pder); - EC_KEY_set_enc_flags(eckey, old_flags); /* restore old flags */ - return ret; /* return the length of the der encoded data */ -} diff --git a/providers/implementations/encode_decode/encoder_ec_param.c b/providers/implementations/encode_decode/encoder_ec_param.c deleted file mode 100644 index 2f6637d80e..0000000000 --- a/providers/implementations/encode_decode/encoder_ec_param.c +++ /dev/null @@ -1,184 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "prov/bio.h" -#include "prov/implementations.h" -#include "prov/providercommonerr.h" -#include "prov/provider_ctx.h" -#include "encoder_local.h" - -static OSSL_FUNC_encoder_newctx_fn ec_param_newctx; -static OSSL_FUNC_encoder_freectx_fn ec_param_freectx; -static OSSL_FUNC_encoder_encode_data_fn ec_param_der_data; -static OSSL_FUNC_encoder_encode_object_fn ec_param_der; -static OSSL_FUNC_encoder_encode_data_fn ec_param_pem_data; -static OSSL_FUNC_encoder_encode_object_fn ec_param_pem; - -static OSSL_FUNC_encoder_encode_data_fn ec_param_print_data; -static OSSL_FUNC_encoder_encode_object_fn ec_param_print; - - -/* There is no specific implementation context, so use the provider context */ -static void *ec_param_newctx(void *provctx) -{ - return provctx; -} - -static void ec_param_freectx(void *vctx) -{ -} - -/* Public key : DER */ -static int ec_param_der_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *ec_new; - OSSL_FUNC_keymgmt_free_fn *ec_free; - OSSL_FUNC_keymgmt_import_fn *ec_import; - int ok = 0; - - ec_get_new_free_import(&ec_new, &ec_free, &ec_import); - - if (ec_import != NULL) { - EC_KEY *eckey; - - /* vctx == provctx */ - if ((eckey = ec_new(vctx)) != NULL - && ec_import(eckey, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params) - && ec_param_der(vctx, eckey, out, cb, cbarg)) - ok = 1; - ec_free(eckey); - } - return ok; -} - -static int ec_param_der(void *vctx, void *eckey, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(vctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = i2d_ECPKParameters_bio(out, EC_KEY_get0_group(eckey)); - BIO_free(out); - - return ret; -} - -/* Public key : PEM */ -static int ec_param_pem_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *ec_new; - OSSL_FUNC_keymgmt_free_fn *ec_free; - OSSL_FUNC_keymgmt_import_fn *ec_import; - int ok = 0; - - ec_get_new_free_import(&ec_new, &ec_free, &ec_import); - - if (ec_import != NULL) { - EC_KEY *eckey; - - /* vctx == provctx */ - if ((eckey = ec_new(vctx)) != NULL - && ec_import(eckey, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params) - && ec_param_pem(vctx, eckey, out, cb, cbarg)) - ok = 1; - ec_free(eckey); - } - return ok; -} - -static int ec_param_pem(void *vctx, void *eckey, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(vctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = PEM_write_bio_ECPKParameters(out, EC_KEY_get0_group(eckey)); - BIO_free(out); - - return ret; -} - -static int ec_param_print_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *ec_new; - OSSL_FUNC_keymgmt_free_fn *ec_free; - OSSL_FUNC_keymgmt_import_fn *ec_import; - int ok = 0; - - ec_get_new_free_import(&ec_new, &ec_free, &ec_import); - - if (ec_import != NULL) { - EC_KEY *eckey; - - /* vctx == provctx */ - if ((eckey = ec_new(vctx)) != NULL - && ec_import(eckey, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params) - && ec_param_print(vctx, eckey, out, cb, cbarg)) - ok = 1; - ec_free(eckey); - } - return ok; -} - -static int ec_param_print(void *vctx, void *eckey, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(vctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_print_eckey(out, eckey, ec_print_params); - BIO_free(out); - - return ret; -} - -const OSSL_DISPATCH ec_param_der_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))ec_param_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))ec_param_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))ec_param_der_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))ec_param_der }, - { 0, NULL } -}; - -const OSSL_DISPATCH ec_param_pem_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))ec_param_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))ec_param_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))ec_param_pem_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))ec_param_pem }, - { 0, NULL } -}; - -const OSSL_DISPATCH ec_param_text_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))ec_param_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))ec_param_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))ec_param_print }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, - (void (*)(void))ec_param_print_data }, - { 0, NULL } -}; diff --git a/providers/implementations/encode_decode/encoder_ec_priv.c b/providers/implementations/encode_decode/encoder_ec_priv.c deleted file mode 100644 index ea8a1ba92b..0000000000 --- a/providers/implementations/encode_decode/encoder_ec_priv.c +++ /dev/null @@ -1,290 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include "prov/bio.h" -#include "prov/implementations.h" -#include "prov/provider_ctx.h" -#include "encoder_local.h" - -static OSSL_FUNC_encoder_newctx_fn ec_priv_newctx; -static OSSL_FUNC_encoder_freectx_fn ec_priv_freectx; -static OSSL_FUNC_encoder_set_ctx_params_fn ec_priv_set_ctx_params; -static OSSL_FUNC_encoder_settable_ctx_params_fn ec_priv_settable_ctx_params; -static OSSL_FUNC_encoder_encode_data_fn ec_priv_der_data; -static OSSL_FUNC_encoder_encode_object_fn ec_priv_der; -static OSSL_FUNC_encoder_encode_data_fn ec_pem_priv_data; -static OSSL_FUNC_encoder_encode_object_fn ec_pem_priv; - -static OSSL_FUNC_encoder_newctx_fn ec_print_newctx; -static OSSL_FUNC_encoder_freectx_fn ec_print_freectx; -static OSSL_FUNC_encoder_encode_data_fn ec_priv_print_data; -static OSSL_FUNC_encoder_encode_object_fn ec_priv_print; - -/* - * Context used for private key encoding. - */ -struct ec_priv_ctx_st { - void *provctx; - - struct pkcs8_encrypt_ctx_st sc; -}; - -/* Private key : context */ -static void *ec_priv_newctx(void *provctx) -{ - struct ec_priv_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx != NULL) { - ctx->provctx = provctx; - - /* -1 is the "whatever" indicator, i.e. the PKCS8 library default PBE */ - ctx->sc.pbe_nid = -1; - } - return ctx; -} - -static void ec_priv_freectx(void *vctx) -{ - struct ec_priv_ctx_st *ctx = vctx; - - EVP_CIPHER_free(ctx->sc.cipher); - OPENSSL_free(ctx->sc.cipher_pass); - OPENSSL_free(ctx); -} - -static const OSSL_PARAM *ec_priv_settable_ctx_params(ossl_unused void *provctx) -{ - static const OSSL_PARAM settables[] = { - OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0), - OSSL_PARAM_octet_string(OSSL_ENCODER_PARAM_PASS, NULL, 0), - OSSL_PARAM_END, - }; - - return settables; -} - -static int ec_priv_set_ctx_params(void *vctx, const OSSL_PARAM params[]) -{ - struct ec_priv_ctx_st *ctx = vctx; - const OSSL_PARAM *p; - - if ((p = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER)) - != NULL) { - const OSSL_PARAM *propsp = - OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES); - const char *props = NULL; - - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - if (propsp != NULL && propsp->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - props = (propsp != NULL ? propsp->data : NULL); - - EVP_CIPHER_free(ctx->sc.cipher); - ctx->sc.cipher_intent = p->data != NULL; - if (p->data != NULL - && ((ctx->sc.cipher = EVP_CIPHER_fetch(NULL, p->data, props)) - == NULL)) - return 0; - } - if ((p = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PASS)) - != NULL) { - OPENSSL_free(ctx->sc.cipher_pass); - ctx->sc.cipher_pass = NULL; - if (!OSSL_PARAM_get_octet_string(p, &ctx->sc.cipher_pass, 0, - &ctx->sc.cipher_pass_length)) - return 0; - } - return 1; -} - -/* Private key : DER */ -static int ec_priv_der_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct ec_priv_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *ec_new; - OSSL_FUNC_keymgmt_free_fn *ec_free; - OSSL_FUNC_keymgmt_import_fn *ec_import; - int ok = 0; - - ec_get_new_free_import(&ec_new, &ec_free, &ec_import); - - if (ec_import != NULL) { - EC_KEY *eckey; - - if ((eckey = ec_new(ctx->provctx)) != NULL - && ec_import(eckey, OSSL_KEYMGMT_SELECT_ALL, params) - && ec_priv_der(ctx, eckey, out, cb, cbarg)) - ok = 1; - ec_free(eckey); - } - return ok; -} - -static int ec_priv_der(void *vctx, void *eckey, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct ec_priv_ctx_st *ctx = vctx; - BIO *out = bio_new_from_core_bio(ctx->provctx, cout); - int ret; - - if (out == NULL) - return 0; - - ctx->sc.cb = cb; - ctx->sc.cbarg = cbarg; - - ret = ossl_prov_write_priv_der_from_obj(out, eckey, EVP_PKEY_EC, - ossl_prov_prepare_ec_params, - ossl_prov_ec_priv_to_der, - &ctx->sc); - BIO_free(out); - - return ret; -} - -/* Private key : PEM */ -static int ec_pem_priv_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct ec_priv_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *ec_new; - OSSL_FUNC_keymgmt_free_fn *ec_free; - OSSL_FUNC_keymgmt_import_fn *ec_import; - int ok = 0; - - ec_get_new_free_import(&ec_new, &ec_free, &ec_import); - - if (ec_import != NULL) { - EC_KEY *eckey; - - if ((eckey = ec_new(ctx->provctx)) != NULL - && ec_import(eckey, OSSL_KEYMGMT_SELECT_ALL, params) - && ec_pem_priv(ctx, eckey, out, cb, cbarg)) - ok = 1; - ec_free(eckey); - } - return ok; -} - -static int ec_pem_priv(void *vctx, void *eckey, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct ec_priv_ctx_st *ctx = vctx; - BIO *out = bio_new_from_core_bio(ctx->provctx, cout); - int ret; - - if (out == NULL) - return 0; - - ctx->sc.cb = cb; - ctx->sc.cbarg = cbarg; - - ret = ossl_prov_write_priv_pem_from_obj(out, eckey, EVP_PKEY_EC, - ossl_prov_prepare_ec_params, - ossl_prov_ec_priv_to_der, - &ctx->sc); - BIO_free(out); - - return ret; -} - -/* - * There's no specific print context, so we use the provider context - */ -static void *ec_print_newctx(void *provctx) -{ - return provctx; -} - -static void ec_print_freectx(void *ctx) -{ -} - -static int ec_priv_print_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct ec_priv_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *ec_new; - OSSL_FUNC_keymgmt_free_fn *ec_free; - OSSL_FUNC_keymgmt_import_fn *ec_import; - int ok = 0; - - ec_get_new_free_import(&ec_new, &ec_free, &ec_import); - - if (ec_import != NULL) { - EC_KEY *eckey; - - if ((eckey = ec_new(ctx->provctx)) != NULL - && ec_import(eckey, OSSL_KEYMGMT_SELECT_ALL, params) - && ec_priv_print(ctx, eckey, out, cb, cbarg)) - ok = 1; - ec_free(eckey); - } - return ok; -} - -static int ec_priv_print(void *ctx, void *eckey, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_print_eckey(out, eckey, ec_print_priv); - BIO_free(out); - - return ret; -} - -const OSSL_DISPATCH ec_priv_der_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))ec_priv_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))ec_priv_freectx }, - { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, - (void (*)(void))ec_priv_set_ctx_params }, - { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, - (void (*)(void))ec_priv_settable_ctx_params }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))ec_priv_der_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))ec_priv_der }, - { 0, NULL } -}; - -const OSSL_DISPATCH ec_priv_pem_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))ec_priv_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))ec_priv_freectx }, - { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, - (void (*)(void))ec_priv_set_ctx_params }, - { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, - (void (*)(void))ec_priv_settable_ctx_params }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))ec_pem_priv_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))ec_pem_priv }, - { 0, NULL } -}; - -const OSSL_DISPATCH ec_priv_text_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))ec_print_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))ec_print_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))ec_priv_print }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, - (void (*)(void))ec_priv_print_data }, - { 0, NULL } -}; diff --git a/providers/implementations/encode_decode/encoder_ec_pub.c b/providers/implementations/encode_decode/encoder_ec_pub.c deleted file mode 100644 index 9ab121f7d2..0000000000 --- a/providers/implementations/encode_decode/encoder_ec_pub.c +++ /dev/null @@ -1,192 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "prov/bio.h" -#include "prov/implementations.h" -#include "prov/provider_ctx.h" -#include "encoder_local.h" - -#define EC_SELECT_PUBLIC_IMPORTABLE \ - OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS - -static OSSL_FUNC_encoder_newctx_fn ec_pub_newctx; -static OSSL_FUNC_encoder_freectx_fn ec_pub_freectx; -static OSSL_FUNC_encoder_encode_data_fn ec_pub_der_data; -static OSSL_FUNC_encoder_encode_object_fn ec_pub_der; -static OSSL_FUNC_encoder_encode_data_fn ec_pub_pem_data; -static OSSL_FUNC_encoder_encode_object_fn ec_pub_pem; -static OSSL_FUNC_encoder_encode_data_fn ec_pub_print_data; -static OSSL_FUNC_encoder_encode_object_fn ec_pub_print; - -/* Public key : context */ - -/* - * There's no specific implementation context, so we use the provider context - */ -static void *ec_pub_newctx(void *provctx) -{ - return provctx; -} - -static void ec_pub_freectx(void *ctx) -{ -} - -/* Public key : DER */ -static int ec_pub_der_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *ec_new; - OSSL_FUNC_keymgmt_free_fn *ec_free; - OSSL_FUNC_keymgmt_import_fn *ec_import; - int ok = 0; - - ec_get_new_free_import(&ec_new, &ec_free, &ec_import); - - if (ec_import != NULL) { - EC_KEY *eckey; - - /* vctx == provctx */ - if ((eckey = ec_new(vctx)) != NULL - && ec_import(eckey, EC_SELECT_PUBLIC_IMPORTABLE, params) - && ec_pub_der(vctx, eckey, out, cb, cbarg)) - ok = 1; - ec_free(eckey); - } - return ok; -} - -static int ec_pub_der(void *ctx, void *eckey, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_write_pub_der_from_obj(out, eckey, EVP_PKEY_EC, - ossl_prov_prepare_ec_params, - ossl_prov_ec_pub_to_der); - BIO_free(out); - - return ret; -} - -/* Public key : PEM */ -static int ec_pub_pem_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *ec_new; - OSSL_FUNC_keymgmt_free_fn *ec_free; - OSSL_FUNC_keymgmt_import_fn *ec_import; - int ok = 0; - - ec_get_new_free_import(&ec_new, &ec_free, &ec_import); - - if (ec_import != NULL) { - EC_KEY *eckey; - - /* ctx == provctx */ - if ((eckey = ec_new(vctx)) != NULL - && ec_import(eckey, EC_SELECT_PUBLIC_IMPORTABLE, params) - && ec_pub_pem(vctx, eckey, out, cb, cbarg)) - ok = 1; - ec_free(eckey); - } - return ok; -} - -static int ec_pub_pem(void *vctx, void *eckey, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(vctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_write_pub_pem_from_obj(out, eckey, EVP_PKEY_EC, - ossl_prov_prepare_ec_params, - ossl_prov_ec_pub_to_der); - BIO_free(out); - - return ret; -} - -static int ec_pub_print_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *ec_new; - OSSL_FUNC_keymgmt_free_fn *ec_free; - OSSL_FUNC_keymgmt_import_fn *ec_import; - int ok = 0; - - ec_get_new_free_import(&ec_new, &ec_free, &ec_import); - - if (ec_import != NULL) { - EC_KEY *eckey; - - /* ctx == provctx */ - if ((eckey = ec_new(vctx)) != NULL - && ec_import(eckey, EC_SELECT_PUBLIC_IMPORTABLE, params) - && ec_pub_print(vctx, eckey, out, cb, cbarg)) - ok = 1; - ec_free(eckey); - } - return ok; -} - -static int ec_pub_print(void *vctx, void *eckey, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(vctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_print_eckey(out, eckey, ec_print_pub); - BIO_free(out); - - return ret; -} - -const OSSL_DISPATCH ec_pub_der_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))ec_pub_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))ec_pub_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))ec_pub_der_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))ec_pub_der }, - { 0, NULL } -}; - -const OSSL_DISPATCH ec_pub_pem_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))ec_pub_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))ec_pub_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))ec_pub_pem_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))ec_pub_pem }, - { 0, NULL } -}; - -const OSSL_DISPATCH ec_pub_text_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))ec_pub_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))ec_pub_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))ec_pub_print }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, - (void (*)(void))ec_pub_print_data }, - { 0, NULL } -}; diff --git a/providers/implementations/encode_decode/encoder_ecx.c b/providers/implementations/encode_decode/encoder_ecx.c deleted file mode 100644 index 83de9fe002..0000000000 --- a/providers/implementations/encode_decode/encoder_ecx.c +++ /dev/null @@ -1,145 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/ecx.h" -#include "prov/bio.h" /* ossl_prov_bio_printf() */ -#include "prov/implementations.h" /* ecx_keymgmt_functions */ -#include "encoder_local.h" - -void ecx_get_new_free_import(ECX_KEY_TYPE type, - OSSL_FUNC_keymgmt_new_fn **ecx_new, - OSSL_FUNC_keymgmt_free_fn **ecx_free, - OSSL_FUNC_keymgmt_import_fn **ecx_import) -{ - if (type == ECX_KEY_TYPE_X25519) { - *ecx_new = ossl_prov_get_keymgmt_new(x25519_keymgmt_functions); - *ecx_free = ossl_prov_get_keymgmt_free(x25519_keymgmt_functions); - *ecx_import = ossl_prov_get_keymgmt_import(x25519_keymgmt_functions); - } else if (type == ECX_KEY_TYPE_X448) { - *ecx_new = ossl_prov_get_keymgmt_new(x448_keymgmt_functions); - *ecx_free = ossl_prov_get_keymgmt_free(x448_keymgmt_functions); - *ecx_import = ossl_prov_get_keymgmt_import(x448_keymgmt_functions); - } else if (type == ECX_KEY_TYPE_ED25519) { - *ecx_new = ossl_prov_get_keymgmt_new(ed25519_keymgmt_functions); - *ecx_free = ossl_prov_get_keymgmt_free(ed25519_keymgmt_functions); - *ecx_import = ossl_prov_get_keymgmt_import(ed25519_keymgmt_functions); - } else if (type == ECX_KEY_TYPE_ED448) { - *ecx_new = ossl_prov_get_keymgmt_new(ed448_keymgmt_functions); - *ecx_free = ossl_prov_get_keymgmt_free(ed448_keymgmt_functions); - *ecx_import = ossl_prov_get_keymgmt_import(ed448_keymgmt_functions); - } else { - *ecx_new = NULL; - *ecx_free = NULL; - *ecx_import = NULL; - } -} - - -int ossl_prov_print_ecx(BIO *out, ECX_KEY *ecxkey, enum ecx_print_type type) -{ - const char *type_label = NULL; - - switch (type) { - case ecx_print_priv: - switch (ecxkey->type) { - case ECX_KEY_TYPE_X25519: - type_label = "X25519 Private-Key"; - break; - case ECX_KEY_TYPE_X448: - type_label = "X448 Private-Key"; - break; - case ECX_KEY_TYPE_ED25519: - type_label = "ED25519 Private-Key"; - break; - case ECX_KEY_TYPE_ED448: - type_label = "ED448 Private-Key"; - break; - } - break; - case ecx_print_pub: - switch (ecxkey->type) { - case ECX_KEY_TYPE_X25519: - type_label = "X25519 Public-Key"; - break; - case ECX_KEY_TYPE_X448: - type_label = "X448 Public-Key"; - break; - case ECX_KEY_TYPE_ED25519: - type_label = "ED25519 Public-Key"; - break; - case ECX_KEY_TYPE_ED448: - type_label = "ED448 Public-Key"; - break; - } - break; - } - - if (type == ecx_print_priv && ecxkey->privkey == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (BIO_printf(out, "%s:\n", type_label) <= 0) - return 0; - if (type == ecx_print_priv - && !ossl_prov_print_labeled_buf(out, "priv:", ecxkey->privkey, - ecxkey->keylen)) - return 0; - if (!ossl_prov_print_labeled_buf(out, "pub:", ecxkey->pubkey, - ecxkey->keylen)) - return 0; - - return 1; -} - - -int ossl_prov_ecx_pub_to_der(const void *vecxkey, unsigned char **pder) -{ - const ECX_KEY *ecxkey = vecxkey; - unsigned char *keyblob; - - if (ecxkey == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - keyblob = OPENSSL_memdup(ecxkey->pubkey, ecxkey->keylen); - if (keyblob == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - return 0; - } - - *pder = keyblob; - return ecxkey->keylen; -} - -int ossl_prov_ecx_priv_to_der(const void *vecxkey, unsigned char **pder) -{ - const ECX_KEY *ecxkey = vecxkey; - ASN1_OCTET_STRING oct; - int keybloblen; - - if (ecxkey == NULL || ecxkey->privkey == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - oct.data = ecxkey->privkey; - oct.length = ecxkey->keylen; - oct.flags = 0; - - keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder); - if (keybloblen < 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - return 0; - } - - return keybloblen; -} diff --git a/providers/implementations/encode_decode/encoder_ecx_priv.c b/providers/implementations/encode_decode/encoder_ecx_priv.c deleted file mode 100644 index cd0190aa7c..0000000000 --- a/providers/implementations/encode_decode/encoder_ecx_priv.c +++ /dev/null @@ -1,307 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include "crypto/ecx.h" -#include "prov/bio.h" -#include "prov/implementations.h" -#include "prov/provider_ctx.h" -#include "encoder_local.h" - -static OSSL_FUNC_encoder_newctx_fn x25519_priv_newctx; -static OSSL_FUNC_encoder_newctx_fn x448_priv_newctx; -static OSSL_FUNC_encoder_newctx_fn ed25519_priv_newctx; -static OSSL_FUNC_encoder_newctx_fn ed448_priv_newctx; -static OSSL_FUNC_encoder_freectx_fn ecx_priv_freectx; -static OSSL_FUNC_encoder_set_ctx_params_fn ecx_priv_set_ctx_params; -static OSSL_FUNC_encoder_settable_ctx_params_fn ecx_priv_settable_ctx_params; -static OSSL_FUNC_encoder_encode_data_fn ecx_priv_der_data; -static OSSL_FUNC_encoder_encode_object_fn ecx_priv_der; -static OSSL_FUNC_encoder_encode_data_fn ecx_priv_pem_data; -static OSSL_FUNC_encoder_encode_object_fn ecx_priv_pem; - -static OSSL_FUNC_encoder_encode_data_fn ecx_priv_print_data; -static OSSL_FUNC_encoder_encode_object_fn ecx_priv_print; - -/* - * Context used for private key encoding. - */ -struct ecx_priv_ctx_st { - void *provctx; - - struct pkcs8_encrypt_ctx_st sc; - ECX_KEY_TYPE type; -}; - -/* Private key : context */ -static void *ecx_priv_newctx(void *provctx, ECX_KEY_TYPE type) -{ - struct ecx_priv_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx != NULL) { - ctx->provctx = provctx; - - /* -1 is the "whatever" indicator, i.e. the PKCS8 library default PBE */ - ctx->sc.pbe_nid = -1; - ctx->type = type; - } - return ctx; -} - -static void *x25519_priv_newctx(void *provctx) -{ - return ecx_priv_newctx(provctx, ECX_KEY_TYPE_X25519); -} - -static void *x448_priv_newctx(void *provctx) -{ - return ecx_priv_newctx(provctx, ECX_KEY_TYPE_X448); -} - -static void *ed25519_priv_newctx(void *provctx) -{ - return ecx_priv_newctx(provctx, ECX_KEY_TYPE_ED25519); -} - -static void *ed448_priv_newctx(void *provctx) -{ - return ecx_priv_newctx(provctx, ECX_KEY_TYPE_ED448); -} - -static void ecx_priv_freectx(void *vctx) -{ - struct ecx_priv_ctx_st *ctx = vctx; - - EVP_CIPHER_free(ctx->sc.cipher); - OPENSSL_free(ctx->sc.cipher_pass); - OPENSSL_free(ctx); -} - -static const OSSL_PARAM *ecx_priv_settable_ctx_params(ossl_unused void *provctx) -{ - static const OSSL_PARAM settables[] = { - OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0), - OSSL_PARAM_octet_string(OSSL_ENCODER_PARAM_PASS, NULL, 0), - OSSL_PARAM_END, - }; - - return settables; -} - -static int ecx_priv_set_ctx_params(void *vctx, const OSSL_PARAM params[]) -{ - struct ecx_priv_ctx_st *ctx = vctx; - const OSSL_PARAM *p; - - p = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER); - if (p != NULL) { - const OSSL_PARAM *propsp = - OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES); - const char *props; - - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - if (propsp != NULL && propsp->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - props = (propsp != NULL ? propsp->data : NULL); - - EVP_CIPHER_free(ctx->sc.cipher); - ctx->sc.cipher_intent = p->data != NULL; - if (p->data != NULL - && ((ctx->sc.cipher = EVP_CIPHER_fetch(NULL, p->data, props)) - == NULL)) - return 0; - } - p = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PASS); - if (p != NULL) { - OPENSSL_free(ctx->sc.cipher_pass); - ctx->sc.cipher_pass = NULL; - if (!OSSL_PARAM_get_octet_string(p, &ctx->sc.cipher_pass, 0, - &ctx->sc.cipher_pass_length)) - return 0; - } - return 1; -} - -/* Private key : DER */ -static int ecx_priv_der_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct ecx_priv_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *ecx_new; - OSSL_FUNC_keymgmt_free_fn *ecx_free; - OSSL_FUNC_keymgmt_import_fn *ecx_import; - int ok = 0; - - ecx_get_new_free_import(ctx->type, &ecx_new, &ecx_free, &ecx_import); - - if (ecx_import != NULL) { - ECX_KEY *ecxkey; - - if ((ecxkey = ecx_new(ctx->provctx)) != NULL - && ecx_import(ecxkey, OSSL_KEYMGMT_SELECT_KEYPAIR, params) - && ecx_priv_der(ctx, ecxkey, out, cb, cbarg)) - ok = 1; - ecx_free(ecxkey); - } - return ok; -} - -static int ecx_priv_der(void *vctx, void *vecxkey, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct ecx_priv_ctx_st *ctx = vctx; - ECX_KEY *ecxkey = vecxkey; - int ret; - int nid = KEYTYPE2NID(ctx->type); - BIO *out = bio_new_from_core_bio(ctx->provctx, cout); - - if (out == NULL) - return 0; - - ctx->sc.cb = cb; - ctx->sc.cbarg = cbarg; - - ret = ossl_prov_write_priv_der_from_obj(out, ecxkey, - nid, - NULL, - ossl_prov_ecx_priv_to_der, - &ctx->sc); - BIO_free(out); - - return ret; -} - -/* Private key : PEM */ -static int ecx_priv_pem_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct ecx_priv_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *ecx_new; - OSSL_FUNC_keymgmt_free_fn *ecx_free; - OSSL_FUNC_keymgmt_import_fn *ecx_import; - int ok = 0; - - ecx_get_new_free_import(ctx->type, &ecx_new, &ecx_free, &ecx_import); - - if (ecx_import != NULL) { - ECX_KEY *ecxkey; - - if ((ecxkey = ecx_new(ctx->provctx)) != NULL - && ecx_import(ecxkey, OSSL_KEYMGMT_SELECT_KEYPAIR, params) - && ecx_priv_pem(ctx->provctx, ecxkey, out, cb, cbarg)) - ok = 1; - ecx_free(ecxkey); - } - return ok; -} - -static int ecx_priv_pem(void *vctx, void *ecxkey, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct ecx_priv_ctx_st *ctx = vctx; - int ret; - int nid = KEYTYPE2NID(ctx->type); - BIO *out = bio_new_from_core_bio(ctx->provctx, cout); - - if (out == NULL) - return 0; - - ctx->sc.cb = cb; - ctx->sc.cbarg = cbarg; - - ret = ossl_prov_write_priv_pem_from_obj(out, ecxkey, - nid, - NULL, - ossl_prov_ecx_priv_to_der, - &ctx->sc); - BIO_free(out); - - return ret; -} - -static int ecx_priv_print_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct ecx_priv_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *ecx_new; - OSSL_FUNC_keymgmt_free_fn *ecx_free; - OSSL_FUNC_keymgmt_import_fn *ecx_import; - int ok = 0; - - ecx_get_new_free_import(ctx->type, &ecx_new, &ecx_free, &ecx_import); - - if (ecx_import != NULL) { - ECX_KEY *ecxkey; - - if ((ecxkey = ecx_new(ctx->provctx)) != NULL - && ecx_import(ecxkey, OSSL_KEYMGMT_SELECT_KEYPAIR, params) - && ecx_priv_print(ctx, ecxkey, out, cb, cbarg)) - ok = 1; - ecx_free(ecxkey); - } - return ok; -} - -static int ecx_priv_print(void *vctx, void *ecxkey, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct ecx_priv_ctx_st *ctx = vctx; - BIO *out = bio_new_from_core_bio(ctx->provctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_print_ecx(out, ecxkey, ecx_print_priv); - BIO_free(out); - - return ret; -} - -#define MAKE_ENCODER_FUNCTIONS(alg, type) \ - const OSSL_DISPATCH alg##_priv_##type##_encoder_functions[] = { \ - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))alg##_priv_newctx }, \ - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))ecx_priv_freectx }, \ - { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \ - (void (*)(void))ecx_priv_set_ctx_params }, \ - { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))ecx_priv_settable_ctx_params }, \ - { OSSL_FUNC_ENCODER_ENCODE_DATA, \ - (void (*)(void))ecx_priv_##type##_data }, \ - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, \ - (void (*)(void))ecx_priv_##type }, \ - { 0, NULL } \ - }; - -#define MAKE_ENCODER_FUNCTIONS_GROUP(alg) \ - MAKE_ENCODER_FUNCTIONS(alg, der) \ - MAKE_ENCODER_FUNCTIONS(alg, pem) \ - const OSSL_DISPATCH alg##_priv_print_encoder_functions[] = { \ - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))alg##_priv_newctx }, \ - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))ecx_priv_freectx }, \ - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, \ - (void (*)(void))ecx_priv_print }, \ - { OSSL_FUNC_ENCODER_ENCODE_DATA, \ - (void (*)(void))ecx_priv_print_data }, \ - { 0, NULL } \ - }; - -MAKE_ENCODER_FUNCTIONS_GROUP(x25519) -MAKE_ENCODER_FUNCTIONS_GROUP(x448) -MAKE_ENCODER_FUNCTIONS_GROUP(ed25519) -MAKE_ENCODER_FUNCTIONS_GROUP(ed448) diff --git a/providers/implementations/encode_decode/encoder_ecx_pub.c b/providers/implementations/encode_decode/encoder_ecx_pub.c deleted file mode 100644 index a4350d84cf..0000000000 --- a/providers/implementations/encode_decode/encoder_ecx_pub.c +++ /dev/null @@ -1,226 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "crypto/ecx.h" -#include "prov/bio.h" -#include "prov/implementations.h" -#include "prov/provider_ctx.h" -#include "encoder_local.h" - -static OSSL_FUNC_encoder_newctx_fn x25519_pub_newctx; -static OSSL_FUNC_encoder_newctx_fn x448_pub_newctx; -static OSSL_FUNC_encoder_newctx_fn ed25519_pub_newctx; -static OSSL_FUNC_encoder_newctx_fn ed448_pub_newctx; -static OSSL_FUNC_encoder_freectx_fn ecx_pub_freectx; -static OSSL_FUNC_encoder_encode_data_fn ecx_pub_der_data; -static OSSL_FUNC_encoder_encode_object_fn ecx_pub_der; -static OSSL_FUNC_encoder_encode_data_fn ecx_pub_pem_data; -static OSSL_FUNC_encoder_encode_object_fn ecx_pub_pem; - -static OSSL_FUNC_encoder_encode_data_fn ecx_pub_print_data; -static OSSL_FUNC_encoder_encode_object_fn ecx_pub_print; - -/* - * Context used for public key encoding. - */ -struct ecx_pub_ctx_st { - void *provctx; - ECX_KEY_TYPE type; -}; - -/* Public key : context */ -static void *ecx_pub_newctx(void *provctx, ECX_KEY_TYPE type) -{ - struct ecx_pub_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx != NULL) { - ctx->provctx = provctx; - ctx->type = type; - } - return ctx; -} - -static void *x25519_pub_newctx(void *provctx) -{ - return ecx_pub_newctx(provctx, ECX_KEY_TYPE_X25519); -} - -static void *x448_pub_newctx(void *provctx) -{ - return ecx_pub_newctx(provctx, ECX_KEY_TYPE_X448); -} - -static void *ed25519_pub_newctx(void *provctx) -{ - return ecx_pub_newctx(provctx, ECX_KEY_TYPE_ED25519); -} - -static void *ed448_pub_newctx(void *provctx) -{ - return ecx_pub_newctx(provctx, ECX_KEY_TYPE_ED448); -} - -static void ecx_pub_freectx(void *ctx) -{ - OPENSSL_free(ctx); -} - -/* Public key : DER */ -static int ecx_pub_der_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct ecx_pub_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *ecx_new; - OSSL_FUNC_keymgmt_free_fn *ecx_free; - OSSL_FUNC_keymgmt_import_fn *ecx_import; - int ok = 0; - - ecx_get_new_free_import(ctx->type, &ecx_new, &ecx_free, &ecx_import); - - if (ecx_import != NULL) { - ECX_KEY *ecxkey; - - if ((ecxkey = ecx_new(ctx->provctx)) != NULL - && ecx_import(ecxkey, OSSL_KEYMGMT_SELECT_PUBLIC_KEY, params) - && ecx_pub_der(ctx, ecxkey, out, cb, cbarg)) - ok = 1; - ecx_free(ecxkey); - } - return ok; -} - -static int ecx_pub_der(void *vctx, void *ecxkey, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct ecx_pub_ctx_st *ctx = vctx; - BIO *out = bio_new_from_core_bio(ctx->provctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_write_pub_der_from_obj(out, ecxkey, - KEYTYPE2NID(ctx->type), - NULL, - ossl_prov_ecx_pub_to_der); - BIO_free(out); - - return ret; -} - -/* Public key : PEM */ -static int ecx_pub_pem_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct ecx_pub_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *ecx_new; - OSSL_FUNC_keymgmt_free_fn *ecx_free; - OSSL_FUNC_keymgmt_import_fn *ecx_import; - int ok = 0; - - ecx_get_new_free_import(ctx->type, &ecx_new, &ecx_free, &ecx_import); - - if (ecx_import != NULL) { - ECX_KEY *ecxkey; - - if ((ecxkey = ecx_new(ctx->provctx)) != NULL - && ecx_import(ecxkey, OSSL_KEYMGMT_SELECT_PUBLIC_KEY, params) - && ecx_pub_pem(ctx, ecxkey, out, cb, cbarg)) - ok = 1; - ecx_free(ecxkey); - } - return ok; -} - -static int ecx_pub_pem(void *vctx, void *ecxkey, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct ecx_pub_ctx_st *ctx = vctx; - BIO *out = bio_new_from_core_bio(ctx->provctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_write_pub_pem_from_obj(out, ecxkey, - KEYTYPE2NID(ctx->type), - NULL, - ossl_prov_ecx_pub_to_der); - BIO_free(out); - - return ret; -} - -static int ecx_pub_print_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct ecx_pub_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *ecx_new; - OSSL_FUNC_keymgmt_free_fn *ecx_free; - OSSL_FUNC_keymgmt_import_fn *ecx_import; - int ok = 0; - - ecx_get_new_free_import(ctx->type, &ecx_new, &ecx_free, &ecx_import); - - if (ecx_import != NULL) { - ECX_KEY *ecxkey; - - if ((ecxkey = ecx_new(ctx)) != NULL - && ecx_import(ecxkey, OSSL_KEYMGMT_SELECT_PUBLIC_KEY, params) - && ecx_pub_print(ctx, ecxkey, out, cb, cbarg)) - ok = 1; - ecx_free(ecxkey); - } - return ok; -} - -static int ecx_pub_print(void *vctx, void *ecxkey, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct ecx_pub_ctx_st *ctx = vctx; - BIO *out = bio_new_from_core_bio(ctx->provctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_print_ecx(out, ecxkey, ecx_print_pub); - BIO_free(out); - - return ret; -} - -#define MAKE_ENCODER_FUNCTIONS(alg, type) \ - const OSSL_DISPATCH alg##_pub_##type##_encoder_functions[] = { \ - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))alg##_pub_newctx }, \ - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))ecx_pub_freectx }, \ - { OSSL_FUNC_ENCODER_ENCODE_DATA, \ - (void (*)(void))ecx_pub_##type##_data }, \ - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, \ - (void (*)(void))ecx_pub_##type }, \ - { 0, NULL } \ - }; - -#define MAKE_ENCODER_FUNCTIONS_GROUP(alg) \ - MAKE_ENCODER_FUNCTIONS(alg, der) \ - MAKE_ENCODER_FUNCTIONS(alg, pem) \ - MAKE_ENCODER_FUNCTIONS(alg, print) - -MAKE_ENCODER_FUNCTIONS_GROUP(x25519) -MAKE_ENCODER_FUNCTIONS_GROUP(x448) -MAKE_ENCODER_FUNCTIONS_GROUP(ed25519) -MAKE_ENCODER_FUNCTIONS_GROUP(ed448) diff --git a/providers/implementations/encode_decode/encoder_ffc_params.c b/providers/implementations/encode_decode/encoder_ffc_params.c deleted file mode 100644 index 67ec50c9b8..0000000000 --- a/providers/implementations/encode_decode/encoder_ffc_params.c +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Utility function for printing DSA/DH params. */ - -#include "prov/bio.h" -#include "encoder_local.h" - -int ffc_params_prov_print(BIO *out, const FFC_PARAMS *ffc) -{ - if (ffc->nid != NID_undef) { -#ifndef OPENSSL_NO_DH - const char *name = ffc_named_group_from_uid(ffc->nid); - - if (name == NULL) - goto err; - if (BIO_printf(out, "GROUP: %s\n", name) <= 0) - goto err; - return 1; -#else - /* How could this be? We should not have a nid in a no-dh build. */ - goto err; -#endif - } - - if (!ossl_prov_print_labeled_bignum(out, "P: ", ffc->p)) - goto err; - if (ffc->q != NULL) { - if (!ossl_prov_print_labeled_bignum(out, "Q: ", ffc->q)) - goto err; - } - if (!ossl_prov_print_labeled_bignum(out, "G: ", ffc->g)) - goto err; - if (ffc->j != NULL) { - if (!ossl_prov_print_labeled_bignum(out, "J: ", ffc->j)) - goto err; - } - if (ffc->seed != NULL) { - if (!ossl_prov_print_labeled_buf(out, "SEED:", ffc->seed, ffc->seedlen)) - goto err; - } - if (ffc->gindex != -1) { - if (BIO_printf(out, "gindex: %d\n", ffc->gindex) <= 0) - goto err; - } - if (ffc->pcounter != -1) { - if (BIO_printf(out, "pcounter: %d\n", ffc->pcounter) <= 0) - goto err; - } - if (ffc->h != 0) { - if (BIO_printf(out, "h: %d\n", ffc->h) <= 0) - goto err; - } - return 1; -err: - return 0; -} diff --git a/providers/implementations/encode_decode/encoder_local.h b/providers/implementations/encode_decode/encoder_local.h deleted file mode 100644 index 7a1f29f7e9..0000000000 --- a/providers/implementations/encode_decode/encoder_local.h +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include /* i2d_of_void */ -#include /* X509_SIG */ -#include -#include -#include "internal/ffc.h" - -struct pkcs8_encrypt_ctx_st { - /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */ - int cipher_intent; - - EVP_CIPHER *cipher; - int pbe_nid; /* For future variation */ - - /* Passphrase that was passed by the caller */ - void *cipher_pass; - size_t cipher_pass_length; - - /* This callback is only used of |cipher_pass| is NULL */ - OSSL_PASSPHRASE_CALLBACK *cb; - void *cbarg; -}; - -OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_new(const OSSL_DISPATCH *fns); -OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_free(const OSSL_DISPATCH *fns); -OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_import(const OSSL_DISPATCH *fns); -OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_export(const OSSL_DISPATCH *fns); - -OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_rsa_new(void); -OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_rsapss_new(void); -OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_rsa_free(void); -OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_rsa_import(void); -OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_rsa_export(void); -OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_rsapss_export(void); -OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_dh_new(void); -OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_dh_free(void); -OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_dh_import(void); -OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_dsa_new(void); -OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_dsa_free(void); -OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_dsa_import(void); - -void ec_get_new_free_import(OSSL_FUNC_keymgmt_new_fn **ec_new, - OSSL_FUNC_keymgmt_free_fn **ec_free, - OSSL_FUNC_keymgmt_import_fn **ec_import); - -int ossl_prov_prepare_ec_params(const void *eckey, int nid, - void **pstr, int *pstrtype); -int ossl_prov_ec_pub_to_der(const void *eckey, unsigned char **pder); -int ossl_prov_ec_priv_to_der(const void *eckey, unsigned char **pder); - -int ffc_params_prov_print(BIO *out, const FFC_PARAMS *ffc); -int ossl_prov_prepare_dh_params(const void *dh, int nid, - void **pstr, int *pstrtype); -int ossl_prov_dh_pub_to_der(const void *dh, unsigned char **pder); -int ossl_prov_dh_priv_to_der(const void *dh, unsigned char **pder); -int ossl_prov_dh_type_to_evp(const DH *dh); - -#ifndef OPENSSL_NO_EC -void ecx_get_new_free_import(ECX_KEY_TYPE type, - OSSL_FUNC_keymgmt_new_fn **ecx_new, - OSSL_FUNC_keymgmt_free_fn **ecx_free, - OSSL_FUNC_keymgmt_import_fn **ecx_import); -int ossl_prov_ecx_pub_to_der(const void *ecxkey, unsigned char **pder); -int ossl_prov_ecx_priv_to_der(const void *ecxkey, unsigned char **pder); -#endif - -int ossl_prov_prepare_dsa_params(const void *dsa, int nid, - void **pstr, int *pstrtype); -/* - * Special variant of ossl_prov_prepare_dsa_params() that requires all - * three parameters (P, Q and G) to be set. This is used when encoding - * the public key. - */ -int ossl_prov_prepare_all_dsa_params(const void *dsa, int nid, - void **pstr, int *pstrtype); -int ossl_prov_dsa_pub_to_der(const void *dsa, unsigned char **pder); -int ossl_prov_dsa_priv_to_der(const void *dsa, unsigned char **pder); - -/* - * ossl_prov_prepare_rsa_params() is designed to work with the ossl_prov_write_ - * functions, hence 'void *rsa' rather than 'RSA *rsa'. - */ -int ossl_prov_prepare_rsa_params(const void *rsa, int nid, - void **pstr, int *pstrtype); -int ossl_prov_rsa_type_to_evp(const RSA *rsa); - -int ossl_prov_print_labeled_bignum(BIO *out, const char *label, - const BIGNUM *bn); -int ossl_prov_print_labeled_buf(BIO *out, const char *label, - const unsigned char *buf, size_t buflen); -int ossl_prov_print_rsa(BIO *out, RSA *rsa, int priv); - -enum dh_print_type { - dh_print_priv, - dh_print_pub, - dh_print_params -}; - -int ossl_prov_print_dh(BIO *out, DH *dh, enum dh_print_type type); - -#ifndef OPENSSL_NO_EC -enum ec_print_type { - ec_print_priv, - ec_print_pub, - ec_print_params -}; - -int ossl_prov_print_eckey(BIO *out, EC_KEY *eckey, enum ec_print_type type); -#endif /* OPENSSL_NO_EC */ - -enum dsa_print_type { - dsa_print_priv, - dsa_print_pub, - dsa_print_params -}; - -int ossl_prov_print_dsa(BIO *out, DSA *dsa, enum dsa_print_type type); - -enum ecx_print_type { - ecx_print_priv, - ecx_print_pub -}; - -#ifndef OPENSSL_NO_EC -int ossl_prov_print_ecx(BIO *out, ECX_KEY *ecxkey, enum ecx_print_type type); -#endif - -int ossl_prov_write_priv_der_from_obj(BIO *out, const void *obj, int obj_nid, - int (*p2s)(const void *obj, int nid, - void **str, - int *strtype), - int (*k2d)(const void *obj, - unsigned char **pder), - struct pkcs8_encrypt_ctx_st *ctx); -int ossl_prov_write_priv_pem_from_obj(BIO *out, const void *obj, int obj_nid, - int (*p2s)(const void *obj, int nid, - void **str, - int *strtype), - int (*k2d)(const void *obj, - unsigned char **pder), - struct pkcs8_encrypt_ctx_st *ctx); -int ossl_prov_write_pub_der_from_obj(BIO *out, const void *obj, int obj_nid, - int (*p2s)(const void *obj, int nid, - void **str, - int *strtype), - int (*k2d)(const void *obj, - unsigned char **pder)); -int ossl_prov_write_pub_pem_from_obj(BIO *out, const void *obj, int obj_nid, - int (*p2s)(const void *obj, int nid, - void **str, - int *strtype), - int (*k2d)(const void *obj, - unsigned char **pder)); - -int ossl_prov_read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin, - unsigned char **data, long *len); -int ossl_prov_read_pem(PROV_CTX *provctx, OSSL_CORE_BIO *cin, - char **pem_name, char **pem_header, - unsigned char **data, long *len); -#ifndef OPENSSL_NO_DSA -EVP_PKEY *ossl_prov_read_msblob(PROV_CTX *provctx, OSSL_CORE_BIO *cin, - int *ispub); -# ifndef OPENSSL_NO_RC4 -EVP_PKEY *ossl_prov_read_pvk(PROV_CTX *provctx, OSSL_CORE_BIO *cin, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg); -# endif -#endif - -int ossl_prov_der_from_p8(unsigned char **new_der, long *new_der_len, - unsigned char *input_der, long input_der_len, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg); - diff --git a/providers/implementations/encode_decode/encoder_rsa.c b/providers/implementations/encode_decode/encoder_rsa.c deleted file mode 100644 index cd9ff3b7dd..0000000000 --- a/providers/implementations/encode_decode/encoder_rsa.c +++ /dev/null @@ -1,277 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include "internal/packet.h" -#include "crypto/rsa.h" /* rsa_get0_all_params() */ -#include "prov/bio.h" /* ossl_prov_bio_printf() */ -#include "prov/der_rsa.h" /* DER_w_RSASSA_PSS_params() */ -#include "prov/implementations.h" /* rsa_keymgmt_functions */ -#include "encoder_local.h" - -DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) - -OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_rsa_new(void) -{ - return ossl_prov_get_keymgmt_new(rsa_keymgmt_functions); -} - -OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_rsapss_new(void) -{ - return ossl_prov_get_keymgmt_new(rsapss_keymgmt_functions); -} - -OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_rsa_free(void) -{ - return ossl_prov_get_keymgmt_free(rsa_keymgmt_functions); -} - -OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_rsa_import(void) -{ - return ossl_prov_get_keymgmt_import(rsa_keymgmt_functions); -} - -OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_rsa_export(void) -{ - return ossl_prov_get_keymgmt_export(rsa_keymgmt_functions); -} - -OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_rsapss_export(void) -{ - return ossl_prov_get_keymgmt_export(rsapss_keymgmt_functions); -} - -int ossl_prov_print_rsa(BIO *out, RSA *rsa, int priv) -{ - const char *modulus_label; - const char *exponent_label; - const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL; - STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null(); - STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null(); - STACK_OF(BIGNUM_const) *coeffs = sk_BIGNUM_const_new_null(); - RSA_PSS_PARAMS_30 *pss_params = rsa_get0_pss_params_30(rsa); - int ret = 0; - - if (rsa == NULL || factors == NULL || exps == NULL || coeffs == NULL) - goto err; - - RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d); - rsa_get0_all_params(rsa, factors, exps, coeffs); - - if (priv && rsa_d != NULL) { - if (BIO_printf(out, "Private-Key: (%d bit, %d primes)\n", - BN_num_bits(rsa_n), - sk_BIGNUM_const_num(factors)) <= 0) - goto err; - modulus_label = "modulus:"; - exponent_label = "publicExponent:"; - } else { - if (BIO_printf(out, "Public-Key: (%d bit)\n", BN_num_bits(rsa_n)) <= 0) - goto err; - modulus_label = "Modulus:"; - exponent_label = "Exponent:"; - } - if (!ossl_prov_print_labeled_bignum(out, modulus_label, rsa_n)) - goto err; - if (!ossl_prov_print_labeled_bignum(out, exponent_label, rsa_e)) - goto err; - if (priv) { - int i; - - if (!ossl_prov_print_labeled_bignum(out, "privateExponent:", rsa_d)) - goto err; - if (!ossl_prov_print_labeled_bignum(out, "prime1:", - sk_BIGNUM_const_value(factors, 0))) - goto err; - if (!ossl_prov_print_labeled_bignum(out, "prime2:", - sk_BIGNUM_const_value(factors, 1))) - goto err; - if (!ossl_prov_print_labeled_bignum(out, "exponent1:", - sk_BIGNUM_const_value(exps, 0))) - goto err; - if (!ossl_prov_print_labeled_bignum(out, "exponent2:", - sk_BIGNUM_const_value(exps, 1))) - goto err; - if (!ossl_prov_print_labeled_bignum(out, "coefficient:", - sk_BIGNUM_const_value(coeffs, 0))) - goto err; - for (i = 2; i < sk_BIGNUM_const_num(factors); i++) { - if (BIO_printf(out, "prime%d:", i + 1) <= 0) - goto err; - if (!ossl_prov_print_labeled_bignum(out, NULL, - sk_BIGNUM_const_value(factors, - i))) - goto err; - if (BIO_printf(out, "exponent%d:", i + 1) <= 0) - goto err; - if (!ossl_prov_print_labeled_bignum(out, NULL, - sk_BIGNUM_const_value(exps, i))) - goto err; - if (BIO_printf(out, "coefficient%d:", i + 1) <= 0) - goto err; - if (!ossl_prov_print_labeled_bignum(out, NULL, - sk_BIGNUM_const_value(coeffs, - i - 1))) - goto err; - } - } - - switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { - case RSA_FLAG_TYPE_RSA: - if (!rsa_pss_params_30_is_unrestricted(pss_params)) { - if (BIO_printf(out, "(INVALID PSS PARAMETERS)\n") <= 0) - goto err; - } - break; - case RSA_FLAG_TYPE_RSASSAPSS: - if (rsa_pss_params_30_is_unrestricted(pss_params)) { - if (BIO_printf(out, "No PSS parameter restrictions\n") <= 0) - goto err; - } else { - int hashalg_nid = rsa_pss_params_30_hashalg(pss_params); - int maskgenalg_nid = rsa_pss_params_30_maskgenalg(pss_params); - int maskgenhashalg_nid = - rsa_pss_params_30_maskgenhashalg(pss_params); - int saltlen = rsa_pss_params_30_saltlen(pss_params); - int trailerfield = rsa_pss_params_30_trailerfield(pss_params); - - if (BIO_printf(out, "PSS parameter restrictions:\n") <= 0) - goto err; - if (BIO_printf(out, " Hash Algorithm: %s%s\n", - rsa_oaeppss_nid2name(hashalg_nid), - (hashalg_nid == NID_sha1 - ? " (default)" : "")) <= 0) - goto err; - if (BIO_printf(out, " Mask Algorithm: %s with %s%s\n", - rsa_mgf_nid2name(maskgenalg_nid), - rsa_oaeppss_nid2name(maskgenhashalg_nid), - (maskgenalg_nid == NID_mgf1 - && maskgenhashalg_nid == NID_sha1 - ? " (default)" : "")) <= 0) - goto err; - if (BIO_printf(out, " Minimum Salt Length: %d%s\n", - saltlen, - (saltlen == 20 ? " (default)" : "")) <= 0) - goto err; - /* - * TODO(3.0) Should we show the ASN.1 trailerField value, or - * the actual trailerfield byte (i.e. 0xBC for 1)? - * crypto/rsa/rsa_ameth.c isn't very clear on that, as it - * does display 0xBC when the default applies, but the ASN.1 - * trailerField value otherwise... - */ - if (BIO_printf(out, " Trailer Field: 0x%x%s\n", - trailerfield, - (trailerfield == 1 ? " (default)" : "")) - <= 0) - goto err; - } - break; - } - - ret = 1; - err: - sk_BIGNUM_const_free(factors); - sk_BIGNUM_const_free(exps); - sk_BIGNUM_const_free(coeffs); - return ret; -} - -/* - * Helper functions to prepare RSA-PSS params for encoding. We would - * have simply written the whole AlgorithmIdentifier, but existing libcrypto - * functionality doesn't allow that. - */ - -int ossl_prov_prepare_rsa_params(const void *rsa, int nid, - void **pstr, int *pstrtype) -{ - const RSA_PSS_PARAMS_30 *pss = rsa_get0_pss_params_30((RSA *)rsa); - - *pstr = NULL; - - switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { - case RSA_FLAG_TYPE_RSA: - /* If plain RSA, the parameters shall be NULL */ - *pstrtype = V_ASN1_NULL; - return 1; - case RSA_FLAG_TYPE_RSASSAPSS: - if (rsa_pss_params_30_is_unrestricted(pss)) { - *pstrtype = V_ASN1_UNDEF; - return 1; - } else { - ASN1_STRING *astr = NULL; - WPACKET pkt; - unsigned char *str = NULL; - size_t str_sz = 0; - int i; - - for (i = 0; i < 2; i++) { - switch (i) { - case 0: - if (!WPACKET_init_null_der(&pkt)) - goto err; - break; - case 1: - if ((str = OPENSSL_malloc(str_sz)) == NULL - || !WPACKET_init_der(&pkt, str, str_sz)) { - goto err; - } - break; - } - if (!DER_w_RSASSA_PSS_params(&pkt, -1, pss) - || !WPACKET_finish(&pkt) - || !WPACKET_get_total_written(&pkt, &str_sz)) - goto err; - WPACKET_cleanup(&pkt); - - /* - * If no PSS parameters are going to be written, there's no - * point going for another iteration. - * This saves us from getting |str| allocated just to have it - * immediately de-allocated. - */ - if (str_sz == 0) - break; - } - - if ((astr = ASN1_STRING_new()) == NULL) - goto err; - *pstrtype = V_ASN1_SEQUENCE; - ASN1_STRING_set0(astr, str, (int)str_sz); - *pstr = astr; - - return 1; - err: - OPENSSL_free(str); - return 0; - } - } - - /* Currently unsupported RSA key type */ - return 0; -} - -int ossl_prov_rsa_type_to_evp(const RSA *rsa) -{ - switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { - case RSA_FLAG_TYPE_RSA: - return EVP_PKEY_RSA; - case RSA_FLAG_TYPE_RSASSAPSS: - return EVP_PKEY_RSA_PSS; - } - - /* Currently unsupported RSA key type */ - return EVP_PKEY_NONE; -} diff --git a/providers/implementations/encode_decode/encoder_rsa_priv.c b/providers/implementations/encode_decode/encoder_rsa_priv.c deleted file mode 100644 index 7be37dd49a..0000000000 --- a/providers/implementations/encode_decode/encoder_rsa_priv.c +++ /dev/null @@ -1,297 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include "crypto/rsa.h" -#include "prov/bio.h" -#include "prov/implementations.h" -#include "prov/providercommonerr.h" -#include "prov/provider_ctx.h" -#include "encoder_local.h" - -#define RSA_SELECT_PRIVATE_IMPORTABLE \ - (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) - -static OSSL_FUNC_encoder_newctx_fn rsa_priv_newctx; -static OSSL_FUNC_encoder_freectx_fn rsa_priv_freectx; -static OSSL_FUNC_encoder_set_ctx_params_fn rsa_priv_set_ctx_params; -static OSSL_FUNC_encoder_settable_ctx_params_fn rsa_priv_settable_ctx_params; -static OSSL_FUNC_encoder_encode_data_fn rsa_priv_der_data; -static OSSL_FUNC_encoder_encode_object_fn rsa_priv_der; -static OSSL_FUNC_encoder_encode_data_fn rsa_pem_priv_data; -static OSSL_FUNC_encoder_encode_object_fn rsa_pem_priv; - -static OSSL_FUNC_encoder_newctx_fn rsa_print_newctx; -static OSSL_FUNC_encoder_freectx_fn rsa_print_freectx; -static OSSL_FUNC_encoder_encode_data_fn rsa_priv_print_data; -static OSSL_FUNC_encoder_encode_object_fn rsa_priv_print; - -/* - * Context used for private key encoding. - */ -struct rsa_priv_ctx_st { - void *provctx; - - struct pkcs8_encrypt_ctx_st sc; -}; - -/* Private key : context */ -static void *rsa_priv_newctx(void *provctx) -{ - struct rsa_priv_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx != NULL) { - ctx->provctx = provctx; - /* -1 is the "whatever" indicator, i.e. the PKCS8 library default PBE */ - ctx->sc.pbe_nid = -1; - } - return ctx; -} - -static void rsa_priv_freectx(void *vctx) -{ - struct rsa_priv_ctx_st *ctx = vctx; - - EVP_CIPHER_free(ctx->sc.cipher); - OPENSSL_free(ctx->sc.cipher_pass); - OPENSSL_free(ctx); -} - -static const OSSL_PARAM *rsa_priv_settable_ctx_params(ossl_unused void *provctx) -{ - static const OSSL_PARAM settables[] = { - OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0), - OSSL_PARAM_octet_string(OSSL_ENCODER_PARAM_PASS, NULL, 0), - OSSL_PARAM_END, - }; - - return settables; -} - -static int rsa_priv_set_ctx_params(void *vctx, const OSSL_PARAM params[]) -{ - struct rsa_priv_ctx_st *ctx = vctx; - const OSSL_PARAM *p; - - if ((p = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER)) - != NULL) { - const OSSL_PARAM *propsp = - OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES); - const char *props = NULL; - - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - if (propsp != NULL && propsp->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - props = (propsp != NULL ? propsp->data : NULL); - - EVP_CIPHER_free(ctx->sc.cipher); - ctx->sc.cipher_intent = p->data != NULL; - if (p->data != NULL - && ((ctx->sc.cipher = EVP_CIPHER_fetch(NULL, p->data, props)) - == NULL)) - return 0; - } - if ((p = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PASS)) - != NULL) { - OPENSSL_free(ctx->sc.cipher_pass); - ctx->sc.cipher_pass = NULL; - if (!OSSL_PARAM_get_octet_string(p, &ctx->sc.cipher_pass, 0, - &ctx->sc.cipher_pass_length)) - return 0; - } - return 1; -} - -/* Private key : DER */ -static int rsa_priv_der_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct rsa_priv_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new(); - OSSL_FUNC_keymgmt_free_fn *rsa_free = ossl_prov_get_keymgmt_rsa_free(); - OSSL_FUNC_keymgmt_import_fn *rsa_import = ossl_prov_get_keymgmt_rsa_import(); - int ok = 0; - - if (rsa_import != NULL) { - RSA *rsa; - - if ((rsa = rsa_new(ctx->provctx)) != NULL - && rsa_import(rsa, RSA_SELECT_PRIVATE_IMPORTABLE, params) - && rsa_priv_der(ctx, rsa, out, cb, cbarg)) - ok = 1; - rsa_free(rsa); - } - return ok; -} - -static int rsa_priv_der(void *vctx, void *rsa, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct rsa_priv_ctx_st *ctx = vctx; - int ret; - BIO *out = bio_new_from_core_bio(ctx->provctx, cout); - - if (out == NULL) - return 0; - - ctx->sc.cb = cb; - ctx->sc.cbarg = cbarg; - - ret = ossl_prov_write_priv_der_from_obj(out, rsa, - ossl_prov_rsa_type_to_evp(rsa), - ossl_prov_prepare_rsa_params, - (i2d_of_void *)i2d_RSAPrivateKey, - &ctx->sc); - BIO_free(out); - - return ret; -} - -/* Private key : PEM */ -static int rsa_pem_priv_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct rsa_priv_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new(); - OSSL_FUNC_keymgmt_free_fn *rsa_free = ossl_prov_get_keymgmt_rsa_free(); - OSSL_FUNC_keymgmt_import_fn *rsa_import = ossl_prov_get_keymgmt_rsa_import(); - int ok = 0; - - if (rsa_import != NULL) { - RSA *rsa; - - if ((rsa = rsa_new(ctx->provctx)) != NULL - && rsa_import(rsa, RSA_SELECT_PRIVATE_IMPORTABLE, params) - && rsa_pem_priv(ctx, rsa, out, cb, cbarg)) - ok = 1; - rsa_free(rsa); - } - return ok; -} - -static int rsa_pem_priv(void *vctx, void *rsa, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct rsa_priv_ctx_st *ctx = vctx; - int ret; - BIO *out = bio_new_from_core_bio(ctx->provctx, cout); - - if (out == NULL) - return 0; - - ctx->sc.cb = cb; - ctx->sc.cbarg = cbarg; - - ret = ossl_prov_write_priv_pem_from_obj(out, rsa, - ossl_prov_rsa_type_to_evp(rsa), - ossl_prov_prepare_rsa_params, - (i2d_of_void *)i2d_RSAPrivateKey, - &ctx->sc); - BIO_free(out); - - return ret; -} - -/* - * There's no specific print context, so we use the provider context - */ -static void *rsa_print_newctx(void *provctx) -{ - return provctx; -} - -static void rsa_print_freectx(void *ctx) -{ -} - -static int rsa_priv_print_data(void *vctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - struct rsa_priv_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new(); - OSSL_FUNC_keymgmt_free_fn *rsa_free = ossl_prov_get_keymgmt_rsa_free(); - OSSL_FUNC_keymgmt_import_fn *rsa_import = ossl_prov_get_keymgmt_rsa_import(); - int ok = 0; - - if (rsa_import != NULL) { - RSA *rsa; - - if ((rsa = rsa_new(ctx->provctx)) != NULL - && rsa_import(rsa, RSA_SELECT_PRIVATE_IMPORTABLE, params) - && rsa_priv_print(ctx, rsa, out, cb, cbarg)) - ok = 1; - rsa_free(rsa); - } - return ok; -} - -static int rsa_priv_print(void *ctx, void *rsa, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_print_rsa(out, rsa, 1); - BIO_free(out); - - return ret; -} - -const OSSL_DISPATCH rsa_priv_der_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))rsa_priv_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))rsa_priv_freectx }, - { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, - (void (*)(void))rsa_priv_set_ctx_params }, - { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, - (void (*)(void))rsa_priv_settable_ctx_params }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))rsa_priv_der_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))rsa_priv_der }, - { 0, NULL } -}; - -const OSSL_DISPATCH rsa_priv_pem_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))rsa_priv_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))rsa_priv_freectx }, - { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, - (void (*)(void))rsa_priv_set_ctx_params }, - { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, - (void (*)(void))rsa_priv_settable_ctx_params }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))rsa_pem_priv_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))rsa_pem_priv }, - { 0, NULL } -}; - -const OSSL_DISPATCH rsa_priv_text_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))rsa_print_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))rsa_print_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))rsa_priv_print }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, - (void (*)(void))rsa_priv_print_data }, - { 0, NULL } -}; diff --git a/providers/implementations/encode_decode/encoder_rsa_pub.c b/providers/implementations/encode_decode/encoder_rsa_pub.c deleted file mode 100644 index 73bb466767..0000000000 --- a/providers/implementations/encode_decode/encoder_rsa_pub.c +++ /dev/null @@ -1,196 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include "prov/bio.h" -#include "prov/implementations.h" -#include "prov/providercommonerr.h" -#include "prov/provider_ctx.h" -#include "encoder_local.h" - -#define RSA_SELECT_PUBLIC_IMPORTABLE \ - (OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) - -static OSSL_FUNC_encoder_newctx_fn rsa_pub_newctx; -static OSSL_FUNC_encoder_freectx_fn rsa_pub_freectx; -static OSSL_FUNC_encoder_encode_data_fn rsa_pub_der_data; -static OSSL_FUNC_encoder_encode_object_fn rsa_pub_der; -static OSSL_FUNC_encoder_encode_data_fn rsa_pub_pem_data; -static OSSL_FUNC_encoder_encode_object_fn rsa_pub_pem; - -static OSSL_FUNC_encoder_encode_data_fn rsa_pub_print_data; -static OSSL_FUNC_encoder_encode_object_fn rsa_pub_print; - -/* Public key : context */ - -/* - * There's no specific implementation context, so we use the provider context - */ -static void *rsa_pub_newctx(void *provctx) -{ - return provctx; -} - -static void rsa_pub_freectx(void *ctx) -{ -} - -/* Public key : DER */ -static int rsa_pub_der_data(void *ctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new(); - OSSL_FUNC_keymgmt_free_fn *rsa_free = ossl_prov_get_keymgmt_rsa_free(); - OSSL_FUNC_keymgmt_import_fn *rsa_import = ossl_prov_get_keymgmt_rsa_import(); - int ok = 0; - - if (rsa_import != NULL) { - RSA *rsa; - - /* ctx == provctx */ - if ((rsa = rsa_new(ctx)) != NULL - && rsa_import(rsa, RSA_SELECT_PUBLIC_IMPORTABLE, params) - && rsa_pub_der(ctx, rsa, out, cb, cbarg)) - ok = 1; - rsa_free(rsa); - } - return ok; -} - -static int rsa_pub_der(void *ctx, void *rsa, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_write_pub_der_from_obj(out, rsa, - ossl_prov_rsa_type_to_evp(rsa), - ossl_prov_prepare_rsa_params, - (i2d_of_void *)i2d_RSAPublicKey); - BIO_free(out); - - return ret; -} - -/* Public key : PEM */ -static int rsa_pub_pem_data(void *ctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new(); - OSSL_FUNC_keymgmt_free_fn *rsa_free = ossl_prov_get_keymgmt_rsa_free(); - OSSL_FUNC_keymgmt_import_fn *rsa_import = ossl_prov_get_keymgmt_rsa_import(); - int ok = 0; - - if (rsa_import != NULL) { - RSA *rsa; - - /* ctx == provctx */ - if ((rsa = rsa_new(ctx)) != NULL - && rsa_import(rsa, RSA_SELECT_PUBLIC_IMPORTABLE, params) - && rsa_pub_pem(ctx, rsa, out, cb, cbarg)) - ok = 1; - rsa_free(rsa); - } - return ok; -} - -static int rsa_pub_pem(void *ctx, void *rsa, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_write_pub_pem_from_obj(out, rsa, - ossl_prov_rsa_type_to_evp(rsa), - ossl_prov_prepare_rsa_params, - (i2d_of_void *)i2d_RSAPublicKey); - BIO_free(out); - - return ret; -} - -static int rsa_pub_print_data(void *ctx, const OSSL_PARAM params[], - OSSL_CORE_BIO *out, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - OSSL_FUNC_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new(); - OSSL_FUNC_keymgmt_free_fn *rsa_free = ossl_prov_get_keymgmt_rsa_free(); - OSSL_FUNC_keymgmt_import_fn *rsa_import = ossl_prov_get_keymgmt_rsa_import(); - int ok = 0; - - if (rsa_import != NULL) { - RSA *rsa; - - /* ctx == provctx */ - if ((rsa = rsa_new(ctx)) != NULL - && rsa_import(rsa, RSA_SELECT_PUBLIC_IMPORTABLE, params) - && rsa_pub_print(ctx, rsa, out, cb, cbarg)) - ok = 1; - rsa_free(rsa); - } - return ok; -} - -static int rsa_pub_print(void *ctx, void *rsa, OSSL_CORE_BIO *cout, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - BIO *out = bio_new_from_core_bio(ctx, cout); - int ret; - - if (out == NULL) - return 0; - - ret = ossl_prov_print_rsa(out, rsa, 0); - BIO_free(out); - - return ret; -} - -const OSSL_DISPATCH rsa_pub_der_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))rsa_pub_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))rsa_pub_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))rsa_pub_der_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))rsa_pub_der }, - { 0, NULL } -}; - -const OSSL_DISPATCH rsa_pub_pem_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))rsa_pub_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))rsa_pub_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, (void (*)(void))rsa_pub_pem_data }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))rsa_pub_pem }, - { 0, NULL } -}; - -const OSSL_DISPATCH rsa_pub_text_encoder_functions[] = { - { OSSL_FUNC_ENCODER_NEWCTX, (void (*)(void))rsa_pub_newctx }, - { OSSL_FUNC_ENCODER_FREECTX, (void (*)(void))rsa_pub_freectx }, - { OSSL_FUNC_ENCODER_ENCODE_OBJECT, (void (*)(void))rsa_pub_print }, - { OSSL_FUNC_ENCODER_ENCODE_DATA, - (void (*)(void))rsa_pub_print_data }, - { 0, NULL } -}; diff --git a/providers/implementations/encode_decode/endecoder_common.c b/providers/implementations/encode_decode/endecoder_common.c new file mode 100644 index 0000000000..c85fe915ac --- /dev/null +++ b/providers/implementations/encode_decode/endecoder_common.c @@ -0,0 +1,84 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#include "endecoder_local.h" + +OSSL_FUNC_keymgmt_new_fn * +ossl_prov_get_keymgmt_new(const OSSL_DISPATCH *fns) +{ + /* Pilfer the keymgmt dispatch table */ + for (; fns->function_id != 0; fns++) + if (fns->function_id == OSSL_FUNC_KEYMGMT_NEW) + return OSSL_FUNC_keymgmt_new(fns); + + return NULL; +} + +OSSL_FUNC_keymgmt_free_fn * +ossl_prov_get_keymgmt_free(const OSSL_DISPATCH *fns) +{ + /* Pilfer the keymgmt dispatch table */ + for (; fns->function_id != 0; fns++) + if (fns->function_id == OSSL_FUNC_KEYMGMT_FREE) + return OSSL_FUNC_keymgmt_free(fns); + + return NULL; +} + +OSSL_FUNC_keymgmt_import_fn * +ossl_prov_get_keymgmt_import(const OSSL_DISPATCH *fns) +{ + /* Pilfer the keymgmt dispatch table */ + for (; fns->function_id != 0; fns++) + if (fns->function_id == OSSL_FUNC_KEYMGMT_IMPORT) + return OSSL_FUNC_keymgmt_import(fns); + + return NULL; +} + +OSSL_FUNC_keymgmt_export_fn * +ossl_prov_get_keymgmt_export(const OSSL_DISPATCH *fns) +{ + /* Pilfer the keymgmt dispatch table */ + for (; fns->function_id != 0; fns++) + if (fns->function_id == OSSL_FUNC_KEYMGMT_EXPORT) + return OSSL_FUNC_keymgmt_export(fns); + + return NULL; +} + +void *ossl_prov_import_key(const OSSL_DISPATCH *fns, void *provctx, + int selection, const OSSL_PARAM params[]) +{ + OSSL_FUNC_keymgmt_new_fn *kmgmt_new = ossl_prov_get_keymgmt_new(fns); + OSSL_FUNC_keymgmt_free_fn *kmgmt_free = ossl_prov_get_keymgmt_free(fns); + OSSL_FUNC_keymgmt_import_fn *kmgmt_import = + ossl_prov_get_keymgmt_import(fns); + void *key = NULL; + + if (kmgmt_new != NULL && kmgmt_import != NULL && kmgmt_free != NULL) { + if ((key = kmgmt_new(provctx)) == NULL + || !kmgmt_import(key, selection, params)) { + kmgmt_free(key); + key = NULL; + } + } + return key; +} + +void ossl_prov_free_key(const OSSL_DISPATCH *fns, void *key) +{ + OSSL_FUNC_keymgmt_free_fn *kmgmt_free = ossl_prov_get_keymgmt_free(fns); + + if (kmgmt_free != NULL) + kmgmt_free(key); +} + diff --git a/providers/implementations/encode_decode/endecoder_local.h b/providers/implementations/encode_decode/endecoder_local.h new file mode 100644 index 0000000000..ab431b8086 --- /dev/null +++ b/providers/implementations/encode_decode/endecoder_local.h @@ -0,0 +1,26 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include "prov/provider_ctx.h" + +OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_new(const OSSL_DISPATCH *fns); +OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_free(const OSSL_DISPATCH *fns); +OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_import(const OSSL_DISPATCH *fns); +OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_export(const OSSL_DISPATCH *fns); + +int ossl_prov_der_from_p8(unsigned char **new_der, long *new_der_len, + unsigned char *input_der, long input_der_len, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg); + +void *ossl_prov_import_key(const OSSL_DISPATCH *fns, void *provctx, + int selection, const OSSL_PARAM params[]); +void ossl_prov_free_key(const OSSL_DISPATCH *fns, void *key); diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index 7060a4b839..91c5df40ec 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -305,71 +305,72 @@ extern const OSSL_DISPATCH mac_legacy_cmac_signature_functions[]; extern const OSSL_DISPATCH rsa_asym_cipher_functions[]; /* Encoders */ -extern const OSSL_DISPATCH rsa_priv_text_encoder_functions[]; -extern const OSSL_DISPATCH rsa_pub_text_encoder_functions[]; -extern const OSSL_DISPATCH rsa_priv_der_encoder_functions[]; -extern const OSSL_DISPATCH rsa_pub_der_encoder_functions[]; -extern const OSSL_DISPATCH rsa_priv_pem_encoder_functions[]; -extern const OSSL_DISPATCH rsa_pub_pem_encoder_functions[]; +extern const OSSL_DISPATCH rsa_priv_to_text_encoder_functions[]; +extern const OSSL_DISPATCH rsa_pub_to_text_encoder_functions[]; +extern const OSSL_DISPATCH rsa_priv_to_der_encoder_functions[]; +extern const OSSL_DISPATCH rsa_pub_to_der_encoder_functions[]; +extern const OSSL_DISPATCH rsa_priv_to_pem_encoder_functions[]; +extern const OSSL_DISPATCH rsa_pub_to_pem_encoder_functions[]; -extern const OSSL_DISPATCH dh_priv_text_encoder_functions[]; -extern const OSSL_DISPATCH dh_pub_text_encoder_functions[]; -extern const OSSL_DISPATCH dh_param_text_encoder_functions[]; -extern const OSSL_DISPATCH dh_priv_der_encoder_functions[]; -extern const OSSL_DISPATCH dh_pub_der_encoder_functions[]; -extern const OSSL_DISPATCH dh_param_der_encoder_functions[]; -extern const OSSL_DISPATCH dh_priv_pem_encoder_functions[]; -extern const OSSL_DISPATCH dh_pub_pem_encoder_functions[]; -extern const OSSL_DISPATCH dh_param_pem_encoder_functions[]; +extern const OSSL_DISPATCH dh_priv_to_text_encoder_functions[]; +extern const OSSL_DISPATCH dh_pub_to_text_encoder_functions[]; +extern const OSSL_DISPATCH dh_param_to_text_encoder_functions[]; +extern const OSSL_DISPATCH dh_priv_to_der_encoder_functions[]; +extern const OSSL_DISPATCH dh_pub_to_der_encoder_functions[]; +extern const OSSL_DISPATCH dh_param_to_der_encoder_functions[]; +extern const OSSL_DISPATCH dh_priv_to_pem_encoder_functions[]; +extern const OSSL_DISPATCH dh_pub_to_pem_encoder_functions[]; +extern const OSSL_DISPATCH dh_param_to_pem_encoder_functions[]; -extern const OSSL_DISPATCH dsa_priv_text_encoder_functions[]; -extern const OSSL_DISPATCH dsa_pub_text_encoder_functions[]; -extern const OSSL_DISPATCH dsa_param_text_encoder_functions[]; -extern const OSSL_DISPATCH dsa_priv_der_encoder_functions[]; -extern const OSSL_DISPATCH dsa_pub_der_encoder_functions[]; -extern const OSSL_DISPATCH dsa_param_der_encoder_functions[]; -extern const OSSL_DISPATCH dsa_priv_pem_encoder_functions[]; -extern const OSSL_DISPATCH dsa_pub_pem_encoder_functions[]; -extern const OSSL_DISPATCH dsa_param_pem_encoder_functions[]; +extern const OSSL_DISPATCH dsa_priv_to_text_encoder_functions[]; +extern const OSSL_DISPATCH dsa_pub_to_text_encoder_functions[]; +extern const OSSL_DISPATCH dsa_param_to_text_encoder_functions[]; +extern const OSSL_DISPATCH dsa_priv_to_der_encoder_functions[]; +extern const OSSL_DISPATCH dsa_pub_to_der_encoder_functions[]; +extern const OSSL_DISPATCH dsa_param_to_der_encoder_functions[]; +extern const OSSL_DISPATCH dsa_priv_to_pem_encoder_functions[]; +extern const OSSL_DISPATCH dsa_pub_to_pem_encoder_functions[]; +extern const OSSL_DISPATCH dsa_param_to_pem_encoder_functions[]; -extern const OSSL_DISPATCH x25519_priv_print_encoder_functions[]; -extern const OSSL_DISPATCH x25519_pub_print_encoder_functions[]; -extern const OSSL_DISPATCH x25519_priv_der_encoder_functions[]; -extern const OSSL_DISPATCH x25519_pub_der_encoder_functions[]; -extern const OSSL_DISPATCH x25519_priv_pem_encoder_functions[]; -extern const OSSL_DISPATCH x25519_pub_pem_encoder_functions[]; +extern const OSSL_DISPATCH x25519_priv_to_text_encoder_functions[]; +extern const OSSL_DISPATCH x25519_pub_to_text_encoder_functions[]; +extern const OSSL_DISPATCH x25519_priv_to_der_encoder_functions[]; +extern const OSSL_DISPATCH x25519_pub_to_der_encoder_functions[]; +extern const OSSL_DISPATCH x25519_priv_to_pem_encoder_functions[]; +extern const OSSL_DISPATCH x25519_pub_to_pem_encoder_functions[]; -extern const OSSL_DISPATCH x448_priv_print_encoder_functions[]; -extern const OSSL_DISPATCH x448_pub_print_encoder_functions[]; -extern const OSSL_DISPATCH x448_priv_der_encoder_functions[]; -extern const OSSL_DISPATCH x448_pub_der_encoder_functions[]; -extern const OSSL_DISPATCH x448_priv_pem_encoder_functions[]; -extern const OSSL_DISPATCH x448_pub_pem_encoder_functions[]; +extern const OSSL_DISPATCH x448_priv_to_text_encoder_functions[]; +extern const OSSL_DISPATCH x448_pub_to_text_encoder_functions[]; +extern const OSSL_DISPATCH x448_priv_to_der_encoder_functions[]; +extern const OSSL_DISPATCH x448_pub_to_der_encoder_functions[]; +extern const OSSL_DISPATCH x448_priv_to_pem_encoder_functions[]; +extern const OSSL_DISPATCH x448_pub_to_pem_encoder_functions[]; -extern const OSSL_DISPATCH ed25519_priv_print_encoder_functions[]; -extern const OSSL_DISPATCH ed25519_pub_print_encoder_functions[]; -extern const OSSL_DISPATCH ed25519_priv_der_encoder_functions[]; -extern const OSSL_DISPATCH ed25519_pub_der_encoder_functions[]; -extern const OSSL_DISPATCH ed25519_priv_pem_encoder_functions[]; -extern const OSSL_DISPATCH ed25519_pub_pem_encoder_functions[]; +extern const OSSL_DISPATCH ed25519_priv_to_text_encoder_functions[]; +extern const OSSL_DISPATCH ed25519_pub_to_text_encoder_functions[]; +extern const OSSL_DISPATCH ed25519_priv_to_der_encoder_functions[]; +extern const OSSL_DISPATCH ed25519_pub_to_der_encoder_functions[]; +extern const OSSL_DISPATCH ed25519_priv_to_pem_encoder_functions[]; +extern const OSSL_DISPATCH ed25519_pub_to_pem_encoder_functions[]; -extern const OSSL_DISPATCH ed448_priv_print_encoder_functions[]; -extern const OSSL_DISPATCH ed448_pub_print_encoder_functions[]; -extern const OSSL_DISPATCH ed448_priv_der_encoder_functions[]; -extern const OSSL_DISPATCH ed448_pub_der_encoder_functions[]; -extern const OSSL_DISPATCH ed448_priv_pem_encoder_functions[]; -extern const OSSL_DISPATCH ed448_pub_pem_encoder_functions[]; +extern const OSSL_DISPATCH ed448_priv_to_text_encoder_functions[]; +extern const OSSL_DISPATCH ed448_pub_to_text_encoder_functions[]; +extern const OSSL_DISPATCH ed448_priv_to_der_encoder_functions[]; +extern const OSSL_DISPATCH ed448_pub_to_der_encoder_functions[]; +extern const OSSL_DISPATCH ed448_priv_to_pem_encoder_functions[]; +extern const OSSL_DISPATCH ed448_pub_to_pem_encoder_functions[]; -extern const OSSL_DISPATCH ec_priv_text_encoder_functions[]; -extern const OSSL_DISPATCH ec_pub_text_encoder_functions[]; -extern const OSSL_DISPATCH ec_param_text_encoder_functions[]; -extern const OSSL_DISPATCH ec_priv_der_encoder_functions[]; -extern const OSSL_DISPATCH ec_pub_der_encoder_functions[]; -extern const OSSL_DISPATCH ec_param_der_encoder_functions[]; -extern const OSSL_DISPATCH ec_priv_pem_encoder_functions[]; -extern const OSSL_DISPATCH ec_pub_pem_encoder_functions[]; -extern const OSSL_DISPATCH ec_param_pem_encoder_functions[]; +extern const OSSL_DISPATCH ec_priv_to_text_encoder_functions[]; +extern const OSSL_DISPATCH ec_pub_to_text_encoder_functions[]; +extern const OSSL_DISPATCH ec_param_to_text_encoder_functions[]; +extern const OSSL_DISPATCH ec_priv_to_der_encoder_functions[]; +extern const OSSL_DISPATCH ec_pub_to_der_encoder_functions[]; +extern const OSSL_DISPATCH ec_param_to_der_encoder_functions[]; +extern const OSSL_DISPATCH ec_priv_to_pem_encoder_functions[]; +extern const OSSL_DISPATCH ec_pub_to_pem_encoder_functions[]; +extern const OSSL_DISPATCH ec_param_to_pem_encoder_functions[]; +/* Decoders */ extern const OSSL_DISPATCH der_to_dh_decoder_functions[]; extern const OSSL_DISPATCH der_to_dhx_decoder_functions[]; extern const OSSL_DISPATCH der_to_dsa_decoder_functions[]; From no-reply at appveyor.com Wed Sep 9 15:12:27 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 09 Sep 2020 15:12:27 +0000 Subject: Build completed: openssl master.36781 Message-ID: <20200909151227.1.78CBBF5C77CE31E5@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.com Wed Sep 9 16:10:21 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 09 Sep 2020 16:10:21 +0000 Subject: Errored: openssl/openssl#37328 (master - e942111) In-Reply-To: Message-ID: <5f58fe6d6394a_13fc0eaae334c66972b@travis-pro-tasks-556b9bb49b-bv267.mail> Build Update for openssl/openssl ------------------------------------- Build: #37328 Status: Errored Duration: 1 hr, 29 mins, and 42 secs Commit: e942111 (master) Author: Pauli Message: In a non-shared build, don't include the md5 object files in legacy provider Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11961) View the changeset: https://github.com/openssl/openssl/compare/b434b2c08d20...e942111267f2 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183504905?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kurt at openssl.org Wed Sep 9 16:33:02 2020 From: kurt at openssl.org (Kurt Roeckx) Date: Wed, 09 Sep 2020 16:33:02 +0000 Subject: [openssl] master update Message-ID: <1599669182.268637.22385.nullmailer@dev.openssl.org> The branch master has been updated via 10203a34725ec75136b03d64fd2126b321419ac1 (commit) from 8ae40cf57d2138af92a3479e23f35037ae8c5c30 (commit) - Log ----------------------------------------------------------------- commit 10203a34725ec75136b03d64fd2126b321419ac1 Author: Kurt Roeckx Date: Sat Apr 13 15:52:47 2019 +0200 Support writing RSA keys using the traditional format again Fixes: #6855 Reviewed-by: Richard Levitte GH: #8743 ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 4 ++-- apps/genrsa.c | 20 +++++++++++++++----- apps/rsa.c | 17 ++++++++++++++--- doc/man1/openssl-genrsa.pod.in | 5 +++++ doc/man1/openssl-rsa.pod.in | 12 +++++------- doc/man1/openssl.pod | 2 +- test/testrsa.pem | 19 ++++++++++--------- 7 files changed, 52 insertions(+), 27 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index c2bbf0d167..0f6880d716 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -353,8 +353,8 @@ OpenSSL 3.0 *Paul Dale* * The command line utilities genrsa and rsa have been modified to use PKEY - APIs These commands are now in maintenance mode and no new features will - be added to them. + APIs. They now write PKCS#8 keys by default. These commands are now in + maintenance mode and no new features will be added to them. *Paul Dale* diff --git a/apps/genrsa.c b/apps/genrsa.c index 4f589e98c1..04315a559b 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -38,7 +38,7 @@ typedef enum OPTION_choice { #endif OPT_F4, OPT_ENGINE, OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES, OPT_VERBOSE, - OPT_R_ENUM, OPT_PROV_ENUM + OPT_R_ENUM, OPT_PROV_ENUM, OPT_TRADITIONAL } OPTION_CHOICE; const OPTIONS genrsa_options[] = { @@ -62,6 +62,8 @@ const OPTIONS genrsa_options[] = { {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"primes", OPT_PRIMES, 'p', "Specify number of primes"}, {"verbose", OPT_VERBOSE, '-', "Verbose output"}, + {"traditional", OPT_TRADITIONAL, '-', + "Use traditional format for private keys"}, {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, OPT_R_OPTIONS, @@ -88,7 +90,7 @@ int genrsa_main(int argc, char **argv) char *outfile = NULL, *passoutarg = NULL, *passout = NULL; char *prog, *hexe, *dece; OPTION_CHOICE o; - unsigned char *ebuf = NULL; + int traditional = 0; if (bn == NULL || cb == NULL) goto end; @@ -141,6 +143,9 @@ opthelp: case OPT_VERBOSE: verbose = 1; break; + case OPT_TRADITIONAL: + traditional = 1; + break; } } argc = opt_num_rest(); @@ -214,8 +219,14 @@ opthelp: OPENSSL_free(hexe); OPENSSL_free(dece); } - if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) - goto end; + if (traditional) { + if (!PEM_write_bio_PrivateKey_traditional(out, pkey, enc, NULL, 0, + NULL, passout)) + goto end; + } else { + if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) + goto end; + } ret = 0; end: @@ -226,7 +237,6 @@ opthelp: BIO_free_all(out); release_engine(eng); OPENSSL_free(passout); - OPENSSL_free(ebuf); if (ret != 0) ERR_print_errors(bio_err); return ret; diff --git a/apps/rsa.c b/apps/rsa.c index 0464729f71..fdee96d570 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -31,7 +31,7 @@ typedef enum OPTION_choice { /* Do not change the order here; see case statements below */ OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG, OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER, - OPT_PROV_ENUM + OPT_PROV_ENUM, OPT_TRADITIONAL } OPTION_CHOICE; const OPTIONS rsa_options[] = { @@ -59,6 +59,8 @@ const OPTIONS rsa_options[] = { {"noout", OPT_NOOUT, '-', "Don't print key out"}, {"text", OPT_TEXT, '-', "Print the key in text"}, {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"}, + {"traditional", OPT_TRADITIONAL, '-', + "Use traditional format for private keys"}, #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) OPT_SECTION("PVK"), @@ -88,6 +90,7 @@ int rsa_main(int argc, char **argv) int pvk_encr = 2; #endif OPTION_CHOICE o; + int traditional = 0; prog = opt_init(argc, argv, rsa_options); while ((o = opt_next()) != OPT_EOF) { @@ -163,6 +166,9 @@ int rsa_main(int argc, char **argv) if (!opt_provider(o)) goto end; break; + case OPT_TRADITIONAL: + traditional = 1; + break; } } argc = opt_num_rest(); @@ -280,8 +286,13 @@ int rsa_main(int argc, char **argv) i = PEM_write_bio_RSA_PUBKEY(out, rsa); } else { assert(private); - i = PEM_write_bio_RSAPrivateKey(out, rsa, - enc, NULL, 0, NULL, passout); + if (traditional) { + i = PEM_write_bio_PrivateKey_traditional(out, pkey, enc, NULL, 0, + NULL, passout); + } else { + i = PEM_write_bio_PrivateKey(out, pkey, + enc, NULL, 0, NULL, passout); + } } #ifndef OPENSSL_NO_DSA } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { diff --git a/doc/man1/openssl-genrsa.pod.in b/doc/man1/openssl-genrsa.pod.in index 33aa60ca4e..3f81e29eb4 100644 --- a/doc/man1/openssl-genrsa.pod.in +++ b/doc/man1/openssl-genrsa.pod.in @@ -28,6 +28,7 @@ B B [B<-3>] [B<-primes> I] [B<-verbose>] +[B<-traditional>] {- $OpenSSL::safe::opt_r_synopsis -} {- $OpenSSL::safe::opt_engine_synopsis -} {- $OpenSSL::safe::opt_provider_synopsis -} @@ -83,6 +84,10 @@ RSA key, which is defined in RFC 8017. Print extra details about the operations being performed. +=item B<-traditional> + +Write the key using the traditional PKCS#1 format instead of the PKCS#8 format. + {- $OpenSSL::safe::opt_r_item -} {- $OpenSSL::safe::opt_engine_item -} diff --git a/doc/man1/openssl-rsa.pod.in b/doc/man1/openssl-rsa.pod.in index 4f9c41d668..722e4d584c 100644 --- a/doc/man1/openssl-rsa.pod.in +++ b/doc/man1/openssl-rsa.pod.in @@ -34,6 +34,7 @@ B B [B<-text>] [B<-noout>] [B<-modulus>] +[B<-traditional>] [B<-check>] [B<-pubin>] [B<-pubout>] @@ -47,10 +48,7 @@ B B =head1 DESCRIPTION This command processes RSA keys. They can be converted between -various forms and their components printed out. B this command uses the -traditional SSLeay compatible format for private key encryption: newer -applications should use the more secure PKCS#8 format using the -L command. +various forms and their components printed out. =head1 OPTIONS @@ -72,10 +70,10 @@ See L for details. The key output format; the default is B. See L for details. -=item B<-inform> B|B +=item B<-traditional> -The data is a PKCS#1 B or B object. -On input, PKCS#8 format private keys are also accepted. +When writing a private key, use the traditional PKCS#1 format +instead of the PKCS#8 format. =item B<-in> I diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index 2c56cc278c..1f344217a2 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -529,7 +529,7 @@ parameters start with a minus sign: Several OpenSSL commands can take input or generate output in a variety of formats. Since OpenSSL 3.0 keys, single certificates, and CRLs can be read from -files in any of the B, B, or B formats, +files in any of the B, B or B formats, while specifying their input format is no more needed. The list of acceptable formats, and the default, is diff --git a/test/testrsa.pem b/test/testrsa.pem index aad21067a8..8648f10e37 100644 --- a/test/testrsa.pem +++ b/test/testrsa.pem @@ -1,9 +1,10 @@ ------BEGIN RSA PRIVATE KEY----- -MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I -Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R -rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy -oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S -mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz -rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA -mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM= ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAqtt6qS5GTxVxGZYW +a0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO/Re1uwLKXdCjIoaGs4DLdG88rkzf +yK5dPQIDAQABAkBndyfNodcz9vEZpHkJHVGsPWoUEBV+hAWI4f248mAxqgC6hASK +w8dVxkMpw6/jASDr9MicAhcGcSKC2q9HO7KhAiEA9yBnNSrfJWigBqii/xRtc/Go +eXCjoYEyqe/bTHOR/pkCIQCw/gGchpBMzxKa9ykdnBAl2Z0ceQYoCzfsN/GLrsdu +RQIhAJ5kaWIdcVrTvUWnTpl5aVHYAOidNnOskGF1N7S/mkJ5AiEAhl+SIaAYFfhw +i65yTMSbjeD1YxSPE//QaUrf28jKKHECIQCbKZ6EVFPQy+pbnEAoDHs+CS3wdUrB +WFzYvAYocTQNkw== +-----END PRIVATE KEY----- From builds at travis-ci.com Wed Sep 9 17:11:17 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 09 Sep 2020 17:11:17 +0000 Subject: Errored: openssl/openssl#37329 (master - b7a8fb5) In-Reply-To: Message-ID: <5f590cb4a8483_13ff1c4da62a42136ce@travis-pro-tasks-6b5cc5bc6c-f8xcj.mail> Build Update for openssl/openssl ------------------------------------- Build: #37329 Status: Errored Duration: 1 hr, 30 mins, and 48 secs Commit: b7a8fb5 (master) Author: Pauli Message: s_time: check return values better Reviewed-by: Dmitry Belyavskiy Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12808) View the changeset: https://github.com/openssl/openssl/compare/e942111267f2...b7a8fb52a95d View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183505139?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Sep 9 18:52:16 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 Sep 2020 18:52:16 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console Message-ID: <1599677536.128469.4402.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui-console/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=211, Tests=3560, 744 wallclock secs (13.36 usr 1.26 sys + 633.76 cusr 67.34 csys = 715.72 CPU) Result: FAIL Makefile:3193: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui-console' Makefile:3191: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Wed Sep 9 20:19:52 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 09 Sep 2020 20:19:52 +0000 Subject: Errored: openssl/openssl#37333 (master - ce43db7) In-Reply-To: Message-ID: <5f5938e87195a_13fb18711f134411980@travis-pro-tasks-6b5cc5bc6c-rmlf5.mail> Build Update for openssl/openssl ------------------------------------- Build: #37333 Status: Errored Duration: 1 hr, 19 mins, and 35 secs Commit: ce43db7 (master) Author: Jon Spillett Message: Fix up issue on AIX caused by broken compiler handling of macro expansion Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12812) View the changeset: https://github.com/openssl/openssl/compare/b7a8fb52a95d...ce43db7a3fcd View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183514847?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Sep 9 21:06:40 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 Sep 2020 21:06:40 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1599685600.917682.29011.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): # Failed test 'unprotected request' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. # Looks like you failed 3 tests of 38. not ok 5 - CMP app CLI Mock credentials # ------------------------------------------------------------------------------ # cmp_main:../openssl/apps/cmp.c:2688:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2286:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:2008:CMP info: will contact http://127.0.0.1:1700/pkix/ # ASN1_get_object:../openssl/crypto/asn1/asn1_lib.c:105:CMP error: header too long # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2058:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout test.cert.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # ------------------------------------------------------------------------------ # cmp_main:../openssl/apps/cmp.c:2688:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2286:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:2008:CMP info: will contact http://127.0.0.1:1700/pkix/ # ASN1_get_object:../openssl/crypto/asn1/asn1_lib.c:105:CMP error: header too long # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2058:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout test.cert.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # ------------------------------------------------------------------------------ # Failed test 'popo NONE' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. # cmp_main:../openssl/apps/cmp.c:2688:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2286:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:2008:CMP info: will contact http://127.0.0.1:1700/pkix/ # ASN1_get_object:../openssl/crypto/asn1/asn1_lib.c:105:CMP error: header too long # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2058:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout test.cert.pem -out_trusted root.crt => 0 not ok 48 - popo KEYENC not supported # ------------------------------------------------------------------------------ # Looks like you failed 3 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 3 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 768 Tests: 7 Failed: 3) Failed tests: 4-5, 7 Non-zero exit status: 3 Files=211, Tests=3019, 584 wallclock secs (10.04 usr 1.30 sys + 519.63 cusr 53.97 csys = 584.94 CPU) Result: FAIL Makefile:2423: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:2421: recipe for target 'tests' failed make: *** [tests] Error 2 From shane.lontis at oracle.com Wed Sep 9 22:59:03 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Wed, 09 Sep 2020 22:59:03 +0000 Subject: [openssl] master update Message-ID: <1599692343.174000.5483.nullmailer@dev.openssl.org> The branch master has been updated via 474853c39a2b631f9f401df32834043500081b7c (commit) from 10203a34725ec75136b03d64fd2126b321419ac1 (commit) - Log ----------------------------------------------------------------- commit 474853c39a2b631f9f401df32834043500081b7c Author: Rich Salz Date: Mon Sep 7 11:38:48 2020 -0400 Fix markdown nits in NOTES-Windows.txt And add a comment that this file is in markdown, but has a .txt extension on purpose. Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12805) ----------------------------------------------------------------------- Summary of changes: Configurations/unix-Makefile.tmpl | 2 +- NOTES-Windows.txt | 38 ++++++++++++++++++++------------------ 2 files changed, 21 insertions(+), 19 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index ff37aa0290..cb6263c911 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -998,7 +998,7 @@ cmd-nits: build_generated apps/openssl # Finally, there's a Node.js version, which we haven't tried, that # can be found at https://github.com/DavidAnson/markdownlint md-nits: - mdl -s util/markdownlint.rb . + mdl -s util/markdownlint.rb . NOTES-Windows.txt # Test coverage is a good idea for the future #coverage: $(PROGRAMS) $(TESTPROGRAMS) diff --git a/NOTES-Windows.txt b/NOTES-Windows.txt index 683e40671e..20cce41911 100644 --- a/NOTES-Windows.txt +++ b/NOTES-Windows.txt @@ -1,6 +1,8 @@ +NOTES FOR WINDOWS PLATFORMS +=========================== - NOTES FOR WINDOWS PLATFORMS - =========================== + (This file, like the others, is in "markdown" format, but has a ".txt" + extension to make it easier to view/edit on Windows.) There are various options to build and run OpenSSL on the Windows platforms. @@ -17,7 +19,6 @@ for building (using GNU/Unix shell, compiler, and tools) and at run time. For this option you can use Cygwin. - Visual C++ native builds, aka VC-* ===================================== @@ -28,17 +29,17 @@ these are required as well: - Perl. - We recommend Strawberry Perl, available from http://strawberryperl.com/ + We recommend Strawberry Perl, available from Please read NOTES.PERL for more information, including the use of CPAN. - An alternative is ActiveState Perl, https://www.activestate.com/ActivePerl + An alternative is ActiveState Perl, for which you may need to explicitly build the Perl module Win32/Console.pm - via https://platform.activestate.com/ActiveState and then download it. + via and then download it. - Microsoft Visual C compiler. Since these are proprietary and ever-changing we cannot test them all. Older versions may not work. Use a recent version wherever possible. - - Netwide Assembler (NASM), available from https://www.nasm.us + - Netwide Assembler (NASM), available from Note that NASM is the only supported assembler. Quick start @@ -55,7 +56,8 @@ Or run "cmd" and execute "vcvarsall.bat" with one of the options x86, x86_amd64, x86_arm, x86_arm64, amd64, amd64_x86, amd64_arm, or amd64_arm64. This sets up the environment variables needed for nmake.exe, cl.exe, etc. - See also https://docs.microsoft.com/cpp/build/building-on-the-command-line + See also + 5. From the root of the OpenSSL source directory enter perl Configure VC-WIN32 if you want 32-bit OpenSSL or @@ -109,7 +111,6 @@ "vcvarsall.bat" before you compile. For example, if you want to build "arm64" builds, you should run "vcvarsall.bat x86_arm64 uwp". - Native OpenSSL built using MinGW ================================ @@ -124,7 +125,7 @@ Requirement details - - MSYS2 shell, from https://www.msys2.org/ + - MSYS2 shell, from - Perl, at least version 5.10.0, which usually comes pre-installed with MSYS2 @@ -177,19 +178,20 @@ and exporting from .exe image in question own _OPENSSL_isservice not relying on USER32.DLL. E.g., on Windows Vista and later you could: - __declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void) - { DWORD sess; - if (ProcessIdToSessionId(GetCurrentProcessId(),&sess)) - return sess==0; - return FALSE; - } + __declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void) + { + DWORD sess; + + if (ProcessIdToSessionId(GetCurrentProcessId(), &sess)) + return sess == 0; + return FALSE; + } If you link with OpenSSL .DLLs, then you're expected to include into your application code a small "shim" snippet, which provides the glue between the OpenSSL BIO layer and your compiler run-time. See also the OPENSSL_Applink manual page. - Hosted OpenSSL built using Cygwin ================================= @@ -200,7 +202,7 @@ To build OpenSSL using Cygwin, you need to: - * Install Cygwin, see https://cygwin.com/ + * Install Cygwin, see * Install Cygwin Perl, at least version 5.10.0 and ensure it is in the $PATH From builds at travis-ci.com Wed Sep 9 23:53:05 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 09 Sep 2020 23:53:05 +0000 Subject: Errored: openssl/openssl#37339 (master - 8ae40cf) In-Reply-To: Message-ID: <5f596ae05b655_13fe5b46b8d3c435975@travis-pro-tasks-6684dcdddc-6l8qg.mail> Build Update for openssl/openssl ------------------------------------- Build: #37339 Status: Errored Duration: 1 hr, 20 mins, and 29 secs Commit: 8ae40cf (master) Author: Richard Levitte Message: ENCODER: Refactor provider implementations, and some cleanup The encoder implementations were implemented by unnecessarily copying code into numerous topical source files, making them hard to maintain. This changes merges all those into two source files, one that encodes into DER and PEM, the other to text. Diverse small cleanups are included. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12803) View the changeset: https://github.com/openssl/openssl/compare/ce43db7a3fcd...8ae40cf57d21 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183569217?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Sep 10 01:38:46 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 10 Sep 2020 01:38:46 +0000 Subject: Build failed: openssl master.36796 Message-ID: <20200910013846.1.B9DFBF80340243B7@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.com Thu Sep 10 01:42:34 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 10 Sep 2020 01:42:34 +0000 Subject: Errored: openssl/openssl#37341 (master - 10203a3) In-Reply-To: Message-ID: <5f598489d0f30_13fe6c33aa0b822013d@travis-pro-tasks-7fc7db759c-86bg6.mail> Build Update for openssl/openssl ------------------------------------- Build: #37341 Status: Errored Duration: 1 hr, 21 mins, and 11 secs Commit: 10203a3 (master) Author: Kurt Roeckx Message: Support writing RSA keys using the traditional format again Fixes: #6855 Reviewed-by: Richard Levitte GH: #8743 View the changeset: https://github.com/openssl/openssl/compare/8ae40cf57d21...10203a34725e View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183588368?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Sep 10 02:47:34 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 10 Sep 2020 02:47:34 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1599706054.862051.12985.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EncryptedData_decrypt.3 doc/man/man3/CMS_EncryptedData_encrypt.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_data_create.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_digest_create.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_CTX_get_iv.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_certreq.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_DECODER.3 doc/man/man3/OSSL_DECODER_CTX.3 doc/man/man3/OSSL_DECODER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_DECODER_from_bio.3 doc/man/man3/OSSL_ENCODER.3 doc/man/man3/OSSL_ENCODER_CTX.3 doc/man/man3/OSSL_ENCODER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_ENCODER_to_bio.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_X509_INFO_read_bio_with_libctx.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_create_cert.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_SAFEBAG_get1_cert.3 doc/man/man3/PKCS12_add1_attr_by_NID.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_cert.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_add_safe.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_get0_primary.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_ASN1.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_ASN1.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_add_cert.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-PKCS12KDF.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-HMAC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-HMAC.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-base.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-encoder.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-object.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-signature.7 doc/man/man7/provider-storemgmt.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_core_object test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_decoder test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_encoder test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/defltfips_test test/destest test/dhtest test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/endecode_test test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkcs12_format_test test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_status_test test/provider_test test/rand_status_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/loader_attic.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/loader_attic.ld engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/der/der_wrap_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/common/include/prov/der_wrap.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_core_object.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_decoder.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_encoder.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha7-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4185: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3152: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Thu Sep 10 03:33:02 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 10 Sep 2020 03:33:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-rc2 Message-ID: <1599708782.157608.20348.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-rc2 Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok Could not read any cert of certificates from -in file from ../../../openssl/test/certs/v3-certs-RC2.p12 C0A0828B1A7F0000:error::asn1 encoding routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:105: ../../util/wrap.pl ../../apps/openssl pkcs12 -export -in ../../../openssl/test/certs/v3-certs-RC2.p12 -passin 'pass:v3-certs' -provider default -provider legacy -nokeys -passout 'pass:v3-certs' -descert -out tmp.p12 => 1 not ok 5 - test_pkcs12_passcert # ------------------------------------------------------------------------------ # Failed test 'test_pkcs12_passcert' # at ../openssl/test/recipes/80-test_pkcs12.t line 93. # Looks like you failed 1 test of 5.80-test_pkcs12.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/5 subtests 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_pkcs12.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=211, Tests=3535, 732 wallclock secs (14.24 usr 1.36 sys + 656.18 cusr 68.43 csys = 740.21 CPU) Result: FAIL Makefile:3194: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-rc2' Makefile:3192: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Thu Sep 10 03:45:33 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 10 Sep 2020 03:45:33 +0000 Subject: Errored: openssl/openssl#37347 (master - 474853c) In-Reply-To: Message-ID: <5f59a15ceba36_13fe6beaa48dc4061a6@travis-pro-tasks-7fc7db759c-86bg6.mail> Build Update for openssl/openssl ------------------------------------- Build: #37347 Status: Errored Duration: 1 hr, 23 mins, and 0 secs Commit: 474853c (master) Author: Rich Salz Message: Fix markdown nits in NOTES-Windows.txt And add a comment that this file is in markdown, but has a .txt extension on purpose. Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12805) View the changeset: https://github.com/openssl/openssl/compare/10203a34725e...474853c39a2b View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183641531?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev at ddvo.net Thu Sep 10 05:09:28 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 10 Sep 2020 05:09:28 +0000 Subject: [openssl] master update Message-ID: <1599714568.834377.26137.nullmailer@dev.openssl.org> The branch master has been updated via aad086e2ae5f8d1b3b0934b1e67f7a426352727d (commit) via a0745e2be6635ffdf286ba5bc3bd867c8d4152a9 (commit) from 474853c39a2b631f9f401df32834043500081b7c (commit) - Log ----------------------------------------------------------------- commit aad086e2ae5f8d1b3b0934b1e67f7a426352727d Author: Dr. David von Oheimb Date: Mon Sep 7 14:12:49 2020 +0200 Replace all wrong usages of 'B<...>' (typically by 'I<...>') in OSSL_CMP_CTX_new.pod Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12741) commit a0745e2be6635ffdf286ba5bc3bd867c8d4152a9 Author: Dr. David von Oheimb Date: Fri Aug 28 12:11:31 2020 +0200 Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs * Use strenghtened cert chain building, verifying chain using optional trust store while making sure that no certificate status (e.g., CRL) checks are done * Use OSSL_CMP_certConf_cb() by default and move its doc to OSSL_CMP_CTX_new.pod * Simplify certificate and cert store loading in apps/cmp.c Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12741) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 255 +++++++++++++---------------- crypto/cmp/cmp_client.c | 46 ++++-- crypto/cmp/cmp_ctx.c | 13 +- crypto/cmp/cmp_local.h | 1 + crypto/cmp/cmp_protect.c | 47 +++--- doc/internal/man3/ossl_cmp_msg_protect.pod | 2 +- doc/man1/openssl-cmp.pod.in | 1 + doc/man3/OSSL_CMP_CTX_new.pod | 173 ++++++++++--------- doc/man3/OSSL_CMP_exec_certreq.pod | 15 +- 9 files changed, 280 insertions(+), 273 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index f9b50fc659..7524930b8f 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -888,23 +888,6 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx, return res; } -static int set1_store_parameters(X509_STORE *ts) -{ - if (ts == NULL) - return 0; - - /* copy vpm to store */ - if (!X509_STORE_set1_param(ts, vpm /* may be NULL */)) { - BIO_printf(bio_err, "error setting verification parameters\n"); - OSSL_CMP_CTX_print_errors(cmp_ctx); - return 0; - } - - X509_STORE_set_verify_cb(ts, X509_STORE_CTX_print_verify_cb); - - return 1; -} - static int set_name(const char *str, int (*set_fn) (OSSL_CMP_CTX *ctx, const X509_NAME *name), OSSL_CMP_CTX *ctx, const char *desc) @@ -990,6 +973,24 @@ static X509_STORE *load_certstore(char *input, const char *desc) return store; } +static X509_STORE *load_trusted(char *input, int for_new_cert, const char *desc) +{ + X509_STORE *ts = load_certstore(input, desc); + + if (ts == NULL) + return NULL; + X509_STORE_set_verify_cb(ts, X509_STORE_CTX_print_verify_cb); + + /* copy vpm to store */ + if (X509_STORE_set1_param(ts, vpm /* may be NULL */) + && (for_new_cert || truststore_set_host_etc(ts, NULL))) + return ts; + BIO_printf(bio_err, "error setting verification parameters\n"); + OSSL_CMP_CTX_print_errors(cmp_ctx); + X509_STORE_free(ts); + return NULL; +} + /* TODO potentially move to apps/lib/apps.c */ static STACK_OF(X509) *load_certs_multifile(char *files, const char *pass, const char *desc) @@ -1025,31 +1026,20 @@ static STACK_OF(X509) *load_certs_multifile(char *files, } typedef int (*add_X509_stack_fn_t)(void *ctx, const STACK_OF(X509) *certs); -typedef int (*add_X509_fn_t)(void *ctx, const X509 *cert); static int setup_certs(char *files, const char *desc, void *ctx, - add_X509_stack_fn_t addn_fn, add_X509_fn_t add1_fn) + add_X509_stack_fn_t set1_fn) { - int ret = 1; + STACK_OF(X509) *certs; + int ok; - if (files != NULL) { - STACK_OF(X509) *certs = load_certs_multifile(files, opt_otherpass, - desc); - if (certs == NULL) { - ret = 0; - } else { - if (addn_fn != NULL) { - ret = (*addn_fn)(ctx, certs); - } else { - int i; - - for (i = 0; i < sk_X509_num(certs /* may be NULL */); i++) - ret &= (*add1_fn)(ctx, sk_X509_value(certs, i)); - } - sk_X509_pop_free(certs, X509_free); - } - } - return ret; + if (files == NULL) + return 1; + if ((certs = load_certs_multifile(files, opt_otherpass, desc)) == NULL) + return 0; + ok = (*set1_fn)(ctx, certs); + sk_X509_pop_free(certs, X509_free); + return ok; } @@ -1175,13 +1165,9 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine) if (opt_srv_trusted != NULL) { X509_STORE *ts = - load_certstore(opt_srv_trusted, "certificates trusted by server"); + load_trusted(opt_srv_trusted, 0, "certs trusted by server"); - if (ts == NULL) - goto err; - if (!set1_store_parameters(ts) - || !truststore_set_host_etc(ts, NULL) - || !OSSL_CMP_CTX_set0_trustedStore(ctx, ts)) { + if (ts == NULL || !OSSL_CMP_CTX_set0_trustedStore(ctx, ts)) { X509_STORE_free(ts); goto err; } @@ -1190,7 +1176,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine) } if (!setup_certs(opt_srv_untrusted, "untrusted certificates for mock server", ctx, - (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted, NULL)) + (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted)) goto err; if (opt_rsp_cert == NULL) { @@ -1212,12 +1198,10 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine) /* TODO find a cleaner solution not requiring type casts */ if (!setup_certs(opt_rsp_extracerts, "CMP extra certificates for mock server", srv_ctx, - (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_chainOut, - NULL)) + (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_chainOut)) goto err; if (!setup_certs(opt_rsp_capubs, "caPubs for mock server", srv_ctx, - (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_caPubsOut, - NULL)) + (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_caPubsOut)) goto err; (void)ossl_cmp_mock_srv_set_pollCount(srv_ctx, opt_poll_count); (void)ossl_cmp_mock_srv_set_checkAfterTime(srv_ctx, opt_check_after); @@ -1271,16 +1255,15 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine) static int setup_verification_ctx(OSSL_CMP_CTX *ctx) { if (!setup_certs(opt_untrusted, "untrusted certificates", ctx, - (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted, - NULL)) - goto err; + (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted)) + return 0; if (opt_srvcert != NULL || opt_trusted != NULL) { - X509_STORE *ts = NULL; + X509 *srvcert; + X509_STORE *ts; + int ok; if (opt_srvcert != NULL) { - X509 *srvcert; - if (opt_trusted != NULL) { CMP_warn("-trusted option is ignored since -srvcert option is present"); opt_trusted = NULL; @@ -1291,33 +1274,22 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx) } srvcert = load_cert_pwd(opt_srvcert, opt_otherpass, "directly trusted CMP server certificate"); - if (srvcert == NULL) - /* - * opt_otherpass is needed in case - * opt_srvcert is an encrypted PKCS#12 file - */ - goto err; - if (!OSSL_CMP_CTX_set1_srvCert(ctx, srvcert)) { - X509_free(srvcert); - goto oom; - } + ok = srvcert != NULL && OSSL_CMP_CTX_set1_srvCert(ctx, srvcert); X509_free(srvcert); - if ((ts = X509_STORE_new()) == NULL) - goto oom; + if (!ok) + return 0; } - if (opt_trusted != NULL - && (ts = load_certstore(opt_trusted, "trusted certificates")) - == NULL) - goto err; - if (!set1_store_parameters(ts) /* also copies vpm */ - /* - * clear any expected host/ip/email address; - * opt_expect_sender is used instead - */ - || !truststore_set_host_etc(ts, NULL) - || !OSSL_CMP_CTX_set0_trustedStore(ctx, ts)) { - X509_STORE_free(ts); - goto oom; + if (opt_trusted != NULL) { + /* + * the 0 arg below clears any expected host/ip/email address; + * opt_expect_sender is used instead + */ + ts = load_trusted(opt_trusted, 0, "certs trusted by client"); + + if (ts == NULL || !OSSL_CMP_CTX_set0_trustedStore(ctx, ts)) { + X509_STORE_free(ts); + return 0; + } } } @@ -1330,14 +1302,11 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx) if (opt_out_trusted != NULL) { /* for use in OSSL_CMP_certConf_cb() */ X509_VERIFY_PARAM *out_vpm = NULL; X509_STORE *out_trusted = - load_certstore(opt_out_trusted, - "trusted certs for verifying newly enrolled cert"); + load_trusted(opt_out_trusted, 1, + "trusted certs for verifying newly enrolled cert"); if (out_trusted == NULL) - goto err; - /* any -verify_hostname, -verify_ip, and -verify_email apply here */ - if (!set1_store_parameters(out_trusted)) - goto oom; + return 0; /* ignore any -attime here, new certs are current anyway */ out_vpm = X509_STORE_get0_param(out_trusted); X509_VERIFY_PARAM_clear_flags(out_vpm, X509_V_FLAG_USE_CHECK_TIME); @@ -1351,14 +1320,7 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx) if (opt_implicit_confirm) (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM, 1); - (void)OSSL_CMP_CTX_set_certConf_cb(ctx, OSSL_CMP_certConf_cb); - return 1; - - oom: - CMP_err("out of memory"); - err: - return 0; } #ifndef OPENSSL_NO_SOCK @@ -1368,7 +1330,7 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx) */ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) { - STACK_OF(X509) *untrusted_certs = OSSL_CMP_CTX_get0_untrusted(ctx); + STACK_OF(X509) *untrusted = OSSL_CMP_CTX_get0_untrusted(ctx); EVP_PKEY *pkey = NULL; X509_STORE *trust_store = NULL; SSL_CTX *ssl_ctx; @@ -1412,21 +1374,37 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) sk_X509_pop_free(certs, X509_free); goto err; } - for (i = 0; i < sk_X509_num(untrusted_certs); i++) { - cert = sk_X509_value(untrusted_certs, i); + for (i = 0; i < sk_X509_num(untrusted); i++) { + cert = sk_X509_value(untrusted, i); if (!SSL_CTX_add1_chain_cert(ssl_ctx, cert)) { CMP_err("could not add untrusted cert to TLS client cert chain"); goto err; } } - CMP_debug("trying to build cert chain for own TLS cert"); - if (SSL_CTX_build_cert_chain(ssl_ctx, - SSL_BUILD_CHAIN_FLAG_UNTRUSTED | - SSL_BUILD_CHAIN_FLAG_NO_ROOT)) { - CMP_debug("succeeded building cert chain for own TLS cert"); - } else { - OSSL_CMP_CTX_print_errors(ctx); - CMP_warn("could not build cert chain for own TLS cert"); + + { + X509_VERIFY_PARAM *tls_vpm = NULL; + unsigned long bak_flags = 0; /* compiler warns without init */ + + if (trust_store != NULL) { + tls_vpm = X509_STORE_get0_param(trust_store); + bak_flags = X509_VERIFY_PARAM_get_flags(tls_vpm); + /* disable any cert status/revocation checking etc. */ + X509_VERIFY_PARAM_clear_flags(tls_vpm, + ~(X509_V_FLAG_USE_CHECK_TIME + | X509_V_FLAG_NO_CHECK_TIME)); + } + CMP_debug("trying to build cert chain for own TLS cert"); + if (SSL_CTX_build_cert_chain(ssl_ctx, + SSL_BUILD_CHAIN_FLAG_UNTRUSTED | + SSL_BUILD_CHAIN_FLAG_NO_ROOT)) { + CMP_debug("success building cert chain for own TLS cert"); + } else { + OSSL_CMP_CTX_print_errors(ctx); + CMP_warn("could not build cert chain for own TLS cert"); + } + if (trust_store != NULL) + X509_VERIFY_PARAM_set_flags(tls_vpm, bak_flags); } /* If present we append to the list also the certs from opt_tls_extra */ @@ -1503,17 +1481,17 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) { if (!opt_unprotected_requests && opt_secret == NULL && opt_cert == NULL) { CMP_err("must give client credentials unless -unprotected_requests is set"); - goto err; + return 0; } if (opt_ref == NULL && opt_cert == NULL && opt_subject == NULL) { /* cert or subject should determine the sender */ CMP_err("must give -ref if no -cert and no -subject given"); - goto err; + return 0; } if (!opt_secret && ((opt_cert == NULL) != (opt_key == NULL))) { CMP_err("must give both -cert and -key options or neither"); - goto err; + return 0; } if (opt_secret != NULL) { char *pass_string = get_passwd(opt_secret, "PBMAC"); @@ -1526,7 +1504,7 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) strlen(pass_string)); clear_free(pass_string); if (res == 0) - goto err; + return 0; } if (opt_cert != NULL || opt_key != NULL) CMP_warn("no signature-based protection used since -secret is given"); @@ -1534,7 +1512,7 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) if (opt_ref != NULL && !OSSL_CMP_CTX_set1_referenceValue(ctx, (unsigned char *)opt_ref, strlen(opt_ref))) - goto err; + return 0; if (opt_key != NULL) { EVP_PKEY *pkey = load_key_pwd(opt_key, opt_keyform, opt_keypass, engine, @@ -1542,7 +1520,7 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) if (pkey == NULL || !OSSL_CMP_CTX_set1_pkey(ctx, pkey)) { EVP_PKEY_free(pkey); - goto err; + return 0; } EVP_PKEY_free(pkey); } @@ -1553,38 +1531,35 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) X509 *cert; STACK_OF(X509) *certs = NULL; X509_STORE *own_trusted = NULL; - int ok = 0; + int ok; if (!load_cert_certs(opt_cert, &cert, &certs, 0, opt_keypass, "CMP client certificate (optionally with chain)")) /* opt_keypass is needed if opt_cert is an encrypted PKCS#12 file */ - goto err; + return 0; ok = OSSL_CMP_CTX_set1_cert(ctx, cert); X509_free(cert); if (!ok) { CMP_err("out of memory"); } else { if (opt_own_trusted != NULL) { - own_trusted = load_certstore(opt_own_trusted, - "trusted certs for verifying own CMP signer cert"); - ok = own_trusted != NULL - && set1_store_parameters(own_trusted) - && truststore_set_host_etc(own_trusted, NULL); + own_trusted = load_trusted(opt_own_trusted, 0, + "trusted certs for verifying own CMP signer cert"); + ok = own_trusted != NULL; } ok = ok && OSSL_CMP_CTX_build_cert_chain(ctx, own_trusted, certs); } X509_STORE_free(own_trusted); sk_X509_pop_free(certs, X509_free); if (!ok) - goto err; + return 0; } else if (opt_own_trusted != NULL) { CMP_warn("-own_trusted option is ignored without -cert"); } if (!setup_certs(opt_extracerts, "extra certificates for CMP", ctx, - (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_extraCertsOut, - NULL)) - goto err; + (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_extraCertsOut)) + return 0; cleanse(opt_otherpass); if (opt_unprotected_requests) @@ -1595,12 +1570,12 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) if (digest == NID_undef) { CMP_err1("digest algorithm name not recognized: '%s'", opt_digest); - goto err; + return 0; } if (!OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_DIGEST_ALGNID, digest) || !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_OWF_ALGNID, digest)) { CMP_err1("digest algorithm name not supported: '%s'", opt_digest); - goto err; + return 0; } } @@ -1608,14 +1583,11 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) int mac = OBJ_ln2nid(opt_mac); if (mac == NID_undef) { CMP_err1("MAC algorithm name not recognized: '%s'", opt_mac); - goto err; + return 0; } (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_MAC_ALGNID, mac); } return 1; - - err: - return 0; } /* @@ -1629,7 +1601,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) CMP_warn("no -subject given, neither -oldcert nor -cert available as default"); if (!set_name(opt_subject, OSSL_CMP_CTX_set1_subjectName, ctx, "subject") || !set_name(opt_issuer, OSSL_CMP_CTX_set1_issuer, ctx, "issuer")) - goto err; + return 0; if (opt_newkey != NULL) { const char *file = opt_newkey; @@ -1647,7 +1619,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) cleanse(opt_newkeypass); if (pkey == NULL || !OSSL_CMP_CTX_set0_newPkey(ctx, priv, pkey)) { EVP_PKEY_free(pkey); - goto err; + return 0; } } @@ -1655,12 +1627,12 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) && !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_VALIDITY_DAYS, opt_days)) { CMP_err("could not set requested cert validity period"); - goto err; + return 0; } if (opt_policies != NULL && opt_policy_oids != NULL) { CMP_err("cannot have policies both via -policies and via -policy_oids"); - goto err; + return 0; } if (opt_reqexts != NULL || opt_policies != NULL) { @@ -1668,7 +1640,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) X509_EXTENSIONS *exts = sk_X509_EXTENSION_new_null(); if (exts == NULL) - goto err; + return 0; X509V3_set_ctx(&ext_ctx, NULL, NULL, NULL, NULL, 0); X509V3_set_nconf(&ext_ctx, conf); if (opt_reqexts != NULL @@ -1676,24 +1648,24 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) CMP_err1("cannot load certificate request extension section '%s'", opt_reqexts); sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); - goto err; + return 0; } if (opt_policies != NULL && !X509V3_EXT_add_nconf_sk(conf, &ext_ctx, opt_policies, &exts)) { CMP_err1("cannot load policy cert request extension section '%s'", opt_policies); sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); - goto err; + return 0; } OSSL_CMP_CTX_set0_reqExtensions(ctx, exts); } if (OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) && opt_sans != NULL) { CMP_err("cannot have Subject Alternative Names both via -reqexts and via -sans"); - goto err; + return 0; } if (!set_gennames(ctx, opt_sans, "Subject Alternative Name")) - goto err; + return 0; if (opt_san_nodefault) { if (opt_sans != NULL) @@ -1715,19 +1687,19 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) if ((policy = OBJ_txt2obj(opt_policy_oids, 1)) == 0) { CMP_err1("unknown policy OID '%s'", opt_policy_oids); - goto err; + return 0; } if ((pinfo = POLICYINFO_new()) == NULL) { ASN1_OBJECT_free(policy); - goto err; + return 0; } pinfo->policyid = policy; if (!OSSL_CMP_CTX_push0_policy(ctx, pinfo)) { CMP_err1("cannot add policy with OID '%s'", opt_policy_oids); POLICYINFO_free(pinfo); - goto err; + return 0; } opt_policy_oids = next; } @@ -1743,7 +1715,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) load_csr_autofmt(opt_csr, "PKCS#10 CSR for p10cr"); if (csr == NULL) - goto err; + return 0; if (!OSSL_CMP_CTX_set1_p10CSR(ctx, csr)) { X509_REQ_free(csr); goto oom; @@ -1758,7 +1730,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) /* opt_keypass is needed if opt_oldcert is an encrypted PKCS#12 file */ if (oldcert == NULL) - goto err; + return 0; if (!OSSL_CMP_CTX_set1_oldCert(ctx, oldcert)) { X509_free(oldcert); goto oom; @@ -1774,7 +1746,6 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) oom: CMP_err("out of memory"); - err: return 0; } diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index d5a4f3ced5..4f8a9e2444 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -22,6 +22,7 @@ #include "openssl/cmp_util.h" DEFINE_STACK_OF(ASN1_UTF8STRING) +DEFINE_STACK_OF(X509) DEFINE_STACK_OF(X509_CRL) DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE) DEFINE_STACK_OF(OSSL_CMP_PKISI) @@ -487,14 +488,35 @@ int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, const char **text) { X509_STORE *out_trusted = OSSL_CMP_CTX_get_certConf_cb_arg(ctx); + STACK_OF(X509) *chain = NULL; (void)text; /* make (artificial) use of var to prevent compiler warning */ if (fail_info != 0) /* accept any error flagged by CMP core library */ return fail_info; - if (out_trusted != NULL - && !OSSL_CMP_validate_cert_path(ctx, out_trusted, cert)) - fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_incorrectData; + ossl_cmp_debug(ctx, "trying to build chain for newly enrolled cert"); + chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, + out_trusted /* may be NULL */, + ctx->untrusted, cert); + if (sk_X509_num(chain) > 0) + X509_free(sk_X509_shift(chain)); /* remove leaf (EE) cert */ + if (out_trusted != NULL) { + if (chain == NULL) { + ossl_cmp_err(ctx, "failed building chain for newly enrolled cert"); + fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_incorrectData; + } else { + ossl_cmp_debug(ctx, + "succeeded building proper chain for newly enrolled cert"); + } + } else if (chain == NULL) { + ossl_cmp_warn(ctx, "could not build approximate chain for newly enrolled cert, resorting to received extraCerts"); + chain = OSSL_CMP_CTX_get1_extraCertsIn(ctx); + } else { + ossl_cmp_debug(ctx, + "success building approximate chain for newly enrolled cert"); + } + (void)ossl_cmp_ctx_set1_newChain(ctx, chain); + sk_X509_pop_free(chain, X509_free); return fail_info; } @@ -515,10 +537,14 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid, const char *txt = NULL; OSSL_CMP_CERTREPMESSAGE *crepmsg; OSSL_CMP_CERTRESPONSE *crep; + OSSL_CMP_certConf_cb_t cb; X509 *cert; char *subj = NULL; int ret = 1; + if (!ossl_assert(ctx != NULL)) + return 0; + retry: crepmsg = (*resp)->body->value.ip; /* same for cp and kup */ if (sk_OSSL_CMP_CERTRESPONSE_num(crepmsg->response) > 1) { @@ -584,21 +610,19 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid, * OSSL_CMP_PKISTATUS_rejection, fail_info, txt) * not throwing CMP_R_CERTIFICATE_NOT_ACCEPTED with txt * not returning 0 - * since we better leave this for any ctx->certConf_cb to decide + * since we better leave this for the certConf_cb to decide */ } /* - * Execute the certification checking callback function possibly set in ctx, + * Execute the certification checking callback function, * which can determine whether to accept a newly enrolled certificate. * It may overrule the pre-decision reflected in 'fail_info' and '*txt'. */ - if (ctx->certConf_cb - && (fail_info = ctx->certConf_cb(ctx, ctx->newCert, - fail_info, &txt)) != 0) { - if (txt == NULL) - txt = "CMP client application did not accept it"; - } + cb = ctx->certConf_cb != NULL ? ctx->certConf_cb : OSSL_CMP_certConf_cb; + if ((fail_info = cb(ctx, ctx->newCert, fail_info, &txt)) != 0 + && txt == NULL) + txt = "CMP client did not accept it"; if (fail_info != 0) /* immediately log error before any certConf exchange */ ossl_cmp_log1(ERROR, ctx, "rejecting newly enrolled cert with subject: %s", subj); diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index 5b61108f8b..6bbd3510c7 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -189,6 +189,7 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx) sk_X509_pop_free(ctx->untrusted, X509_free); X509_free(ctx->cert); + sk_X509_pop_free(ctx->chain, X509_free); EVP_PKEY_free(ctx->pkey); ASN1_OCTET_STRING_free(ctx->referenceValue); if (ctx->secretValue != NULL) @@ -489,11 +490,7 @@ int ossl_cmp_ctx_set1_newChain(OSSL_CMP_CTX *ctx, STACK_OF(X509) *newChain) return (ctx->newChain = X509_chain_up_ref(newChain)) != NULL; } -/* - * Returns the stack of certificates received in a response message. - * The stack is duplicated so the caller must handle freeing it! - * Returns pointer to created stack on success, NULL on error - */ +/* Returns the stack of extraCerts received in CertRepMessage, NULL on error */ STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx) { if (ctx == NULL) { @@ -523,7 +520,7 @@ int ossl_cmp_ctx_set1_extraCertsIn(OSSL_CMP_CTX *ctx, } /* - * Duplicate and set the given stack as the new stack of X509 + * Copies any given stack as the new stack of X509 * certificates to send out in the extraCerts field. */ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, @@ -596,7 +593,7 @@ STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx) } /* - * Duplicate and copy the given stack of certificates to the given + * Copies any given stack of certificates to the given * OSSL_CMP_CTX structure so that they may be retrieved later. */ int ossl_cmp_ctx_set1_caPubs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *caPubs) @@ -766,7 +763,7 @@ int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, return 0; } ossl_cmp_debug(ctx, "success building chain for own CMP signer cert"); - sk_X509_pop_free(chain, X509_free); /* TODO(3.0) replace this by 'ctx->chain = chain;' when ctx->chain is available */ + ctx->chain = chain; return 1; } diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index d5ac7a521d..434f9e093f 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -71,6 +71,7 @@ struct ossl_cmp_ctx_st { /* client authentication */ int unprotectedSend; /* send unprotected PKI messages */ X509 *cert; /* protection cert used to identify and sign for MSG_SIG_ALG */ + STACK_OF(X509) *chain; /* (cached) chain of protection cert including it */ EVP_PKEY *pkey; /* the key pair corresponding to cert */ ASN1_OCTET_STRING *referenceValue; /* optional user name for MSG_MAC_ALG */ ASN1_OCTET_STRING *secretValue; /* password/shared secret for MSG_MAC_ALG */ diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index b65de09517..6313cc94ce 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -139,32 +139,37 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) && (msg->extraCerts = sk_X509_new_null()) == NULL) return 0; - if (ctx->cert != NULL && ctx->pkey != NULL) { - /* make sure that our own cert is included in the first position */ - if (!X509_add_cert(msg->extraCerts, ctx->cert, - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP - | X509_ADD_FLAG_PREPEND)) - return 0; - /* if we have untrusted certs, try to add intermediate certs */ - if (ctx->untrusted != NULL) { - STACK_OF(X509) *chain; - int res; + /* Add first ctx->cert and its chain if using signature-based protection */ + if (!ctx->unprotectedSend && ctx->secretValue == NULL) { + int flags_prepend = X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP + | X509_ADD_FLAG_PREPEND | X509_ADD_FLAG_NO_SS; + /* if not yet done try to build chain using available untrusted certs */ + if (ctx->chain == NULL) { ossl_cmp_debug(ctx, "trying to build chain for own CMP signer cert"); - chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, NULL, - ctx->untrusted, ctx->cert); - res = X509_add_certs(msg->extraCerts, chain, - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP - | X509_ADD_FLAG_NO_SS); - sk_X509_pop_free(chain, X509_free); - if (res == 0) { - ossl_cmp_err(ctx, - "could not build chain for own CMP signer cert"); - return 0; + ctx->chain = + ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, NULL, + ctx->untrusted, ctx->cert); + if (ctx->chain != NULL) { + ossl_cmp_debug(ctx, + "success building chain for own CMP signer cert"); + } else { + /* dump errors to avoid confusion when printing further ones */ + OSSL_CMP_CTX_print_errors(ctx); + ossl_cmp_warn(ctx, + "could not build chain for own CMP signer cert"); } + } + if (ctx->chain != NULL) { + if (!X509_add_certs(msg->extraCerts, ctx->chain, flags_prepend)) + return 0; + } else { + /* make sure that at least our own signer cert is included first */ + if (!X509_add_cert(msg->extraCerts, ctx->cert, flags_prepend)) + return 0; ossl_cmp_debug(ctx, - "succeeded building chain for own CMP signer cert"); + "fallback: adding just own CMP signer cert"); } } diff --git a/doc/internal/man3/ossl_cmp_msg_protect.pod b/doc/internal/man3/ossl_cmp_msg_protect.pod index 39f5146530..0a6b70fe9d 100644 --- a/doc/internal/man3/ossl_cmp_msg_protect.pod +++ b/doc/internal/man3/ossl_cmp_msg_protect.pod @@ -46,7 +46,7 @@ It also sets the protectionAlg field in the message header accordingly. ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I. If signature-based message protection is used it adds first the CMP signer cert ctx->cert and then its chain ctx->chain. If this chain is not present in I -tries to build it using ctx->untrusted_certs and caches the result in ctx->chain. +tries to build it using ctx->untrusted and caches the result in ctx->chain. In any case all the certificates explicitly specified to be sent out (i.e., IextraCertsOut>) are added. Note that it will NOT add the root certificate of the chain, i.e, the trust anchor (unless it is part of extraCertsOut). diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 623e3f7dee..75ee82211d 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -681,6 +681,7 @@ Defaults to C as per RFC 4210. =item B<-extracerts> I Certificates to append in the extraCerts field when sending messages. +They can be used as the default CMP signer certificate chain to include. Multiple filenames or URLs may be given, separated by commas and/or whitespace (where in the latter case the whole argument must be enclosed in "..."). diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index 972cef9047..f619a65d3f 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -48,6 +48,7 @@ OSSL_CMP_CTX_set1_oldCert, OSSL_CMP_CTX_set1_p10CSR, OSSL_CMP_CTX_push0_genm_ITAV, OSSL_CMP_certConf_cb_t, +OSSL_CMP_certConf_cb, OSSL_CMP_CTX_set_certConf_cb, OSSL_CMP_CTX_set_certConf_cb_arg, OSSL_CMP_CTX_get_certConf_cb_arg, @@ -137,6 +138,8 @@ OSSL_CMP_CTX_set1_senderNonce /* certificate confirmation: */ typedef int (*OSSL_CMP_certConf_cb_t)(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, const char **txt); + int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, + const char **text); int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb); int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg); void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx); @@ -172,7 +175,7 @@ and the proof-of-possession method is set to OSSL_CRMF_POPO_SIGNATURE. OSSL_CMP_CTX_free() deallocates an OSSL_CMP_CTX structure. -OSSL_CMP_CTX_reinit() prepares the given B for a further transaction by +OSSL_CMP_CTX_reinit() prepares the given I for a further transaction by clearing the internal CMP transaction (aka session) status, PKIStatusInfo, and any previous results (newCert, newChain, caPubs, and extraCertsIn) from the last executed transaction. @@ -285,7 +288,7 @@ RFC 4210. =item B - Ignore key usage restrictions in signer certificate when + Ignore key usage restrictions in the signer's certificate when validating signature-based protection in received CMP messages. Else, 'digitalSignature' must be allowed by CMP signer certificates. @@ -299,57 +302,57 @@ RFC 4210. OSSL_CMP_CTX_get_option() reads the current value of the given option (e.g., OSSL_CMP_OPT_IMPLICIT_CONFIRM) from the given OSSL_CMP_CTX structure. -OSSL_CMP_CTX_set_log_cb() sets in B the callback function C +OSSL_CMP_CTX_set_log_cb() sets in I the callback function I for handling error queue entries and logging messages. -When C is NULL errors are printed to STDERR (if available, else ignored) +When I is NULL errors are printed to STDERR (if available, else ignored) any log messages are ignored. Alternatively, L may be used to direct logging to STDOUT. OSSL_CMP_CTX_set_log_verbosity() is a macro setting the OSSL_CMP_OPT_LOG_VERBOSITY context option to the given level. -OSSL_CMP_CTX_print_errors() outputs any entries in the OpenSSL error queue. -It is similar to B but uses the CMP log callback function +OSSL_CMP_CTX_print_errors() outputs any entries in the OpenSSL error queue. It +is similar to L but uses the CMP log callback function if set in the C for uniformity with CMP logging if given. Otherwise it uses -B to print to STDERR (unless OPENSSL_NO_STDIO is defined). +L to print to STDERR (unless OPENSSL_NO_STDIO is defined). OSSL_CMP_CTX_set1_serverPath() sets the HTTP path of the CMP server on the host, also known as "CMP alias". -The default is I. +The default is C. -OSSL_CMP_CTX_set1_server() sets the given server B
-(which may be a hostname or IP address or NULL) in the given B. +OSSL_CMP_CTX_set1_server() sets the given server I
+(which may be a hostname or IP address or NULL) in the given I. OSSL_CMP_CTX_set_serverPort() sets the port of the CMP server to connect to. -If not used or the B argument is 0 +If not used or the I argument is 0 the default port applies, which is 80 for HTTP and 443 for HTTPS. OSSL_CMP_CTX_set1_proxy() sets the HTTP proxy to be used for connecting to the given CMP server unless overruled by any "no_proxy" settings (see below). If TLS is not used this defaults to the value of -the environment variable B if set, else B. -Otherwise defaults to the value of B if set, else B. +the environment variable C if set, else C. +Otherwise defaults to the value of C if set, else C. An empty proxy string specifies not to use a proxy. -Else the format is I<[http[s]://]address[:port][/path]>, +Else the format is C<[http[s]://]address[:port][/path]>, where any path given is ignored. -The default port number is 80, or 443 in case I is given. +The default port number is 80, or 443 in case C is given. OSSL_CMP_CTX_set1_no_proxy() sets the list of server hostnames not to use an HTTP proxy for. The names may be separated by commas and/or whitespace. -Defaults to the environment variable B if set, else B. +Defaults to the environment variable C if set, else C. OSSL_CMP_CTX_set_http_cb() sets the optional BIO connect/disconnect callback function, which has the prototype typedef BIO *(*HTTP_bio_cb_t) (BIO *bio, void *ctx, int connect, int detail); -The callback may modify the BIO B provided by OSSL_CMP_MSG_http_perform(), -whereby it may make use of a custom defined argument B +The callback may modify the I provided by L, +whereby it may make use of a custom defined argument I stored in the OSSL_CMP_CTX by means of OSSL_CMP_CTX_set_http_cb_arg(). During connection establishment, just after calling BIO_do_connect_retry(), -the function is invoked with the B argument being 1 and the B +the function is invoked with the I argument being 1 and the I argument being 1 if HTTPS is requested, i.e., SSL/TLS should be enabled. On -disconnect B is 0 and B is 1 in case no error occurred, else 0. +disconnect I is 0 and I is 1 in case no error occurred, else 0. For instance, on connect the function may prepend a TLS BIO to implement HTTPS; after disconnect it may do some diagnostic output and/or specific cleanup. The function should return NULL to indicate failure. @@ -358,8 +361,8 @@ After disconnect the modified BIO will be deallocated using BIO_free_all(). OSSL_CMP_CTX_set_http_cb_arg() sets an argument, respectively a pointer to a structure containing arguments, optionally to be used by the http connect/disconnect callback function. -B is not consumed, and it must therefore explicitly be freed when not -needed any more. B may be NULL to clear the entry. +I is not consumed, and it must therefore explicitly be freed when not +needed any more. I may be NULL to clear the entry. OSSL_CMP_CTX_get_http_cb_arg() gets the argument, respectively the pointer to a structure containing arguments, previously set by @@ -374,7 +377,7 @@ which has the type Returns 1 on success, 0 on error. Default is NULL, which implies the use of L. -The callback should send the CMP request message it obtains via the B +The callback should send the CMP request message it obtains via the I parameter and on success return the response, else it must return NULL. The transfer callback may make use of a custom defined argument stored in the ctx by means of OSSL_CMP_CTX_set_transfer_cb_arg(), which may be retrieved @@ -382,26 +385,26 @@ again through OSSL_CMP_CTX_get_transfer_cb_arg(). OSSL_CMP_CTX_set_transfer_cb_arg() sets an argument, respectively a pointer to a structure containing arguments, optionally to be used by the transfer callback. -B is not consumed, and it must therefore explicitly be freed when not -needed any more. B may be NULL to clear the entry. +I is not consumed, and it must therefore explicitly be freed when not +needed any more. I may be NULL to clear the entry. OSSL_CMP_CTX_get_transfer_cb_arg() gets the argument, respectively the pointer to a structure containing arguments, previously set by OSSL_CMP_CTX_set_transfer_cb_arg() or NULL if unset. -OSSL_CMP_CTX_set1_srvCert() sets the expected server cert B and trusts +OSSL_CMP_CTX_set1_srvCert() sets the expected server cert in I and trusts it directly (even if it is expired) when verifying signed response messages. May be used alternatively to OSSL_CMP_CTX_set0_trustedStore() to pin the accepted server. Any previously set value is freed. -The B argument may be NULL to clear the entry. +The I argument may be NULL to clear the entry. If set, the subject of the certificate is also used as default value for the recipient of CMP requests and as default value for the expected sender of CMP responses. OSSL_CMP_CTX_set1_expected_sender() sets the Distinguished Name (DN) expected in the sender field of CMP response messages. -Defaults to the subject of the pinned server certificate B<-srvcert>, if any. +Defaults to the subject of the pinned server certificate, if any. This can be used to make sure that only a particular entity is accepted as CMP message signer, and attackers are not able to use arbitrary certificates of a trusted PKI hierarchy to fraudulently pose as CMP server. @@ -428,54 +431,56 @@ The reference counts of those certificates handled successfully are increased. OSSL_CMP_CTX_get0_untrusted(OSSL_CMP_CTX *ctx) returns a pointer to the list of untrusted certs, which may be empty if unset. -OSSL_CMP_CTX_set1_cert() sets the certificate used for CMP message protection. -The public key of this B must correspond to -the private key set via B. +OSSL_CMP_CTX_set1_cert() sets the certificate related to the private key +used for CMP message protection. +Therefore the public key of this I must correspond to +the private key set before or thereafter via OSSL_CMP_CTX_set1_pkey(). When using signature-based protection of CMP request messages -this "protection certificate" will be included first in the extraCerts field. -The subject of this B will be used as the sender field of outgoing -messages, while the subject of any cert set via B -and any value set via B are used as fallback. -The B argument may be NULL to clear the entry. +this CMP signer certificate will be included first in the extraCerts field. +The subject of this I will be used as the sender field of outgoing +messages, while the subject of any cert set via OSSL_CMP_CTX_set1_oldCert() +and any value set via OSSL_CMP_CTX_set1_subjectName() are used as fallback. +The I argument may be NULL to clear the entry. OSSL_CMP_CTX_build_cert_chain() builds a certificate chain for the CMP signer -certificate previously set in the B. It adds the optional B, +certificate previously set in the I. It adds the optional I, a list of intermediate CA certs that may already constitute the targeted chain, -to the untrusted certs that may already exist in the B. +to the untrusted certs that may already exist in the I. Then the function uses this augumented set of certs for chain construction. If I is NULL it builds the chain as far down as possible and ignores any verification errors. Else the CMP signer certificate must be verifiable where the chain reaches a trust anchor contained in I. -On success the function stores the resulting chain in B +On success the function stores the resulting chain in I for inclusion in the extraCerts field of signature-protected messages. Calling this function is optional; by default a chain construction is performed on demand that is equivalent to calling this function -with the B and I arguments being NULL. +with the I and I arguments being NULL. OSSL_CMP_CTX_set1_pkey() sets the private key corresponding to the -protection certificate B set via B. +CMP signer certificate set via OSSL_CMP_CTX_set1_cert(). This key is used create signature-based protection (protectionAlg = MSG_SIG_ALG) of outgoing messages -unless a PBM secret has been set via B. -The B argument may be NULL to clear the entry. +unless a PBM secret has been set via OSSL_CMP_CTX_set1_secretValue(). +The I argument may be NULL to clear the entry. -OSSL_CMP_CTX_set1_secretValue() sets the byte string B with length B -as PBM secret in the given B or clears it if the B argument is NULL. +OSSL_CMP_CTX_set1_secretValue() sets the byte string I with length I +as PBM secret in the given I or clears it if the I argument is NULL. If present, this secret is used to create PBM-based protection of outgoing messages and to verify any PBM-based protection of incoming messages (protectionAlg = MSG_MAC_ALG). PBM stands for Password-Based MAC. PBM-based protection takes precedence over signature-based protection. -OSSL_CMP_CTX_set1_referenceValue() sets the given referenceValue B with -length B in the given B or clears it if the B argument is NULL. +OSSL_CMP_CTX_set1_referenceValue() sets the given referenceValue I with +length I in the given I or clears it if the I argument is NULL. According to RFC 4210 section 5.1.1, if no value for the sender field in -CMP message headers can be determined (i.e., no protection certificate B -and no B is given) then the sender field will contain the NULL-DN +CMP message headers can be determined (i.e., no CMP signer certificate +and no subject DN is set via OSSL_CMP_CTX_set1_subjectName() +then the sender field will contain the NULL-DN and the senderKID field of the CMP message header must be set. When signature-based protection is used the senderKID will be set to -the subjectKeyIdentifier of the protection B as far as present. +the subjectKeyIdentifier of the CMP signer certificate as far as present. If not present or when PBM-based protection is used -the B value is taken as the fallback value for the senderKID. +the I value is taken as the fallback value for the senderKID. OSSL_CMP_CTX_set1_recipient() sets the recipient name that will be used in the PKIHeader of CMP request messages, i.e. the X509 name of the (CA) server. @@ -485,10 +490,10 @@ If not given explicitly the recipient is determined in the following order: the subject of the CMP server certificate set using OSSL_CMP_CTX_set1_srvCert(), the value set using OSSL_CMP_CTX_set1_issuer(), the issuer of the certificate set using OSSL_CMP_CTX_set1_oldCert(), -the issuer of the protection certificate (B), +the issuer of the CMP signer certificate, as far as any of those is present, else the NULL-DN as last resort. -OSSL_CMP_CTX_push0_geninfo_ITAV() adds B to the stack in the B to be +OSSL_CMP_CTX_push0_geninfo_ITAV() adds I to the stack in the I to be added to the GeneralInfo field of the CMP PKIMessage header of a request message sent with this context. @@ -497,13 +502,13 @@ sent to remote. OSSL_CMP_CTX_set0_newPkey() can be used to explicitly set the given EVP_PKEY structure as the private or public key to be certified in the CMP context. -The B parameter must be 0 if and only if the given key is a public key. +The I parameter must be 0 if and only if the given key is a public key. OSSL_CMP_CTX_get0_newPkey() gives the key to use for certificate enrollment dependent on fields of the CMP context structure: the newPkey (which may be a private or public key) if present, else the public key in the p10CSR if present, else the client private key. -If the B parameter is not 0 and the selected key does not have a +If the I parameter is not 0 and the selected key does not have a private component then NULL is returned. OSSL_CMP_CTX_set1_issuer() sets the name of the intended issuer that @@ -511,22 +516,22 @@ will be set in the CertTemplate, i.e., the X509 name of the CA server. OSSL_CMP_CTX_set1_subjectName() sets the subject DN that will be used in the CertTemplate structure when requesting a new cert. For Key Update Requests -(KUR), it defaults to the subject DN of the B, -see B. This default is used for Initialization +(KUR), it defaults to the subject DN of the reference certificate, +see OSSL_CMP_CTX_set1_oldCert(). This default is used for Initialization Requests (IR) and Certification Requests (CR) only if no SANs are set. -The B is also used as fallback for the sender field -of outgoing CMP messages if no B and no B are available. +The I is also used as fallback for the sender field +of outgoing CMP messages if no reference certificate is available. OSSL_CMP_CTX_push1_subjectAltName() adds the given X509 name to the list of alternate names on the certificate template request. This cannot be used if any Subject Alternative Name extension is set via OSSL_CMP_CTX_set0_reqExtensions(). By default, unless OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT has been set, -the Subject Alternative Names are copied from the B, -see B. -If set and the subject DN is not set with OSSL_CMP_CTX_set1_subjectName(), then +the Subject Alternative Names are copied from the reference certificate, +see OSSL_CMP_CTX_set1_oldCert(). +If set and the subject DN is not set with OSSL_CMP_CTX_set1_subjectName() then the certificate template of an IR and CR will not be filled with the default -subject DN from the B. +subject DN from the reference certificate. If a subject DN is desired it needs to be set explicitly with OSSL_CMP_CTX_set1_subjectName(). @@ -541,17 +546,28 @@ to the X509_EXTENSIONS of the requested certificate template. OSSL_CMP_CTX_set1_oldCert() sets the old certificate to be updated in Key Update Requests (KUR) or to be revoked in Revocation Requests (RR). -It must be given for RR, else it defaults to the protection B. -The B determined in this way, if any, is also used for +It must be given for RR, else it defaults to the CMP signer certificate. +The reference certificate determined in this way, if any, is also used for deriving default subject DN and Subject Alternative Names for IR, CR, and KUR. -Its subject is used as sender in CMP message headers if no protection cert is given. +The subject of the reference certificate is used as the sender field value +in CMP message headers. Its issuer is used as default recipient in CMP message headers. OSSL_CMP_CTX_set1_p10CSR() sets the PKCS#10 CSR to be used in P10CR. -OSSL_CMP_CTX_push0_genm_ITAV() adds B to the stack in the B which +OSSL_CMP_CTX_push0_genm_ITAV() adds I to the stack in the I which will be the body of a General Message sent with this context. +OSSL_CMP_certConf_cb() is the default certificate confirmation callback function. +If the callback argument is not NULL it must point to a trust store. +In this case the function checks that the newly enrolled certificate can be +verified using this trust store and untrusted certificates from the I, +which have been augmented by the list of extraCerts received. +If the callback argument is NULL the function tries building an approximate +chain as far as possible using the same untrusted certificates from the I, +and if this fails it takes the received extraCerts as fallback. +The resulting cert chain can be retrieved using OSSL_CMP_CTX_get1_newChain(). + OSSL_CMP_CTX_set_certConf_cb() sets the callback used for evaluating the newly enrolled certificate before the library sends, depending on its result, a positive or negative certConf message to the server. The callback has type @@ -559,13 +575,13 @@ a positive or negative certConf message to the server. The callback has type typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, const char **txt); -and should inspect the certificate it obtains via the B parameter and may -overrule the pre-decision given in the B and B<*txt> parameters. +and should inspect the certificate it obtains via the I parameter and may +overrule the pre-decision given in the I and I<*txt> parameters. If it accepts the certificate it must return 0, indicating success. Else it must return a bit field reflecting PKIFailureInfo with at least one failure bit and -may set the B<*txt> output parameter to point to a string constant with more +may set the I<*txt> output parameter to point to a string constant with more detail. The transfer callback may make use of a custom defined argument stored -in the B by means of OSSL_CMP_CTX_set_certConf_cb_arg(), which may be +in the I by means of OSSL_CMP_CTX_set_certConf_cb_arg(), which may be retrieved again through OSSL_CMP_CTX_get_certConf_cb_arg(). Typically, the callback will check at least that the certificate can be verified using a set of trusted certificates. @@ -574,8 +590,8 @@ enrolled certificate with the certificate template of the request. OSSL_CMP_CTX_set_certConf_cb_arg() sets an argument, respectively a pointer to a structure containing arguments, optionally to be used by the certConf callback. -B is not consumed, and it must therefore explicitly be freed when not -needed any more. B may be NULL to clear the entry. +I is not consumed, and it must therefore explicitly be freed when not +needed any more. I may be NULL to clear the entry. OSSL_CMP_CTX_get_certConf_cb_arg() gets the argument, respectively the pointer to a structure containing arguments, previously set by @@ -613,8 +629,8 @@ transaction. OSSL_CMP_CTX_set1_transactionID() sets the given transaction ID in the given OSSL_CMP_CTX structure. -OSSL_CMP_CTX_set1_senderNonce() stores the last sent sender B in -the B. This will be used to validate the recipNonce in incoming messages. +OSSL_CMP_CTX_set1_senderNonce() stores the last sent sender I in +the I. This will be used to validate the recipNonce in incoming messages. =head1 NOTES @@ -644,6 +660,10 @@ OSSL_CMP_CTX_get_status(), and OSSL_CMP_CTX_get_failInfoCode() return the intended value as described above or -1 on error. +OSSL_CMP_certConf_cb() returns I if it is not equal to 0, +else 0 on successful validation, +or else a bit field with the B bit set. + All other functions return 1 on success, 0 on error. =head1 EXAMPLES @@ -712,7 +732,8 @@ the id-it-signKeyPairTypes OID and prints info on the General Response contents: L, L, L, L, -L +L, L, +L =head1 HISTORY diff --git a/doc/man3/OSSL_CMP_exec_certreq.pod b/doc/man3/OSSL_CMP_exec_certreq.pod index 098b60ae61..55fa73f563 100644 --- a/doc/man3/OSSL_CMP_exec_certreq.pod +++ b/doc/man3/OSSL_CMP_exec_certreq.pod @@ -13,8 +13,7 @@ OSSL_CMP_P10CR, OSSL_CMP_KUR, OSSL_CMP_try_certreq, OSSL_CMP_exec_RR_ses, -OSSL_CMP_exec_GENM_ses, -OSSL_CMP_certConf_cb +OSSL_CMP_exec_GENM_ses - functions implementing CMP client transactions =head1 SYNOPSIS @@ -33,8 +32,6 @@ OSSL_CMP_certConf_cb #define OSSL_CMP_KUR int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, const OSSL_CRMF_MSG *crm, int *checkAfter); - int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, - const char **text); X509 *OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx); STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx); @@ -101,12 +98,6 @@ If the caller decides to abort the pending certificate request and provides a negative value as the B argument then OSSL_CMP_try_certreq() aborts the CMP transaction by sending an error message to the server. -OSSL_CMP_certConf_cb() is a basic certificate confirmation callback validating -that the new certificate can be verified with the trusted/untrusted certificates -in B. -As there is no requirement in RFC 4210 that the certificate can be -validated by the client, this callback is not set by default in the context. - OSSL_CMP_exec_RR_ses() requests the revocation of the certificate specified in the B using L. RFC 4210 is vague in which PKIStatus should be returned by the server. @@ -146,10 +137,6 @@ In the latter case L yields NULL and the output parameter B has been used to assign the received value unless B is NULL. -OSSL_CMP_certConf_cb() returns B if it is not equal to B<0>, -else B<0> on successful validation, -or else a bit field with the B bit set. - OSSL_CMP_exec_RR_ses() returns the pointer to the revoked certificate on success, B on error. This pointer will be freed implicitly by OSSL_CMP_CTX_free(). From dev at ddvo.net Thu Sep 10 05:13:15 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 10 Sep 2020 05:13:15 +0000 Subject: [openssl] master update Message-ID: <1599714795.644839.27932.nullmailer@dev.openssl.org> The branch master has been updated via a877d2629b8a512aae550be68b9afd91eae22f19 (commit) via 87495d56a959b0c3a3f6d8305d84d1b21e9222a6 (commit) from aad086e2ae5f8d1b3b0934b1e67f7a426352727d (commit) - Log ----------------------------------------------------------------- commit a877d2629b8a512aae550be68b9afd91eae22f19 Author: Dr. David von Oheimb Date: Thu Sep 3 16:51:06 2020 +0200 apps/cmp.c: clear leftover errors on loading libengines.so etc. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12824) commit 87495d56a959b0c3a3f6d8305d84d1b21e9222a6 Author: Dr. David von Oheimb Date: Fri Aug 28 11:57:18 2020 +0200 apps.c: Fix diagnostics and return value of load_key_certs_crls() on error Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12824) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 1 + apps/lib/apps.c | 29 ++++++++++++++++------------- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 7524930b8f..3e7b010fcb 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -2620,6 +2620,7 @@ int cmp_main(int argc, char **argv) char mock_server[] = "mock server:1"; int ret = 0; /* default: failure */ + ERR_clear_error(); /* clear leftover errors on loading libengines.so etc. */ if (argc <= 1) { opt_help(cmp_options); goto err; diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 342c364aa4..b631a2670a 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -702,7 +702,7 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, const char *propq = app_get0_propq(); int ncerts = 0; int ncrls = 0; - const char *failed = NULL; + const char *failed = "any"; /* TODO make use of the engine reference 'eng' when loading pkeys */ if (ppkey != NULL) @@ -714,14 +714,14 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, if (pcerts != NULL && *pcerts == NULL && (*pcerts = sk_X509_new_null()) == NULL) { BIO_printf(bio_err, "Out of memory"); - return 0; + goto end; } if (pcrl != NULL) *pcrl = NULL; if (pcrls != NULL && *pcrls == NULL && (*pcrls = sk_X509_CRL_new_null()) == NULL) { BIO_printf(bio_err, "Out of memory"); - return 0; + goto end; } if (desc == NULL) @@ -753,6 +753,7 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, goto end; } + failed = NULL; while (!OSSL_STORE_eof(ctx)) { OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info); @@ -806,17 +807,19 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, end: OSSL_STORE_close(ctx); - if (ppkey != NULL && *ppkey == NULL) - failed = "key"; - else if ((pcert != NULL || pcerts != NULL) && ncerts == 0) - failed = "cert"; - else if ((pcrl != NULL || pcrls != NULL) && ncrls == 0) - failed = "CRL"; - if (failed != NULL) { - BIO_printf(bio_err, "Could not read any %s of %s from %s\n", - failed, desc, uri); - ERR_print_errors(bio_err); + if (failed == NULL) { + if (ppkey != NULL && *ppkey == NULL) + failed = "key"; + else if ((pcert != NULL || pcerts != NULL) && ncerts == 0) + failed = "cert"; + else if ((pcrl != NULL || pcrls != NULL) && ncrls == 0) + failed = "CRL"; + if (failed != NULL) + BIO_printf(bio_err, "Could not read any %s of %s from %s\n", + failed, desc, uri); } + if (failed != NULL) + ERR_print_errors(bio_err); return failed == NULL; } From dev at ddvo.net Thu Sep 10 05:15:22 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 10 Sep 2020 05:15:22 +0000 Subject: [openssl] master update Message-ID: <1599714922.781168.29275.nullmailer@dev.openssl.org> The branch master has been updated via c4adc5ba5b4a7b5f999732fc565d0d6e3f8222e9 (commit) from a877d2629b8a512aae550be68b9afd91eae22f19 (commit) - Log ----------------------------------------------------------------- commit c4adc5ba5b4a7b5f999732fc565d0d6e3f8222e9 Author: Dr. David von Oheimb Date: Sun Aug 30 13:25:40 2020 +0200 apps.c: Fix mem leaks on error in load_certs() and load_crls() Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12823) ----------------------------------------------------------------------- Summary of changes: apps/lib/apps.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index b631a2670a..f10e91deb7 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -659,22 +659,38 @@ void* app_malloc(int sz, const char *what) /* * Initialize or extend, if *certs != NULL, a certificate stack. + * The caller is responsible for freeing *certs if its value is left not NULL. */ int load_certs(const char *uri, STACK_OF(X509) **certs, const char *pass, const char *desc) { - return load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, - NULL, certs, NULL, NULL); + int was_NULL = *certs == NULL; + int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, + NULL, certs, NULL, NULL); + + if (!ret && was_NULL) { + sk_X509_pop_free(*certs, X509_free); + *certs = NULL; + } + return ret; } /* * Initialize or extend, if *crls != NULL, a certificate stack. + * The caller is responsible for freeing *crls if its value is left not NULL. */ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, const char *pass, const char *desc) { - return load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, - NULL, NULL, NULL, crls); + int was_NULL = *crls == NULL; + int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, + NULL, NULL, NULL, crls); + + if (!ret && was_NULL) { + sk_X509_CRL_pop_free(*crls, X509_CRL_free); + *crls = NULL; + } + return ret; } /* From dev at ddvo.net Thu Sep 10 05:37:04 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 10 Sep 2020 05:37:04 +0000 Subject: [openssl] master update Message-ID: <1599716224.830619.916.nullmailer@dev.openssl.org> The branch master has been updated via 7eb48cfc66372772c088c7ef1f443432a36e8a5c (commit) via eb5087fc7caaf40a2f4dafb294f3cba1b9ca2619 (commit) via 4245fd64c810bf4ecdcd8e2c7384e71d084541c0 (commit) via 57371e16741ae619ecd7c33b3b4a7fd728616e01 (commit) from c4adc5ba5b4a7b5f999732fc565d0d6e3f8222e9 (commit) - Log ----------------------------------------------------------------- commit 7eb48cfc66372772c088c7ef1f443432a36e8a5c Author: Dr. David von Oheimb Date: Fri Sep 4 15:10:22 2020 +0200 test/cmp_{client,msg}_test.c: minor code cleanup Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12655) commit eb5087fc7caaf40a2f4dafb294f3cba1b9ca2619 Author: Dr. David von Oheimb Date: Fri Sep 4 15:09:32 2020 +0200 test/recipes/81-test_cmp_cli_data/Mock/server.cnf: minor cleanup Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12655) commit 4245fd64c810bf4ecdcd8e2c7384e71d084541c0 Author: Dr. David von Oheimb Date: Sun Aug 30 13:22:57 2020 +0200 81-test_cmp_cli: Make test output files all different according to #11080 Also some minor improvements mostly of test cases regarding PKCS#10 CSR input Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12655) commit 57371e16741ae619ecd7c33b3b4a7fd728616e01 Author: Dr. David von Oheimb Date: Sat Aug 29 09:22:07 2020 +0200 81-test_cmp_cli.t: Stop unlinking test output files according to #11080 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12655) ----------------------------------------------------------------------- Summary of changes: test/cmp_client_test.c | 2 +- test/cmp_msg_test.c | 1 + test/recipes/81-test_cmp_cli.t | 6 +- test/recipes/81-test_cmp_cli_data/Mock/csr.pem | 8 + test/recipes/81-test_cmp_cli_data/Mock/server.cnf | 6 +- .../Mock/wrong_csr.pem} | 0 .../81-test_cmp_cli_data/test_credentials.csv | 2 +- .../81-test_cmp_cli_data/test_enrollment.csv | 206 ++++++++++----------- 8 files changed, 119 insertions(+), 112 deletions(-) create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/csr.pem copy test/recipes/{04-test_pem_data/csr.pem => 81-test_cmp_cli_data/Mock/wrong_csr.pem} (100%) diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c index 111a4c27f4..9043ee1196 100644 --- a/test/cmp_client_test.c +++ b/test/cmp_client_test.c @@ -350,7 +350,7 @@ void cleanup_tests(void) return; } -#define USAGE "server.key server.crt client.key client.crt client.csr module_name [module_conf_file]\n" +# define USAGE "server.key server.crt client.key client.crt client.csr module_name [module_conf_file]\n" OPT_TEST_DECLARE_USAGE(USAGE) int setup_tests(void) diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c index a56f04f1df..a593f37cfc 100644 --- a/test/cmp_msg_test.c +++ b/test/cmp_msg_test.c @@ -86,6 +86,7 @@ static X509 *cert = NULL; TEST_ptr_null(msg = (expr)); \ \ OSSL_CMP_MSG_free(msg); \ + ERR_print_errors_fp(stderr); \ return good; \ } while (0) diff --git a/test/recipes/81-test_cmp_cli.t b/test/recipes/81-test_cmp_cli.t index fa70c84981..2aea3b8f0c 100644 --- a/test/recipes/81-test_cmp_cli.t +++ b/test/recipes/81-test_cmp_cli.t @@ -65,7 +65,7 @@ my @cmp_basic_tests = ( ); my $rsp_cert = "signer_only.crt"; -my $outfile = "test.cert.pem"; +my $outfile = "test.certout.pem"; my $secret = "pass:test"; # this uses the mock server directly in the cmp app, without TCP @@ -87,7 +87,7 @@ sub use_mock_srv_internally "-certout" , $outfile])) && compare_text($outfile, $rsp_cert) == 0, "CMP app with -use_mock_srv and -poll_count 1"); - unlink $outfile; + # not unlinking $outfile } # the CMP server configuration consists of: @@ -200,7 +200,7 @@ sub test_cmp_cli_aspect { } } }; - unlink "test.cert.pem", "test.cacerts.pem", "test.extracerts.pem"; + # not unlinking test.certout_*.pem, test.cacerts.pem, and test.extracerts.pem } indir data_dir() => sub { diff --git a/test/recipes/81-test_cmp_cli_data/Mock/csr.pem b/test/recipes/81-test_cmp_cli_data/Mock/csr.pem new file mode 100644 index 0000000000..8d20bc011c --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/Mock/csr.pem @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHxMIGXAgEAMAwxCjAIBgNVBAMMAXgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC +AAQe6gjg9c+IFRkK35/7OgK5/rcoUMPxDKkgzNq6DtUm5l3BTZIZO6xe8OvI503Z ++mntgoUUvD7JNn6mDq0V3LuMoCkwJwYJKoZIhvcNAQkOMRowGDAJBgNVHRMEAjAA +MAsGA1UdDwQEAwID6DAKBggqhkjOPQQDAgNJADBGAiEA6UNz3byazvlD6yIFySFM +NKQv+YWWHphH3bIcT7NbvLwCIQCWc8ONyVmhz0tlsXtXEkBvPeWNeaIb+GPH9Dp5 +GvQuEw== +-----END CERTIFICATE REQUEST----- diff --git a/test/recipes/81-test_cmp_cli_data/Mock/server.cnf b/test/recipes/81-test_cmp_cli_data/Mock/server.cnf index af0f0f0cf1..c8fe8edcc6 100644 --- a/test/recipes/81-test_cmp_cli_data/Mock/server.cnf +++ b/test/recipes/81-test_cmp_cli_data/Mock/server.cnf @@ -1,16 +1,14 @@ [cmp] # mock server configuration port = 1700 -srv_secret = pass:test srv_cert = server.crt srv_key = server.key +srv_secret = pass:test -#accept_unprotected +# not needed: accept_unprotected = 1 no_check_time = 1 srv_trusted = signer_root.crt rsp_cert = signer_only.crt rsp_capubs = signer_root.crt rsp_extracerts = signer_issuing.crt - - diff --git a/test/recipes/04-test_pem_data/csr.pem b/test/recipes/81-test_cmp_cli_data/Mock/wrong_csr.pem similarity index 100% copy from test/recipes/04-test_pem_data/csr.pem copy to test/recipes/81-test_cmp_cli_data/Mock/wrong_csr.pem diff --git a/test/recipes/81-test_cmp_cli_data/test_credentials.csv b/test/recipes/81-test_cmp_cli_data/test_credentials.csv index b54862ba5d..bc759567a8 100644 --- a/test/recipes/81-test_cmp_cli_data/test_credentials.csv +++ b/test/recipes/81-test_cmp_cli_data/test_credentials.csv @@ -39,7 +39,7 @@ expected,description, -section,val, -ref,val, -secret,val, -cert,val, -key,val, 0,digest sha256, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,sha256,BLANK, 0,digest sha512, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,sha512,BLANK, 1,digest missing arg, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,,BLANK, -1,digest non-existing, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,sha7,BLANK, +1,digest non-existing, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,idontexist,BLANK, 1,digest obsolete, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,md2,BLANK, 1,multiple digests, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,sha256 sha512,BLANK, ,,,,,,,,,,,,,,,,,,,,,, diff --git a/test/recipes/81-test_cmp_cli_data/test_enrollment.csv b/test/recipes/81-test_cmp_cli_data/test_enrollment.csv index 305302e180..4f6af0ac08 100644 --- a/test/recipes/81-test_cmp_cli_data/test_enrollment.csv +++ b/test/recipes/81-test_cmp_cli_data/test_enrollment.csv @@ -1,112 +1,112 @@ expected,description, -section,val, -cmd,val, -newkey,val,val, -newkeypass,val, -subject,val, -issuer,val, -days,int, -reqexts,val, -sans,spec, -san_nodefault,noarg, -popo,int, -implicit_confirm,noarg, -disable_confirm,noarg, -certout,val,val2, -out_trusted,val,val2, -oldcert,val, -csr,val, -revreason,val ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Misc,request options:,,,, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -0,newkey, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,newkey missing arg, -section,, -cmd,ir, -newkey,,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,newkey is directory, -section,, -cmd,ir, -newkey,dir/,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,newkey too many parameters, -section,, -cmd,ir, -newkey,abc,def, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,newkey is an RSA key, -section,, -cmd,ir, -newkey,test.RSA2048.pem,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -0,newkeypass, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass:12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,no newkeypass, -section,, -cmd,ir, -newkey,new_pass_12345.key,,BLANK,,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -0,read newkeypass from file, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,file:12345.txt,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,missing newkeypass parameter, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,colon missing and no passwd, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,newkeypass double colon, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass::12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,newkeypass double passwd, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass:12345:12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,newkeypass wrongfile, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,file:random.bin,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,wrong password for encrypted pem, -section,, -cmd,ir, -newkey,cmp --help ,, -newkeypass,pass:wrong,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -0,newkeypass ignored, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,abcdefghijklmnop,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,newkeypass invalid, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,fp:4,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -0,newkeypass no prefix, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -1,subject argument missing, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:, -subject,BLANK,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -0,issuer, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,, -issuer,_CA_DN,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,issuer missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,, -issuer,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -0,days 1, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,1,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -0,days 0, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,0,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -0,days 365*100 beyond 2038, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,36500,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,days missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,days negative, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,-10,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,days no not integer, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,1.5,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,days out of range, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,0x10000000000000000,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -0,reqexts, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,, -reqexts,reqexts,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,reqexts missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,, -reqexts,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,reqexts non-exisitng section, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,, -reqexts,invalid,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,reqexts malformed section, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,, -reqexts,reqexts_invalidkey,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,reqexts and sans, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,, -reqexts,reqexts, -sans,localhost,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -0,sans 1 dns, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -0,sans 1 dns critical, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost critical,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -0,sans critical, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,critical,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -0,sans 2 dns, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost test,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -0,sans 1 dns 1 ip, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost 127.0.0.1,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -0,sans 2 ip, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -0,sans 1 uri, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,https://www.sample.com,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -0,san_nodefault, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4, -san_nodefault,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -0,san default test.cert.pem, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,test.cert.pem,BLANK,,, -,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -0,popo SIGNATURE, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,1,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,popo RAVERIFIED, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,0,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,popo missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,popo too large, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,3,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,popo too small, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,-3,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,popo NONE, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,-1,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,popo KEYENC not supported, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,2,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -0,implicit confirm, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -implicit_confirm,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,implicit confirm with parameter, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -implicit_confirm,abc,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -0,disable_confirm, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -disable_confirm,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -1,disable_confirm with parameter, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -disable_confirm,abc, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,newkey, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_newkey.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,newkey missing arg, -section,, -cmd,ir, -newkey,,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_newkey1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,newkey is directory, -section,, -cmd,ir, -newkey,dir/,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_newkey2.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,newkey too many parameters, -section,, -cmd,ir, -newkey,abc,def, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_newkey3.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,newkey is an RSA key, -section,, -cmd,ir, -newkey,test.RSA2048.pem,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_newkey4.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,newkeypass, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass:12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_newkeypass.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,read newkeypass from file, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,file:12345.txt,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_newkeypass_file.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,newkeypass no prefix, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_newkeypass_no_prefix.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,no newkeypass, -section,, -cmd,ir, -newkey,new_pass_12345.key,,BLANK,,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_newkeypass1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,missing newkeypass parameter, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_newkeypass2.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,colon missing and no passwd, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_newkeypass3.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,newkeypass double colon, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass::12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_newkeypass4.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,newkeypass double passwd, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass:12345:12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_newkeypass5.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,newkeypass wrongfile, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,file:random.bin,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_newkeypass6.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,wrong password for encrypted pem, -section,, -cmd,ir, -newkey,cmp --help ,, -newkeypass,pass:wrong,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_newkeypass7.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,newkeypass ignored, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,abcdefghijklmnop,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_newkeypass_ignored.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,newkeypass invalid, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,fp:4,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_newkeypass8.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +1,subject argument missing, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:, -subject,BLANK,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_subject1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,issuer, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,, -issuer,_CA_DN,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_issuer.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,issuer missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,, -issuer,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_issuer1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,days 1, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,1,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_days.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,days 0, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,0,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_days_zero.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,days 365*100 beyond 2038, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,36500,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_days_far_future.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,days missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_days1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,days negative, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,-10,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_days2.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,days no not integer, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,1.5,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_days3.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,days out of range, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,0x10000000000000000,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_days4.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,reqexts, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,, -reqexts,reqexts,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_reqexts.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,reqexts missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,, -reqexts,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_reqexts1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,reqexts non-exisitng section, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,, -reqexts,invalid,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_reqexts2.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,reqexts malformed section, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,, -reqexts,reqexts_invalidkey,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_reqexts3.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,reqexts and sans, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,, -reqexts,reqexts, -sans,localhost,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_reqexts4.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,sans 1 dns, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_sans_dns.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,sans 1 dns critical, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost critical,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_sans_dns_critical.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,sans critical, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,critical,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_sans_critical.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,sans 2 dns, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost test,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_sans_two_dns.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,sans 1 dns 1 ip, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost 127.0.0.1,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_sans_dns_ip.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,sans 2 ip, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_sans_two_ip.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,sans 1 uri, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,https://www.sample.com,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_sans_uri.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,san_nodefault, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4, -san_nodefault,,BLANK,,BLANK,,BLANK,, -certout,test.certout_sans_nodefault.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,san default, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_sans_default.pem,, -out_trusted,root.crt,, -oldcert,test.certout_newkey.pem,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,popo SIGNATURE, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,1,BLANK,,BLANK,, -certout,test.certout_popo.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,popo RAVERIFIED, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,0,BLANK,,BLANK,, -certout,test.certout_popo1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,popo missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,,BLANK,,BLANK,, -certout,test.certout_popo2.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,popo too large, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,3,BLANK,,BLANK,, -certout,test.certout_popo3.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,popo too small, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,-3,BLANK,,BLANK,, -certout,test.certout_popo4.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,popo NONE, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,-1,BLANK,,BLANK,, -certout,test.certout_popo5.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,popo KEYENC not supported, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,2,BLANK,,BLANK,, -certout,test.certout_popo6.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,implicit_confirm, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -implicit_confirm,,BLANK,, -certout,test.certout_implicit.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,implicit_confirm with parameter, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -implicit_confirm,abc,BLANK,, -certout,test.certout_implicit1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,disable_confirm, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -disable_confirm,, -certout,test.certout_disable.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,disable_confirm with parameter, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -disable_confirm,abc, -certout,test.certout_disable1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 1,no certout, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,, -out_trusted,root.crt,,BLANK,,BLANK,,, 1,certout missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,,, -out_trusted,root.crt,,BLANK,,BLANK,,, 1,certout is directory, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,dir/,, -out_trusted,root.crt,,BLANK,,BLANK,,, 1,certout too many parameters, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,abc,def, -out_trusted,root.crt,,BLANK,,BLANK,,, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -0,no out_trusted, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,,BLANK,,,BLANK,,BLANK,,, -0,out_trusted bigcert, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,big_root.crt,,BLANK,,BLANK,,, -1,out_trusted missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,,,BLANK,,BLANK,,, -1,out_trusted is directory, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,dir/,,BLANK,,BLANK,,, -1,out_trusted too many parameters, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,abc,def,BLANK,,BLANK,,, -1,out_trusted empty certificate file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,empty.txt,,BLANK,,BLANK,,, -1,out_trusted expired ca certificate, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root_expired.crt,,BLANK,,BLANK,,, -1,out_trusted wrong ca, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,signer.crt,,BLANK,,BLANK,,, -1,out_trusted random input, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,random.bin,,BLANK,,BLANK,,, -,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -0,oldcert ignored, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,test.cert.pem,BLANK,,, -1,oldcert missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,,BLANK,,, -1,oldcert directory, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,dir/,BLANK,,, -1,oldcert non existing file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,idontexist,BLANK,,, -1,oldcert empty file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,empty.txt,BLANK,,, -0,oldcert wrong cert, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,trusted.crt,BLANK,,, -1,oldcert random contents, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,random.bin,BLANK,,, -,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -0,csr ignored for ir, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,, -csr,test.csr.pem,, -,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -1,p10cr csr missing arg, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,, -csr,,, -1,p10cr csr directory, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,, -csr,,, -1,p10cr csr non-existing file, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,, -csr,idontexist,, -1,p10cr csr empty file, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,, -csr,empty.txt,, -1,p10cr wrong csr, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,, -csr,wrong.csr.pem,, -,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -0,ir + ignored revocation, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,,, -revreason,5 -1,ir + invalid revreason, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,,, -revreason,11 -1,ir + revreason not an integer, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,,, -revreason,abc -,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -0,cr command, -section,, -cmd,cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -0,kur command explicit options, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,test.cert.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT, -cert,test.cert.pem, -key,new.key, -extracerts,issuing.crt -0,kur command minimal options, -section,, -cmd,kur,BLANK,,BLANK,, -subject,"""",BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,,BLANK,,, -oldcert,test.cert.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT, -cert,test.cert.pem, -key,new.key, -extracerts,issuing.crt, -secret,"""" -1,kur newkey value missing, -section,, -cmd,kur, -newkey,,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,test.cert.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT -1,kur newkey is directory, -section,, -cmd,kur, -newkey,dir/,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,test.cert.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT -1,kur newkey parameter count no match, -section,, -cmd,kur, -newkey,abc,def, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,test.cert.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT -1,kur newkey missing argument, -section,, -cmd,kur, -newkey,BLANK,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,test.cert.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT -1,kur oldcert is directory, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,dir/,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT -1,kur oldcert not existing, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,idontexist,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT -1,kur empty oldcert file, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,empty.txt,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT -1,kur command without cert and oldcert, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -cert,"""",BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT +0,no out_trusted, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_out_trusted.pem,,BLANK,,,BLANK,,BLANK,,, +0,out_trusted bigcert, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_out_trusted_big.pem,, -out_trusted,big_root.crt,,BLANK,,BLANK,,, +1,out_trusted missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_out_trusted1.pem,, -out_trusted,,,BLANK,,BLANK,,, +1,out_trusted is directory, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_out_trusted2.pem,, -out_trusted,dir/,,BLANK,,BLANK,,, +1,out_trusted too many parameters, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_out_trusted3.pem,, -out_trusted,abc,def,BLANK,,BLANK,,, +1,out_trusted empty certificate file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_out_trusted4.pem,, -out_trusted,empty.txt,,BLANK,,BLANK,,, +1,out_trusted expired ca certificate, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_out_trusted5.pem,, -out_trusted,root_expired.crt,,BLANK,,BLANK,,, +1,out_trusted wrong ca, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_out_trusted6.pem,, -out_trusted,signer.crt,,BLANK,,BLANK,,, +1,out_trusted random input, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_out_trusted7.pem,, -out_trusted,random.bin,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,oldcert ignored, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_oldcert.pem,, -out_trusted,root.crt,, -oldcert,test.certout_newkey.pem,BLANK,,, +1,oldcert missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_oldcert1.pem,, -out_trusted,root.crt,, -oldcert,,BLANK,,, +1,oldcert directory, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_oldcert2.pem,, -out_trusted,root.crt,, -oldcert,dir/,BLANK,,, +1,oldcert non existing file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_oldcert3.pem,, -out_trusted,root.crt,, -oldcert,idontexist,BLANK,,, +1,oldcert empty file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_oldcert4.pem,, -out_trusted,root.crt,, -oldcert,empty.txt,BLANK,,, +1,oldcert random contents, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_oldcert5.pem,, -out_trusted,root.crt,, -oldcert,random.bin,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,csr ignored for ir, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_csr_ignored.pem,, -out_trusted,root.crt,,BLANK,, -csr,idontexist,, +0,p10cr csr, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_p10cr.pem,, -out_trusted,root.crt,,BLANK,, -csr,csr.pem,, +1,p10cr csr missing, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_p10cr1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,p10cr csr missing arg, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_p10cr1.pem,, -out_trusted,root.crt,,BLANK,, -csr,,, +1,p10cr csr directory, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_p10cr2.pem,, -out_trusted,root.crt,,BLANK,, -csr,dir/,, +1,p10cr csr non-existing file, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_p10cr3.pem,, -out_trusted,root.crt,,BLANK,, -csr,idontexist,, +1,p10cr csr empty file, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_p10cr4.pem,, -out_trusted,root.crt,,BLANK,, -csr,empty.txt,, +TODO,p10cr wrong csr, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_p10cr5.pem,, -out_trusted,root.crt,,BLANK,, -csr,wrong_csr.pem,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,ir + ignored revocation, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_revreason.pem,, -out_trusted,root.crt,,BLANK,,,, -revreason,5 +1,ir + invalid revreason, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_revreason1.pem,, -out_trusted,root.crt,,BLANK,,,, -revreason,11 +1,ir + revreason not an integer, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_revreason2.pem,, -out_trusted,root.crt,,BLANK,,,, -revreason,abc +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,cr, -section,, -cmd,cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_cr.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,kur explicit options, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_kur.pem,, -out_trusted,root.crt,, -oldcert,test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT, -cert,test.certout_newkey.pem, -key,new.key, -extracerts,issuing.crt +0,kur minimal options, -section,, -cmd,kur,BLANK,,BLANK,, -subject,"""",BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_kur_minimal.pem,,BLANK,,, -oldcert,"""",BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT, -cert,test.certout_newkey.pem, -key,new.key, -extracerts,issuing.crt, -secret,"""" +1,kur newkey value missing, -section,, -cmd,kur, -newkey,,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_kur1.pem,, -out_trusted,root.crt,, -oldcert,test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT +1,kur newkey is directory, -section,, -cmd,kur, -newkey,dir/,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_kur2.pem,, -out_trusted,root.crt,, -oldcert,test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT +1,kur newkey parameter count no match, -section,, -cmd,kur, -newkey,abc,def, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_kur3.pem,, -out_trusted,root.crt,, -oldcert,test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT +1,kur newkey missing argument, -section,, -cmd,kur, -newkey,BLANK,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_kur4.pem,, -out_trusted,root.crt,, -oldcert,test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT +1,kur oldcert is directory, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_kur5.pem,, -out_trusted,root.crt,, -oldcert,dir/,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT +1,kur oldcert not existing, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_kur6.pem,, -out_trusted,root.crt,, -oldcert,idontexist,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT +1,kur empty oldcert file, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_kur7.pem,, -out_trusted,root.crt,, -oldcert,empty.txt,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT +1,kur without cert and oldcert, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_kur8.pem,, -out_trusted,root.crt,, -cert,"""",BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT From dev at ddvo.net Thu Sep 10 05:47:19 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 10 Sep 2020 05:47:19 +0000 Subject: [openssl] master update Message-ID: <1599716839.631267.3669.nullmailer@dev.openssl.org> The branch master has been updated via bb30bce22b1f1e0dd6e3e33f28ddb24dc5b285ab (commit) via 543a802fabc6e53cd7b50b5561b9b0abbf769667 (commit) via 61994781011ba4dde5b546971623ce6590d5d60f (commit) from 7eb48cfc66372772c088c7ef1f443432a36e8a5c (commit) - Log ----------------------------------------------------------------- commit bb30bce22b1f1e0dd6e3e33f28ddb24dc5b285ab Author: Dr. David von Oheimb Date: Tue Sep 8 15:30:33 2020 +0200 bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12822) commit 543a802fabc6e53cd7b50b5561b9b0abbf769667 Author: Dr. David von Oheimb Date: Fri Sep 4 17:09:13 2020 +0200 bugfix in ossl_cmp_msg_protect(): set senderKID and extend extraCerts also for unprotected CMP requests Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12822) commit 61994781011ba4dde5b546971623ce6590d5d60f Author: Dr. David von Oheimb Date: Fri Sep 4 10:58:26 2020 +0200 bugfix in ossl_cmp_msg_add_extraCerts(): should include cert chain when using PBM Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12822) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 40 ++++++++++++++++++++++------------------ crypto/cmp/cmp_client.c | 15 ++++++++------- crypto/cmp/cmp_protect.c | 27 ++++++++++++++------------- doc/man1/openssl-cmp.pod.in | 8 ++++---- doc/man3/OSSL_CMP_CTX_new.pod | 10 +++++----- 5 files changed, 53 insertions(+), 47 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 3e7b010fcb..1c3b592f7f 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -2818,27 +2818,27 @@ int cmp_main(int argc, char **argv) switch (opt_cmd) { case CMP_IR: newcert = OSSL_CMP_exec_IR_ses(cmp_ctx); - if (newcert == NULL) - goto err; + if (newcert != NULL) + ret = 1; break; case CMP_KUR: newcert = OSSL_CMP_exec_KUR_ses(cmp_ctx); - if (newcert == NULL) - goto err; + if (newcert != NULL) + ret = 1; break; case CMP_CR: newcert = OSSL_CMP_exec_CR_ses(cmp_ctx); - if (newcert == NULL) - goto err; + if (newcert != NULL) + ret = 1; break; case CMP_P10CR: newcert = OSSL_CMP_exec_P10CR_ses(cmp_ctx); - if (newcert == NULL) - goto err; + if (newcert != NULL) + ret = 1; break; case CMP_RR: - if (OSSL_CMP_exec_RR_ses(cmp_ctx) == NULL) - goto err; + if (OSSL_CMP_exec_RR_ses(cmp_ctx) != NULL) + ret = 1; break; case CMP_GENM: { @@ -2852,10 +2852,11 @@ int cmp_main(int argc, char **argv) OSSL_CMP_CTX_push0_genm_ITAV(cmp_ctx, itav); } - if ((itavs = OSSL_CMP_exec_GENM_ses(cmp_ctx)) == NULL) - goto err; - print_itavs(itavs); - sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); + if ((itavs = OSSL_CMP_exec_GENM_ses(cmp_ctx)) != NULL) { + print_itavs(itavs); + sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); + ret = 1; + } break; } default: @@ -2863,7 +2864,7 @@ int cmp_main(int argc, char **argv) } { - /* print PKIStatusInfo (this is in case there has been no error) */ + /* print PKIStatusInfo */ int status = OSSL_CMP_CTX_get_status(cmp_ctx); char *buf = app_malloc(OSSL_CMP_PKISI_BUFLEN, "PKIStatusInfo buf"); const char *string = @@ -2885,11 +2886,14 @@ int cmp_main(int argc, char **argv) OPENSSL_free(buf); } - if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_caPubs(cmp_ctx), - opt_cacertsout, "CA") < 0) - goto err; if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_extraCertsIn(cmp_ctx), opt_extracertsout, "extra") < 0) + ret = 0; + if (!ret) + goto err; + ret = 0; + if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_caPubs(cmp_ctx), + opt_cacertsout, "CA") < 0) goto err; if (newcert != NULL) { STACK_OF(X509) *certs = sk_X509_new_null(); diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index 4f8a9e2444..fe7168916a 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -190,6 +190,11 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, */ ossl_cmp_log1(INFO, ctx, "received %s", ossl_cmp_bodytype_to_string(bt)); + /* copy received extraCerts to ctx->extraCertsIn so they can be retrieved */ + if (bt != OSSL_CMP_PKIBODY_POLLREP && bt != OSSL_CMP_PKIBODY_PKICONF + && !ossl_cmp_ctx_set1_extraCertsIn(ctx, (*rep)->extraCerts)) + return 0; + if (!ossl_cmp_msg_check_update(ctx, *rep, unprotected_exception, expected_type)) return 0; @@ -470,7 +475,7 @@ static X509 *get1_cert_status(OSSL_CMP_CTX *ctx, int bodytype, /*- * Callback fn validating that the new certificate can be verified, using * ctx->certConf_cb_arg, which has been initialized using opt_out_trusted, and - * ctx->untrusted, which at this point already contains ctx->extraCertsIn. + * ctx->untrusted, which at this point already contains msg->extraCerts. * Returns 0 on acceptance, else a bit field reflecting PKIFailureInfo. * Quoting from RFC 4210 section 5.1. Overall PKI Message: * The extraCerts field can contain certificates that may be useful to @@ -595,10 +600,6 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid, && !ossl_cmp_ctx_set1_caPubs(ctx, crepmsg->caPubs)) return 0; - /* copy received extraCerts to ctx->extraCertsIn so they can be retrieved */ - if (!ossl_cmp_ctx_set1_extraCertsIn(ctx, (*resp)->extraCerts)) - return 0; - subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); if (rkey != NULL /* X509_check_private_key() also works if rkey is just public key */ @@ -606,8 +607,8 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid, fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_incorrectData; txt = "public key in new certificate does not match our enrollment key"; /*- - * not callling (void)ossl_cmp_exchange_error(ctx, - * OSSL_CMP_PKISTATUS_rejection, fail_info, txt) + * not calling (void)ossl_cmp_exchange_error(ctx, + * OSSL_CMP_PKISTATUS_rejection, fail_info, txt) * not throwing CMP_R_CERTIFICATE_NOT_ACCEPTED with txt * not returning 0 * since we better leave this for the certConf_cb to decide diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index 6313cc94ce..a6a0f9f9e0 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -140,7 +140,8 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) return 0; /* Add first ctx->cert and its chain if using signature-based protection */ - if (!ctx->unprotectedSend && ctx->secretValue == NULL) { + if (!ctx->unprotectedSend && ctx->secretValue == NULL + && ctx->cert != NULL && ctx->pkey != NULL) { int flags_prepend = X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP | X509_ADD_FLAG_PREPEND | X509_ADD_FLAG_NO_SS; @@ -178,7 +179,7 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) return 0; - /* if none was found avoid empty ASN.1 sequence */ + /* in case extraCerts are empty list avoid empty ASN.1 sequence */ if (sk_X509_num(msg->extraCerts) == 0) { sk_X509_free(msg->extraCerts); msg->extraCerts = NULL; @@ -271,11 +272,11 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) ASN1_BIT_STRING_free(msg->protection); msg->protection = NULL; - if (ctx->unprotectedSend) - return 1; - - /* use PasswordBasedMac according to 5.1.3.1 if secretValue is given */ - if (ctx->secretValue != NULL) { + if (ctx->unprotectedSend) { + if (!set_senderKID(ctx, msg, NULL)) + goto err; + } else if (ctx->secretValue != NULL) { + /* use PasswordBasedMac according to 5.1.3.1 if secretValue is given */ if (!set_pbmac_algor(ctx, &msg->header->protectionAlg)) goto err; if (!set_senderKID(ctx, msg, NULL)) @@ -309,11 +310,12 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) CMPerr(0, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION); goto err; } - if ((msg->protection = ossl_cmp_calc_protection(ctx, msg)) == NULL) + if (!ctx->unprotectedSend + && ((msg->protection = ossl_cmp_calc_protection(ctx, msg)) == NULL)) goto err; /* - * If present, add ctx->cert followed by its chain as far as possible. + * For signature-based protection add ctx->cert followed by its chain. * Finally add any additional certificates from ctx->extraCertsOut; * even if not needed to validate the protection * the option to do this might be handy for certain use cases. @@ -326,11 +328,10 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) * to the client it set to NULL-DN. In this case for identification at least * the senderKID must be set, where we took the referenceValue as fallback. */ - if (ossl_cmp_general_name_is_NULL_DN(msg->header->sender) - && msg->header->senderKID == NULL) - CMPerr(0, CMP_R_MISSING_SENDER_IDENTIFICATION); - else + if (!(ossl_cmp_general_name_is_NULL_DN(msg->header->sender) + && msg->header->senderKID == NULL)) return 1; + CMPerr(0, CMP_R_MISSING_SENDER_IDENTIFICATION); err: CMPerr(0, CMP_R_ERROR_PROTECTING_MESSAGE); diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 75ee82211d..9389701893 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -590,13 +590,13 @@ with a signature key." =item B<-extracertsout> I -The file where to save any extra certificates received in the extraCerts field -of response messages. +The file where to save all certificates contained in the extraCerts field +of the last received response message (except for pollRep and PKIConf). =item B<-cacertsout> I -The file where to save any CA certificates received in the caPubs field of -Initialization Response (IP) messages. +The file where to save any CA certificates contained in the caPubs field of +the last received certificate response (i.e., IP, CP, or KUP) message. =back diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index f619a65d3f..d581556ff1 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -617,14 +617,14 @@ OSSL_CMP_CTX_get1_newChain() returns a pointer to a duplicate of the stack of X.509 certificates computed by OSSL_CMP_certConf_cb() (if this function has been called) on the last received certificate response message IP/CP/KUP. -OSSL_CMP_CTX_get1_caPubs() returns a pointer to a duplicate of the stack of +OSSL_CMP_CTX_get1_caPubs() returns a pointer to a duplicate of the list of X.509 certificates received in the caPubs field of last received certificate response message IP/CP/KUP. -OSSL_CMP_CTX_get1_extraCertsIn() returns a pointer to a duplicate of the stack -of X.509 certificates received in the last received nonempty extraCerts field. -Returns an empty stack if no extraCerts have been received in the current -transaction. +OSSL_CMP_CTX_get1_extraCertsIn() returns a pointer to a duplicate of the list +of X.509 certificates contained in the extraCerts field of the last received +response message (except for pollRep and PKIConf), or +an empty stack if no extraCerts have been received in the current transaction. OSSL_CMP_CTX_set1_transactionID() sets the given transaction ID in the given OSSL_CMP_CTX structure. From builds at travis-ci.com Thu Sep 10 06:28:37 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 10 Sep 2020 06:28:37 +0000 Subject: Errored: openssl/openssl#37354 (master - aad086e) In-Reply-To: Message-ID: <5f59c79523c1c_13f7e9d73816423584a@travis-pro-tasks-7b6c859467-zbt6q.mail> Build Update for openssl/openssl ------------------------------------- Build: #37354 Status: Errored Duration: 1 hr, 17 mins, and 54 secs Commit: aad086e (master) Author: Dr. David von Oheimb Message: Replace all wrong usages of 'B<...>' (typically by 'I<...>') in OSSL_CMP_CTX_new.pod Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12741) View the changeset: https://github.com/openssl/openssl/compare/474853c39a2b...aad086e2ae5f View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183668166?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Sep 10 06:50:42 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 10 Sep 2020 06:50:42 +0000 Subject: Build failed: openssl OpenSSL_1_1_1-stable.36807 Message-ID: <20200910065042.1.BC84E54E3EEAD589@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Sep 10 07:29:09 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 10 Sep 2020 07:29:09 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1599722949.314931.18513.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EncryptedData_decrypt.3 doc/man/man3/CMS_EncryptedData_encrypt.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_data_create.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_digest_create.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_CTX_get_iv.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_certreq.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_DECODER.3 doc/man/man3/OSSL_DECODER_CTX.3 doc/man/man3/OSSL_DECODER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_DECODER_from_bio.3 doc/man/man3/OSSL_ENCODER.3 doc/man/man3/OSSL_ENCODER_CTX.3 doc/man/man3/OSSL_ENCODER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_ENCODER_to_bio.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_X509_INFO_read_bio_with_libctx.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_create_cert.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_SAFEBAG_get1_cert.3 doc/man/man3/PKCS12_add1_attr_by_NID.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_cert.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_add_safe.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_get0_primary.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_ASN1.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_ASN1.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_add_cert.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-PKCS12KDF.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-HMAC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-HMAC.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-base.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-encoder.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-object.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-signature.7 doc/man/man7/provider-storemgmt.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_core_object test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_decoder test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_encoder test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/defltfips_test test/destest test/dhtest test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/endecode_test test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkcs12_format_test test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_status_test test/provider_test test/rand_status_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/loader_attic.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/loader_attic.ld engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/der/der_wrap_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/common/include/prov/der_wrap.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_core_object.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_decoder.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_encoder.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha7-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c Makefile:4183: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3150: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From builds at travis-ci.com Thu Sep 10 07:29:12 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 10 Sep 2020 07:29:12 +0000 Subject: Errored: openssl/openssl#37355 (master - a877d26) In-Reply-To: Message-ID: <5f59d5c884c3d_13f7e9bdb63bc3994f5@travis-pro-tasks-7b6c859467-zbt6q.mail> Build Update for openssl/openssl ------------------------------------- Build: #37355 Status: Errored Duration: 1 hr, 32 mins, and 22 secs Commit: a877d26 (master) Author: Dr. David von Oheimb Message: apps/cmp.c: clear leftover errors on loading libengines.so etc. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12824) View the changeset: https://github.com/openssl/openssl/compare/aad086e2ae5f...a877d2629b8a View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183668429?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Sep 10 07:51:35 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 10 Sep 2020 07:51:35 +0000 Subject: [openssl] master update Message-ID: <1599724295.815410.29911.nullmailer@dev.openssl.org> The branch master has been updated via b830e0042972a237c6677c071f1fcde5c1afbea7 (commit) from bb30bce22b1f1e0dd6e3e33f28ddb24dc5b285ab (commit) - Log ----------------------------------------------------------------- commit b830e0042972a237c6677c071f1fcde5c1afbea7 Author: Richard Levitte Date: Tue Sep 8 13:07:46 2020 +0200 Diverse build.info: Adjust paths Fixes #12815 Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12816) ----------------------------------------------------------------------- Summary of changes: crypto/bn/build.info | 2 -- crypto/poly1305/build.info | 2 +- crypto/ripemd/build.info | 2 +- test/build.info | 2 +- 4 files changed, 3 insertions(+), 5 deletions(-) diff --git a/crypto/bn/build.info b/crypto/bn/build.info index a40bcdca0f..093cbcc7f1 100644 --- a/crypto/bn/build.info +++ b/crypto/bn/build.info @@ -126,8 +126,6 @@ DEFINE[../../providers/libfips.a]=$BNDEF DEFINE[../../providers/liblegacy.a]=$BNDEF DEFINE[../../providers/libimplementations.a]=$BNDEF -INCLUDE[../../libcrypto]=../../crypto/include - INCLUDE[bn_exp.o]=.. GENERATE[bn-586.s]=asm/bn-586.pl diff --git a/crypto/poly1305/build.info b/crypto/poly1305/build.info index b3078f21cc..9e4085f9fa 100644 --- a/crypto/poly1305/build.info +++ b/crypto/poly1305/build.info @@ -34,7 +34,7 @@ SOURCE[../../libcrypto]=poly1305.c $POLY1305ASM # Implementations are now spread across several libraries, so the defines # need to be applied to all affected libraries and modules. DEFINE[../../libcrypto]=$POLY1305DEF -DEFINE[../providers/libimplementations.a]=$POLY1305DEF +DEFINE[../../providers/libimplementations.a]=$POLY1305DEF GENERATE[poly1305-sparcv9.S]=asm/poly1305-sparcv9.pl INCLUDE[poly1305-sparcv9.o]=.. diff --git a/crypto/ripemd/build.info b/crypto/ripemd/build.info index 4cc5b3a2eb..762067e635 100644 --- a/crypto/ripemd/build.info +++ b/crypto/ripemd/build.info @@ -14,7 +14,7 @@ ENDIF # Implementations are now spread across several libraries, so the defines # need to be applied to all affected libraries and modules -DEFINE[../providers/libimplementations.a]=$RMD160DEF +DEFINE[../../providers/libimplementations.a]=$RMD160DEF SOURCE[../../libcrypto]=rmd_dgst.c rmd_one.c $RMD160ASM DEFINE[../../libcrypto]=$RMD160DEF diff --git a/test/build.info b/test/build.info index 16ff48e24b..7c80b16284 100644 --- a/test/build.info +++ b/test/build.info @@ -685,7 +685,7 @@ IF[{- !$disabled{tests} -}] DEPEND[keymgmt_internal_test]=../libcrypto.a libtestutil.a SOURCE[ffc_internal_test]=ffc_internal_test.c - INCLUDE[ffc_internal_test]=.. ../include ../apps/include ../crypto/include + INCLUDE[ffc_internal_test]=.. ../include ../apps/include DEPEND[ffc_internal_test]=../libcrypto.a libtestutil.a IF[{- !$disabled{mdc2} -}] From builds at travis-ci.com Thu Sep 10 08:25:31 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 10 Sep 2020 08:25:31 +0000 Subject: Errored: openssl/openssl#37356 (master - c4adc5b) In-Reply-To: Message-ID: <5f59e2fa9fb87_13f7e9bdb668c570110@travis-pro-tasks-7b6c859467-zbt6q.mail> Build Update for openssl/openssl ------------------------------------- Build: #37356 Status: Errored Duration: 1 hr, 27 mins, and 54 secs Commit: c4adc5b (master) Author: Dr. David von Oheimb Message: apps.c: Fix mem leaks on error in load_certs() and load_crls() Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12823) View the changeset: https://github.com/openssl/openssl/compare/a877d2629b8a...c4adc5ba5b4a View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183668598?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Thu Sep 10 09:25:11 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 10 Sep 2020 09:25:11 +0000 Subject: Errored: openssl/openssl#37357 (master - 7eb48cf) In-Reply-To: Message-ID: <5f59f0f6e6478_13f9e426761d021091f@travis-pro-tasks-7f969477df-zjfmb.mail> Build Update for openssl/openssl ------------------------------------- Build: #37357 Status: Errored Duration: 1 hr, 30 mins, and 35 secs Commit: 7eb48cf (master) Author: Dr. David von Oheimb Message: test/cmp_{client,msg}_test.c: minor code cleanup Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12655) View the changeset: https://github.com/openssl/openssl/compare/c4adc5ba5b4a...7eb48cfc6637 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183670182?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmraz at fedoraproject.org Thu Sep 10 09:36:05 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Thu, 10 Sep 2020 09:36:05 +0000 Subject: [openssl] master update Message-ID: <1599730565.046118.15438.nullmailer@dev.openssl.org> The branch master has been updated via 3101ab603cd82cdbc81de0902b2b4718e8f1279b (commit) from b830e0042972a237c6677c071f1fcde5c1afbea7 (commit) - Log ----------------------------------------------------------------- commit 3101ab603cd82cdbc81de0902b2b4718e8f1279b Author: Matt Caswell Date: Thu Sep 3 11:50:30 2020 +0100 Fix an EVP_MD_CTX leak If we initialise an EVP_MD_CTX with a legacy MD, and then reuse the same EVP_MD_CTX with a provided MD then we end up leaking the md_data. We need to ensure we free the md_data if we change to a provided MD. Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12779) ----------------------------------------------------------------------- Summary of changes: crypto/evp/digest.c | 45 +++++++++++++++++++++++++-------------------- crypto/evp/m_sigver.c | 10 ++++++++++ include/crypto/evp.h | 2 ++ 3 files changed, 37 insertions(+), 20 deletions(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 19fddb74ab..07bf12e5ae 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -22,24 +22,9 @@ #include "internal/provider.h" #include "evp_local.h" -/* This call frees resources associated with the context */ -int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) -{ - if (ctx == NULL) - return 1; - -#ifndef FIPS_MODULE - /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */ - /* - * pctx should be freed by the user of EVP_MD_CTX - * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set - */ - if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) { - EVP_PKEY_CTX_free(ctx->pctx); - ctx->pctx = NULL; - } -#endif +void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force) +{ EVP_MD_free(ctx->fetched_digest); ctx->fetched_digest = NULL; ctx->reqdigest = NULL; @@ -61,16 +46,36 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) ctx->digest->cleanup(ctx); if (ctx->digest && ctx->digest->ctx_size && ctx->md_data - && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { + && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) || force)) OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); - } + if (force) + ctx->digest = NULL; #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) ENGINE_finish(ctx->engine); + ctx->engine = NULL; #endif +} - /* TODO(3.0): End of legacy code */ +/* This call frees resources associated with the context */ +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) +{ + if (ctx == NULL) + return 1; + +#ifndef FIPS_MODULE + /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */ + /* + * pctx should be freed by the user of EVP_MD_CTX + * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set + */ + if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) { + EVP_PKEY_CTX_free(ctx->pctx); + ctx->pctx = NULL; + } +#endif + evp_md_ctx_clear_digest(ctx, 0); OPENSSL_cleanse(ctx, sizeof(*ctx)); return 1; diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index a60d6e770b..e2bb613a20 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -176,6 +176,12 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, } if (mdname != NULL) { + /* + * We're about to get a new digest so clear anything associated with + * an old digest. + */ + evp_md_ctx_clear_digest(ctx, 1); + /* * This might be requested by a later call to EVP_MD_CTX_md(). * In that case the "explicit fetch" rules apply for that @@ -185,6 +191,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, */ ctx->digest = ctx->reqdigest = ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); + if (ctx->digest == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + goto err; + } } } diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 9d9b0a7298..bdff97f639 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -808,3 +808,5 @@ int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx); void evp_method_store_flush(OPENSSL_CTX *libctx); int evp_set_default_properties_int(OPENSSL_CTX *libctx, const char *propq, int loadconfig); + +void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force); From dev at ddvo.net Thu Sep 10 10:04:12 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 10 Sep 2020 10:04:12 +0000 Subject: [openssl] master update Message-ID: <1599732252.324674.20232.nullmailer@dev.openssl.org> The branch master has been updated via 388f2d9f6c3faebc72722ba6bb76df12146ad988 (commit) from 3101ab603cd82cdbc81de0902b2b4718e8f1279b (commit) - Log ----------------------------------------------------------------- commit 388f2d9f6c3faebc72722ba6bb76df12146ad988 Author: Dr. David von Oheimb Date: Tue Sep 8 14:31:59 2020 +0200 app_load_config_bio(): fix crash on error It turns out that the CONF_modules_load(conf, NULL, 0) call is just wrong. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12817) ----------------------------------------------------------------------- Summary of changes: apps/lib/apps.c | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index f10e91deb7..878ec18f0b 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -389,7 +389,6 @@ CONF *app_load_config_bio(BIO *in, const char *filename) else BIO_printf(bio_err, "config input"); - CONF_modules_load(conf, NULL, 0); NCONF_free(conf); return NULL; } From dev at ddvo.net Thu Sep 10 10:08:44 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 10 Sep 2020 10:08:44 +0000 Subject: [openssl] master update Message-ID: <1599732524.991303.21937.nullmailer@dev.openssl.org> The branch master has been updated via 5a0991d0d94b966e0621b8123873b132877dc9d3 (commit) via 5fdcde816f6ee9ef048977c14427e2b0b63f47b6 (commit) via a8e2a9f569c60dbbc180672b0fce16ab7dd6ca72 (commit) via bc64c5a69b95d45c314ec6ac40a865228cf230cd (commit) via 2aa91df406a8c907b53d01773b1b860117542c48 (commit) via 115786793c2521af9dcf20a6114e9904e0c206aa (commit) from 388f2d9f6c3faebc72722ba6bb76df12146ad988 (commit) - Log ----------------------------------------------------------------- commit 5a0991d0d94b966e0621b8123873b132877dc9d3 Author: Dr. David von Oheimb Date: Wed Sep 2 13:52:23 2020 +0200 Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12769) commit 5fdcde816f6ee9ef048977c14427e2b0b63f47b6 Author: Dr. David von Oheimb Date: Wed Sep 2 13:50:04 2020 +0200 X509_NAME_cmp(): Clearly document its semantics, referencing relevant RFCs Fixes #12765 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12769) commit a8e2a9f569c60dbbc180672b0fce16ab7dd6ca72 Author: Dr. David von Oheimb Date: Fri Sep 4 18:31:46 2020 +0200 X509_NAME_add_entry_by_txt.pod: Improve documentation w.r.t. multi-valued RDNs (containing sets of AVAs) Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12769) commit bc64c5a69b95d45c314ec6ac40a865228cf230cd Author: Dr. David von Oheimb Date: Wed Sep 2 13:12:22 2020 +0200 X509_NAME_cmp: restrict normal return values to {-1,0,1} to avoid confusion with -2 for error Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12769) commit 2aa91df406a8c907b53d01773b1b860117542c48 Author: Dr. David von Oheimb Date: Wed Sep 2 14:18:34 2020 +0200 X509_NAME_oneline(): Fix output of multi-valued RDNs, escaping '/' and '+' in values Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12769) commit 115786793c2521af9dcf20a6114e9904e0c206aa Author: Dr. David von Oheimb Date: Wed Sep 2 12:56:49 2020 +0200 X509_NAME_print_ex.pod: re-format lines to fit within 80 chars limit Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12769) ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 6 +-- apps/cmp.c | 2 +- apps/lib/apps.c | 7 ++- apps/req.c | 6 +-- apps/x509.c | 2 +- crypto/x509/x509_cmp.c | 38 ++++++++--------- crypto/x509/x509_obj.c | 26 +++++++----- doc/man1/openssl-ca.pod.in | 20 +++++---- doc/man1/openssl-cmp.pod.in | 23 +++++----- doc/man1/openssl-req.pod.in | 22 +++++----- doc/man1/openssl-storeutl.pod.in | 10 ++++- doc/man1/openssl-x509.pod.in | 12 ++++-- doc/man3/X509_NAME_add_entry_by_txt.pod | 12 +++--- doc/man3/X509_NAME_print_ex.pod | 75 ++++++++++++++++++--------------- doc/man3/X509_cmp.pod | 19 +++++---- 15 files changed, 159 insertions(+), 121 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 8a5104f488..ff40a13d31 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -200,7 +200,7 @@ const OPTIONS ca_options[] = { {"rand_serial", OPT_RAND_SERIAL, '-', "Always create a random serial; do not store it"}, {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-', - "Enable support for multivalued RDNs"}, + "Deprecated; multi-valued RDNs support is always on."}, {"startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ"}, {"enddate", OPT_ENDDATE, 's', "YYMMDDHHMMSSZ cert notAfter (overrides -days)"}, @@ -288,7 +288,7 @@ int ca_main(int argc, char **argv) size_t outdirlen = 0; int create_ser = 0, free_passin = 0, total = 0, total_done = 0; int batch = 0, default_op = 1, doupdatedb = 0, ext_copy = EXT_COPY_NONE; - int keyformat = FORMAT_PEM, multirdn = 0, notext = 0, output_der = 0; + int keyformat = FORMAT_PEM, multirdn = 1, notext = 0, output_der = 0; int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0; int rand_ser = 0, i, j, selfsign = 0, def_nid, def_ret; long crldays = 0, crlhours = 0, crlsec = 0, days = 0; @@ -344,7 +344,7 @@ opthelp: create_ser = 1; break; case OPT_MULTIVALUE_RDN: - multirdn = 1; + /* obsolete */ break; case OPT_STARTDATE: startdate = opt_arg(); diff --git a/apps/cmp.c b/apps/cmp.c index 1c3b592f7f..ce2513bd0d 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -893,7 +893,7 @@ static int set_name(const char *str, OSSL_CMP_CTX *ctx, const char *desc) { if (str != NULL) { - X509_NAME *n = parse_name(str, MBSTRING_ASC, 0, desc); + X509_NAME *n = parse_name(str, MBSTRING_ASC, 1, desc); if (n == NULL) return 0; diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 878ec18f0b..d3f3f6d2b6 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -1647,7 +1647,8 @@ int parse_yesno(const char *str, int def) /* * name is expected to be in the format /type0=value0/type1=value1/type2=... - * where characters may be escaped by \ + * where + can be used instead of / to form multi-valued RDNs if canmulti + * and characters may be escaped by \ */ X509_NAME *parse_name(const char *cp, int chtype, int canmulti, const char *desc) @@ -1700,6 +1701,7 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti, /* Collect the value. */ valstr = (unsigned char *)bp; for (; *cp != '\0' && *cp != '/'; *bp++ = *cp++) { + /* unescaped '+' symbol string signals further member of multiRDN */ if (canmulti && *cp == '+') { nextismulti = 1; break; @@ -1723,6 +1725,9 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti, BIO_printf(bio_err, "%s: Skipping unknown %s name attribute \"%s\"\n", opt_getprog(), desc, typestr); + if (ismulti) + BIO_printf(bio_err, + "Hint: a '+' in a value string needs be escaped using '\\' else a new member of a multi-valued RDN is expected\n"); continue; } if (*valstr == '\0') { diff --git a/apps/req.c b/apps/req.c index 46739554bd..2cc9ebf43d 100644 --- a/apps/req.c +++ b/apps/req.c @@ -127,7 +127,7 @@ const OPTIONS req_options[] = { {"subj", OPT_SUBJ, 's', "Set or modify request subject"}, {"subject", OPT_SUBJECT, '-', "Output the request's subject"}, {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-', - "Enable support for multivalued RDNs"}, + "Deprecated; multi-valued RDNs support is always on."}, {"days", OPT_DAYS, 'p', "Number of days cert is valid for"}, {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"}, {"addext", OPT_ADDEXT, 's', @@ -257,7 +257,7 @@ int req_main(int argc, char **argv) int ret = 1, x509 = 0, days = 0, i = 0, newreq = 0, verbose = 0; int pkey_type = -1, private = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyform = FORMAT_PEM; - int modulus = 0, multirdn = 0, verify = 0, noout = 0, text = 0; + int modulus = 0, multirdn = 1, verify = 0, noout = 0, text = 0; int noenc = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0; long newkey = -1; unsigned long chtype = MBSTRING_ASC, reqflag = 0; @@ -421,7 +421,7 @@ int req_main(int argc, char **argv) subj = opt_arg(); break; case OPT_MULTIVALUE_RDN: - multirdn = 1; + /* obsolete */ break; case OPT_ADDEXT: p = opt_arg(); diff --git a/apps/x509.c b/apps/x509.c index 64a1cadc97..169530f6d6 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -179,7 +179,7 @@ int x509_main(int argc, char **argv) char *subj = NULL; X509_NAME *fsubj = NULL; const unsigned long chtype = MBSTRING_ASC; - const int multirdn = 0; + const int multirdn = 1; STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL; STACK_OF(OPENSSL_STRING) *sigopts = NULL, *vfyopts = NULL; X509 *x = NULL, *xca = NULL; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 0e770de11d..32e15682b1 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -30,8 +30,8 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) ai = &a->cert_info; bi = &b->cert_info; i = ASN1_INTEGER_cmp(&ai->serialNumber, &bi->serialNumber); - if (i) - return i; + if (i != 0) + return i < 0 ? -1 : 1; return X509_NAME_cmp(ai->issuer, bi->issuer); } @@ -83,7 +83,9 @@ int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) { - return memcmp(a->sha1_hash, b->sha1_hash, 20); + int rv = memcmp(a->sha1_hash, b->sha1_hash, 20); + + return rv < 0 ? -1 : rv > 0; } X509_NAME *X509_get_issuer_name(const X509 *a) @@ -149,18 +151,18 @@ int X509_cmp(const X509 *a, const X509 *b) return -2; rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); - if (rv) - return rv; + if (rv != 0) + return rv < 0 ? -1 : 1; /* Check for match against stored encoding too */ if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) { if (a->cert_info.enc.len < b->cert_info.enc.len) return -1; if (a->cert_info.enc.len > b->cert_info.enc.len) return 1; - return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc, - a->cert_info.enc.len); + rv = memcmp(a->cert_info.enc.enc, + b->cert_info.enc.enc, a->cert_info.enc.len); } - return rv; + return rv < 0 ? -1 : rv > 0; } int X509_add_cert_new(STACK_OF(X509) **sk, X509 *cert, int flags) @@ -208,7 +210,7 @@ int X509_add_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, int flags) { int n = sk_X509_num(certs); /* certs may be NULL */ int i; - + for (i = 0; i < n; i++) { int j = (flags & X509_ADD_FLAG_PREPEND) == 0 ? i : n - 1 - i; /* if prepend, add certs in reverse order to keep original order */ @@ -242,12 +244,10 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) } ret = a->canon_enclen - b->canon_enclen; + if (ret == 0 && a->canon_enclen != 0) + ret = memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); - if (ret != 0 || a->canon_enclen == 0) - return ret; - - return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); - + return ret < 0 ? -1 : ret > 0; } unsigned long X509_NAME_hash(const X509_NAME *x) @@ -410,9 +410,9 @@ static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags) return X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM; if (!(*pflags & X509_V_FLAG_SUITEB_128_LOS_ONLY)) return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED; - } else + } else { return X509_V_ERR_SUITE_B_INVALID_CURVE; - + } return X509_V_OK; } @@ -430,9 +430,9 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, if (x == NULL) { x = sk_X509_value(chain, 0); i = 1; - } else + } else { i = 0; - + } pk = X509_get0_pubkey(x); /* @@ -533,7 +533,7 @@ STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain) return ret; err: while (i-- > 0) - X509_free (sk_X509_value(ret, i)); + X509_free(sk_X509_value(ret, i)); sk_X509_free(ret); return NULL; } diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c index c1e893bf13..7bed79a2d5 100644 --- a/crypto/x509/x509_obj.c +++ b/crypto/x509/x509_obj.c @@ -13,6 +13,7 @@ #include #include #include "crypto/x509.h" +#include "crypto/ctype.h" DEFINE_STACK_OF(X509_NAME_ENTRY) @@ -28,6 +29,7 @@ char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len) const X509_NAME_ENTRY *ne; int i; int n, lold, l, l1, l2, num, j, type; + int prev_set = -1; const char *s; char *p; unsigned char *q; @@ -109,14 +111,11 @@ char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len) if (!gs_doit[j & 3]) continue; l2++; -#ifndef CHARSET_EBCDIC - if ((q[j] < ' ') || (q[j] > '~')) - l2 += 3; -#else - if ((os_toascii[q[j]] < os_toascii[' ']) || - (os_toascii[q[j]] > os_toascii['~'])) + if (q[j] == '/' || q[j] == '+') + l2++; /* char needs to be escaped */ + else if ((ossl_toascii(q[j]) < ossl_toascii(' ')) || + (ossl_toascii(q[j]) > ossl_toascii('~'))) l2 += 3; -#endif } lold = l; @@ -133,7 +132,7 @@ char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len) break; } else p = &(buf[lold]); - *(p++) = '/'; + *(p++) = prev_set == ne->set ? '+' : '/'; memcpy(p, s, (unsigned int)l1); p += l1; *(p++) = '='; @@ -152,8 +151,11 @@ char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len) *(p++) = 'x'; *(p++) = hex[(n >> 4) & 0x0f]; *(p++) = hex[n & 0x0f]; - } else + } else { + if (n == '/' || n == '+') + *(p++) = '\\'; *(p++) = n; + } #else n = os_toascii[q[j]]; if ((n < os_toascii[' ']) || (n > os_toascii['~'])) { @@ -161,11 +163,15 @@ char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len) *(p++) = 'x'; *(p++) = hex[(n >> 4) & 0x0f]; *(p++) = hex[n & 0x0f]; - } else + } else { + if (n == os_toascii['/'] || n == os_toascii['+']) + *(p++) = '\\'; *(p++) = q[j]; + } #endif } *p = '\0'; + prev_set = ne->set; } if (b != NULL) { p = b->data; diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in index 7d7f0752f3..d196565422 100644 --- a/doc/man1/openssl-ca.pod.in +++ b/doc/man1/openssl-ca.pod.in @@ -285,11 +285,17 @@ used). =item B<-subj> I Supersedes subject name given in the request. + The arg must be formatted as C. -Keyword characters may be escaped by C<\> (backslash), and whitespace is -retained. +Special characters may be escaped by C<\> (backslash), whitespace is retained. Empty values are permitted, but the corresponding type will not be included in the resulting certificate. +Giving a single C will lead to an empty sequence of RDNs (a NULL-DN). +Multi-valued RDNs can be formed by placing a C<+> character instead of a C +between the AttributeValueAssertions (AVAs) that specify the members of the set. +Example: + +C =item B<-utf8> @@ -313,12 +319,7 @@ This overrides any option or configuration to use a serial number file. =item B<-multivalue-rdn> -This option causes the -subj argument to be interpreted with full -support for multivalued RDNs. Example: - -C - -If B<-multi-rdn> is not used then the UID value is C<123456+CN=John Doe>. +This option has been deprecated and has no effect. {- $OpenSSL::safe::opt_r_item -} @@ -791,7 +792,8 @@ retained mainly for compatibility reasons. The B<-section> option was added in OpenSSL 3.0.0. -The B<-certform> option has become obsolete in OpenSSL 3.0.0 and has no effect. +The B<-certform> and B<-multivalue-rdn> options +have become obsolete in OpenSSL 3.0.0 and have no effect. All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 9389701893..44f71b8358 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -268,20 +268,24 @@ For KUR, it defaults to the subject DN of the reference certificate (see B<-oldcert>). This default is used for IR and CR only if no SANs are set. -The argument must be formatted as I, -characters may be escaped by C<\>E(backslash), no spaces are skipped. - The subject DN is also used as fallback sender of outgoing CMP messages if no B<-cert> and no B<-oldcert> are given. +The argument must be formatted as I. +Special characters may be escaped by C<\> (backslash), whitespace is retained. +Empty values are permitted, but the corresponding type will not be included. +Giving a single C will lead to an empty sequence of RDNs (a NULL-DN). +Multi-valued RDNs can be formed by placing a C<+> character instead of a C +between the AttributeValueAssertions (AVAs) that specify the members of the set. +Example: + +C + =item B<-issuer> I X509 issuer Distinguished Name (DN) of the CA server to place in the requested certificate template in IR/CR/KUR. -The argument must be formatted as I, -characters may be escaped by C<\>E(backslash), no spaces are skipped. - If neither B<-srvcert> nor B<-recipient> is available, the name given in this option is also set as the recipient of the CMP message. @@ -519,10 +523,6 @@ and as default value for the expected sender of incoming CMP messages. Distinguished Name (DN) to use in the recipient field of CMP request messages, i.e., the CMP server (usually the addressed CA). -The argument must be formatted as I, -characters may be escaped by C<\>E(backslash), no spaces are skipped. -The empty name (NULL-DN) can be given explicitly as a single slash: 'I'. - The recipient field in the header of a CMP message is mandatory. If not given explicitly the recipient is determined in the following order: the subject of the CMP server certificate given with the B<-srvcert> option, @@ -536,9 +536,6 @@ as far as any of those is present, else the NULL-DN as last resort. Distinguished Name (DN) expected in the sender field of incoming CMP messages. Defaults to the subject DN of the pinned B<-srvcert>, if any. -The argument must be formatted as I, -characters may be escaped by C<\>E(backslash), no spaces are skipped. - This can be used to make sure that only a particular entity is accepted as CMP message signer, and attackers are not able to use arbitrary certificates of a trusted PKI hierarchy to fraudulently pose as a CMP server. diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index 1af355b5b3..52b2326d78 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -32,7 +32,6 @@ B B [B<-I>] [B<-config> I] [B<-section> I] -[B<-multivalue-rdn>] [B<-x509>] [B<-days> I] [B<-set_serial> I] @@ -45,6 +44,7 @@ B B [B<-reqopt>] [B<-subject>] [B<-subj> I] +[B<-multivalue-rdn>] [B<-sigopt> I:I] [B<-vfyopt> I:I] [B<-batch>] @@ -233,19 +233,21 @@ Specifies the name of the section to use; the default is B. Sets subject name for new request or supersedes the subject name when processing a request. + The arg must be formatted as C. -Keyword characters may be escaped by \ (backslash), and whitespace is retained. +Special characters may be escaped by C<\> (backslash), whitespace is retained. Empty values are permitted, but the corresponding type will not be included in the request. - -=item B<-multivalue-rdn> - -This option causes the -subj argument to be interpreted with full -support for multivalued RDNs. Example: +Giving a single C will lead to an empty sequence of RDNs (a NULL-DN). +Multi-valued RDNs can be formed by placing a C<+> character instead of a C +between the AttributeValueAssertions (AVAs) that specify the members of the set. +Example: C -If -multi-rdn is not used then the UID value is C<123456+CN=John Doe>. +=item B<-multivalue-rdn> + +This option has been deprecated and has no effect. =item B<-x509> @@ -697,8 +699,8 @@ L The B<-section> option was added in OpenSSL 3.0.0. -All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 -and have no effect. +All B<-keyform> values except B and the B<-multivalue-rdn> option +have become obsolete in OpenSSL 3.0.0 and have no effect. The B<-engine> option was deprecated in OpenSSL 3.0. The <-nodes> option was deprecated in OpenSSL 3.0, too; use B<-noenc> instead. diff --git a/doc/man1/openssl-storeutl.pod.in b/doc/man1/openssl-storeutl.pod.in index 2c92f825a0..bc2eec17f7 100644 --- a/doc/man1/openssl-storeutl.pod.in +++ b/doc/man1/openssl-storeutl.pod.in @@ -80,11 +80,19 @@ returned. =item B<-subject> I Search for an object having the subject name I. + The arg must be formatted as C. -Keyword characters may be escaped by \ (backslash), and whitespace is retained. +Special characters may be escaped by C<\> (backslash), whitespace is retained. Empty values are permitted but are ignored for the search. That is, a search with an empty value will have the same effect as not specifying the type at all. +Giving a single C will lead to an empty sequence of RDNs (a NULL-DN). +Multi-valued RDNs can be formed by placing a C<+> character instead of a C +between the AttributeValueAssertions (AVAs) that specify the members of the set. + +Example: + +C =item B<-issuer> I diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in index 8eb35e537e..fb4be2c264 100644 --- a/doc/man1/openssl-x509.pod.in +++ b/doc/man1/openssl-x509.pod.in @@ -517,11 +517,17 @@ generate a certificate containing any desired public key. =item B<-subj> I When a certificate is created set its subject name to the given value. + The arg must be formatted as C. -Keyword characters may be escaped by \ (backslash), and whitespace is retained. +Special characters may be escaped by C<\> (backslash), whitespace is retained. Empty values are permitted, but the corresponding type will not be included -in the certificate. Giving a single C will lead to an empty sequence of RDNs -(a NULL subject DN). +in the certificate. +Giving a single C will lead to an empty sequence of RDNs (a NULL-DN). +Multi-valued RDNs can be formed by placing a C<+> character instead of a C +between the AttributeValueAssertions (AVAs) that specify the members of the set. +Example: + +C Unless the B<-CA> option is given the issuer is set to the same value. diff --git a/doc/man3/X509_NAME_add_entry_by_txt.pod b/doc/man3/X509_NAME_add_entry_by_txt.pod index ce8bf3ef29..8b17a016de 100644 --- a/doc/man3/X509_NAME_add_entry_by_txt.pod +++ b/doc/man3/X509_NAME_add_entry_by_txt.pod @@ -66,13 +66,13 @@ RelativeDistinguishedName (RDN). B actually determines the index where the new entry is inserted: if it is -1 it is appended. -B determines how the new type is added. If it is zero a -new RDN is created. +B determines how the new type is added. +If it is zero a new RDN is created. -If B is -1 or 1 it is added to the previous or next RDN -structure respectively. This will then be a multivalued RDN: -since multivalues RDNs are very seldom used B is almost -always set to zero. +If B is -1 or 1 it is added as a new set member +to the previous or next RDN structure, respectively. +This will then become part of a multi-valued RDN (containing a set of AVAs). +Since multi-valued RDNs are very rarely used B typically will be zero. =head1 RETURN VALUES diff --git a/doc/man3/X509_NAME_print_ex.pod b/doc/man3/X509_NAME_print_ex.pod index a9532b1853..ccb4b5629a 100644 --- a/doc/man3/X509_NAME_print_ex.pod +++ b/doc/man3/X509_NAME_print_ex.pod @@ -9,34 +9,37 @@ X509_NAME_oneline - X509_NAME printing routines #include - int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags); - int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags); + int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, + int indent, unsigned long flags); + int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, + int indent, unsigned long flags); char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); =head1 DESCRIPTION -X509_NAME_print_ex() prints a human readable version of B to BIO B. Each -line (for multiline formats) is indented by B spaces. The output format -can be extensively customised by use of the B parameter. +X509_NAME_print_ex() prints a human readable version of I to BIO I. +Each line (for multiline formats) is indented by I spaces. The +output format can be extensively customised by use of the I parameter. -X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output is -written to FILE pointer B. +X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() +except the output is written to FILE pointer I. -X509_NAME_oneline() prints an ASCII version of B to B. -If B is B then a buffer is dynamically allocated and returned, and -B is ignored. -Otherwise, at most B bytes will be written, including the ending '\0', -and B is returned. +X509_NAME_oneline() prints an ASCII version of I to I. +This supports multi-valued RDNs and escapes B and B<+> characters in values. +If I is B then a buffer is dynamically allocated and returned, and +I is ignored. +Otherwise, at most I bytes will be written, including the ending '\0', +and I is returned. -X509_NAME_print() prints out B to B indenting each line by B +X509_NAME_print() prints out I to I indenting each line by I characters. Multiple lines are used if the output (including indent) exceeds 80 characters. =head1 NOTES The functions X509_NAME_oneline() and X509_NAME_print() -produce a non standard output form, they don't handle multi character fields and +produce a non standard output form, they don't handle multi-character fields and have various quirks and inconsistencies. Their use is strongly discouraged in new applications and they could be deprecated in a future release. @@ -52,15 +55,18 @@ The complete set of the flags supported by X509_NAME_print_ex() is listed below. Several options can be ored together. The options B, B, -B and B determine the field separators -to use. Two distinct separators are used between distinct RelativeDistinguishedName -components and separate values in the same RDN for a multi-valued RDN. Multi-valued -RDNs are currently very rare so the second separator will hardly ever be used. - -B uses comma and plus as separators. B -uses comma and plus with spaces: this is more readable that plain comma and plus. -B uses spaced semicolon and plus. B uses -spaced newline and plus respectively. +B and B +determine the field separators to use. +Two distinct separators are used between distinct RelativeDistinguishedName +components and separate values in the same RDN for a multi-valued RDN. +Multi-valued RDNs are currently very rare +so the second separator will hardly ever be used. + +B uses comma and plus as separators. +B uses comma and plus with spaces: +this is more readable that plain comma and plus. +B uses spaced semicolon and plus. +B uses spaced newline and plus respectively. If B is set the whole DN is printed in reversed order. @@ -84,18 +90,21 @@ control how each field value is displayed. In addition a number options can be set for commonly used formats. -B sets options which produce an output compatible with RFC2253 it -is equivalent to: - C - +B sets options which produce an output compatible with RFC2253. +It is equivalent to: + C B is a more readable one line format which is the same as: - C + C B is a multiline format which is the same as: - C + C -B uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally. +B uses a format identical to X509_NAME_print(): +in fact it calls X509_NAME_print() internally. =head1 RETURN VALUES @@ -103,9 +112,9 @@ X509_NAME_oneline() returns a valid string on success or NULL on error. X509_NAME_print() returns 1 on success or 0 on error. -X509_NAME_print_ex() and X509_NAME_print_ex_fp() return 1 on success or 0 on error -if the B is set, which is the same as X509_NAME_print(). Otherwise, -it returns -1 on error or other values on success. +X509_NAME_print_ex() and X509_NAME_print_ex_fp() return 1 on success or 0 on +error if the B is set, which is the same as X509_NAME_print(). +Otherwise, it returns -1 on error or other values on success. =head1 SEE ALSO diff --git a/doc/man3/X509_cmp.pod b/doc/man3/X509_cmp.pod index 3cb16b2a81..7460d901db 100644 --- a/doc/man3/X509_cmp.pod +++ b/doc/man3/X509_cmp.pod @@ -25,16 +25,20 @@ This set of functions are used to compare X509 objects, including X509 certificates, X509 CRL objects and various values in an X509 certificate. The X509_cmp() function compares two B objects indicated by parameters -B and B. The comparison is based on the B result of the hash +I and I. The comparison is based on the B result of the hash values of two B objects and the canonical (DER) encoding values. The X509_NAME_cmp() function compares two B objects indicated by -parameters B and B. The comparison is based on the B result of -the canonical (DER) encoding values of the two objects. L -has a more detailed description of the DER encoding of the B structure. +parameters I and I. The comparison is based on the B result of the +canonical (DER) encoding values of the two objects using L. +This procedure adheres to the matching rules for Distinguished Names (DN) +given in RFC 4517 section 4.2.15 and RFC 5280 section 7.1. +In particular, the order of Relative Distinguished Names (RDNs) is relevant. +On the other hand, if an RDN is multi-valued, i.e., it contains a set of +AttributeValueAssertions (AVAs), its members are effectively not ordered. The X509_issuer_and_serial_cmp() function compares the serial number and issuer -values in the given B objects B and B. +values in the given B objects I and I. The X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp() functions are effectively wrappers of the X509_NAME_cmp() function. These functions compare @@ -47,9 +51,8 @@ of just the issuer name. =head1 RETURN VALUES -Like common memory comparison functions, the B comparison functions return -an integer less than, equal to, or greater than zero if object B is found to -be less than, to match, or be greater than object B, respectively. +The B comparison functions return B<-1>, B<0>, or B<1> if object I is +found to be less than, to match, or be greater than object I, respectively. X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp() may return B<-2> to indicate an error. From builds at travis-ci.com Thu Sep 10 10:32:32 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 10 Sep 2020 10:32:32 +0000 Subject: Errored: openssl/openssl#37359 (master - bb30bce) In-Reply-To: Message-ID: <5f5a00c0ae1a5_13fcb85fb8034399571@travis-pro-tasks-7f969477df-2fkcs.mail> Build Update for openssl/openssl ------------------------------------- Build: #37359 Status: Errored Duration: 1 hr, 26 mins, and 2 secs Commit: bb30bce (master) Author: Dr. David von Oheimb Message: bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12822) View the changeset: https://github.com/openssl/openssl/compare/7eb48cfc6637...bb30bce22b1f View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183670903?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Sep 10 11:05:18 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 10 Sep 2020 11:05:18 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1599735918.274873.23103.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 4047B06E677F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 40D7BA4AD47F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 40D7BA4AD47F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=211, Tests=3560, 1556 wallclock secs (14.24 usr 1.43 sys + 1457.82 cusr 94.33 csys = 1567.82 CPU) Result: FAIL Makefile:3191: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:3189: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Sep 10 11:28:05 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 10 Sep 2020 11:28:05 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui Message-ID: <1599737285.994362.11059.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=211, Tests=3560, 756 wallclock secs (13.98 usr 1.20 sys + 647.39 cusr 66.48 csys = 729.05 CPU) Result: FAIL Makefile:3194: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui' Makefile:3192: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Thu Sep 10 11:41:29 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 10 Sep 2020 11:41:29 +0000 Subject: [openssl] master update Message-ID: <1599738089.907540.2598.nullmailer@dev.openssl.org> The branch master has been updated via 9f604ca13ddc99e17ba37fed9281fbd1b71149a9 (commit) from 5a0991d0d94b966e0621b8123873b132877dc9d3 (commit) - Log ----------------------------------------------------------------- commit 9f604ca13ddc99e17ba37fed9281fbd1b71149a9 Author: Richard Levitte Date: Wed Sep 9 05:29:56 2020 +0200 STORE: Fix OSSL_STORE_attach() to check |ui_method| before use ossl_pw_set_ui_method() demands that the passed |ui_method| be non-NULL, and OSSL_STORE_attach() didn't check it beforehand. While we're at it, we remove the passphrase caching that's set at the library level, and trust the implementations to deal with that on their own as needed. Fixes #12830 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12831) ----------------------------------------------------------------------- Summary of changes: crypto/store/store_lib.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index 89efe691da..61558a9b6e 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -135,9 +135,8 @@ OSSL_STORE_open_with_libctx(const char *uri, goto err; } - if ((ui_method != NULL - && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) - || !ossl_pw_enable_passphrase_caching(&ctx->pwdata)) { + if (ui_method != NULL + && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) { ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB); goto err; } @@ -421,7 +420,6 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx) } } - ossl_pw_clear_passphrase_cache(&ctx->pwdata); if (v != NULL) OSSL_TRACE1(STORE, "Got a %s\n", OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v))); @@ -968,7 +966,11 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme, return NULL; } - (void)ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data); + if (ui_method != NULL + && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) { + OPENSSL_free(ctx); + return NULL; + } ctx->fetched_loader = fetched_loader; ctx->loader = loader; ctx->loader_ctx = loader_ctx; From openssl at openssl.org Thu Sep 10 14:05:00 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 10 Sep 2020 14:05:00 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1599746700.708469.21572.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=211, Tests=3557, 719 wallclock secs (13.82 usr 1.14 sys + 650.19 cusr 67.02 csys = 732.17 CPU) Result: FAIL Makefile:3193: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3191: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Thu Sep 10 15:13:50 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 10 Sep 2020 15:13:50 +0000 Subject: Errored: openssl/openssl#37367 (master - b830e00) In-Reply-To: Message-ID: <5f5a42adc0af2_13ff977e374606179ae@travis-pro-tasks-6b84666685-vwdx6.mail> Build Update for openssl/openssl ------------------------------------- Build: #37367 Status: Errored Duration: 1 hr, 18 mins, and 20 secs Commit: b830e00 (master) Author: Richard Levitte Message: Diverse build.info: Adjust paths Fixes #12815 Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12816) View the changeset: https://github.com/openssl/openssl/compare/bb30bce22b1f...b830e0042972 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183683245?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Sep 10 16:38:42 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 10 Sep 2020 16:38:42 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1599755922.395500.24888.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C030EC80F67F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1327 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1405 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C030EC80F67F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C030EC80F67F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6456 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/H9BDHh2l69 default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0F06D858F7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0F06D858F7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:846 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0F06D858F7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0F06D858F7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1327 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1405 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0F06D858F7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0F06D858F7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6456 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/H9BDHh2l69 fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=211, Tests=3559, 731 wallclock secs (13.56 usr 1.35 sys + 659.91 cusr 68.60 csys = 743.42 CPU) Result: FAIL Makefile:3197: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3195: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Thu Sep 10 16:59:57 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 10 Sep 2020 16:59:57 +0000 Subject: Errored: openssl/openssl#37370 (master - 3101ab6) In-Reply-To: Message-ID: <5f5a5b8d4b560_13fabbbebda60103487@travis-pro-tasks-57969684c9-h5zml.mail> Build Update for openssl/openssl ------------------------------------- Build: #37370 Status: Errored Duration: 1 hr, 23 mins, and 36 secs Commit: 3101ab6 (master) Author: Matt Caswell Message: Fix an EVP_MD_CTX leak If we initialise an EVP_MD_CTX with a legacy MD, and then reuse the same EVP_MD_CTX with a provided MD then we end up leaking the md_data. We need to ensure we free the md_data if we change to a provided MD. Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12779) View the changeset: https://github.com/openssl/openssl/compare/b830e0042972...3101ab603cd8 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183697672?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From shane.lontis at oracle.com Thu Sep 10 17:51:24 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Thu, 10 Sep 2020 17:51:24 +0000 Subject: [openssl] master update Message-ID: <1599760284.786947.20076.nullmailer@dev.openssl.org> The branch master has been updated via 9a62ccbe8a73101d2cfcdf7902b6fe10da7602c9 (commit) from 9f604ca13ddc99e17ba37fed9281fbd1b71149a9 (commit) - Log ----------------------------------------------------------------- commit 9a62ccbe8a73101d2cfcdf7902b6fe10da7602c9 Author: Shane Lontis Date: Fri Sep 11 03:50:09 2020 +1000 Fix fipsinstall module path If a path is specified with the -module option it will use this path to load the library when the provider is activated, instead of also having to set the environment variable OPENSSL_MODULES. Added a platform specific opt_path_end() function that uses existing functionality used by opt_progname(). Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12761) ----------------------------------------------------------------------- Summary of changes: apps/fipsinstall.c | 14 +++++++++++- apps/include/opt.h | 1 + apps/lib/opt.c | 43 +++++++++++++++++++++++++++++-------- doc/man1/openssl-fipsinstall.pod.in | 2 ++ 4 files changed, 50 insertions(+), 10 deletions(-) diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c index bd1cd68477..104806c1b7 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c @@ -277,7 +277,8 @@ int fipsinstall_main(int argc, char **argv) const char *prov_name = "fips"; BIO *module_bio = NULL, *mem_bio = NULL, *fout = NULL; char *in_fname = NULL, *out_fname = NULL, *prog; - char *module_fname = NULL, *parent_config = NULL; + char *module_fname = NULL, *parent_config = NULL, *module_path = NULL; + const char *tail; EVP_MAC_CTX *ctx = NULL, *ctx2 = NULL; STACK_OF(OPENSSL_STRING) *opts = NULL; OPTION_CHOICE o; @@ -368,6 +369,16 @@ opthelp: || argc != 0) goto opthelp; + tail = opt_path_end(module_fname); + if (tail != NULL) { + module_path = OPENSSL_strdup(module_fname); + if (module_path == NULL) + goto end; + module_path[tail - module_fname] = '\0'; + if (!OSSL_PROVIDER_set_default_search_path(NULL, module_path)) + goto end; + } + if (self_test_log || self_test_corrupt_desc != NULL || self_test_corrupt_type != NULL) @@ -474,6 +485,7 @@ end: } cleanup: + OPENSSL_free(module_path); BIO_free(fout); BIO_free(mem_bio); BIO_free(module_bio); diff --git a/apps/include/opt.h b/apps/include/opt.h index a35fe327cf..56de57cf4c 100644 --- a/apps/include/opt.h +++ b/apps/include/opt.h @@ -339,6 +339,7 @@ typedef struct string_int_pair_st { #define OPT_SECTION(sec) { OPT_SECTION_STR, 1, '-', sec " options:\n" } #define OPT_PARAMETERS() { OPT_PARAM_STR, 1, '-', "Parameters:\n" } +const char *opt_path_end(const char *filename); char *opt_progname(const char *argv0); char *opt_getprog(void); char *opt_init(int ac, char **av, const OPTIONS * o); diff --git a/apps/lib/opt.c b/apps/lib/opt.c index d6bfecc8ff..260ff3b1c2 100644 --- a/apps/lib/opt.c +++ b/apps/lib/opt.c @@ -46,18 +46,27 @@ static char prog[40]; * Return the simple name of the program; removing various platform gunk. */ #if defined(OPENSSL_SYS_WIN32) -char *opt_progname(const char *argv0) + +const char *opt_path_end(const char *filename) { - size_t i, n; const char *p; - char *q; /* find the last '/', '\' or ':' */ - for (p = argv0 + strlen(argv0); --p > argv0;) + for (p = filename + strlen(filename); --p > filename; ) if (*p == '/' || *p == '\\' || *p == ':') { p++; break; } + return p; +} + +char *opt_progname(const char *argv0) +{ + size_t i, n; + const char *p; + char *q; + + p = opt_path_end(argv0); /* Strip off trailing nonsense. */ n = strlen(p); @@ -76,17 +85,25 @@ char *opt_progname(const char *argv0) #elif defined(OPENSSL_SYS_VMS) -char *opt_progname(const char *argv0) +const char *opt_path_end(const char *filename) { - const char *p, *q; + const char *p; /* Find last special character sys:[foo.bar]openssl */ - for (p = argv0 + strlen(argv0); --p > argv0;) + for (p = filename + strlen(filename); --p > filename;) if (*p == ':' || *p == ']' || *p == '>') { p++; break; } + return p; +} +char *opt_progname(const char *argv0) +{ + const char *p, *q; + + /* Find last special character sys:[foo.bar]openssl */ + p = opt_path_end(argv0); q = strrchr(p, '.'); strncpy(prog, p, sizeof(prog) - 1); prog[sizeof(prog) - 1] = '\0'; @@ -97,16 +114,24 @@ char *opt_progname(const char *argv0) #else -char *opt_progname(const char *argv0) +const char *opt_path_end(const char *filename) { const char *p; /* Could use strchr, but this is like the ones above. */ - for (p = argv0 + strlen(argv0); --p > argv0;) + for (p = filename + strlen(filename); --p > filename;) if (*p == '/') { p++; break; } + return p; +} + +char *opt_progname(const char *argv0) +{ + const char *p; + + p = opt_path_end(argv0); strncpy(prog, p, sizeof(prog) - 1); prog[sizeof(prog) - 1] = '\0'; return prog; diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in index 8120fd299a..451e8a775d 100644 --- a/doc/man1/openssl-fipsinstall.pod.in +++ b/doc/man1/openssl-fipsinstall.pod.in @@ -58,6 +58,8 @@ Print a usage message. =item B<-module> I Filename of the FIPS module to perform an integrity check on. +The path provided in the filename is used to load the module when it is +activated, and this overrides the environment variable B. =item B<-out> I From builds at travis-ci.com Thu Sep 10 17:58:15 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 10 Sep 2020 17:58:15 +0000 Subject: Errored: openssl/openssl#37371 (master - 388f2d9) In-Reply-To: Message-ID: <5f5a69377eef2_13faea78c93cc2699df@travis-pro-tasks-57969684c9-hlgds.mail> Build Update for openssl/openssl ------------------------------------- Build: #37371 Status: Errored Duration: 1 hr, 31 mins, and 26 secs Commit: 388f2d9 (master) Author: Dr. David von Oheimb Message: app_load_config_bio(): fix crash on error It turns out that the CONF_modules_load(conf, NULL, 0) call is just wrong. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12817) View the changeset: https://github.com/openssl/openssl/compare/3101ab603cd8...388f2d9f6c3f View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183702157?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Sep 10 18:51:50 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 10 Sep 2020 18:51:50 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1599763910.303279.12338.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C070D807CF7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1327 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1405 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C070D807CF7F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C070D807CF7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6456 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/rvys38N72M default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0503667947F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0503667947F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:846 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0503667947F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0503667947F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1327 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1405 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0503667947F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0503667947F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:127:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6456 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/rvys38N72M fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=211, Tests=3559, 728 wallclock secs (13.70 usr 1.44 sys + 656.79 cusr 67.72 csys = 739.65 CPU) Result: FAIL Makefile:3196: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3194: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Thu Sep 10 19:00:37 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 10 Sep 2020 19:00:37 +0000 Subject: Errored: openssl/openssl#37372 (master - 5a0991d) In-Reply-To: Message-ID: <5f5a77d2948f2_13fabbbebdf10389890@travis-pro-tasks-57969684c9-h5zml.mail> Build Update for openssl/openssl ------------------------------------- Build: #37372 Status: Errored Duration: 1 hr, 32 mins, and 17 secs Commit: 5a0991d (master) Author: Dr. David von Oheimb Message: Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12769) View the changeset: https://github.com/openssl/openssl/compare/388f2d9f6c3f...5a0991d0d94b View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183702854?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Sep 10 19:35:27 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 10 Sep 2020 19:35:27 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1599766527.457163.18444.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types 1251cddf8d TEST: modify test/endecode_test.c to not use legacy keys 4ce1025a8a PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys 924663c36d Add CMS AuthEnvelopedData with AES-GCM support d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() d7fcee3b3b OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 8d6481f532 EVP: Move the functions and controls for setting and getting distid b968945204 EVP: Expand the use of EVP_PKEY_CTX_md() 86df26b394 EVP: Add support for delayed EVP_PKEY operation parameters ea0add4a82 New GOST PKCS12 standard support 08497fc64f Fix test/evp_extra_test.c 20d56d6d62 EVP: Don't shadow EVP_PKEY_CTX_new* error records 509144964b EVP: Preserve the EVP_PKEY id in a few more spots 884baafba4 Use return code for 'which command' checks 4348995b0d Fix memory leaks in conf_def.c 385deae79f Building: Build Unix static libraries one object file at a time Build log ended with (last 100 lines): # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0306918C37F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0306918C37F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:7912 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0306918C37F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0306918C37F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:7912 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/JVVE_UNl96 default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C00023ED9F7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C00023ED9F7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:7912 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C00023ED9F7F0000:error::SSL routines::no suitable digest algorithm:../openssl/ssl/s3_enc.c:413: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C00023ED9F7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:7912 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/JVVE_UNl96 fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=211, Tests=3481, 696 wallclock secs (12.17 usr 1.26 sys + 628.37 cusr 64.54 csys = 706.34 CPU) Result: FAIL Makefile:3204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3202: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Thu Sep 10 20:00:15 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 10 Sep 2020 20:00:15 +0000 Subject: Errored: openssl/openssl#37373 (master - 9f604ca) In-Reply-To: Message-ID: <5f5a85cede5be_13fabbbebd1f05148d2@travis-pro-tasks-57969684c9-h5zml.mail> Build Update for openssl/openssl ------------------------------------- Build: #37373 Status: Errored Duration: 1 hr, 32 mins, and 39 secs Commit: 9f604ca (master) Author: Richard Levitte Message: STORE: Fix OSSL_STORE_attach() to check |ui_method| before use ossl_pw_set_ui_method() demands that the passed |ui_method| be non-NULL, and OSSL_STORE_attach() didn't check it beforehand. While we're at it, we remove the passphrase caching that's set at the library level, and trust the implementations to deal with that on their own as needed. Fixes #12830 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12831) View the changeset: https://github.com/openssl/openssl/compare/5a0991d0d94b...9f604ca13ddc View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183718824?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev at ddvo.net Thu Sep 10 20:01:48 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 10 Sep 2020 20:01:48 +0000 Subject: [openssl] master update Message-ID: <1599768108.731754.2535.nullmailer@dev.openssl.org> The branch master has been updated via d3dbc9b50043fd1b4464b3f2b0ab8c54075099d6 (commit) via 591ceeddb349d735480102f1992c868663b2c580 (commit) via f84de16f397b06831ea5569a285518c035285f46 (commit) from 9a62ccbe8a73101d2cfcdf7902b6fe10da7602c9 (commit) - Log ----------------------------------------------------------------- commit d3dbc9b50043fd1b4464b3f2b0ab8c54075099d6 Author: Dr. David von Oheimb Date: Mon May 11 15:31:53 2020 +0200 apps_ui.c: Correct password prompt for ui_method Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12493) commit 591ceeddb349d735480102f1992c868663b2c580 Author: Dr. David von Oheimb Date: Mon May 11 15:32:26 2020 +0200 apps_ui.c: Correct handling of empty password from -passin This is done in analogy to commit ca3245a61989009a99931748723d12e30d0a66b2 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12493) commit f84de16f397b06831ea5569a285518c035285f46 Author: Dr. David von Oheimb Date: Tue Aug 4 10:11:02 2020 +0200 apps_ui.c: Improve error handling and return value of setup_ui_method() Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12493) ----------------------------------------------------------------------- Summary of changes: apps/lib/apps_ui.c | 29 ++++++++++++++++++++++------- apps/openssl.c | 2 +- crypto/ui/ui_lib.c | 18 ++++++++---------- doc/man3/UI_new.pod | 10 ++++++---- include/openssl/ui.h | 17 +++++++++-------- test/uitest.c | 2 +- 6 files changed, 47 insertions(+), 31 deletions(-) diff --git a/apps/lib/apps_ui.c b/apps/lib/apps_ui.c index 13f8670d9f..880e9a4f6d 100644 --- a/apps/lib/apps_ui.c +++ b/apps/lib/apps_ui.c @@ -15,7 +15,6 @@ static UI_METHOD *ui_method = NULL; static const UI_METHOD *ui_fallback_method = NULL; - static int ui_open(UI *ui) { int (*opener)(UI *ui) = UI_method_get_opener(ui_fallback_method); @@ -72,7 +71,8 @@ static int ui_write(UI *ui, UI_STRING *uis) { const char *password = ((PW_CB_DATA *)UI_get0_user_data(ui))->password; - if (password && password[0] != '\0') + + if (password != NULL) return 1; } break; @@ -99,6 +99,19 @@ static int ui_close(UI *ui) return 1; } +/* object_name defaults to prompt_info from ui user data if present */ +static char *ui_prompt_construct(UI *ui, const char *phrase_desc, + const char *object_name) +{ + PW_CB_DATA *cb_data = (PW_CB_DATA *)UI_get0_user_data(ui); + + if (phrase_desc == NULL) + phrase_desc = "pass phrase"; + if (object_name == NULL && cb_data != NULL) + object_name = cb_data->prompt_info; + return UI_construct_prompt(NULL, phrase_desc, object_name); +} + int setup_ui_method(void) { ui_fallback_method = UI_null(); @@ -106,11 +119,13 @@ int setup_ui_method(void) ui_fallback_method = UI_OpenSSL(); #endif ui_method = UI_create_method("OpenSSL application user interface"); - UI_method_set_opener(ui_method, ui_open); - UI_method_set_reader(ui_method, ui_read); - UI_method_set_writer(ui_method, ui_write); - UI_method_set_closer(ui_method, ui_close); - return 0; + return ui_method != NULL + && 0 == UI_method_set_opener(ui_method, ui_open) + && 0 == UI_method_set_reader(ui_method, ui_read) + && 0 == UI_method_set_writer(ui_method, ui_write) + && 0 == UI_method_set_closer(ui_method, ui_close) + && 0 == UI_method_set_prompt_constructor(ui_method, + ui_prompt_construct); } void destroy_ui_method(void) diff --git a/apps/openssl.c b/apps/openssl.c index 6b2c2b9c6b..b426f594b3 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -68,7 +68,7 @@ static int apps_startup(void) | OPENSSL_INIT_LOAD_CONFIG, NULL)) return 0; - setup_ui_method(); + (void)setup_ui_method(); /* * NOTE: This is an undocumented feature required for testing only. diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index 85bf8c1f80..8c6dc6dd89 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -356,22 +356,22 @@ int UI_dup_error_string(UI *ui, const char *text) 0, 0, NULL); } -char *UI_construct_prompt(UI *ui, const char *object_desc, +char *UI_construct_prompt(UI *ui, const char *phrase_desc, const char *object_name) { char *prompt = NULL; - if (ui->meth->ui_construct_prompt != NULL) - prompt = ui->meth->ui_construct_prompt(ui, object_desc, object_name); + if (ui != NULL && ui->meth != NULL && ui->meth->ui_construct_prompt != NULL) + prompt = ui->meth->ui_construct_prompt(ui, phrase_desc, object_name); else { char prompt1[] = "Enter "; char prompt2[] = " for "; char prompt3[] = ":"; int len = 0; - if (object_desc == NULL) + if (phrase_desc == NULL) return NULL; - len = sizeof(prompt1) - 1 + strlen(object_desc); + len = sizeof(prompt1) - 1 + strlen(phrase_desc); if (object_name != NULL) len += sizeof(prompt2) - 1 + strlen(object_name); len += sizeof(prompt3) - 1; @@ -381,7 +381,7 @@ char *UI_construct_prompt(UI *ui, const char *object_desc, return NULL; } OPENSSL_strlcpy(prompt, prompt1, len + 1); - OPENSSL_strlcat(prompt, object_desc, len + 1); + OPENSSL_strlcat(prompt, phrase_desc, len + 1); if (object_name != NULL) { OPENSSL_strlcat(prompt, prompt2, len + 1); OPENSSL_strlcat(prompt, object_name, len + 1); @@ -690,10 +690,8 @@ int UI_method_set_data_duplicator(UI_METHOD *method, int UI_method_set_prompt_constructor(UI_METHOD *method, char *(*prompt_constructor) (UI *ui, - const char - *object_desc, - const char - *object_name)) + const char *, + const char *)) { if (method != NULL) { method->ui_construct_prompt = prompt_constructor; diff --git a/doc/man3/UI_new.pod b/doc/man3/UI_new.pod index 0615e2766c..c3852587eb 100644 --- a/doc/man3/UI_new.pod +++ b/doc/man3/UI_new.pod @@ -44,7 +44,7 @@ UI_get_method, UI_set_method, UI_OpenSSL, UI_null - user interface int UI_dup_error_string(UI *ui, const char *text); char *UI_construct_prompt(UI *ui_method, - const char *object_desc, const char *object_name); + const char *phrase_desc, const char *object_name); void *UI_add_user_data(UI *ui, void *user_data); int UI_dup_user_data(UI *ui, void *user_data); @@ -149,10 +149,12 @@ as their UI_add counterparts, except that they make their own copies of all strings. UI_construct_prompt() is a helper function that can be used to create -a prompt from two pieces of information: an description and a name. +a prompt from two pieces of information: a phrase description I +and an object name I, where the latter may be NULL. The default constructor (if there is none provided by the method used) -creates a string "Enter I for I:". With the -description "pass phrase" and the filename "foo.key", that becomes +creates a string "Enter I for I:" +where the " for I" part is left out if I is NULL. +With the description "pass phrase" and the filename "foo.key", that becomes "Enter pass phrase for foo.key:". Other methods may create whatever string and may include encodings that will be processed by the other method functions. diff --git a/include/openssl/ui.h b/include/openssl/ui.h index fa55d92ac8..f68a4e90a8 100644 --- a/include/openssl/ui.h +++ b/include/openssl/ui.h @@ -138,25 +138,26 @@ int UI_dup_error_string(UI *ui, const char *text); # define UI_INPUT_FLAG_USER_BASE 16 /*- - * The following function helps construct a prompt. object_desc is a - * textual short description of the object, for example "pass phrase", - * and object_name is the name of the object (might be a card name or - * a file name. + * The following function helps construct a prompt. + * phrase_desc is a textual short description of the phrase to enter, + * for example "pass phrase", and + * object_name is the name of the object + * (which might be a card name or a file name) or NULL. * The returned string shall always be allocated on the heap with * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). * * If the ui_method doesn't contain a pointer to a user-defined prompt * constructor, a default string is built, looking like this: * - * "Enter {object_desc} for {object_name}:" + * "Enter {phrase_desc} for {object_name}:" * - * So, if object_desc has the value "pass phrase" and object_name has + * So, if phrase_desc has the value "pass phrase" and object_name has * the value "foo.key", the resulting string is: * * "Enter pass phrase for foo.key:" */ char *UI_construct_prompt(UI *ui_method, - const char *object_desc, const char *object_name); + const char *phrase_desc, const char *object_name); /* * The following function is used to store a pointer to user-specific data. @@ -315,7 +316,7 @@ int UI_method_set_data_duplicator(UI_METHOD *method, int UI_method_set_prompt_constructor(UI_METHOD *method, char *(*prompt_constructor) (UI *ui, const char - *object_desc, + *phrase_desc, const char *object_name)); int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); diff --git a/test/uitest.c b/test/uitest.c index 289f32b6b0..d45d57d9fb 100644 --- a/test/uitest.c +++ b/test/uitest.c @@ -78,7 +78,7 @@ static int test_new_ui(void) char pass[16]; int ok = 0; - setup_ui_method(); + (void)setup_ui_method(); if (TEST_int_gt(password_callback(pass, sizeof(pass), 0, &cb_data), 0) && TEST_str_eq(pass, cb_data.password)) ok = 1; From matthias.st.pierre at ncp-e.com Thu Sep 10 21:05:24 2020 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Thu, 10 Sep 2020 21:05:24 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1599771924.259674.18328.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 8380f453ec81d9172b94a82c3592f78f1a612046 (commit) via 958fec77928a28350f6af252ac5e8d0e6e081faa (commit) from 526cf60408e1a356ec712b6c88a88864fdbe73af (commit) - Log ----------------------------------------------------------------- commit 8380f453ec81d9172b94a82c3592f78f1a612046 Author: Dr. Matthias St. Pierre Date: Tue Sep 1 00:55:36 2020 +0200 Revert two renamings backported from master The original names were more intuitive: the generate_counter counts the number of generate requests, and the reseed_counter counts the number of reseedings (of the principal DRBG). reseed_gen_counter -> generate_counter reseed_prop_counter -> reseed_counter This partially reverts commit 35a34508ef4d649ace4e373e1d019192b7e38c36. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12759) commit 958fec77928a28350f6af252ac5e8d0e6e081faa Author: Dr. Matthias St. Pierre Date: Mon Aug 31 23:36:22 2020 +0200 Fix the DRBG seed propagation In a nutshell, reseed propagation is a compatibility feature with the sole purpose to support the traditional way of (re-)seeding manually by calling 'RAND_add()' before 'RAND_bytes(). It ensures that the former has an immediate effect on the latter *within the same thread*, but it does not care about immediate reseed propagation to other threads. The implementation is lock-free, i.e., it works without taking the lock of the primary DRBG. Pull request #7399 not only fixed the data race issue #7394 but also changed the original implementation of the seed propagation unnecessarily. This commit reverts most of the changes of commit 1f98527659b8 and intends to fix the data race while retaining the original simplicity of the seed propagation. - use atomics with relaxed semantics to load and store the seed counter - add a new member drbg->enable_reseed_propagation to simplify the overflow treatment of the seed propagation counter - don't handle races between different threads This partially reverts commit 1f98527659b8290d442c4e1532452b9ba6463f1e. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12759) ----------------------------------------------------------------------- Summary of changes: crypto/rand/drbg_lib.c | 54 +++++++++++++++++++++--------------------------- crypto/rand/rand_lib.c | 2 -- crypto/rand/rand_local.h | 13 ++++++++---- test/drbgtest.c | 38 +++++++++++++++++----------------- 4 files changed, 52 insertions(+), 55 deletions(-) diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 73fd4394a3..8c7c28c970 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -327,13 +327,6 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, max_entropylen += drbg->max_noncelen; } - drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter); - if (drbg->reseed_next_counter) { - drbg->reseed_next_counter++; - if (!drbg->reseed_next_counter) - drbg->reseed_next_counter = 1; - } - if (drbg->get_entropy != NULL) entropylen = drbg->get_entropy(drbg, &entropy, min_entropy, min_entropylen, max_entropylen, 0); @@ -359,9 +352,15 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, } drbg->state = DRBG_READY; - drbg->reseed_gen_counter = 1; + drbg->generate_counter = 1; drbg->reseed_time = time(NULL); - tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter); + if (drbg->enable_reseed_propagation) { + if (drbg->parent == NULL) + tsan_counter(&drbg->reseed_counter); + else + tsan_store(&drbg->reseed_counter, + tsan_load(&drbg->parent->reseed_counter)); + } end: if (entropy != NULL && drbg->cleanup_entropy != NULL) @@ -428,14 +427,6 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg, } drbg->state = DRBG_ERROR; - - drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter); - if (drbg->reseed_next_counter) { - drbg->reseed_next_counter++; - if (!drbg->reseed_next_counter) - drbg->reseed_next_counter = 1; - } - if (drbg->get_entropy != NULL) entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength, drbg->min_entropylen, @@ -451,9 +442,15 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg, goto end; drbg->state = DRBG_READY; - drbg->reseed_gen_counter = 1; + drbg->generate_counter = 1; drbg->reseed_time = time(NULL); - tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter); + if (drbg->enable_reseed_propagation) { + if (drbg->parent == NULL) + tsan_counter(&drbg->reseed_counter); + else + tsan_store(&drbg->reseed_counter, + tsan_load(&drbg->parent->reseed_counter)); + } end: if (entropy != NULL && drbg->cleanup_entropy != NULL) @@ -614,7 +611,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, } if (drbg->reseed_interval > 0) { - if (drbg->reseed_gen_counter >= drbg->reseed_interval) + if (drbg->generate_counter >= drbg->reseed_interval) reseed_required = 1; } if (drbg->reseed_time_interval > 0) { @@ -623,11 +620,8 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, || now - drbg->reseed_time >= drbg->reseed_time_interval) reseed_required = 1; } - if (drbg->parent != NULL) { - unsigned int reseed_counter = tsan_load(&drbg->reseed_prop_counter); - if (reseed_counter > 0 - && tsan_load(&drbg->parent->reseed_prop_counter) - != reseed_counter) + if (drbg->enable_reseed_propagation && drbg->parent != NULL) { + if (drbg->reseed_counter != tsan_load(&drbg->parent->reseed_counter)) reseed_required = 1; } @@ -646,7 +640,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, return 0; } - drbg->reseed_gen_counter++; + drbg->generate_counter++; return 1; } @@ -708,8 +702,7 @@ int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, RAND_DRBG_get_nonce_fn get_nonce, RAND_DRBG_cleanup_nonce_fn cleanup_nonce) { - if (drbg->state != DRBG_UNINITIALISED - || drbg->parent != NULL) + if (drbg->state != DRBG_UNINITIALISED) return 0; drbg->get_entropy = get_entropy; drbg->cleanup_entropy = cleanup_entropy; @@ -885,8 +878,9 @@ static RAND_DRBG *drbg_setup(RAND_DRBG *parent) if (parent == NULL && rand_drbg_enable_locking(drbg) == 0) goto err; - /* enable seed propagation */ - tsan_store(&drbg->reseed_prop_counter, 1); + /* enable reseed propagation */ + drbg->enable_reseed_propagation = 1; + drbg->reseed_counter = 1; /* * Ignore instantiation error to support just-in-time instantiation. diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index ab4e9b5486..ba3a29e584 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -174,8 +174,6 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, prediction_resistance, (unsigned char *)&drbg, sizeof(drbg)) != 0) bytes = bytes_needed; - drbg->reseed_next_counter - = tsan_load(&drbg->parent->reseed_prop_counter); rand_drbg_unlock(drbg->parent); rand_pool_add_end(pool, bytes, 8 * bytes); diff --git a/crypto/rand/rand_local.h b/crypto/rand/rand_local.h index 0cdfb3332e..a5de5252dc 100644 --- a/crypto/rand/rand_local.h +++ b/crypto/rand/rand_local.h @@ -235,7 +235,7 @@ struct rand_drbg_st { size_t max_perslen, max_adinlen; /* Counts the number of generate requests since the last reseed. */ - unsigned int reseed_gen_counter; + unsigned int generate_counter; /* * Maximum number of generate requests until a reseed is required. * This value is ignored if it is zero. @@ -248,9 +248,15 @@ struct rand_drbg_st { * This value is ignored if it is zero. */ time_t reseed_time_interval; + + /* + * Enables reseed propagation (see following comment) + */ + unsigned int enable_reseed_propagation; + /* * Counts the number of reseeds since instantiation. - * This value is ignored if it is zero. + * This value is ignored if enable_reseed_propagation is zero. * * This counter is used only for seed propagation from the DRBG * to its two children, the and DRBG. This feature is @@ -258,8 +264,7 @@ struct rand_drbg_st { * is added by RAND_add() or RAND_seed() will have an immediate effect on * the output of RAND_bytes() resp. RAND_priv_bytes(). */ - TSAN_QUALIFIER unsigned int reseed_prop_counter; - unsigned int reseed_next_counter; + TSAN_QUALIFIER unsigned int reseed_counter; size_t seedlen; DRBG_STATUS state; diff --git a/test/drbgtest.c b/test/drbgtest.c index be001ee18e..e7a7710790 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -388,15 +388,15 @@ static int error_check(DRBG_SELFTEST_DATA *td) /* Instantiate again with valid data */ if (!instantiate(drbg, td, &t)) goto err; - reseed_counter_tmp = drbg->reseed_gen_counter; - drbg->reseed_gen_counter = drbg->reseed_interval; + reseed_counter_tmp = drbg->generate_counter; + drbg->generate_counter = drbg->reseed_interval; /* Generate output and check entropy has been requested for reseed */ t.entropycnt = 0; if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0, td->adin, td->adinlen)) || !TEST_int_eq(t.entropycnt, 1) - || !TEST_int_eq(drbg->reseed_gen_counter, reseed_counter_tmp + 1) + || !TEST_int_eq(drbg->generate_counter, reseed_counter_tmp + 1) || !uninstantiate(drbg)) goto err; @@ -413,15 +413,15 @@ static int error_check(DRBG_SELFTEST_DATA *td) /* Test reseed counter works */ if (!instantiate(drbg, td, &t)) goto err; - reseed_counter_tmp = drbg->reseed_gen_counter; - drbg->reseed_gen_counter = drbg->reseed_interval; + reseed_counter_tmp = drbg->generate_counter; + drbg->generate_counter = drbg->reseed_interval; /* Generate output and check entropy has been requested for reseed */ t.entropycnt = 0; if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0, td->adin, td->adinlen)) || !TEST_int_eq(t.entropycnt, 1) - || !TEST_int_eq(drbg->reseed_gen_counter, reseed_counter_tmp + 1) + || !TEST_int_eq(drbg->generate_counter, reseed_counter_tmp + 1) || !uninstantiate(drbg)) goto err; @@ -600,14 +600,14 @@ static int test_drbg_reseed(int expect_success, */ /* Test whether seed propagation is enabled */ - if (!TEST_int_ne(master->reseed_prop_counter, 0) - || !TEST_int_ne(public->reseed_prop_counter, 0) - || !TEST_int_ne(private->reseed_prop_counter, 0)) + if (!TEST_int_ne(master->reseed_counter, 0) + || !TEST_int_ne(public->reseed_counter, 0) + || !TEST_int_ne(private->reseed_counter, 0)) return 0; /* Check whether the master DRBG's reseed counter is the largest one */ - if (!TEST_int_le(public->reseed_prop_counter, master->reseed_prop_counter) - || !TEST_int_le(private->reseed_prop_counter, master->reseed_prop_counter)) + if (!TEST_int_le(public->reseed_counter, master->reseed_counter) + || !TEST_int_le(private->reseed_counter, master->reseed_counter)) return 0; /* @@ -655,8 +655,8 @@ static int test_drbg_reseed(int expect_success, if (expect_success == 1) { /* Test whether all three reseed counters are synchronized */ - if (!TEST_int_eq(public->reseed_prop_counter, master->reseed_prop_counter) - || !TEST_int_eq(private->reseed_prop_counter, master->reseed_prop_counter)) + if (!TEST_int_eq(public->reseed_counter, master->reseed_counter) + || !TEST_int_eq(private->reseed_counter, master->reseed_counter)) return 0; /* Test whether reseed time of master DRBG is set correctly */ @@ -770,7 +770,7 @@ static int test_rand_drbg_reseed(void) * Test whether the public and private DRBG are both reseeded when their * reseed counters differ from the master's reseed counter. */ - master->reseed_prop_counter++; + master->reseed_counter++; if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 1, 0))) goto error; reset_drbg_hook_ctx(); @@ -779,8 +779,8 @@ static int test_rand_drbg_reseed(void) * Test whether the public DRBG is reseeded when its reseed counter differs * from the master's reseed counter. */ - master->reseed_prop_counter++; - private->reseed_prop_counter++; + master->reseed_counter++; + private->reseed_counter++; if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 0, 0))) goto error; reset_drbg_hook_ctx(); @@ -789,8 +789,8 @@ static int test_rand_drbg_reseed(void) * Test whether the private DRBG is reseeded when its reseed counter differs * from the master's reseed counter. */ - master->reseed_prop_counter++; - public->reseed_prop_counter++; + master->reseed_counter++; + public->reseed_counter++; if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 1, 0))) goto error; reset_drbg_hook_ctx(); @@ -823,7 +823,7 @@ static int test_rand_drbg_reseed(void) * Test whether none of the DRBGs is reseed if the master fails to reseed */ master_ctx.fail = 1; - master->reseed_prop_counter++; + master->reseed_counter++; RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf)); if (!TEST_true(test_drbg_reseed(0, master, public, private, 0, 0, 0, 0))) goto error; From pauli at openssl.org Thu Sep 10 22:07:31 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 10 Sep 2020 22:07:31 +0000 Subject: [openssl] master update Message-ID: <1599775651.288333.27254.nullmailer@dev.openssl.org> The branch master has been updated via b0a4cbead384e2ac8dbb697795ace242e1b07c18 (commit) from d3dbc9b50043fd1b4464b3f2b0ab8c54075099d6 (commit) - Log ----------------------------------------------------------------- commit b0a4cbead384e2ac8dbb697795ace242e1b07c18 Author: Dr. David von Oheimb Date: Mon Sep 7 19:39:52 2020 +0200 apps/cmp.c: Improve safeguard assertion on consistency of cmp_options[] and cmp_vars[] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12836) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index ce2513bd0d..003c75517d 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -2153,7 +2153,16 @@ static int read_config(void) * would not make sense within the config file. * Moreover, these two options and OPT_VERBOSITY have already been handled. */ + int n_options = OSSL_NELEM(cmp_options) - 1; + for (i = start - OPT_HELP, opt = &cmp_options[start]; + opt->name; i++, opt++) + if (!strcmp(opt->name, OPT_SECTION_STR) + || !strcmp(opt->name, OPT_MORE_STR)) + n_options--; + OPENSSL_assert(OSSL_NELEM(cmp_vars) == n_options + + OPT_PROV__FIRST + 1 - OPT_PROV__LAST + + OPT_V__FIRST + 1 - OPT_V__LAST); for (i = start - OPT_HELP, opt = &cmp_options[start]; opt->name; i++, opt++) { if (!strcmp(opt->name, OPT_SECTION_STR) @@ -2167,10 +2176,6 @@ static int read_config(void) && opt->retval < OPT_V__LAST); if (provider_option || verification_option) i--; - if (cmp_vars[i].txt == NULL) { - CMP_err1("internal: cmp_vars array too short, i=%d", i); - return 0; - } switch (opt->valtype) { case '-': case 'n': From openssl at openssl.org Thu Sep 10 23:49:24 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 10 Sep 2020 23:49:24 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1599781764.693066.26240.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: d3dbc9b500 apps_ui.c: Correct password prompt for ui_method 591ceeddb3 apps_ui.c: Correct handling of empty password from -passin f84de16f39 apps_ui.c: Improve error handling and return value of setup_ui_method() 9a62ccbe8a Fix fipsinstall module path 9f604ca13d STORE: Fix OSSL_STORE_attach() to check |ui_method| before use 5a0991d0d9 Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps 5fdcde816f X509_NAME_cmp(): Clearly document its semantics, referencing relevant RFCs a8e2a9f569 X509_NAME_add_entry_by_txt.pod: Improve documentation w.r.t. multi-valued RDNs (containing sets of AVAs) bc64c5a69b X509_NAME_cmp: restrict normal return values to {-1,0,1} to avoid confusion with -2 for error 2aa91df406 X509_NAME_oneline(): Fix output of multi-valued RDNs, escaping '/' and '+' in values 115786793c X509_NAME_print_ex.pod: re-format lines to fit within 80 chars limit 388f2d9f6c app_load_config_bio(): fix crash on error 3101ab603c Fix an EVP_MD_CTX leak b830e00429 Diverse build.info: Adjust paths bb30bce22b bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc 543a802fab bugfix in ossl_cmp_msg_protect(): set senderKID and extend extraCerts also for unprotected CMP requests 6199478101 bugfix in ossl_cmp_msg_add_extraCerts(): should include cert chain when using PBM 7eb48cfc66 test/cmp_{client,msg}_test.c: minor code cleanup eb5087fc7c test/recipes/81-test_cmp_cli_data/Mock/server.cnf: minor cleanup 4245fd64c8 81-test_cmp_cli: Make test output files all different according to #11080 57371e1674 81-test_cmp_cli.t: Stop unlinking test output files according to #11080 c4adc5ba5b apps.c: Fix mem leaks on error in load_certs() and load_crls() a877d2629b apps/cmp.c: clear leftover errors on loading libengines.so etc. 87495d56a9 apps.c: Fix diagnostics and return value of load_key_certs_crls() on error aad086e2ae Replace all wrong usages of 'B<...>' (typically by 'I<...>') in OSSL_CMP_CTX_new.pod a0745e2be6 Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs 474853c39a Fix markdown nits in NOTES-Windows.txt 10203a3472 Support writing RSA keys using the traditional format again 8ae40cf57d ENCODER: Refactor provider implementations, and some cleanup ce43db7a3f Fix up issue on AIX caused by broken compiler handling of macro expansion b7a8fb52a9 s_time: check return values better e942111267 In a non-shared build, don't include the md5 object files in legacy provider 5c97eeb726 TLS fixes for CBC mode and no-deprecated b924d1b6e1 TLS: remove legacy code path supporting special CBC mode 81661a14bc legacy: include MD5 code in legacy provider b250fc7be7 Deprecate SHA and MD5 again. Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 8047A534407F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 80A7BEFE947F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 80A7BEFE947F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=211, Tests=3145, 1378 wallclock secs (12.54 usr 1.58 sys + 1198.93 cusr 162.23 csys = 1375.28 CPU) Result: FAIL Makefile:2527: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:2525: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Sep 11 01:45:06 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 11 Sep 2020 01:45:06 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1599788706.797970.31950.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: d3dbc9b500 apps_ui.c: Correct password prompt for ui_method 591ceeddb3 apps_ui.c: Correct handling of empty password from -passin f84de16f39 apps_ui.c: Improve error handling and return value of setup_ui_method() 9a62ccbe8a Fix fipsinstall module path 9f604ca13d STORE: Fix OSSL_STORE_attach() to check |ui_method| before use 5a0991d0d9 Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps 5fdcde816f X509_NAME_cmp(): Clearly document its semantics, referencing relevant RFCs a8e2a9f569 X509_NAME_add_entry_by_txt.pod: Improve documentation w.r.t. multi-valued RDNs (containing sets of AVAs) bc64c5a69b X509_NAME_cmp: restrict normal return values to {-1,0,1} to avoid confusion with -2 for error 2aa91df406 X509_NAME_oneline(): Fix output of multi-valued RDNs, escaping '/' and '+' in values 115786793c X509_NAME_print_ex.pod: re-format lines to fit within 80 chars limit 388f2d9f6c app_load_config_bio(): fix crash on error 3101ab603c Fix an EVP_MD_CTX leak b830e00429 Diverse build.info: Adjust paths bb30bce22b bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc 543a802fab bugfix in ossl_cmp_msg_protect(): set senderKID and extend extraCerts also for unprotected CMP requests 6199478101 bugfix in ossl_cmp_msg_add_extraCerts(): should include cert chain when using PBM 7eb48cfc66 test/cmp_{client,msg}_test.c: minor code cleanup eb5087fc7c test/recipes/81-test_cmp_cli_data/Mock/server.cnf: minor cleanup 4245fd64c8 81-test_cmp_cli: Make test output files all different according to #11080 57371e1674 81-test_cmp_cli.t: Stop unlinking test output files according to #11080 c4adc5ba5b apps.c: Fix mem leaks on error in load_certs() and load_crls() a877d2629b apps/cmp.c: clear leftover errors on loading libengines.so etc. 87495d56a9 apps.c: Fix diagnostics and return value of load_key_certs_crls() on error aad086e2ae Replace all wrong usages of 'B<...>' (typically by 'I<...>') in OSSL_CMP_CTX_new.pod a0745e2be6 Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs 474853c39a Fix markdown nits in NOTES-Windows.txt 10203a3472 Support writing RSA keys using the traditional format again 8ae40cf57d ENCODER: Refactor provider implementations, and some cleanup ce43db7a3f Fix up issue on AIX caused by broken compiler handling of macro expansion b7a8fb52a9 s_time: check return values better e942111267 In a non-shared build, don't include the md5 object files in legacy provider 5c97eeb726 TLS fixes for CBC mode and no-deprecated b924d1b6e1 TLS: remove legacy code path supporting special CBC mode 81661a14bc legacy: include MD5 code in legacy provider b250fc7be7 Deprecate SHA and MD5 again. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=211, Tests=3423, 711 wallclock secs (14.12 usr 1.21 sys + 638.21 cusr 65.55 csys = 719.09 CPU) Result: FAIL Makefile:3170: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3168: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Fri Sep 11 01:48:20 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 11 Sep 2020 01:48:20 +0000 Subject: Errored: openssl/openssl#37383 (master - 9a62ccb) In-Reply-To: Message-ID: <5f5ad764414b_13fe8a18d6cc819406f@travis-pro-tasks-5c65988c6f-7ww2h.mail> Build Update for openssl/openssl ------------------------------------- Build: #37383 Status: Errored Duration: 1 hr, 25 mins, and 59 secs Commit: 9a62ccb (master) Author: Shane Lontis Message: Fix fipsinstall module path If a path is specified with the -module option it will use this path to load the library when the provider is activated, instead of also having to set the environment variable OPENSSL_MODULES. Added a platform specific opt_path_end() function that uses existing functionality used by opt_progname(). Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12761) View the changeset: https://github.com/openssl/openssl/compare/9f604ca13ddc...9a62ccbe8a73 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183776470?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Fri Sep 11 02:46:55 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 11 Sep 2020 02:46:55 +0000 Subject: Errored: openssl/openssl#37384 (master - d3dbc9b) In-Reply-To: Message-ID: <5f5ae51ede0c9_13fe8a06f14542849d4@travis-pro-tasks-5c65988c6f-7ww2h.mail> Build Update for openssl/openssl ------------------------------------- Build: #37384 Status: Errored Duration: 1 hr, 33 mins, and 43 secs Commit: d3dbc9b (master) Author: Dr. David von Oheimb Message: apps_ui.c: Correct password prompt for ui_method Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12493) View the changeset: https://github.com/openssl/openssl/compare/9a62ccbe8a73...d3dbc9b50043 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183793167?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Sep 11 04:26:02 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 11 Sep 2020 04:26:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1599798362.070203.23803.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: d3dbc9b500 apps_ui.c: Correct password prompt for ui_method 591ceeddb3 apps_ui.c: Correct handling of empty password from -passin f84de16f39 apps_ui.c: Improve error handling and return value of setup_ui_method() 9a62ccbe8a Fix fipsinstall module path 9f604ca13d STORE: Fix OSSL_STORE_attach() to check |ui_method| before use 5a0991d0d9 Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps 5fdcde816f X509_NAME_cmp(): Clearly document its semantics, referencing relevant RFCs a8e2a9f569 X509_NAME_add_entry_by_txt.pod: Improve documentation w.r.t. multi-valued RDNs (containing sets of AVAs) bc64c5a69b X509_NAME_cmp: restrict normal return values to {-1,0,1} to avoid confusion with -2 for error 2aa91df406 X509_NAME_oneline(): Fix output of multi-valued RDNs, escaping '/' and '+' in values 115786793c X509_NAME_print_ex.pod: re-format lines to fit within 80 chars limit 388f2d9f6c app_load_config_bio(): fix crash on error 3101ab603c Fix an EVP_MD_CTX leak b830e00429 Diverse build.info: Adjust paths bb30bce22b bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc 543a802fab bugfix in ossl_cmp_msg_protect(): set senderKID and extend extraCerts also for unprotected CMP requests 6199478101 bugfix in ossl_cmp_msg_add_extraCerts(): should include cert chain when using PBM 7eb48cfc66 test/cmp_{client,msg}_test.c: minor code cleanup eb5087fc7c test/recipes/81-test_cmp_cli_data/Mock/server.cnf: minor cleanup 4245fd64c8 81-test_cmp_cli: Make test output files all different according to #11080 57371e1674 81-test_cmp_cli.t: Stop unlinking test output files according to #11080 c4adc5ba5b apps.c: Fix mem leaks on error in load_certs() and load_crls() a877d2629b apps/cmp.c: clear leftover errors on loading libengines.so etc. 87495d56a9 apps.c: Fix diagnostics and return value of load_key_certs_crls() on error aad086e2ae Replace all wrong usages of 'B<...>' (typically by 'I<...>') in OSSL_CMP_CTX_new.pod a0745e2be6 Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs 474853c39a Fix markdown nits in NOTES-Windows.txt 10203a3472 Support writing RSA keys using the traditional format again 8ae40cf57d ENCODER: Refactor provider implementations, and some cleanup ce43db7a3f Fix up issue on AIX caused by broken compiler handling of macro expansion b7a8fb52a9 s_time: check return values better e942111267 In a non-shared build, don't include the md5 object files in legacy provider 5c97eeb726 TLS fixes for CBC mode and no-deprecated b924d1b6e1 TLS: remove legacy code path supporting special CBC mode 81661a14bc legacy: include MD5 code in legacy provider b250fc7be7 Deprecate SHA and MD5 again. Build log ended with (last 100 lines): clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/srptest-bin-srptest.d.tmp -MT test/srptest-bin-srptest.o -c -o test/srptest-bin-srptest.o ../openssl/test/srptest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_cert_table_internal_test-bin-ssl_cert_table_internal_test.d.tmp -MT test/ssl_cert_table_internal_test-bin-ssl_cert_table_internal_test.o -c -o test/ssl_cert_table_internal_test-bin-ssl_cert_table_internal_test.o ../openssl/test/ssl_cert_table_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_ctx_test-bin-ssl_ctx_test.d.tmp -MT test/ssl_ctx_test-bin-ssl_ctx_test.o -c -o test/ssl_ctx_test-bin-ssl_ctx_test.o ../openssl/test/ssl_ctx_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-handshake_helper.d.tmp -MT test/ssl_test-bin-handshake_helper.o -c -o test/ssl_test-bin-handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-ssl_test.d.tmp -MT test/ssl_test-bin-ssl_test.o -c -o test/ssl_test-bin-ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test-bin-ssl_test_ctx.d.tmp -MT test/ssl_test-bin-ssl_test_ctx.o -c -o test/ssl_test-bin-ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test_ctx_test-bin-ssl_test_ctx.d.tmp -MT test/ssl_test_ctx_test-bin-ssl_test_ctx.o -c -o test/ssl_test_ctx_test-bin-ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssl_test_ctx_test-bin-ssl_test_ctx_test.d.tmp -MT test/ssl_test_ctx_test-bin-ssl_test_ctx_test.o -c -o test/ssl_test_ctx_test-bin-ssl_test_ctx_test.o ../openssl/test/ssl_test_ctx_test.c clang -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslapitest-bin-filterprov.d.tmp -MT test/sslapitest-bin-filterprov.o -c -o test/sslapitest-bin-filterprov.o ../openssl/test/filterprov.c clang -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslapitest-bin-sslapitest.d.tmp -MT test/sslapitest-bin-sslapitest.o -c -o test/sslapitest-bin-sslapitest.o ../openssl/test/sslapitest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslapitest-bin-ssltestlib.d.tmp -MT test/sslapitest-bin-ssltestlib.o -c -o test/sslapitest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslapitest-bin-tls-provider.d.tmp -MT test/sslapitest-bin-tls-provider.o -c -o test/sslapitest-bin-tls-provider.o ../openssl/test/tls-provider.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslbuffertest-bin-sslbuffertest.d.tmp -MT test/sslbuffertest-bin-sslbuffertest.o -c -o test/sslbuffertest-bin-sslbuffertest.o ../openssl/test/sslbuffertest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslbuffertest-bin-ssltestlib.d.tmp -MT test/sslbuffertest-bin-ssltestlib.o -c -o test/sslbuffertest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslcorrupttest-bin-sslcorrupttest.d.tmp -MT test/sslcorrupttest-bin-sslcorrupttest.o -c -o test/sslcorrupttest-bin-sslcorrupttest.o ../openssl/test/sslcorrupttest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sslcorrupttest-bin-ssltestlib.d.tmp -MT test/sslcorrupttest-bin-ssltestlib.o -c -o test/sslcorrupttest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ssltest_old-bin-ssltest_old.d.tmp -MT test/ssltest_old-bin-ssltest_old.o -c -o test/ssltest_old-bin-ssltest_old.o ../openssl/test/ssltest_old.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/stack_test-bin-stack_test.d.tmp -MT test/stack_test-bin-stack_test.o -c -o test/stack_test-bin-stack_test.o ../openssl/test/stack_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/sysdefaulttest-bin-sysdefaulttest.d.tmp -MT test/sysdefaulttest-bin-sysdefaulttest.o -c -o test/sysdefaulttest-bin-sysdefaulttest.o ../openssl/test/sysdefaulttest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/test_test-bin-test_test.d.tmp -MT test/test_test-bin-test_test.o -c -o test/test_test-bin-test_test.o ../openssl/test/test_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/threadstest-bin-threadstest.d.tmp -MT test/threadstest-bin-threadstest.o -c -o test/threadstest-bin-threadstest.o ../openssl/test/threadstest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/time_offset_test-bin-time_offset_test.d.tmp -MT test/time_offset_test-bin-time_offset_test.o -c -o test/time_offset_test-bin-time_offset_test.o ../openssl/test/time_offset_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/tls13ccstest-bin-ssltestlib.d.tmp -MT test/tls13ccstest-bin-ssltestlib.o -c -o test/tls13ccstest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/tls13ccstest-bin-tls13ccstest.d.tmp -MT test/tls13ccstest-bin-tls13ccstest.o -c -o test/tls13ccstest-bin-tls13ccstest.o ../openssl/test/tls13ccstest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/tls13encryptiontest-bin-tls13encryptiontest.d.tmp -MT test/tls13encryptiontest-bin-tls13encryptiontest.o -c -o test/tls13encryptiontest-bin-tls13encryptiontest.o ../openssl/test/tls13encryptiontest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -DOPENSSL_NO_KTLS -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/tls13secretstest-bin-packet.d.tmp -MT crypto/tls13secretstest-bin-packet.o -c -o crypto/tls13secretstest-bin-packet.o ../openssl/crypto/packet.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -DOPENSSL_NO_KTLS -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF ssl/tls13secretstest-bin-tls13_enc.d.tmp -MT ssl/tls13secretstest-bin-tls13_enc.o -c -o ssl/tls13secretstest-bin-tls13_enc.o ../openssl/ssl/tls13_enc.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -DOPENSSL_NO_KTLS -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/tls13secretstest-bin-tls13secretstest.d.tmp -MT test/tls13secretstest-bin-tls13secretstest.o -c -o test/tls13secretstest-bin-tls13secretstest.o ../openssl/test/tls13secretstest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/uitest-bin-apps_ui.d.tmp -MT apps/lib/uitest-bin-apps_ui.o -c -o apps/lib/uitest-bin-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/uitest-bin-uitest.d.tmp -MT test/uitest-bin-uitest.o -c -o test/uitest-bin-uitest.o ../openssl/test/uitest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/v3ext-bin-v3ext.d.tmp -MT test/v3ext-bin-v3ext.o -c -o test/v3ext-bin-v3ext.o ../openssl/test/v3ext.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/v3nametest-bin-v3nametest.d.tmp -MT test/v3nametest-bin-v3nametest.o -c -o test/v3nametest-bin-v3nametest.o ../openssl/test/v3nametest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/verify_extra_test-bin-verify_extra_test.d.tmp -MT test/verify_extra_test-bin-verify_extra_test.o -c -o test/verify_extra_test-bin-verify_extra_test.o ../openssl/test/verify_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/versions-bin-versions.d.tmp -MT test/versions-bin-versions.o -c -o test/versions-bin-versions.o ../openssl/test/versions.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/wpackettest-bin-wpackettest.d.tmp -MT test/wpackettest-bin-wpackettest.o -c -o test/wpackettest-bin-wpackettest.o ../openssl/test/wpackettest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509_check_cert_pkey_test-bin-x509_check_cert_pkey_test.d.tmp -MT test/x509_check_cert_pkey_test-bin-x509_check_cert_pkey_test.o -c -o test/x509_check_cert_pkey_test-bin-x509_check_cert_pkey_test.o ../openssl/test/x509_check_cert_pkey_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509_dup_cert_test-bin-x509_dup_cert_test.d.tmp -MT test/x509_dup_cert_test-bin-x509_dup_cert_test.o -c -o test/x509_dup_cert_test-bin-x509_dup_cert_test.o ../openssl/test/x509_dup_cert_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509_internal_test-bin-x509_internal_test.d.tmp -MT test/x509_internal_test-bin-x509_internal_test.o -c -o test/x509_internal_test-bin-x509_internal_test.o ../openssl/test/x509_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509_time_test-bin-x509_time_test.d.tmp -MT test/x509_time_test-bin-x509_time_test.o -c -o test/x509_time_test-bin-x509_time_test.o ../openssl/test/x509_time_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/x509aux-bin-x509aux.d.tmp -MT test/x509aux-bin-x509aux.o -c -o test/x509aux-bin-x509aux.o ../openssl/test/x509aux.c /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/apps/CA.pl.in > "apps/CA.pl" /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/apps/tsget.in > "apps/tsget.pl" /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/tools/c_rehash.in > "tools/c_rehash" /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/util/shlib_wrap.sh.in > "util/shlib_wrap.sh" chmod a+x apps/CA.pl ar qc apps/libapps.a apps/lib/libapps-lib-app_params.o apps/lib/libapps-lib-app_provider.o apps/lib/libapps-lib-app_rand.o apps/lib/libapps-lib-app_x509.o apps/lib/libapps-lib-apps.o apps/lib/libapps-lib-apps_ui.o apps/lib/libapps-lib-columns.o apps/lib/libapps-lib-fmt.o apps/lib/libapps-lib-http_server.o apps/lib/libapps-lib-names.o apps/lib/libapps-lib-opt.o apps/lib/libapps-lib-s_cb.o apps/lib/libapps-lib-s_socket.o ranlib apps/libapps.a || echo Never mind. chmod a+x apps/tsget.pl clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aes-x86_64.o crypto/aes/aes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-mb-x86_64.o crypto/aes/aesni-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-sha1-x86_64.o crypto/aes/aesni-sha1-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-sha256-x86_64.o crypto/aes/aesni-sha256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-x86_64.o crypto/aes/aesni-x86_64.s chmod a+x tools/c_rehash chmod a+x util/shlib_wrap.sh clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-bsaes-x86_64.o crypto/aes/bsaes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-vpaes-x86_64.o crypto/aes/vpaes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-rsaz-avx2.o crypto/bn/rsaz-avx2.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-rsaz-x86_64.o crypto/bn/rsaz-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-gf2m.o crypto/bn/x86_64-gf2m.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-mont.o crypto/bn/x86_64-mont.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-mont5.o crypto/bn/x86_64-mont5.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/camellia/libcrypto-lib-cmll-x86_64.o crypto/camellia/cmll-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/chacha/libcrypto-lib-chacha-x86_64.o crypto/chacha/chacha-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/ec/libcrypto-lib-ecp_nistz256-x86_64.o crypto/ec/ecp_nistz256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/ec/libcrypto-lib-x25519-x86_64.o crypto/ec/x25519-x86_64.s clang -Icrypto -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/libcrypto-lib-cversion.d.tmp -MT crypto/libcrypto-lib-cversion.o -c -o crypto/libcrypto-lib-cversion.o ../openssl/crypto/cversion.c clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/libcrypto-lib-x86_64cpuid.o crypto/x86_64cpuid.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/md5/libcrypto-lib-md5-x86_64.o crypto/md5/md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/modes/libcrypto-lib-aesni-gcm-x86_64.o crypto/modes/aesni-gcm-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/modes/libcrypto-lib-ghash-x86_64.o crypto/modes/ghash-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/poly1305/libcrypto-lib-poly1305-x86_64.o crypto/poly1305/poly1305-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/rc4/libcrypto-lib-rc4-md5-x86_64.o crypto/rc4/rc4-md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/rc4/libcrypto-lib-rc4-x86_64.o crypto/rc4/rc4-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-keccak1600-x86_64.o crypto/sha/keccak1600-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha1-mb-x86_64.o crypto/sha/sha1-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha1-x86_64.o crypto/sha/sha1-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha256-mb-x86_64.o crypto/sha/sha256-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha256-x86_64.o crypto/sha/sha256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha512-x86_64.o crypto/sha/sha512-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/whrlpool/libcrypto-lib-wp-x86_64.o crypto/whrlpool/wp-x86_64.s clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/encode_decode/libimplementations-lib-encode_key2any.d.tmp -MT providers/implementations/encode_decode/libimplementations-lib-encode_key2any.o -c -o providers/implementations/encode_decode/libimplementations-lib-encode_key2any.o ../openssl/providers/implementations/encode_decode/encode_key2any.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/kdfs/libimplementations-lib-x942kdf.d.tmp -MT providers/implementations/kdfs/libimplementations-lib-x942kdf.o -c -o providers/implementations/kdfs/libimplementations-lib-x942kdf.o ../openssl/providers/implementations/kdfs/x942kdf.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/signature/libimplementations-lib-dsa.d.tmp -MT providers/implementations/signature/libimplementations-lib-dsa.o -c -o providers/implementations/signature/libimplementations-lib-dsa.o ../openssl/providers/implementations/signature/dsa.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_digests_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_digests_gen.o -c -o providers/common/der/libnonfips-lib-der_digests_gen.o providers/common/der/der_digests_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_gen.o -c -o providers/common/der/libnonfips-lib-der_dsa_gen.o providers/common/der/der_dsa_gen.c ../openssl/providers/implementations/kdfs/x942kdf.c:438:21: error: no previous extern declaration for non-static variable 'kdf_x942_kdf_functions' [-Werror,-Wmissing-variable-declarations] const OSSL_DISPATCH kdf_x942_kdf_functions[] = { ^ 1 error generated. Makefile:21306: recipe for target 'providers/implementations/kdfs/libimplementations-lib-x942kdf.o' failed make[1]: *** [providers/implementations/kdfs/libimplementations-lib-x942kdf.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-cms' Makefile:3116: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From builds at travis-ci.com Fri Sep 11 05:09:54 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 11 Sep 2020 05:09:54 +0000 Subject: Errored: openssl/openssl#37388 (master - b0a4cbe) In-Reply-To: Message-ID: <5f5b06a2448c_13ffde277b0f814465b@travis-pro-tasks-58dddf4f49-jpt6w.mail> Build Update for openssl/openssl ------------------------------------- Build: #37388 Status: Errored Duration: 1 hr, 17 mins, and 22 secs Commit: b0a4cbe (master) Author: Dr. David von Oheimb Message: apps/cmp.c: Improve safeguard assertion on consistency of cmp_options[] and cmp_vars[] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12836) View the changeset: https://github.com/openssl/openssl/compare/d3dbc9b50043...b0a4cbead384 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183807507?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev at ddvo.net Fri Sep 11 05:47:04 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Fri, 11 Sep 2020 05:47:04 +0000 Subject: [openssl] master update Message-ID: <1599803224.660369.19504.nullmailer@dev.openssl.org> The branch master has been updated via 82bdd6419361136e7be533d31a990ba0476fced3 (commit) via e41a2c4c609a8f64dfab2d832e975b0b37ff286d (commit) via d72c8b457b77c31a20cf66e9c92aa19a4b7b5884 (commit) via bb377c8d6c61920d889b961bd5c862eaac8b28e4 (commit) via da6c691d6d417ad413fdc1e7a7a183d005e7fefd (commit) via 89f13ca4342be5b541b0885e3058617e5cce0de8 (commit) via 8a639b9d7234ed490f85ea46e4e8c74620452acd (commit) via 1e41dadfa7b9f792ed0f4714a3d3d36f070cf30e (commit) from b0a4cbead384e2ac8dbb697795ace242e1b07c18 (commit) - Log ----------------------------------------------------------------- commit 82bdd6419361136e7be533d31a990ba0476fced3 Author: Dr. David von Oheimb Date: Tue Sep 8 09:39:33 2020 +0200 check_chain_extensions(): Require X.509 v3 if extensions are present Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12478) commit e41a2c4c609a8f64dfab2d832e975b0b37ff286d Author: Dr. David von Oheimb Date: Mon Sep 7 22:38:46 2020 +0200 check_chain_extensions(): Change exclusion condition w.r.t. RFC 6818 section 2 Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12478) commit d72c8b457b77c31a20cf66e9c92aa19a4b7b5884 Author: Dr. David von Oheimb Date: Wed Aug 26 09:45:11 2020 +0200 x509_vfy.c: Make sure that strict checks are not done for self-issued EE certs Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12478) commit bb377c8d6c61920d889b961bd5c862eaac8b28e4 Author: Dr. David von Oheimb Date: Tue Aug 25 16:58:36 2020 +0200 check_chain_extensions(): Add check that CA cert includes key usage extension Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12478) commit da6c691d6d417ad413fdc1e7a7a183d005e7fefd Author: Dr. David von Oheimb Date: Tue Aug 25 16:46:18 2020 +0200 check_chain_extensions(): Add check that on empty Subject the SAN must be marked critical Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12478) commit 89f13ca4342be5b541b0885e3058617e5cce0de8 Author: Dr. David von Oheimb Date: Tue Aug 25 16:13:40 2020 +0200 check_chain_extensions(): Add check that AKID and SKID are not marked critical Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12478) commit 8a639b9d7234ed490f85ea46e4e8c74620452acd Author: Dr. David von Oheimb Date: Tue Aug 25 15:37:46 2020 +0200 check_chain_extensions(): Add check that Basic Constraints of CA cert are marked critical Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12478) commit 1e41dadfa7b9f792ed0f4714a3d3d36f070cf30e Author: Dr. David von Oheimb Date: Sat Jun 27 16:16:12 2020 +0200 Extend X509 cert checks and error reporting in v3_{purp,crld}.c and x509_{set,vfy}.c add various checks for malformedness to static check_chain_extensions() in x509_vfc.c improve error reporting of X509v3_cache_extensions() in v3_purp.c add error reporting to x509_init_sig_info() in x509_set.c improve static setup_dp() and related functions in v3_purp.c and v3_crld.c add test case for non-conforming cert from https://tools.ietf.org/html/rfc8410#section-10.2 Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12478) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 7 + crypto/x509/v3_crld.c | 27 ++-- crypto/x509/v3_purp.c | 118 +++++++++++++---- crypto/x509/v3err.c | 5 + crypto/x509/x509_err.c | 7 + crypto/x509/x509_set.c | 97 ++++++++------ crypto/x509/x509_txt.c | 42 +++++- crypto/x509/x509_vfy.c | 78 ++++++++++- doc/internal/man3/x509v3_cache_extensions.pod | 40 ++++++ doc/man1/openssl.pod | 1 + include/crypto/x509.h | 6 +- include/openssl/x509_vfy.h | 179 ++++++++++++++------------ include/openssl/x509err.h | 4 + include/openssl/x509v3.h | 11 +- include/openssl/x509v3err.h | 3 + test/recipes/25-test_verify.t | 7 +- test/testx509.pem | 16 +-- 17 files changed, 463 insertions(+), 185 deletions(-) create mode 100644 doc/internal/man3/x509v3_cache_extensions.pod diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index df8a7af26c..d0ba9c47be 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -3487,6 +3487,7 @@ X509V3_R_BN_TO_ASN1_INTEGER_ERROR:101:bn to asn1 integer error X509V3_R_DIRNAME_ERROR:149:dirname error X509V3_R_DISTPOINT_ALREADY_SET:160:distpoint already set X509V3_R_DUPLICATE_ZONE_ID:133:duplicate zone id +X509V3_R_EMPTY_KEY_USAGE:169:empty key usage X509V3_R_ERROR_CONVERTING_ZONE:131:error converting zone X509V3_R_ERROR_CREATING_EXTENSION:144:error creating extension X509V3_R_ERROR_IN_EXTENSION:128:error in extension @@ -3501,6 +3502,7 @@ X509V3_R_INCORRECT_POLICY_SYNTAX_TAG:152:incorrect policy syntax tag X509V3_R_INVALID_ASNUMBER:162:invalid asnumber X509V3_R_INVALID_ASRANGE:163:invalid asrange X509V3_R_INVALID_BOOLEAN_STRING:104:invalid boolean string +X509V3_R_INVALID_CERTIFICATE:158:invalid certificate X509V3_R_INVALID_EMPTY_NAME:108:invalid empty name X509V3_R_INVALID_EXTENSION_STRING:105:invalid extension string X509V3_R_INVALID_INHERITANCE:165:invalid inheritance @@ -3522,6 +3524,7 @@ X509V3_R_INVALID_SYNTAX:143:invalid syntax X509V3_R_ISSUER_DECODE_ERROR:126:issuer decode error X509V3_R_MISSING_VALUE:124:missing value X509V3_R_NEED_ORGANIZATION_AND_NUMBERS:142:need organization and numbers +X509V3_R_NEGATIVE_PATHLEN:168:negative pathlen X509V3_R_NO_CONFIG_DATABASE:136:no config database X509V3_R_NO_ISSUER_CERTIFICATE:121:no issuer certificate X509V3_R_NO_ISSUER_DETAILS:127:no issuer details @@ -3557,9 +3560,12 @@ X509_R_CERTIFICATE_VERIFICATION_FAILED:139:certificate verification failed X509_R_CERT_ALREADY_IN_HASH_TABLE:101:cert already in hash table X509_R_CRL_ALREADY_DELTA:127:crl already delta X509_R_CRL_VERIFY_FAILURE:131:crl verify failure +X509_R_ERROR_GETTING_MD_BY_NID:141:error getting md by nid +X509_R_ERROR_USING_SIGINF_SET:142:error using siginf set X509_R_IDP_MISMATCH:128:idp mismatch X509_R_INVALID_ATTRIBUTES:138:invalid attributes X509_R_INVALID_DIRECTORY:113:invalid directory +X509_R_INVALID_DISTPOINT:143:invalid distpoint X509_R_INVALID_FIELD_NAME:119:invalid field name X509_R_INVALID_TRUST:123:invalid trust X509_R_ISSUER_MISMATCH:129:issuer mismatch @@ -3583,6 +3589,7 @@ X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY:108:unable to get certs public key X509_R_UNKNOWN_KEY_TYPE:117:unknown key type X509_R_UNKNOWN_NID:109:unknown nid X509_R_UNKNOWN_PURPOSE_ID:121:unknown purpose id +X509_R_UNKNOWN_SIGID_ALGS:144:unknown sigid algs X509_R_UNKNOWN_TRUST_ID:120:unknown trust id X509_R_UNSUPPORTED_ALGORITHM:111:unsupported algorithm X509_R_WRONG_LOOKUP_TYPE:112:wrong lookup type diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c index b54346d036..8b4e100714 100644 --- a/crypto/x509/v3_crld.c +++ b/crypto/x509/v3_crld.c @@ -485,30 +485,31 @@ static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, return 1; } +/* Append any nameRelativeToCRLIssuer in dpn to iname, set in dpn->dpname */ int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, const X509_NAME *iname) { int i; STACK_OF(X509_NAME_ENTRY) *frag; X509_NAME_ENTRY *ne; - if (!dpn || (dpn->type != 1)) + + if (dpn == NULL || dpn->type != 1) return 1; frag = dpn->name.relativename; + X509_NAME_free(dpn->dpname); /* just in case it was already set */ dpn->dpname = X509_NAME_dup(iname); - if (!dpn->dpname) + if (dpn->dpname == NULL) return 0; for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) { ne = sk_X509_NAME_ENTRY_value(frag, i); - if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) { - X509_NAME_free(dpn->dpname); - dpn->dpname = NULL; - return 0; - } + if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) + goto err; } /* generate cached encoding of name */ - if (i2d_X509_NAME(dpn->dpname, NULL) < 0) { - X509_NAME_free(dpn->dpname); - dpn->dpname = NULL; - return 0; - } - return 1; + if (i2d_X509_NAME(dpn->dpname, NULL) >= 0) + return 1; + + err: + X509_NAME_free(dpn->dpname); + dpn->dpname = NULL; + return 0; } diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index d7d0aae3b3..2d4098b629 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -305,34 +305,49 @@ int X509_supported_extension(X509_EXTENSION *ex) return 0; } -static int setup_dp(X509 *x, DIST_POINT *dp) +/* return 1 on success, 0 if x is invalid, -1 on (internal) error */ +static int setup_dp(const X509 *x, DIST_POINT *dp) { const X509_NAME *iname = NULL; int i; - if (dp->reasons) { + if (dp->distpoint == NULL && sk_GENERAL_NAME_num(dp->CRLissuer) <= 0) { + X509err(0, X509_R_INVALID_DISTPOINT); + return 0; + } + if (dp->reasons != NULL) { if (dp->reasons->length > 0) dp->dp_reasons = dp->reasons->data[0]; if (dp->reasons->length > 1) dp->dp_reasons |= (dp->reasons->data[1] << 8); dp->dp_reasons &= CRLDP_ALL_REASONS; - } else + } else { dp->dp_reasons = CRLDP_ALL_REASONS; - if (!dp->distpoint || (dp->distpoint->type != 1)) + } + if (dp->distpoint == NULL || dp->distpoint->type != 1) return 1; + + /* handle name fragment given by nameRelativeToCRLIssuer */ + /* + * Note that the below way of determining iname is not really compliant + * with https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + * According to it, sk_GENERAL_NAME_num(dp->CRLissuer) MUST be <= 1 + * and any CRLissuer could be of type different to GEN_DIRNAME. + */ for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) { GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); + if (gen->type == GEN_DIRNAME) { iname = gen->d.directoryName; break; } } - if (!iname) + if (iname == NULL) iname = X509_get_issuer_name(x); - - return DIST_POINT_set_dpname(dp->distpoint, iname); + return DIST_POINT_set_dpname(dp->distpoint, iname) ? 1 : -1; } +/* return 1 on success, 0 if x is invalid, -1 on (internal) error */ static int setup_crldp(X509 *x) { int i; @@ -340,9 +355,12 @@ static int setup_crldp(X509 *x) x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, &i, NULL); if (x->crldp == NULL && i != -1) return 0; + for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) { - if (!setup_dp(x, sk_DIST_POINT_value(x->crldp, i))) - return 0; + int res = setup_dp(x, sk_DIST_POINT_value(x->crldp, i)); + + if (res < 1) + return res; } return 1; } @@ -373,6 +391,7 @@ static int check_sig_alg_match(const EVP_PKEY *pkey, const X509 *subject) /* * Cache info on various X.509v3 extensions and further derived information, * e.g., if cert 'x' is self-issued, in x->ex_flags and other internal fields. + * X509_SIG_INFO_VALID is set in x->flags if x->siginf was filled successfully. * Set EXFLAG_INVALID and return 0 in case the certificate is invalid. */ int x509v3_cache_extensions(X509 *x) @@ -382,8 +401,8 @@ int x509v3_cache_extensions(X509 *x) ASN1_BIT_STRING *usage; ASN1_BIT_STRING *ns; EXTENDED_KEY_USAGE *extusage; - X509_EXTENSION *ex; int i; + int res; #ifdef tsan_ld_acq /* fast lock-free check, see end of the function for details. */ @@ -398,30 +417,34 @@ int x509v3_cache_extensions(X509 *x) } ERR_set_mark(); + /* Cache the SHA1 digest of the cert */ if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL)) - x->ex_flags |= EXFLAG_INVALID; + /* + * Note that the cert is marked invalid also on internal malloc failure + * or on failure of EVP_MD_fetch(), potentially called by X509_digest(). + */ + x->ex_flags |= EXFLAG_INVALID; /* V1 should mean no extensions ... */ if (X509_get_version(x) == 0) x->ex_flags |= EXFLAG_V1; /* Handle basic constraints */ + x->ex_pathlen = -1; if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &i, NULL)) != NULL) { if (bs->ca) x->ex_flags |= EXFLAG_CA; if (bs->pathlen != NULL) { + /* + * the error case !bs->ca is checked by check_chain_extensions() + * in case ctx->param->flags & X509_V_FLAG_X509_STRICT + */ if (bs->pathlen->type == V_ASN1_NEG_INTEGER) { + X509err(0, X509V3_R_NEGATIVE_PATHLEN); x->ex_flags |= EXFLAG_INVALID; - x->ex_pathlen = 0; } else { x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); - if (!bs->ca && x->ex_pathlen != 0) { - x->ex_flags |= EXFLAG_INVALID; - x->ex_pathlen = 0; - } } - } else { - x->ex_pathlen = -1; } BASIC_CONSTRAINTS_free(bs); x->ex_flags |= EXFLAG_BCONS; @@ -436,9 +459,9 @@ int x509v3_cache_extensions(X509 *x) || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) { x->ex_flags |= EXFLAG_INVALID; } - if (pci->pcPathLengthConstraint) { + if (pci->pcPathLengthConstraint != NULL) x->ex_pcpathlen = ASN1_INTEGER_get(pci->pcPathLengthConstraint); - } else + else x->ex_pcpathlen = -1; PROXY_CERT_INFO_EXTENSION_free(pci); x->ex_flags |= EXFLAG_PROXY; @@ -446,7 +469,7 @@ int x509v3_cache_extensions(X509 *x) x->ex_flags |= EXFLAG_INVALID; } - /* Handle (basic and extended) key usage */ + /* Handle (basic) key usage */ if ((usage = X509_get_ext_d2i(x, NID_key_usage, &i, NULL)) != NULL) { x->ex_kusage = 0; if (usage->length > 0) { @@ -456,9 +479,16 @@ int x509v3_cache_extensions(X509 *x) } x->ex_flags |= EXFLAG_KUSAGE; ASN1_BIT_STRING_free(usage); + /* Check for empty key usage according to RFC 5280 section 4.2.1.3 */ + if (x->ex_kusage == 0) { + X509err(0, X509V3_R_EMPTY_KEY_USAGE); + x->ex_flags |= EXFLAG_INVALID; + } } else if (i != -1) { x->ex_flags |= EXFLAG_INVALID; } + + /* Handle extended key usage */ x->ex_xkusage = 0; if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, &i, NULL)) != NULL) { x->ex_flags |= EXFLAG_XKUSAGE; @@ -493,6 +523,7 @@ int x509v3_cache_extensions(X509 *x) x->ex_xkusage |= XKU_ANYEKU; break; default: + /* ignore unknown extended key usage */ break; } } @@ -517,6 +548,7 @@ int x509v3_cache_extensions(X509 *x) x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, &i, NULL); if (x->skid == NULL && i != -1) x->ex_flags |= EXFLAG_INVALID; + x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, &i, NULL); if (x->akid == NULL && i != -1) x->ex_flags |= EXFLAG_INVALID; @@ -538,8 +570,13 @@ int x509v3_cache_extensions(X509 *x) x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL); if (x->nc == NULL && i != -1) x->ex_flags |= EXFLAG_INVALID; - if (!setup_crldp(x)) + + /* Handle CRL distribution point entries */ + res = setup_crldp(x); + if (res == 0) x->ex_flags |= EXFLAG_INVALID; + else if (res < 0) + goto err; #ifndef OPENSSL_NO_RFC3779 x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, &i, NULL); @@ -550,9 +587,10 @@ int x509v3_cache_extensions(X509 *x) x->ex_flags |= EXFLAG_INVALID; #endif for (i = 0; i < X509_get_ext_count(x); i++) { - ex = X509_get_ext(x, i); - if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) - == NID_freshest_crl) + X509_EXTENSION *ex = X509_get_ext(x, i); + int nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); + + if (nid == NID_freshest_crl) x->ex_flags |= EXFLAG_FRESHEST; if (!X509_EXTENSION_get_critical(ex)) continue; @@ -560,9 +598,26 @@ int x509v3_cache_extensions(X509 *x) x->ex_flags |= EXFLAG_CRITICAL; break; } + switch (nid) { + case NID_basic_constraints: + x->ex_flags |= EXFLAG_BCONS_CRITICAL; + break; + case NID_authority_key_identifier: + x->ex_flags |= EXFLAG_AKID_CRITICAL; + break; + case NID_subject_key_identifier: + x->ex_flags |= EXFLAG_SKID_CRITICAL; + break; + case NID_subject_alt_name: + x->ex_flags |= EXFLAG_SAN_CRITICAL; + break; + default: + break; + } } - x509_init_sig_info(x); + /* Set x->siginf, ignoring errors due to unsupported algos */ + (void)x509_init_sig_info(x); x->ex_flags |= EXFLAG_SET; /* indicate that cert has been processed */ #ifdef tsan_st_rel @@ -574,9 +629,16 @@ int x509v3_cache_extensions(X509 *x) */ #endif ERR_pop_to_mark(); - CRYPTO_THREAD_unlock(x->lock); + if ((x->ex_flags & EXFLAG_INVALID) == 0) { + CRYPTO_THREAD_unlock(x->lock); + return 1; + } + X509err(0, X509V3_R_INVALID_CERTIFICATE); - return (x->ex_flags & EXFLAG_INVALID) == 0; + err: + x->ex_flags |= EXFLAG_SET; /* indicate that cert has been processed */ + CRYPTO_THREAD_unlock(x->lock); + return 0; } /*- diff --git a/crypto/x509/v3err.c b/crypto/x509/v3err.c index 4c62e59db9..5124908089 100644 --- a/crypto/x509/v3err.c +++ b/crypto/x509/v3err.c @@ -24,6 +24,7 @@ static const ERR_STRING_DATA X509V3_str_reasons[] = { "distpoint already set"}, {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DUPLICATE_ZONE_ID), "duplicate zone id"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EMPTY_KEY_USAGE), "empty key usage"}, {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CONVERTING_ZONE), "error converting zone"}, {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CREATING_EXTENSION), @@ -51,6 +52,8 @@ static const ERR_STRING_DATA X509V3_str_reasons[] = { {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASRANGE), "invalid asrange"}, {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_BOOLEAN_STRING), "invalid boolean string"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_CERTIFICATE), + "invalid certificate"}, {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_EXTENSION_STRING), "invalid extension string"}, {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_INHERITANCE), @@ -84,6 +87,8 @@ static const ERR_STRING_DATA X509V3_str_reasons[] = { {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_MISSING_VALUE), "missing value"}, {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS), "need organization and numbers"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NEGATIVE_PATHLEN), + "negative pathlen"}, {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_CONFIG_DATABASE), "no config database"}, {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_CERTIFICATE), diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index 450f2a7930..330fed3406 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -27,10 +27,15 @@ static const ERR_STRING_DATA X509_str_reasons[] = { {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_ALREADY_DELTA), "crl already delta"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE), "crl verify failure"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_ERROR_GETTING_MD_BY_NID), + "error getting md by nid"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_ERROR_USING_SIGINF_SET), + "error using siginf set"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_IDP_MISMATCH), "idp mismatch"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_ATTRIBUTES), "invalid attributes"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DIRECTORY), "invalid directory"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DISTPOINT), "invalid distpoint"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_FIELD_NAME), "invalid field name"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_TRUST), "invalid trust"}, @@ -66,6 +71,8 @@ static const ERR_STRING_DATA X509_str_reasons[] = { {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_NID), "unknown nid"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_PURPOSE_ID), "unknown purpose id"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_SIGID_ALGS), + "unknown sigid algs"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_TRUST_ID), "unknown trust id"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"}, diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 46cabc4b42..79e4c03ca3 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -192,60 +192,85 @@ int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, return X509_SIG_INFO_get(&x->siginf, mdnid, pknid, secbits, flags); } -static void x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg, - const ASN1_STRING *sig) +/* Modify *siginf according to alg and sig. Return 1 on success, else 0. */ +static int x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg, + const ASN1_STRING *sig) { int pknid, mdnid; const EVP_MD *md; + const EVP_PKEY_ASN1_METHOD *ameth; siginf->mdnid = NID_undef; siginf->pknid = NID_undef; siginf->secbits = -1; siginf->flags = 0; if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid) - || pknid == NID_undef) - return; + || pknid == NID_undef) { + X509err(0, X509_R_UNKNOWN_SIGID_ALGS); + return 0; + } + siginf->mdnid = mdnid; siginf->pknid = pknid; - if (mdnid == NID_undef) { + + switch (mdnid) { + case NID_undef: /* If we have one, use a custom handler for this algorithm */ - const EVP_PKEY_ASN1_METHOD *ameth = EVP_PKEY_asn1_find(NULL, pknid); + ameth = EVP_PKEY_asn1_find(NULL, pknid); if (ameth == NULL || ameth->siginf_set == NULL - || ameth->siginf_set(siginf, alg, sig) == 0) - return; - siginf->flags |= X509_SIG_INFO_VALID; - return; - } - siginf->flags |= X509_SIG_INFO_VALID; - siginf->mdnid = mdnid; - md = EVP_get_digestbynid(mdnid); - if (md == NULL) - return; - /* Security bits: half number of bits in digest */ - siginf->secbits = EVP_MD_size(md) * 4; - /* - * SHA1 and MD5 are known to be broken. Reduce security bits so that - * they're no longer accepted at security level 1. The real values don't - * really matter as long as they're lower than 80, which is our security - * level 1. - * https://eprint.iacr.org/2020/014 puts a chosen-prefix attack for SHA1 at - * 2^63.4 - * https://documents.epfl.ch/users/l/le/lenstra/public/papers/lat.pdf - * puts a chosen-prefix attack for MD5 at 2^39. - */ - if (mdnid == NID_sha1) + || !ameth->siginf_set(siginf, alg, sig)) { + X509err(0, X509_R_ERROR_USING_SIGINF_SET); + return 0; + } + break; + /* + * SHA1 and MD5 are known to be broken. Reduce security bits so that + * they're no longer accepted at security level 1. + * The real values don't really matter as long as they're lower than 80, + * which is our security level 1. + */ + case NID_sha1: + /* + * https://eprint.iacr.org/2020/014 puts a chosen-prefix attack + * for SHA1 at2^63.4 + */ siginf->secbits = 63; - else if (mdnid == NID_md5) + break; + case NID_md5: + /* + * https://documents.epfl.ch/users/l/le/lenstra/public/papers/lat.pdf + * puts a chosen-prefix attack for MD5 at 2^39. + */ siginf->secbits = 39; + break; + case NID_id_GostR3411_94: + /* + * There is a collision attack on GOST R 34.11-94 at 2^105, see + * https://link.springer.com/chapter/10.1007%2F978-3-540-85174-5_10 + */ + siginf->secbits = 105; + break; + default: + /* Security bits: half number of bits in digest */ + if ((md = EVP_get_digestbynid(mdnid)) == NULL) { + X509err(0, X509_R_ERROR_GETTING_MD_BY_NID); + return 0; + } + siginf->secbits = EVP_MD_size(md) * 4; + break; + } switch (mdnid) { - case NID_sha1: - case NID_sha256: - case NID_sha384: - case NID_sha512: + case NID_sha1: + case NID_sha256: + case NID_sha384: + case NID_sha512: siginf->flags |= X509_SIG_INFO_TLS; } + siginf->flags |= X509_SIG_INFO_VALID; + return 1; } -void x509_init_sig_info(X509 *x) +/* Returns 1 on success, 0 on failure */ +int x509_init_sig_info(X509 *x) { - x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature); + return x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature); } diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 63d8d95f3f..53b19e46df 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -69,8 +69,8 @@ const char *X509_verify_cert_error_string(long n) return "certificate chain too long"; case X509_V_ERR_CERT_REVOKED: return "certificate revoked"; - case X509_V_ERR_INVALID_CA: - return "invalid CA certificate"; + case X509_V_ERR_NO_ISSUER_PUBLIC_KEY: + return "issuer certificate doesn't have a public key"; case X509_V_ERR_PATH_LENGTH_EXCEEDED: return "path length constraint exceeded"; case X509_V_ERR_INVALID_PURPOSE: @@ -174,12 +174,42 @@ const char *X509_verify_cert_error_string(long n) return "OCSP verification failed"; case X509_V_ERR_OCSP_CERT_UNKNOWN: return "OCSP unknown cert"; - case X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH: - return "subject signature algorithm and issuer public key algorithm mismatch"; - case X509_V_ERR_NO_ISSUER_PUBLIC_KEY: - return "issuer certificate doesn't have a public key"; case X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM: return "Cannot find certificate signature algorithm"; + case X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH: + return "subject signature algorithm and issuer public key algorithm mismatch"; + case X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY: + return "cert info siganature and signature algorithm mismatch"; + case X509_V_ERR_INVALID_CA: + return "invalid CA certificate"; + case X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA: + return "Path length invalid for non-CA cert"; + case X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN: + return "Path length given without key usage keyCertSign"; + case X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA: + return "Key usage keyCertSign invalid for non-CA cert"; + case X509_V_ERR_ISSUER_NAME_EMPTY: + return "Issuer name empty"; + case X509_V_ERR_SUBJECT_NAME_EMPTY: + return "Subject name empty"; + case X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER: + return "Missing Authority Key Identifier"; + case X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER: + return "Missing Subject Key Identifier"; + case X509_V_ERR_EMPTY_SUBJECT_ALT_NAME: + return "Empty Subject Alternative Name extension"; + case X509_V_ERR_CA_BCONS_NOT_CRITICAL: + return "Basic Constraints of CA cert not marked critical"; + case X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL: + return "Subject empty and Subject Alt Name extension not critical"; + case X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL: + return "Authority Key Identifier marked critical"; + case X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL: + return "Subject Key Identifier marked critical"; + case X509_V_ERR_CA_CERT_MISSING_KEY_USAGE: + return "CA cert does not include key usage extension"; + case X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3: + return "Using cert extension requires at least X509v3"; default: /* Printing an error number into a static buffer is not thread-safe */ diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 843b65f022..4a067e5ff4 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -26,6 +26,7 @@ #include "x509_local.h" DEFINE_STACK_OF(X509) +DEFINE_STACK_OF(X509_EXTENSION) DEFINE_STACK_OF(X509_REVOKED) DEFINE_STACK_OF(GENERAL_NAME) DEFINE_STACK_OF(X509_CRL) @@ -479,6 +480,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) for (i = 0; i < num; i++) { int ret; + x = sk_X509_value(ctx->chain, i); if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && (x->ex_flags & EXFLAG_CRITICAL)) { @@ -519,12 +521,78 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) ret = 1; break; } - if ((x->ex_flags & EXFLAG_CA) == 0 - && x->ex_pathlen != -1 - && (ctx->param->flags & X509_V_FLAG_X509_STRICT)) { - ctx->error = X509_V_ERR_INVALID_EXTENSION; - ret = 0; + /* + * Do the following set of checks only if strict checking is requrested + * and not for self-issued (including self-signed) EE (non-CA) certs + * because RFC 5280 does not apply to them according RFC 6818 section 2. + */ + if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) != 0 + && num > 1) { /* + * this should imply + * !(i == 0 && (x->ex_flags & EXFLAG_CA) == 0 + * && (x->ex_flags & EXFLAG_SI) != 0) + */ + /* Check Basic Constraints according to RFC 5280 section 4.2.1.9 */ + if (x->ex_pathlen != -1) { + if ((x->ex_flags & EXFLAG_CA) == 0) + ctx->error = X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA; + if ((x->ex_kusage & KU_KEY_CERT_SIGN) == 0) + ctx->error = X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN; + } + if ((x->ex_flags & EXFLAG_CA) != 0 + && (x->ex_flags & EXFLAG_BCONS) != 0 + && (x->ex_flags & EXFLAG_BCONS_CRITICAL) == 0) + ctx->error = X509_V_ERR_CA_BCONS_NOT_CRITICAL; + /* Check Key Usage according to RFC 5280 section 4.2.1.3 */ + if ((x->ex_flags & EXFLAG_CA) != 0) { + if ((x->ex_flags & EXFLAG_KUSAGE) == 0) + ctx->error = X509_V_ERR_CA_CERT_MISSING_KEY_USAGE; + } else { + if ((x->ex_kusage & KU_KEY_CERT_SIGN) != 0) + ctx->error = X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA; + } + /* Check issuer is non-empty acc. to RFC 5280 section 4.1.2.4 */ + if (X509_NAME_entry_count(X509_get_issuer_name(x)) == 0) + ctx->error = X509_V_ERR_ISSUER_NAME_EMPTY; + /* Check subject is non-empty acc. to RFC 5280 section 4.1.2.6 */ + if (((x->ex_flags & EXFLAG_CA) != 0 + || (x->ex_kusage & KU_CRL_SIGN) != 0 + || x->altname == NULL + ) && X509_NAME_entry_count(X509_get_subject_name(x)) == 0) + ctx->error = X509_V_ERR_SUBJECT_NAME_EMPTY; + if (X509_NAME_entry_count(X509_get_subject_name(x)) == 0 + && x->altname != NULL + && (x->ex_flags & EXFLAG_SAN_CRITICAL) == 0) + ctx->error = X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL; + /* Check SAN is non-empty according to RFC 5280 section 4.2.1.6 */ + if (x->altname != NULL && sk_GENERAL_NAME_num(x->altname) <= 0) + ctx->error = X509_V_ERR_EMPTY_SUBJECT_ALT_NAME; + /* TODO add more checks on SAN entries */ + /* Check sig alg consistency acc. to RFC 5280 section 4.1.1.2 */ + if (X509_ALGOR_cmp(&x->sig_alg, &x->cert_info.signature) != 0) + ctx->error = X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY; + if (x->akid != NULL && (x->ex_flags & EXFLAG_AKID_CRITICAL) != 0) + ctx->error = X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL; + if (x->skid != NULL && (x->ex_flags & EXFLAG_SKID_CRITICAL) != 0) + ctx->error = X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL; + if (X509_get_version(x) >= 2) { /* at least X.509v3 */ + /* Check AKID presence acc. to RFC 5280 section 4.2.1.1 */ + if (i + 1 < num /* + * this means not last cert in chain, + * taken as "generated by conforming CAs" + */ + && (x->akid == NULL || x->akid->keyid == NULL)) + ctx->error = X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER; + /* Check SKID presence acc. to RFC 5280 section 4.2.1.2 */ + if ((x->ex_flags & EXFLAG_CA) != 0 && x->skid == NULL) + ctx->error = X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER; + } else { + if (sk_X509_EXTENSION_num(X509_get0_extensions(x)) > 0) + ctx->error = X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3; + } } + if (ctx->error != X509_V_OK) + ret = 0; if (ret == 0 && !verify_cb_cert(ctx, x, i, X509_V_OK)) return 0; /* check_purpose() makes the callback as needed */ diff --git a/doc/internal/man3/x509v3_cache_extensions.pod b/doc/internal/man3/x509v3_cache_extensions.pod new file mode 100644 index 0000000000..3fb7609daa --- /dev/null +++ b/doc/internal/man3/x509v3_cache_extensions.pod @@ -0,0 +1,40 @@ +=pod + +=head1 NAME + +x509v3_cache_extensions +- cache info on various X.509v3 extensions and further derived certificate data + +=head1 SYNOPSIS + + #include + + int x509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq); + +=head1 DESCRIPTION + +This function processes any X509v3 extensions present in an X509 object I +and caches the result of that processing as well as further derived info, +for instance whether the certificate is self-issued or has version X.509v1. +It computes the SHA1 digest of the certificate using the default library context +and property query string and stores the result in x->sha1_hash. +It sets B in x->flags if x->siginf was filled successfully, +which may not be possible if a referenced algorithm is unknown or not available. +Many OpenSSL functions that use an X509 object call this function implicitly. + +=head1 RETURN VALUES + +This function returns 0 if the extensions or other portions of the certificate +are invalid or an error occurred. +Otherwise it returns 1. + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index 1f344217a2..3ae273b5bf 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -906,6 +906,7 @@ a verification time, the check is not suppressed. =item B<-x509_strict> This disables non-compliant workarounds for broken certificates. +Thus errors are thrown on certificates not compliant with RFC 5280. =item B<-ignore_critical> diff --git a/include/crypto/x509.h b/include/crypto/x509.h index bd8f9ba52d..8c9a288cbc 100644 --- a/include/crypto/x509.h +++ b/include/crypto/x509.h @@ -304,9 +304,13 @@ int a2i_ipadd(unsigned char *ipout, const char *ipasc); int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm); int x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags); int x509v3_cache_extensions(X509 *x); +int x509_init_sig_info(X509 *x); +int x509_check_issued_int(X509 *issuer, X509 *subject, OPENSSL_CTX *libctx, + const char *propq); + int x509_set0_libctx(X509 *x, OPENSSL_CTX *libctx, const char *propq); int x509_crl_set0_libctx(X509_CRL *x, OPENSSL_CTX *libctx, const char *propq); -void x509_init_sig_info(X509 *x); +int x509_init_sig_info(X509 *x); int asn1_item_digest_with_libctx(const ASN1_ITEM *it, const EVP_MD *type, void *data, unsigned char *md, unsigned int *len, OPENSSL_CTX *libctx, diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 2d3bd70ae2..d43a442fc7 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -124,103 +124,118 @@ X509_LOOKUP_ctrl_with_libctx((x), X509_L_LOAD_STORE, (name), 0, NULL, \ X509_LOOKUP_ctrl_with_libctx((x), X509_L_ADD_STORE, (name), 0, NULL, \ (libctx), (propq)) +# define X509_V_OK 0 +# define X509_V_ERR_UNSPECIFIED 1 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +# define X509_V_ERR_UNABLE_TO_GET_CRL 3 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +# define X509_V_ERR_CERT_NOT_YET_VALID 9 +# define X509_V_ERR_CERT_HAS_EXPIRED 10 +# define X509_V_ERR_CRL_NOT_YET_VALID 11 +# define X509_V_ERR_CRL_HAS_EXPIRED 12 +# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +# define X509_V_ERR_OUT_OF_MEM 17 +# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +# define X509_V_ERR_CERT_REVOKED 23 +# define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 24 +# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +# define X509_V_ERR_INVALID_PURPOSE 26 +# define X509_V_ERR_CERT_UNTRUSTED 27 +# define X509_V_ERR_CERT_REJECTED 28 -# define X509_V_OK 0 -# define X509_V_ERR_UNSPECIFIED 1 -# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 -# define X509_V_ERR_UNABLE_TO_GET_CRL 3 -# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 -# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 -# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 -# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 -# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 -# define X509_V_ERR_CERT_NOT_YET_VALID 9 -# define X509_V_ERR_CERT_HAS_EXPIRED 10 -# define X509_V_ERR_CRL_NOT_YET_VALID 11 -# define X509_V_ERR_CRL_HAS_EXPIRED 12 -# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 -# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 -# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 -# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 -# define X509_V_ERR_OUT_OF_MEM 17 -# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 -# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 -# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 -# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 -# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 -# define X509_V_ERR_CERT_REVOKED 23 -# define X509_V_ERR_INVALID_CA 24 -# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 -# define X509_V_ERR_INVALID_PURPOSE 26 -# define X509_V_ERR_CERT_UNTRUSTED 27 -# define X509_V_ERR_CERT_REJECTED 28 /* These are 'informational' when looking for issuer cert */ -# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 -# define X509_V_ERR_AKID_SKID_MISMATCH 30 -# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 -# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 -# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 -# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 -# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 -# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 -# define X509_V_ERR_INVALID_NON_CA 37 -# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 -# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 -# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 -# define X509_V_ERR_INVALID_EXTENSION 41 -# define X509_V_ERR_INVALID_POLICY_EXTENSION 42 -# define X509_V_ERR_NO_EXPLICIT_POLICY 43 -# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 -# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 -# define X509_V_ERR_UNNESTED_RESOURCE 46 -# define X509_V_ERR_PERMITTED_VIOLATION 47 -# define X509_V_ERR_EXCLUDED_VIOLATION 48 -# define X509_V_ERR_SUBTREE_MINMAX 49 +# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +# define X509_V_ERR_AKID_SKID_MISMATCH 30 +# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 +# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +# define X509_V_ERR_INVALID_NON_CA 37 +# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 +# define X509_V_ERR_INVALID_EXTENSION 41 +# define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +# define X509_V_ERR_NO_EXPLICIT_POLICY 43 +# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 +# define X509_V_ERR_UNNESTED_RESOURCE 46 +# define X509_V_ERR_PERMITTED_VIOLATION 47 +# define X509_V_ERR_EXCLUDED_VIOLATION 48 +# define X509_V_ERR_SUBTREE_MINMAX 49 /* The application is not happy */ -# define X509_V_ERR_APPLICATION_VERIFICATION 50 -# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 -# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 -# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 -# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 +# define X509_V_ERR_APPLICATION_VERIFICATION 50 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 /* Another issuer check debug option */ -# define X509_V_ERR_PATH_LOOP 55 +# define X509_V_ERR_PATH_LOOP 55 /* Suite B mode algorithm violation */ -# define X509_V_ERR_SUITE_B_INVALID_VERSION 56 -# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 -# define X509_V_ERR_SUITE_B_INVALID_CURVE 58 -# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 -# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 -# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 +# define X509_V_ERR_SUITE_B_INVALID_VERSION 56 +# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +# define X509_V_ERR_SUITE_B_INVALID_CURVE 58 +# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 +# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 +# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 /* Host, email and IP check errors */ -# define X509_V_ERR_HOSTNAME_MISMATCH 62 -# define X509_V_ERR_EMAIL_MISMATCH 63 -# define X509_V_ERR_IP_ADDRESS_MISMATCH 64 +# define X509_V_ERR_HOSTNAME_MISMATCH 62 +# define X509_V_ERR_EMAIL_MISMATCH 63 +# define X509_V_ERR_IP_ADDRESS_MISMATCH 64 /* DANE TLSA errors */ -# define X509_V_ERR_DANE_NO_MATCH 65 +# define X509_V_ERR_DANE_NO_MATCH 65 /* security level errors */ -# define X509_V_ERR_EE_KEY_TOO_SMALL 66 -# define X509_V_ERR_CA_KEY_TOO_SMALL 67 -# define X509_V_ERR_CA_MD_TOO_WEAK 68 +# define X509_V_ERR_EE_KEY_TOO_SMALL 66 +# define X509_V_ERR_CA_KEY_TOO_SMALL 67 +# define X509_V_ERR_CA_MD_TOO_WEAK 68 /* Caller error */ -# define X509_V_ERR_INVALID_CALL 69 +# define X509_V_ERR_INVALID_CALL 69 /* Issuer lookup error */ -# define X509_V_ERR_STORE_LOOKUP 70 +# define X509_V_ERR_STORE_LOOKUP 70 /* Certificate transparency */ -# define X509_V_ERR_NO_VALID_SCTS 71 +# define X509_V_ERR_NO_VALID_SCTS 71 -# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 +# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 /* OCSP status errors */ -# define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ -# define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ -# define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ - -# define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 76 -# define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 77 -# define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 78 - +# define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ +# define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ +# define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ + +# define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 76 +# define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 77 + +/* Errors in case a check in X509_V_FLAG_X509_STRICT mode fails */ +# define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY 78 +# define X509_V_ERR_INVALID_CA 79 +# define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA 80 +# define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN 81 +# define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA 82 +# define X509_V_ERR_ISSUER_NAME_EMPTY 83 +# define X509_V_ERR_SUBJECT_NAME_EMPTY 84 +# define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER 85 +# define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER 86 +# define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME 87 +# define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL 88 +# define X509_V_ERR_CA_BCONS_NOT_CRITICAL 89 +# define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL 90 +# define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL 91 +# define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92 +# define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93 /* Certificate verify flags */ - # ifndef OPENSSL_NO_DEPRECATED_1_1_0 # define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ # endif diff --git a/include/openssl/x509err.h b/include/openssl/x509err.h index 19743b5987..94c5c5b75e 100644 --- a/include/openssl/x509err.h +++ b/include/openssl/x509err.h @@ -107,9 +107,12 @@ int ERR_load_X509_strings(void); # define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 # define X509_R_CRL_ALREADY_DELTA 127 # define X509_R_CRL_VERIFY_FAILURE 131 +# define X509_R_ERROR_GETTING_MD_BY_NID 141 +# define X509_R_ERROR_USING_SIGINF_SET 142 # define X509_R_IDP_MISMATCH 128 # define X509_R_INVALID_ATTRIBUTES 138 # define X509_R_INVALID_DIRECTORY 113 +# define X509_R_INVALID_DISTPOINT 143 # define X509_R_INVALID_FIELD_NAME 119 # define X509_R_INVALID_TRUST 123 # define X509_R_ISSUER_MISMATCH 129 @@ -133,6 +136,7 @@ int ERR_load_X509_strings(void); # define X509_R_UNKNOWN_KEY_TYPE 117 # define X509_R_UNKNOWN_NID 109 # define X509_R_UNKNOWN_PURPOSE_ID 121 +# define X509_R_UNKNOWN_SIGID_ALGS 144 # define X509_R_UNKNOWN_TRUST_ID 120 # define X509_R_UNSUPPORTED_ALGORITHM 111 # define X509_R_WRONG_LOOKUP_TYPE 112 diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 24f5a361d0..a3ef7ced3a 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -364,8 +364,7 @@ struct ISSUING_DIST_POINT_st { # define EXFLAG_NSCERT 0x8 # define EXFLAG_CA 0x10 -/* Really self issued not necessarily self signed */ -# define EXFLAG_SI 0x20 +# define EXFLAG_SI 0x20 /* self-issued, maybe not self-signed */ # define EXFLAG_V1 0x40 # define EXFLAG_INVALID 0x80 /* EXFLAG_SET is set to indicate that some values have been precomputed */ @@ -375,8 +374,12 @@ struct ISSUING_DIST_POINT_st { # define EXFLAG_INVALID_POLICY 0x800 # define EXFLAG_FRESHEST 0x1000 -/* Self signed */ -# define EXFLAG_SS 0x2000 +# define EXFLAG_SS 0x2000 /* cert is apparently self-signed */ + +# define EXFLAG_BCONS_CRITICAL 0x10000 +# define EXFLAG_AKID_CRITICAL 0x20000 +# define EXFLAG_SKID_CRITICAL 0x40000 +# define EXFLAG_SAN_CRITICAL 0x80000 # define KU_DIGITAL_SIGNATURE 0x0080 # define KU_NON_REPUDIATION 0x0040 diff --git a/include/openssl/x509v3err.h b/include/openssl/x509v3err.h index d7aa5da6ac..b245a63902 100644 --- a/include/openssl/x509v3err.h +++ b/include/openssl/x509v3err.h @@ -107,6 +107,7 @@ int ERR_load_X509V3_strings(void); # define X509V3_R_DIRNAME_ERROR 149 # define X509V3_R_DISTPOINT_ALREADY_SET 160 # define X509V3_R_DUPLICATE_ZONE_ID 133 +# define X509V3_R_EMPTY_KEY_USAGE 169 # define X509V3_R_ERROR_CONVERTING_ZONE 131 # define X509V3_R_ERROR_CREATING_EXTENSION 144 # define X509V3_R_ERROR_IN_EXTENSION 128 @@ -121,6 +122,7 @@ int ERR_load_X509V3_strings(void); # define X509V3_R_INVALID_ASNUMBER 162 # define X509V3_R_INVALID_ASRANGE 163 # define X509V3_R_INVALID_BOOLEAN_STRING 104 +# define X509V3_R_INVALID_CERTIFICATE 158 # define X509V3_R_INVALID_EXTENSION_STRING 105 # define X509V3_R_INVALID_INHERITANCE 165 # define X509V3_R_INVALID_IPADDRESS 166 @@ -142,6 +144,7 @@ int ERR_load_X509V3_strings(void); # define X509V3_R_ISSUER_DECODE_ERROR 126 # define X509V3_R_MISSING_VALUE 124 # define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 +# define X509V3_R_NEGATIVE_PATHLEN 168 # define X509V3_R_NO_CONFIG_DATABASE 136 # define X509V3_R_NO_ISSUER_CERTIFICATE 121 # define X509V3_R_NO_ISSUER_DETAILS 127 diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index 42d44dcdce..aaa7fa3d90 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -27,7 +27,7 @@ sub verify { run(app([@args])); } -plan tests => 144; +plan tests => 145; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -372,13 +372,16 @@ ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig" "accept trusted self-signed EE cert excluding key usage keyCertSign"); SKIP: { - skip "Ed25519 is not supported by this OpenSSL build", 5 + skip "Ed25519 is not supported by this OpenSSL build", 6 if disabled("ec"); # ED25519 certificate from draft-ietf-curdle-pkix-04 ok(verify("ee-ed25519", "sslserver", ["root-ed25519"], []), "accept X25519 EE cert issued by trusted Ed25519 self-signed CA cert"); + ok(!verify("ee-ed25519", "sslserver", ["root-ed25519"], [], "-x509_strict"), + "reject X25519 EE cert in strict mode since AKID is missing"); + ok(!verify("root-ed25519", "sslserver", ["ee-ed25519"], []), "fail Ed25519 CA and EE certs swapped"); diff --git a/test/testx509.pem b/test/testx509.pem index 8a85d14964..e0c7a1f9af 100644 --- a/test/testx509.pem +++ b/test/testx509.pem @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV -BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz -MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM -RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF -AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO -/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE -Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ -zl9HYIMxATFyqSiD9jsx +MIIBczCCAR0CFEqkMs9xq0qfdNflIpoqdDaOU/ThMA0GCSqGSIb3DQEBBAUAMDox +CzAJBgNVBAYTAkFVMQwwCgYDVQQIDANRTEQxHTAbBgNVBAMMFFNTTGVheSByc2Eg +dGVzdCBjZXJ0MCAXDTIwMDczMTE3MTM0NVoYDzIxMjAwNzA3MTcxMzQ1WjA6MQsw +CQYDVQQGEwJBVTEMMAoGA1UECAwDUUxEMR0wGwYDVQQDDBRTU0xlYXkgcnNhIHRl +c3QgY2VydDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDUZKgYSMuJdiw2aIQIG4LD +vm9HbUnyJyj6WgPkpw98dVKTj0jo3F6n/e3anYzvSpOiPkTuvw209yslzJs40Sf7 +AgMBAAEwDQYJKoZIhvcNAQEEBQADQQBV1bQAvyLvJQrNt7WEKmo/inigwjsvQYwd +nxmV6zWhqpQZmo86/ixumUa6zTlq+y4+wiiFngMZ7Bt0O769Nlzx -----END CERTIFICATE----- From openssl at openssl.org Fri Sep 11 06:39:00 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 11 Sep 2020 06:39:00 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1599806340.744088.5863.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: d3dbc9b500 apps_ui.c: Correct password prompt for ui_method 591ceeddb3 apps_ui.c: Correct handling of empty password from -passin f84de16f39 apps_ui.c: Improve error handling and return value of setup_ui_method() 9a62ccbe8a Fix fipsinstall module path 9f604ca13d STORE: Fix OSSL_STORE_attach() to check |ui_method| before use 5a0991d0d9 Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps 5fdcde816f X509_NAME_cmp(): Clearly document its semantics, referencing relevant RFCs a8e2a9f569 X509_NAME_add_entry_by_txt.pod: Improve documentation w.r.t. multi-valued RDNs (containing sets of AVAs) bc64c5a69b X509_NAME_cmp: restrict normal return values to {-1,0,1} to avoid confusion with -2 for error 2aa91df406 X509_NAME_oneline(): Fix output of multi-valued RDNs, escaping '/' and '+' in values 115786793c X509_NAME_print_ex.pod: re-format lines to fit within 80 chars limit 388f2d9f6c app_load_config_bio(): fix crash on error 3101ab603c Fix an EVP_MD_CTX leak b830e00429 Diverse build.info: Adjust paths bb30bce22b bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc 543a802fab bugfix in ossl_cmp_msg_protect(): set senderKID and extend extraCerts also for unprotected CMP requests 6199478101 bugfix in ossl_cmp_msg_add_extraCerts(): should include cert chain when using PBM 7eb48cfc66 test/cmp_{client,msg}_test.c: minor code cleanup eb5087fc7c test/recipes/81-test_cmp_cli_data/Mock/server.cnf: minor cleanup 4245fd64c8 81-test_cmp_cli: Make test output files all different according to #11080 57371e1674 81-test_cmp_cli.t: Stop unlinking test output files according to #11080 c4adc5ba5b apps.c: Fix mem leaks on error in load_certs() and load_crls() a877d2629b apps/cmp.c: clear leftover errors on loading libengines.so etc. 87495d56a9 apps.c: Fix diagnostics and return value of load_key_certs_crls() on error aad086e2ae Replace all wrong usages of 'B<...>' (typically by 'I<...>') in OSSL_CMP_CTX_new.pod a0745e2be6 Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs 474853c39a Fix markdown nits in NOTES-Windows.txt 10203a3472 Support writing RSA keys using the traditional format again 8ae40cf57d ENCODER: Refactor provider implementations, and some cleanup ce43db7a3f Fix up issue on AIX caused by broken compiler handling of macro expansion b7a8fb52a9 s_time: check return values better e942111267 In a non-shared build, don't include the md5 object files in legacy provider 5c97eeb726 TLS fixes for CBC mode and no-deprecated b924d1b6e1 TLS: remove legacy code path supporting special CBC mode 81661a14bc legacy: include MD5 code in legacy provider b250fc7be7 Deprecate SHA and MD5 again. Build log ended with (last 100 lines): Unable to load private key for CMP client certificate cmp_main:../openssl/apps/cmp.c:2813:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2660:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2257:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.certout_csr_ignored.pem -out_trusted root.crt -csr idontexist => 1 not ok 72 - csr ignored for ir # ------------------------------------------------------------------------------ # Failed test 'csr ignored for ir' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. Could not read any key of private key for CMP client certificate from signer.p12 C00082F92B7F0000:error::asn1 encoding routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:105: Unable to load private key for CMP client certificate cmp_main:../openssl/apps/cmp.c:2813:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2660:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2257:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.certout_p10cr.pem -out_trusted root.crt -csr csr.pem => 1 not ok 73 - p10cr csr # ------------------------------------------------------------------------------ Could not read any key of private key for CMP client certificate from signer.p12 C040FD27257F0000:error::asn1 encoding routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:105: Unable to load private key for CMP client certificate cmp_main:../openssl/apps/cmp.c:2813:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2660:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2257:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.certout_revreason.pem -out_trusted root.crt -revreason 5 => 1 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ Could not read any key of private key for CMP client certificate from signer.p12 C000F693527F0000:error::asn1 encoding routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:105: Unable to load private key for CMP client certificate cmp_main:../openssl/apps/cmp.c:2813:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2660:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2257:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.certout_cr.pem -out_trusted root.crt => 1 not ok 82 - cr # ------------------------------------------------------------------------------ # Looks like you failed 29 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-des/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 30-test_evp.t (Wstat: 768 Tests: 84 Failed: 3) Failed tests: 12, 36, 69 Non-zero exit status: 3 30-test_evp_kdf.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=211, Tests=3411, 682 wallclock secs (14.25 usr 1.19 sys + 613.02 cusr 57.52 csys = 685.98 CPU) Result: FAIL Makefile:3116: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' Makefile:3114: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Sep 11 07:01:49 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 11 Sep 2020 07:01:49 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1599807709.232203.25603.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: d3dbc9b500 apps_ui.c: Correct password prompt for ui_method 591ceeddb3 apps_ui.c: Correct handling of empty password from -passin f84de16f39 apps_ui.c: Improve error handling and return value of setup_ui_method() 9a62ccbe8a Fix fipsinstall module path 9f604ca13d STORE: Fix OSSL_STORE_attach() to check |ui_method| before use 5a0991d0d9 Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps 5fdcde816f X509_NAME_cmp(): Clearly document its semantics, referencing relevant RFCs a8e2a9f569 X509_NAME_add_entry_by_txt.pod: Improve documentation w.r.t. multi-valued RDNs (containing sets of AVAs) bc64c5a69b X509_NAME_cmp: restrict normal return values to {-1,0,1} to avoid confusion with -2 for error 2aa91df406 X509_NAME_oneline(): Fix output of multi-valued RDNs, escaping '/' and '+' in values 115786793c X509_NAME_print_ex.pod: re-format lines to fit within 80 chars limit 388f2d9f6c app_load_config_bio(): fix crash on error 3101ab603c Fix an EVP_MD_CTX leak b830e00429 Diverse build.info: Adjust paths bb30bce22b bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc 543a802fab bugfix in ossl_cmp_msg_protect(): set senderKID and extend extraCerts also for unprotected CMP requests 6199478101 bugfix in ossl_cmp_msg_add_extraCerts(): should include cert chain when using PBM 7eb48cfc66 test/cmp_{client,msg}_test.c: minor code cleanup eb5087fc7c test/recipes/81-test_cmp_cli_data/Mock/server.cnf: minor cleanup 4245fd64c8 81-test_cmp_cli: Make test output files all different according to #11080 57371e1674 81-test_cmp_cli.t: Stop unlinking test output files according to #11080 c4adc5ba5b apps.c: Fix mem leaks on error in load_certs() and load_crls() a877d2629b apps/cmp.c: clear leftover errors on loading libengines.so etc. 87495d56a9 apps.c: Fix diagnostics and return value of load_key_certs_crls() on error aad086e2ae Replace all wrong usages of 'B<...>' (typically by 'I<...>') in OSSL_CMP_CTX_new.pod a0745e2be6 Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs 474853c39a Fix markdown nits in NOTES-Windows.txt 10203a3472 Support writing RSA keys using the traditional format again 8ae40cf57d ENCODER: Refactor provider implementations, and some cleanup ce43db7a3f Fix up issue on AIX caused by broken compiler handling of macro expansion b7a8fb52a9 s_time: check return values better e942111267 In a non-shared build, don't include the md5 object files in legacy provider 5c97eeb726 TLS fixes for CBC mode and no-deprecated b924d1b6e1 TLS: remove legacy code path supporting special CBC mode 81661a14bc legacy: include MD5 code in legacy provider b250fc7be7 Deprecate SHA and MD5 again. Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=211, Tests=3557, 723 wallclock secs (14.15 usr 1.39 sys + 636.46 cusr 68.50 csys = 720.50 CPU) Result: FAIL Makefile:3172: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3170: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Sep 11 07:23:18 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 11 Sep 2020 07:23:18 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh Message-ID: <1599808998.309238.13608.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: d3dbc9b500 apps_ui.c: Correct password prompt for ui_method 591ceeddb3 apps_ui.c: Correct handling of empty password from -passin f84de16f39 apps_ui.c: Improve error handling and return value of setup_ui_method() 9a62ccbe8a Fix fipsinstall module path 9f604ca13d STORE: Fix OSSL_STORE_attach() to check |ui_method| before use 5a0991d0d9 Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps 5fdcde816f X509_NAME_cmp(): Clearly document its semantics, referencing relevant RFCs a8e2a9f569 X509_NAME_add_entry_by_txt.pod: Improve documentation w.r.t. multi-valued RDNs (containing sets of AVAs) bc64c5a69b X509_NAME_cmp: restrict normal return values to {-1,0,1} to avoid confusion with -2 for error 2aa91df406 X509_NAME_oneline(): Fix output of multi-valued RDNs, escaping '/' and '+' in values 115786793c X509_NAME_print_ex.pod: re-format lines to fit within 80 chars limit 388f2d9f6c app_load_config_bio(): fix crash on error 3101ab603c Fix an EVP_MD_CTX leak b830e00429 Diverse build.info: Adjust paths bb30bce22b bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc 543a802fab bugfix in ossl_cmp_msg_protect(): set senderKID and extend extraCerts also for unprotected CMP requests 6199478101 bugfix in ossl_cmp_msg_add_extraCerts(): should include cert chain when using PBM 7eb48cfc66 test/cmp_{client,msg}_test.c: minor code cleanup eb5087fc7c test/recipes/81-test_cmp_cli_data/Mock/server.cnf: minor cleanup 4245fd64c8 81-test_cmp_cli: Make test output files all different according to #11080 57371e1674 81-test_cmp_cli.t: Stop unlinking test output files according to #11080 c4adc5ba5b apps.c: Fix mem leaks on error in load_certs() and load_crls() a877d2629b apps/cmp.c: clear leftover errors on loading libengines.so etc. 87495d56a9 apps.c: Fix diagnostics and return value of load_key_certs_crls() on error aad086e2ae Replace all wrong usages of 'B<...>' (typically by 'I<...>') in OSSL_CMP_CTX_new.pod a0745e2be6 Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs 474853c39a Fix markdown nits in NOTES-Windows.txt 10203a3472 Support writing RSA keys using the traditional format again 8ae40cf57d ENCODER: Refactor provider implementations, and some cleanup ce43db7a3f Fix up issue on AIX caused by broken compiler handling of macro expansion b7a8fb52a9 s_time: check return values better e942111267 In a non-shared build, don't include the md5 object files in legacy provider 5c97eeb726 TLS fixes for CBC mode and no-deprecated b924d1b6e1 TLS: remove legacy code path supporting special CBC mode 81661a14bc legacy: include MD5 code in legacy provider b250fc7be7 Deprecate SHA and MD5 again. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. skipped: dh is not supported by this OpenSSL build 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. skipped: dh is not supported by this OpenSSL build 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 30-test_evp.t (Wstat: 512 Tests: 84 Failed: 2) Failed tests: 20, 44 Non-zero exit status: 2 Files=211, Tests=3544, 690 wallclock secs (13.88 usr 1.17 sys + 620.38 cusr 66.72 csys = 702.15 CPU) Result: FAIL Makefile:3147: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dh' Makefile:3145: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Sep 11 07:44:30 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 11 Sep 2020 07:44:30 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1599810270.980186.31138.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: d3dbc9b500 apps_ui.c: Correct password prompt for ui_method 591ceeddb3 apps_ui.c: Correct handling of empty password from -passin f84de16f39 apps_ui.c: Improve error handling and return value of setup_ui_method() 9a62ccbe8a Fix fipsinstall module path 9f604ca13d STORE: Fix OSSL_STORE_attach() to check |ui_method| before use 5a0991d0d9 Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps 5fdcde816f X509_NAME_cmp(): Clearly document its semantics, referencing relevant RFCs a8e2a9f569 X509_NAME_add_entry_by_txt.pod: Improve documentation w.r.t. multi-valued RDNs (containing sets of AVAs) bc64c5a69b X509_NAME_cmp: restrict normal return values to {-1,0,1} to avoid confusion with -2 for error 2aa91df406 X509_NAME_oneline(): Fix output of multi-valued RDNs, escaping '/' and '+' in values 115786793c X509_NAME_print_ex.pod: re-format lines to fit within 80 chars limit 388f2d9f6c app_load_config_bio(): fix crash on error 3101ab603c Fix an EVP_MD_CTX leak b830e00429 Diverse build.info: Adjust paths bb30bce22b bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc 543a802fab bugfix in ossl_cmp_msg_protect(): set senderKID and extend extraCerts also for unprotected CMP requests 6199478101 bugfix in ossl_cmp_msg_add_extraCerts(): should include cert chain when using PBM 7eb48cfc66 test/cmp_{client,msg}_test.c: minor code cleanup eb5087fc7c test/recipes/81-test_cmp_cli_data/Mock/server.cnf: minor cleanup 4245fd64c8 81-test_cmp_cli: Make test output files all different according to #11080 57371e1674 81-test_cmp_cli.t: Stop unlinking test output files according to #11080 c4adc5ba5b apps.c: Fix mem leaks on error in load_certs() and load_crls() a877d2629b apps/cmp.c: clear leftover errors on loading libengines.so etc. 87495d56a9 apps.c: Fix diagnostics and return value of load_key_certs_crls() on error aad086e2ae Replace all wrong usages of 'B<...>' (typically by 'I<...>') in OSSL_CMP_CTX_new.pod a0745e2be6 Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs 474853c39a Fix markdown nits in NOTES-Windows.txt 10203a3472 Support writing RSA keys using the traditional format again 8ae40cf57d ENCODER: Refactor provider implementations, and some cleanup ce43db7a3f Fix up issue on AIX caused by broken compiler handling of macro expansion b7a8fb52a9 s_time: check return values better e942111267 In a non-shared build, don't include the md5 object files in legacy provider 5c97eeb726 TLS fixes for CBC mode and no-deprecated b924d1b6e1 TLS: remove legacy code path supporting special CBC mode 81661a14bc legacy: include MD5 code in legacy provider b250fc7be7 Deprecate SHA and MD5 again. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 30-test_evp.t (Wstat: 512 Tests: 84 Failed: 2) Failed tests: 15, 39 Non-zero exit status: 2 Files=211, Tests=3478, 665 wallclock secs (13.51 usr 1.14 sys + 597.30 cusr 65.03 csys = 676.98 CPU) Result: FAIL Makefile:3117: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dsa' Makefile:3115: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Fri Sep 11 08:29:22 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 11 Sep 2020 08:29:22 +0000 Subject: Errored: openssl/openssl#37394 (master - 82bdd64) In-Reply-To: Message-ID: <5f5b35619234a_13f81b6cb5904428c4@travis-pro-tasks-5c7df7d67-d2fjg.mail> Build Update for openssl/openssl ------------------------------------- Build: #37394 Status: Errored Duration: 1 hr, 26 mins, and 53 secs Commit: 82bdd64 (master) Author: Dr. David von Oheimb Message: check_chain_extensions(): Require X.509 v3 if extensions are present Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12478) View the changeset: https://github.com/openssl/openssl/compare/b0a4cbead384...82bdd6419361 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/183837997?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Sep 11 09:04:02 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 11 Sep 2020 09:04:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1599815042.729799.11573.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: d3dbc9b500 apps_ui.c: Correct password prompt for ui_method 591ceeddb3 apps_ui.c: Correct handling of empty password from -passin f84de16f39 apps_ui.c: Improve error handling and return value of setup_ui_method() 9a62ccbe8a Fix fipsinstall module path 9f604ca13d STORE: Fix OSSL_STORE_attach() to check |ui_method| before use 5a0991d0d9 Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps 5fdcde816f X509_NAME_cmp(): Clearly document its semantics, referencing relevant RFCs a8e2a9f569 X509_NAME_add_entry_by_txt.pod: Improve documentation w.r.t. multi-valued RDNs (containing sets of AVAs) bc64c5a69b X509_NAME_cmp: restrict normal return values to {-1,0,1} to avoid confusion with -2 for error 2aa91df406 X509_NAME_oneline(): Fix output of multi-valued RDNs, escaping '/' and '+' in values 115786793c X509_NAME_print_ex.pod: re-format lines to fit within 80 chars limit 388f2d9f6c app_load_config_bio(): fix crash on error 3101ab603c Fix an EVP_MD_CTX leak b830e00429 Diverse build.info: Adjust paths bb30bce22b bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc 543a802fab bugfix in ossl_cmp_msg_protect(): set senderKID and extend extraCerts also for unprotected CMP requests 6199478101 bugfix in ossl_cmp_msg_add_extraCerts(): should include cert chain when using PBM 7eb48cfc66 test/cmp_{client,msg}_test.c: minor code cleanup eb5087fc7c test/recipes/81-test_cmp_cli_data/Mock/server.cnf: minor cleanup 4245fd64c8 81-test_cmp_cli: Make test output files all different according to #11080 57371e1674 81-test_cmp_cli.t: Stop unlinking test output files according to #11080 c4adc5ba5b apps.c: Fix mem leaks on error in load_certs() and load_crls() a877d2629b apps/cmp.c: clear leftover errors on loading libengines.so etc. 87495d56a9 apps.c: Fix diagnostics and return value of load_key_certs_crls() on error aad086e2ae Replace all wrong usages of 'B<...>' (typically by 'I<...>') in OSSL_CMP_CTX_new.pod a0745e2be6 Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs 474853c39a Fix markdown nits in NOTES-Windows.txt 10203a3472 Support writing RSA keys using the traditional format again 8ae40cf57d ENCODER: Refactor provider implementations, and some cleanup ce43db7a3f Fix up issue on AIX caused by broken compiler handling of macro expansion b7a8fb52a9 s_time: check return values better e942111267 In a non-shared build, don't include the md5 object files in legacy provider 5c97eeb726 TLS fixes for CBC mode and no-deprecated b924d1b6e1 TLS: remove legacy code path supporting special CBC mode 81661a14bc legacy: include MD5 code in legacy provider b250fc7be7 Deprecate SHA and MD5 again. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 30-test_evp.t (Wstat: 2048 Tests: 84 Failed: 8) Failed tests: 16-17, 21, 23, 40-41, 45, 47 Non-zero exit status: 8 Files=211, Tests=2558, 571 wallclock secs (12.72 usr 1.30 sys + 513.13 cusr 56.71 csys = 583.86 CPU) Result: FAIL Makefile:3182: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' Makefile:3180: recipe for target 'tests' failed make: *** [tests] Error 2 From dev at ddvo.net Fri Sep 11 10:20:36 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Fri, 11 Sep 2020 10:20:36 +0000 Subject: [openssl] master update Message-ID: <1599819636.266695.24876.nullmailer@dev.openssl.org> The branch master has been updated via 5ea4c6e553c1f4feb76f70a896a6a8ac912233c4 (commit) via 1cd77e2eca30bd638b58176f3be43886a93b7482 (commit) via 4d2b2889da8a3e343762cdd72f669ec4bcd353a5 (commit) via 62261446b21be4dcdc75af81e07253b803ae57f9 (commit) via 7a7d6b514fb2c95570896e512e165a38c9ecac46 (commit) via ef2d3588e8d4dea8910ab1f7dfec768403efb265 (commit) from 82bdd6419361136e7be533d31a990ba0476fced3 (commit) - Log ----------------------------------------------------------------- commit 5ea4c6e553c1f4feb76f70a896a6a8ac912233c4 Author: Dr. David von Oheimb Date: Wed Sep 9 10:15:45 2020 +0200 apps/cmp.c: Improve example given for -geninfo option (also in man page) Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12825) commit 1cd77e2eca30bd638b58176f3be43886a93b7482 Author: Dr. David von Oheimb Date: Mon Aug 10 17:36:41 2020 +0200 OSSL_CMP_CTX_new.pod: improve doc of OSSL_CMP_CTX_get1_{extraCertsIn,caPubs} Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12825) commit 4d2b2889da8a3e343762cdd72f669ec4bcd353a5 Author: Dr. David von Oheimb Date: Tue Aug 11 07:57:57 2020 +0200 openssl-cmp.pod.in: Update Insta Demo CA port number in case needed Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12825) commit 62261446b21be4dcdc75af81e07253b803ae57f9 Author: Dr. David von Oheimb Date: Fri Aug 28 15:03:11 2020 +0200 apps/cmp.c: Improve user guidance on missing -subject etc. options Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12825) commit 7a7d6b514fb2c95570896e512e165a38c9ecac46 Author: Dr. David von Oheimb Date: Fri Aug 28 14:55:38 2020 +0200 apps/cmp.c: Improve documentation of -extracerts, -untrusted, and -otherpass Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12825) commit ef2d3588e8d4dea8910ab1f7dfec768403efb265 Author: Dr. David von Oheimb Date: Fri Aug 28 13:28:24 2020 +0200 apps/cmp.c: Improve documentation of -secret, -cert, and -key options Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12825) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 27 ++++++++++++++++----------- doc/man1/openssl-cmp.pod.in | 35 ++++++++++++++++++++++------------- doc/man3/OSSL_CMP_CTX_new.pod | 5 +++-- 3 files changed, 41 insertions(+), 26 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 003c75517d..db0d418bd4 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -269,7 +269,7 @@ const OPTIONS cmp_options[] = { {"geninfo", OPT_GENINFO, 's', "generalInfo integer values to place in request PKIHeader with given OID"}, {OPT_MORE_STR, 0, 0, - "specified in the form :int:, e.g. \"1.2.3:int:987\""}, + "specified in the form :int:, e.g. \"1.2.3.4:int:56789\""}, OPT_SECTION("Certificate enrollment"), {"newkey", OPT_NEWKEY, 's', @@ -378,14 +378,16 @@ const OPTIONS cmp_options[] = { {"ref", OPT_REF, 's', "Reference value to use as senderKID in case no -cert is given"}, {"secret", OPT_SECRET, 's', - "Password source for client authentication with a pre-shared key (secret)"}, + "Prefer PBM (over signatures) for protecting msgs with given password source"}, {"cert", OPT_CERT, 's', - "Client's current certificate (needed unless using -secret for PBM);"}, + "Client's CMP signer certificate; its public key must match the -key argument"}, {OPT_MORE_STR, 0, 0, - "any further certs included are appended in extraCerts field"}, + "This also used as default reference for subject DN and SANs."}, + {OPT_MORE_STR, 0, 0, + "Any further certs included are appended to the untrusted certs"}, {"own_trusted", OPT_OWN_TRUSTED, 's', "Optional certs to verify chain building for own CMP signer cert"}, - {"key", OPT_KEY, 's', "Private key for the client's current certificate"}, + {"key", OPT_KEY, 's', "CMP signer private key, not used when -secret given"}, {"keypass", OPT_KEYPASS, 's', "Client private key (and cert and old cert file) pass phrase source"}, {"digest", OPT_DIGEST, 's', @@ -393,7 +395,9 @@ const OPTIONS cmp_options[] = { {"mac", OPT_MAC, 's', "MAC algorithm to use in PBM-based message protection. Default \"hmac-sha1\""}, {"extracerts", OPT_EXTRACERTS, 's', - "Certificates to append in extraCerts field of outgoing messages"}, + "Certificates to append in extraCerts field of outgoing messages."}, + {OPT_MORE_STR, 0, 0, + "This can be used as the default CMP signer cert chain to include"}, {"unprotected_requests", OPT_UNPROTECTED_REQUESTS, '-', "Send messages without CMP-level protection"}, @@ -1479,8 +1483,8 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) */ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) { - if (!opt_unprotected_requests && opt_secret == NULL && opt_cert == NULL) { - CMP_err("must give client credentials unless -unprotected_requests is set"); + if (!opt_unprotected_requests && opt_secret == NULL && opt_key == NULL) { + CMP_err("must give -key or -secret unless -unprotected_requests is used"); return 0; } @@ -1507,7 +1511,7 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) return 0; } if (opt_cert != NULL || opt_key != NULL) - CMP_warn("no signature-based protection used since -secret is given"); + CMP_warn("-cert and -key not used for protection since -secret is given"); } if (opt_ref != NULL && !OSSL_CMP_CTX_set1_referenceValue(ctx, (unsigned char *)opt_ref, @@ -1597,7 +1601,8 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) */ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) { - if (opt_subject == NULL && opt_oldcert == NULL && opt_cert == NULL) + if (opt_subject == NULL && opt_oldcert == NULL && opt_cert == NULL + && opt_cmd != CMP_RR && opt_cmd != CMP_GENM) CMP_warn("no -subject given, neither -oldcert nor -cert available as default"); if (!set_name(opt_subject, OSSL_CMP_CTX_set1_subjectName, ctx, "subject") || !set_name(opt_issuer, OSSL_CMP_CTX_set1_issuer, ctx, "issuer")) @@ -2950,5 +2955,5 @@ int cmp_main(int argc, char **argv) NCONF_free(conf); /* must not do as long as opt_... variables are used */ OSSL_CMP_log_close(); - return ret == 0 ? EXIT_FAILURE : EXIT_SUCCESS; + return ret == 0 ? EXIT_FAILURE : EXIT_SUCCESS; /* ret == -1 for -help */ } diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 44f71b8358..71902ab7da 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -235,7 +235,7 @@ e.g., C. =item B<-geninfo> I generalInfo integer values to place in request PKIHeader with given OID, -e.g., C<1.2.3:int:987>. +e.g., C<1.2.3.4:int:56789>. =back @@ -499,11 +499,14 @@ Each source may contain multiple certificates. =item B<-untrusted> I -Non-trusted intermediate CA certificate(s) that may be useful for cert path -construction for the CMP client certificate (to include in the extraCerts field -of outgoing messages), for the TLS client certificate (if TLS is enabled), +Non-trusted intermediate CA certificate(s). +Any extra certificates given with the B<-cert> option are appended to it. +All these certificates may be useful for cert path construction +for the CMP client certificate (to include in the extraCerts field of outgoing +messages) and for the TLS client certificate (if TLS is enabled) +as well as for chain building when verifying the CMP server certificate (checking signature-based -CMP message protection), and when verifying newly enrolled certificates. +CMP message protection) and when verifying newly enrolled certificates. Multiple filenames may be given, separated by commas and/or whitespace. Each file may contain multiple certificates. @@ -610,10 +613,11 @@ is typically used when authenticating with pre-shared key (password-based MAC). =item B<-secret> I -Source of secret value to use for creating PBM-based protection of outgoing -messages and for verifying any PBM-based protection of incoming messages. +Prefer PBM-based message protection with given source of a secret value. +The secret is used for creating PBM-based protection of outgoing messages +and (as far as needed) for verifying PBM-based protection of incoming messages. PBM stands for Password-Based Message Authentication Code. -This takes precedence over the B<-cert> option. +This takes precedence over the B<-cert> and B<-key> options. For more information about the format of B see the B section in L. @@ -624,13 +628,17 @@ The client's current CMP signer certificate. Requires the corresponding key to be given with B<-key>. The subject of this certificate will be used as sender of outgoing CMP messages, while the subject of B<-oldcert> or B<-subjectName> may provide fallback values. +The issuer of this certificate is used as one of the recipient fallback values. When using signature-based message protection, this "protection certificate" -will be included first in the extraCerts field of outgoing messages. +will be included first in the extraCerts field of outgoing messages +and the signature is done with the corresponding key. In Initialization Request (IR) messages this can be used for authenticating using an external entity certificate as defined in appendix E.7 of RFC 4210. For Key Update Request (KUR) messages this is also used as the certificate to be updated if the B<-oldcert> option is not given. -If the file includes further certs, they are appended to the untrusted certs. +If the file includes further certs, they are appended to the untrusted certs +because they typically constitute the chain of the client certificate, which +is included in the extraCerts field in signature-protected request messages. =item B<-own_trusted> I @@ -708,8 +716,9 @@ The only value with effect is B. =item B<-otherpass> I Pass phrase source for certificate given with the B<-trusted>, B<-untrusted>, -B<-own_trusted>, -B<-out_trusted>, B<-extracerts>, B<-tls_extra>, or B<-tls_trusted> options. +B<-own_trusted>, B<-srvcert>, B<-out_trusted>, B<-extracerts>, +B<-srv_trusted>, B<-srv_untrusted>, B<-rsp_extracerts>, B<-rsp_capubs>, +B<-tls_extra>, and B<-tls_trusted> options. If not given here, the password will be prompted for if needed. For more information about the format of B see the @@ -1018,7 +1027,7 @@ to issue the following shell commands. cd /path/to/openssl export OPENSSL_CONF=openssl.cnf =begin comment - wget 'http://pki.certificate.fi:8080/install-ca-cert.html/ca-certificate.crt\ + wget 'http://pki.certificate.fi:8081/install-ca-cert.html/ca-certificate.crt\ ?ca-id=632&download-certificate=1' -O insta.ca.crt =end comment openssl genrsa -out insta.priv.pem diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index d581556ff1..3d9860114b 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -618,8 +618,9 @@ X.509 certificates computed by OSSL_CMP_certConf_cb() (if this function has been called) on the last received certificate response message IP/CP/KUP. OSSL_CMP_CTX_get1_caPubs() returns a pointer to a duplicate of the list of -X.509 certificates received in the caPubs field of last received certificate -response message IP/CP/KUP. +X.509 certificates in the caPubs field of the last received certificate +response message (of type IP, CP, or KUP), +or an empty stack if no caPubs have been received in the current transaction. OSSL_CMP_CTX_get1_extraCertsIn() returns a pointer to a duplicate of the list of X.509 certificates contained in the extraCerts field of the last received From dev at ddvo.net Fri Sep 11 10:22:31 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Fri, 11 Sep 2020 10:22:31 +0000 Subject: [openssl] master update Message-ID: <1599819751.281966.26678.nullmailer@dev.openssl.org> The branch master has been updated via 0e60ce6334c86d271df5342029639048a635fefa (commit) from 5ea4c6e553c1f4feb76f70a896a6a8ac912233c4 (commit) - Log ----------------------------------------------------------------- commit 0e60ce6334c86d271df5342029639048a635fefa Author: Dr. David von Oheimb Date: Tue Sep 8 23:05:13 2020 +0200 Improve robustness and performance of building Unix static libraries This is a fixup of 385deae79f26dd685339d3141a06d04d6bd753cd, which solved #12116 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12821) ----------------------------------------------------------------------- Summary of changes: Configurations/00-base-templates.conf | 4 ++-- Configurations/unix-Makefile.tmpl | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf index 340e789326..1da5c5f0d0 100644 --- a/Configurations/00-base-templates.conf +++ b/Configurations/00-base-templates.conf @@ -27,8 +27,8 @@ my %targets=( build_scheme => [ "unified", "unix" ], build_file => "Makefile", - AR => "ar", - ARFLAGS => "r", + AR => "(unused)", + ARFLAGS => "(unused)", CC => "cc", HASHBANGPERL => "/usr/bin/env perl", RANLIB => sub { which("$config{cross_compile_prefix}ranlib") diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index cb6263c911..ad5c3111e3 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -1510,13 +1510,14 @@ EOF my @objs = map { platform->obj($_) } @{$args{objs}}; my $deps = join(" \\\n" . ' ' x (length($lib) + 2), fill_lines(' ', $COLUMNS - length($lib) - 2, @objs)); - my $max_per_call = 250; + my $max_per_call = 500; my @objs_grouped; push @objs_grouped, join(" ", splice @objs, 0, $max_per_call) while @objs; my $fill_lib = join("\n\t", (map { "\$(AR) \$(ARFLAGS) $lib $_" } @objs_grouped)); return <<"EOF"; $lib: $deps + \$(RM) $lib $fill_lib \$(RANLIB) \$\@ || echo Never mind. EOF From no-reply at appveyor.com Fri Sep 11 10:51:13 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 11 Sep 2020 10:51:13 +0000 Subject: Build failed: openssl master.36859 Message-ID: <20200911105113.1.3BE9EA7B12A56362@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Sep 11 10:56:38 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 11 Sep 2020 10:56:38 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine Message-ID: <1599821798.068250.9629.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine Commit log since last time: d3dbc9b500 apps_ui.c: Correct password prompt for ui_method 591ceeddb3 apps_ui.c: Correct handling of empty password from -passin f84de16f39 apps_ui.c: Improve error handling and return value of setup_ui_method() 9a62ccbe8a Fix fipsinstall module path 9f604ca13d STORE: Fix OSSL_STORE_attach() to check |ui_method| before use 5a0991d0d9 Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps 5fdcde816f X509_NAME_cmp(): Clearly document its semantics, referencing relevant RFCs a8e2a9f569 X509_NAME_add_entry_by_txt.pod: Improve documentation w.r.t. multi-valued RDNs (containing sets of AVAs) bc64c5a69b X509_NAME_cmp: restrict normal return values to {-1,0,1} to avoid confusion with -2 for error 2aa91df406 X509_NAME_oneline(): Fix output of multi-valued RDNs, escaping '/' and '+' in values 115786793c X509_NAME_print_ex.pod: re-format lines to fit within 80 chars limit 388f2d9f6c app_load_config_bio(): fix crash on error 3101ab603c Fix an EVP_MD_CTX leak b830e00429 Diverse build.info: Adjust paths bb30bce22b bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc 543a802fab bugfix in ossl_cmp_msg_protect(): set senderKID and extend extraCerts also for unprotected CMP requests 6199478101 bugfix in ossl_cmp_msg_add_extraCerts(): should include cert chain when using PBM 7eb48cfc66 test/cmp_{client,msg}_test.c: minor code cleanup eb5087fc7c test/recipes/81-test_cmp_cli_data/Mock/server.cnf: minor cleanup 4245fd64c8 81-test_cmp_cli: Make test output files all different according to #11080 57371e1674 81-test_cmp_cli.t: Stop unlinking test output files according to #11080 c4adc5ba5b apps.c: Fix mem leaks on error in load_certs() and load_crls() a877d2629b apps/cmp.c: clear leftover errors on loading libengines.so etc. 87495d56a9 apps.c: Fix diagnostics and return value of load_key_certs_crls() on error aad086e2ae Replace all wrong usages of 'B<...>' (typically by 'I<...>') in OSSL_CMP_CTX_new.pod a0745e2be6 Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs 474853c39a Fix markdown nits in NOTES-Windows.txt 10203a3472 Support writing RSA keys using the traditional format again 8ae40cf57d ENCODER: Refactor provider implementations, and some cleanup ce43db7a3f Fix up issue on AIX caused by broken compiler handling of macro expansion b7a8fb52a9 s_time: check return values better e942111267 In a non-shared build, don't include the md5 object files in legacy provider 5c97eeb726 TLS fixes for CBC mode and no-deprecated b924d1b6e1 TLS: remove legacy code path supporting special CBC mode 81661a14bc legacy: include MD5 code in legacy provider b250fc7be7 Deprecate SHA and MD5 again. Build log ended with (last 100 lines): storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -certs -noout ../../../../openssl/test/testcrl.pem => 1 not ok 410 - Checking that -certs returns 0 objects on a CRL file # ------------------------------------------------------------------------------ # Failed test 'Checking that -certs returns 0 objects on a CRL file' # at ../openssl/test/recipes/90-test_store.t line 208. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -crls -noout ../../../../openssl/test/testx509.pem => 1 not ok 411 - Checking that -crls returns 0 objects on a certificate file # ------------------------------------------------------------------------------ # Failed test 'Checking that -crls returns 0 objects on a certificate file' # at ../openssl/test/recipes/90-test_store.t line 212. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -crls -noout ../../../../openssl/test/testcrl.pem => 1 not ok 412 - Checking that -crls returns 1 object on a CRL file # ------------------------------------------------------------------------------ # Failed test 'Checking that -crls returns 1 object on a CRL file' # at ../openssl/test/recipes/90-test_store.t line 215. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1 not ok 413 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 226. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -subject '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' rehash => 1 not ok 414 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 229. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -certs -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1 not ok 415 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 233. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -crls -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1 not ok 416 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 236. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -certs -subject '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' rehash => 1 not ok 417 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 239. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -crls -subject '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' rehash => 1 not ok 418 # ------------------------------------------------------------------------------ # Failed test at ../openssl/test/recipes/90-test_store.t line 243. # Looks like you failed 157 tests of 418.90-test_store.t .................... Dubious, test returned 157 (wstat 40192, 0x9d00) Failed 157/418 subtests 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 20-test_pkeyutl.t (Wstat: 512 Tests: 11 Failed: 2) Failed tests: 1-2 Non-zero exit status: 2 25-test_req.t (Wstat: 768 Tests: 16 Failed: 3) Failed tests: 11-12, 14 Non-zero exit status: 3 90-test_store.t (Wstat: 40192 Tests: 418 Failed: 157) Failed tests: 216-220, 222-226, 228-232, 234-238, 240-244 246-248, 250-252, 254-256, 258-260, 262-264 266-268, 270-272, 274-276, 278-280, 282-284 286-288, 290-292, 294-296, 298-300, 302-304 306-308, 310-312, 314-316, 318-320, 322-324 326-328, 330-332, 334-336, 338-340, 342-344 346-348, 350-352, 354-356, 358-360, 362-364 366-368, 370-372, 374-376, 378-380, 382-384 386-388, 390-392, 394-396, 398-402, 405-407 409-418 Non-zero exit status: 157 Files=211, Tests=3368, 701 wallclock secs (11.46 usr 1.23 sys + 632.64 cusr 64.15 csys = 709.48 CPU) Result: FAIL Makefile:3121: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-engine' Makefile:3119: recipe for target 'tests' failed make: *** [tests] Error 2 From beldmit at gmail.com Fri Sep 11 11:33:04 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Fri, 11 Sep 2020 11:33:04 +0000 Subject: [openssl] master update Message-ID: <1599823984.379400.4073.nullmailer@dev.openssl.org> The branch master has been updated via 64713cb10de05c2e3ac63300f4073b11f57287ba (commit) from 0e60ce6334c86d271df5342029639048a635fefa (commit) - Log ----------------------------------------------------------------- commit 64713cb10de05c2e3ac63300f4073b11f57287ba Author: Chris Novakovic Date: Thu Sep 3 23:42:56 2020 +0100 apps/ca: allow CRL lastUpdate/nextUpdate fields to be specified When generating a CRL using the "ca" utility, allow values for the lastUpdate and nextUpdate fields to be specified using the command line options -crl_lastupdate and -crl_nextupdate respectively. Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12784) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 6 + apps/ca.c | 37 ++++-- apps/include/apps.h | 3 + apps/lib/apps.c | 51 ++++++++ doc/man1/openssl-ca.pod.in | 20 ++- test/recipes/80-test_ca.t | 203 ++++++++++++++++++++++++++++++- test/recipes/80-test_ca_data/revoked.key | 27 ++++ 7 files changed, 331 insertions(+), 16 deletions(-) create mode 100644 test/recipes/80-test_ca_data/revoked.key diff --git a/CHANGES.md b/CHANGES.md index 0f6880d716..19cccb725d 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1158,6 +1158,12 @@ OpenSSL 3.0 *Richard Levitte* + * Added the options `-crl_lastupdate` and `-crl_nextupdate` to `openssl ca`, + allowing the `lastUpdate` and `nextUpdate` fields in the generated CRL to + be set explicitly. + + *Chris Novakovic* + * Added support for Linux Kernel TLS data-path. The Linux Kernel data-path improves application performance by removing data copies and providing applications with zero-copy system calls such as sendfile and splice. diff --git a/apps/ca.c b/apps/ca.c index ff40a13d31..f6a928a0e8 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -155,7 +155,8 @@ typedef enum OPTION_choice { OPT_KEY, OPT_CERT, OPT_CERTFORM, OPT_SELFSIGN, OPT_IN, OPT_INFORM, OPT_OUT, OPT_OUTDIR, OPT_VFYOPT, OPT_SIGOPT, OPT_NOTEXT, OPT_BATCH, OPT_PRESERVEDN, OPT_NOEMAILDN, - OPT_GENCRL, OPT_MSIE_HACK, OPT_CRLDAYS, OPT_CRLHOURS, OPT_CRLSEC, + OPT_GENCRL, OPT_MSIE_HACK, OPT_CRL_LASTUPDATE, OPT_CRL_NEXTUPDATE, + OPT_CRLDAYS, OPT_CRLHOURS, OPT_CRLSEC, OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID, OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS, OPT_RAND_SERIAL, @@ -241,6 +242,10 @@ const OPTIONS ca_options[] = { "sets compromise time to val and the revocation reason to keyCompromise"}, {"crl_CA_compromise", OPT_CRL_CA_COMPROMISE, 's', "sets compromise time to val and the revocation reason to CACompromise"}, + {"crl_lastupdate", OPT_CRL_LASTUPDATE, 's', + "Sets the CRL lastUpdate time to val (YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ)"}, + {"crl_nextupdate", OPT_CRL_NEXTUPDATE, 's', + "Sets the CRL nextUpdate time to val (YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ)"}, {"crldays", OPT_CRLDAYS, 'p', "Days until the next CRL is due"}, {"crlhours", OPT_CRLHOURS, 'p', "Hours until the next CRL is due"}, {"crlsec", OPT_CRLSEC, 'p', "Seconds until the next CRL is due"}, @@ -262,7 +267,6 @@ int ca_main(int argc, char **argv) EVP_PKEY *pkey = NULL; BIO *in = NULL, *out = NULL, *Sout = NULL; ASN1_INTEGER *tmpser; - ASN1_TIME *tmptm; CA_DB *db = NULL; DB_ATTR db_attr; STACK_OF(CONF_VALUE) *attribs = NULL; @@ -291,6 +295,7 @@ int ca_main(int argc, char **argv) int keyformat = FORMAT_PEM, multirdn = 1, notext = 0, output_der = 0; int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0; int rand_ser = 0, i, j, selfsign = 0, def_nid, def_ret; + char *crl_lastupdate = NULL, *crl_nextupdate = NULL; long crldays = 0, crlhours = 0, crlsec = 0, days = 0; unsigned long chtype = MBSTRING_ASC, certopt = 0; X509 *x509 = NULL, *x509p = NULL, *x = NULL; @@ -425,6 +430,12 @@ opthelp: case OPT_MSIE_HACK: msie_hack = 1; break; + case OPT_CRL_LASTUPDATE: + crl_lastupdate = opt_arg(); + break; + case OPT_CRL_NEXTUPDATE: + crl_nextupdate = opt_arg(); + break; case OPT_CRLDAYS: crldays = atol(opt_arg()); break; @@ -1146,7 +1157,8 @@ end_of_options: crlhours = 0; ERR_clear_error(); } - if ((crldays == 0) && (crlhours == 0) && (crlsec == 0)) { + if ((crl_nextupdate == NULL) && + (crldays == 0) && (crlhours == 0) && (crlsec == 0)) { BIO_printf(bio_err, "cannot lookup how long until the next CRL is issued\n"); goto end; @@ -1159,19 +1171,18 @@ end_of_options: if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto end; - tmptm = ASN1_TIME_new(); - if (tmptm == NULL - || X509_gmtime_adj(tmptm, 0) == NULL - || !X509_CRL_set1_lastUpdate(crl, tmptm) - || X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec, - NULL) == NULL) { - BIO_puts(bio_err, "error setting CRL nextUpdate\n"); - ASN1_TIME_free(tmptm); + if (!set_crl_lastupdate(crl, crl_lastupdate)) { + BIO_puts(bio_err, "error setting CRL lastUpdate\n"); + ret = 1; goto end; } - X509_CRL_set1_nextUpdate(crl, tmptm); - ASN1_TIME_free(tmptm); + if (!set_crl_nextupdate(crl, crl_nextupdate, + crldays, crlhours, crlsec)) { + BIO_puts(bio_err, "error setting CRL nextUpdate\n"); + ret = 1; + goto end; + } for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { pp = sk_OPENSSL_PSTRING_value(db->db->data, i); diff --git a/apps/include/apps.h b/apps/include/apps.h index 8d1eb7c280..8a6f2b046c 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -75,6 +75,9 @@ int has_stdin_waiting(void); void corrupt_signature(const ASN1_STRING *signature); int set_cert_times(X509 *x, const char *startdate, const char *enddate, int days); +int set_crl_lastupdate(X509_CRL *crl, const char *lastupdate); +int set_crl_nextupdate(X509_CRL *crl, const char *nextupdate, + long days, long hours, long secs); typedef struct args_st { int size; diff --git a/apps/lib/apps.c b/apps/lib/apps.c index d3f3f6d2b6..f2c384494f 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -2704,6 +2704,57 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, return 1; } +int set_crl_lastupdate(X509_CRL *crl, const char *lastupdate) +{ + int ret = 0; + ASN1_TIME *tm = ASN1_TIME_new(); + + if (tm == NULL) + goto end; + + if (lastupdate == NULL) { + if (X509_gmtime_adj(tm, 0) == NULL) + goto end; + } else { + if (!ASN1_TIME_set_string_X509(tm, lastupdate)) + goto end; + } + + if (!X509_CRL_set1_lastUpdate(crl, tm)) + goto end; + + ret = 1; +end: + ASN1_TIME_free(tm); + return ret; +} + +int set_crl_nextupdate(X509_CRL *crl, const char *nextupdate, + long days, long hours, long secs) +{ + int ret = 0; + ASN1_TIME *tm = ASN1_TIME_new(); + + if (tm == NULL) + goto end; + + if (nextupdate == NULL) { + if (X509_time_adj_ex(tm, days, hours * 60 * 60 + secs, NULL) == NULL) + goto end; + } else { + if (!ASN1_TIME_set_string_X509(tm, nextupdate)) + goto end; + } + + if (!X509_CRL_set1_nextUpdate(crl, tm)) + goto end; + + ret = 1; +end: + ASN1_TIME_free(tm); + return ret; +} + void make_uppercase(char *string) { int i; diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in index d196565422..0253b994a0 100644 --- a/doc/man1/openssl-ca.pod.in +++ b/doc/man1/openssl-ca.pod.in @@ -22,6 +22,8 @@ B B [B<-crl_hold> I] [B<-crl_compromise> I