[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Fri Feb 5 00:24:25 UTC 2021
The branch master has been updated
via 7dc67708c8ae6ec06c7fec34781225ed60b5e68d (commit)
from 88444854affe31ce08a5daaf4b6afc86e6972c63 (commit)
- Log -----------------------------------------------------------------
commit 7dc67708c8ae6ec06c7fec34781225ed60b5e68d
Author: Petr Gotthard <petr.gotthard at centrum.cz>
Date: Sat Dec 26 21:32:14 2020 +0100
apps/openssl: add -propquery command line option
Fixes #13656. Right now all openssl commands use a NULL propq. This
patch adds a possibility to specify a custom propq.
The implementation follows the example of set_nameopt/get_nameopt.
Various tools had to be modified to call app_get0_propq after it has
been populated. Otherwise the -propquery has no effect.
The tests then verify the -propquery affects the tool behaviour by
requesting a non-existing property.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13707)
-----------------------------------------------------------------------
Summary of changes:
apps/cms.c | 26 ++++++++++++--------------
apps/genpkey.c | 5 ++---
apps/include/apps.h | 1 +
apps/include/opt.h | 8 +++++---
apps/lib/app_provider.c | 2 ++
apps/lib/apps.c | 11 +++++++++--
apps/mac.c | 2 +-
apps/pkcs7.c | 3 +--
apps/pkeyutl.c | 12 ++++++------
apps/smime.c | 7 +++----
apps/storeutl.c | 11 +++++------
doc/man1/openssl.pod | 20 ++++++++++++++++++++
doc/perlvars.pm | 5 ++++-
test/recipes/15-test_genrsa.t | 5 ++++-
test/recipes/20-test_mac.t | 5 +++++
15 files changed, 80 insertions(+), 43 deletions(-)
diff --git a/apps/cms.c b/apps/cms.c
index e8254cb85c..36fb88e15c 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -28,7 +28,7 @@ static int cms_cb(int ok, X509_STORE_CTX *ctx);
static void receipt_request_print(CMS_ContentInfo *cms);
static CMS_ReceiptRequest *make_receipt_request(
STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
- STACK_OF(OPENSSL_STRING) *rr_from, OSSL_LIB_CTX *libctx, const char *propq);
+ STACK_OF(OPENSSL_STRING) *rr_from, OSSL_LIB_CTX *libctx);
static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
STACK_OF(OPENSSL_STRING) *param);
@@ -303,7 +303,6 @@ int cms_main(int argc, char **argv)
const char *mime_eol = "\n";
OPTION_CHOICE o;
OSSL_LIB_CTX *libctx = app_get0_libctx();
- const char *propq = app_get0_propq();
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
return 1;
@@ -457,7 +456,7 @@ int cms_main(int argc, char **argv)
goto opthelp;
} else {
rcms = load_content_info(rctformat, rctin, NULL, "recipient",
- libctx, propq);
+ libctx, app_get0_propq());
}
break;
case OPT_CERTFILE:
@@ -870,7 +869,7 @@ int cms_main(int argc, char **argv)
goto end;
if (operation & SMIME_IP) {
- cms = load_content_info(informat, in, &indata, "SMIME", libctx, propq);
+ cms = load_content_info(informat, in, &indata, "SMIME", libctx, app_get0_propq());
if (cms == NULL)
goto end;
if (contfile != NULL) {
@@ -901,7 +900,7 @@ int cms_main(int argc, char **argv)
}
rcms = load_content_info(rctformat, rctin, NULL, "recipient", libctx,
- propq);
+ app_get0_propq());
if (rcms == NULL)
goto end;
}
@@ -922,15 +921,15 @@ int cms_main(int argc, char **argv)
ret = 3;
if (operation == SMIME_DATA_CREATE) {
- cms = CMS_data_create_ex(in, flags, libctx, propq);
+ cms = CMS_data_create_ex(in, flags, libctx, app_get0_propq());
} else if (operation == SMIME_DIGEST_CREATE) {
- cms = CMS_digest_create_ex(in, sign_md, flags, libctx, propq);
+ cms = CMS_digest_create_ex(in, sign_md, flags, libctx, app_get0_propq());
} else if (operation == SMIME_COMPRESS) {
cms = CMS_compress(in, -1, flags);
} else if (operation == SMIME_ENCRYPT) {
int i;
flags |= CMS_PARTIAL;
- cms = CMS_encrypt_ex(NULL, in, cipher, flags, libctx, propq);
+ cms = CMS_encrypt_ex(NULL, in, cipher, flags, libctx, app_get0_propq());
if (cms == NULL)
goto end;
for (i = 0; i < sk_X509_num(encerts); i++) {
@@ -996,7 +995,7 @@ int cms_main(int argc, char **argv)
}
} else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
cms = CMS_EncryptedData_encrypt_ex(in, cipher, secret_key,
- secret_keylen, flags, libctx, propq);
+ secret_keylen, flags, libctx, app_get0_propq());
} else if (operation == SMIME_SIGN_RECEIPT) {
CMS_ContentInfo *srcms = NULL;
@@ -1024,15 +1023,14 @@ int cms_main(int argc, char **argv)
flags |= CMS_STREAM;
}
flags |= CMS_PARTIAL;
- cms = CMS_sign_ex(NULL, NULL, other, in, flags, libctx, propq);
+ cms = CMS_sign_ex(NULL, NULL, other, in, flags, libctx, app_get0_propq());
if (cms == NULL)
goto end;
if (econtent_type != NULL)
CMS_set1_eContentType(cms, econtent_type);
if (rr_to != NULL) {
- rr = make_receipt_request(rr_to, rr_allorfirst, rr_from, libctx,
- propq);
+ rr = make_receipt_request(rr_to, rr_allorfirst, rr_from, libctx);
if (rr == NULL) {
BIO_puts(bio_err,
"Signed Receipt Request Creation Error\n");
@@ -1389,7 +1387,7 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
static CMS_ReceiptRequest *make_receipt_request(
STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
STACK_OF(OPENSSL_STRING) *rr_from,
- OSSL_LIB_CTX *libctx, const char *propq)
+ OSSL_LIB_CTX *libctx)
{
STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL;
CMS_ReceiptRequest *rr;
@@ -1404,7 +1402,7 @@ static CMS_ReceiptRequest *make_receipt_request(
rct_from = NULL;
}
rr = CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from,
- rct_to, libctx, propq);
+ rct_to, libctx, app_get0_propq());
return rr;
err:
sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);
diff --git a/apps/genpkey.c b/apps/genpkey.c
index 83af5ec88f..bdd8b43e47 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -68,7 +68,6 @@ int genpkey_main(int argc, char **argv)
int outformat = FORMAT_PEM, text = 0, ret = 1, rv, do_param = 0;
int private = 0;
OSSL_LIB_CTX *libctx = app_get0_libctx();
- const char *propq = app_get0_propq();
prog = opt_init(argc, argv, genpkey_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -98,11 +97,11 @@ int genpkey_main(int argc, char **argv)
case OPT_PARAMFILE:
if (do_param == 1)
goto opthelp;
- if (!init_keygen_file(&ctx, opt_arg(), e, libctx, propq))
+ if (!init_keygen_file(&ctx, opt_arg(), e, libctx, app_get0_propq()))
goto end;
break;
case OPT_ALGORITHM:
- if (!init_gen_str(&ctx, opt_arg(), e, do_param, libctx, propq))
+ if (!init_gen_str(&ctx, opt_arg(), e, do_param, libctx, app_get0_propq()))
goto end;
break;
case OPT_PKEYOPT:
diff --git a/apps/include/apps.h b/apps/include/apps.h
index c0e351b3b9..d4241fa61e 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -323,6 +323,7 @@ int app_provider_load(OSSL_LIB_CTX *libctx, const char *provider_name);
void app_providers_cleanup(void);
OSSL_LIB_CTX *app_get0_libctx(void);
+int app_set_propq(const char *arg);
const char *app_get0_propq(void);
#endif
diff --git a/apps/include/opt.h b/apps/include/opt.h
index 5f3efe5105..d23bf262fc 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -270,7 +270,7 @@
*/
# define OPT_PROV_ENUM \
OPT_PROV__FIRST=1600, \
- OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, \
+ OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, OPT_PROV_PROPQUERY, \
OPT_PROV__LAST
# define OPT_CONFIG_OPTION \
@@ -279,12 +279,14 @@
# define OPT_PROV_OPTIONS \
OPT_SECTION("Provider"), \
{ "provider-path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path (must be before 'provider' argument if required)" }, \
- { "provider", OPT_PROV_PROVIDER, 's', "Provider to load (can be specified multiple times)" }
+ { "provider", OPT_PROV_PROVIDER, 's', "Provider to load (can be specified multiple times)" }, \
+ { "propquery", OPT_PROV_PROPQUERY, 's', "Property query used when fetching algorithms" }
# define OPT_PROV_CASES \
OPT_PROV__FIRST: case OPT_PROV__LAST: break; \
case OPT_PROV_PROVIDER: \
- case OPT_PROV_PROVIDER_PATH
+ case OPT_PROV_PROVIDER_PATH: \
+ case OPT_PROV_PROPQUERY
/*
* Option parsing.
diff --git a/apps/lib/app_provider.c b/apps/lib/app_provider.c
index 490960521c..1a1757a5bd 100644
--- a/apps/lib/app_provider.c
+++ b/apps/lib/app_provider.c
@@ -70,6 +70,8 @@ int opt_provider(int opt)
return app_provider_load(app_get0_libctx(), opt_arg());
case OPT_PROV_PROVIDER_PATH:
return opt_provider_path(opt_arg());
+ case OPT_PROV_PROPQUERY:
+ return app_set_propq(opt_arg());
}
return 0;
}
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 51c7c82eae..f53f1b2003 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -331,10 +331,17 @@ OSSL_LIB_CTX *app_get0_libctx(void)
return app_libctx;
}
-/* TODO(3.0): Make this an environment variable if required */
+static const char *app_propq = NULL;
+
+int app_set_propq(const char *arg)
+{
+ app_propq = arg;
+ return 1;
+}
+
const char *app_get0_propq(void)
{
- return NULL;
+ return app_propq;
}
OSSL_LIB_CTX *app_create_libctx(void)
diff --git a/apps/mac.c b/apps/mac.c
index ea75b33623..ce00ff92e0 100644
--- a/apps/mac.c
+++ b/apps/mac.c
@@ -105,7 +105,7 @@ opthelp:
if (argc != 1)
goto opthelp;
- mac = EVP_MAC_fetch(NULL, argv[0], NULL);
+ mac = EVP_MAC_fetch(app_get0_libctx(), argv[0], app_get0_propq());
if (mac == NULL) {
BIO_printf(bio_err, "Invalid MAC name %s\n", argv[0]);
goto opthelp;
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index efc58b10c9..d970feb30e 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -61,7 +61,6 @@ int pkcs7_main(int argc, char **argv)
int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1;
OPTION_CHOICE o;
OSSL_LIB_CTX *libctx = app_get0_libctx();
- const char *propq = app_get0_propq();
prog = opt_init(argc, argv, pkcs7_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -120,7 +119,7 @@ int pkcs7_main(int argc, char **argv)
if (in == NULL)
goto end;
- p7 = PKCS7_new_ex(libctx, propq);
+ p7 = PKCS7_new_ex(libctx, app_get0_propq());
if (p7 == NULL) {
BIO_printf(bio_err, "unable to allocate PKCS7 object\n");
ERR_print_errors(bio_err);
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index a88a6ca7a3..4eb15c30f4 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -24,7 +24,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
const char *keyfile, int keyform, int key_type,
char *passinarg, int pkey_op, ENGINE *e,
const int impl, int rawin, EVP_PKEY **ppkey,
- OSSL_LIB_CTX *libctx, const char *propq);
+ OSSL_LIB_CTX *libctx);
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
ENGINE *e);
@@ -125,7 +125,6 @@ int pkeyutl_main(int argc, char **argv)
const EVP_MD *md = NULL;
int filesize = -1;
OSSL_LIB_CTX *libctx = app_get0_libctx();
- const char *propq = NULL;
prog = opt_init(argc, argv, pkeyutl_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -293,7 +292,7 @@ int pkeyutl_main(int argc, char **argv)
}
ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type,
passinarg, pkey_op, e, engine_impl, rawin, &pkey,
- libctx, propq);
+ libctx);
if (ctx == NULL) {
BIO_printf(bio_err, "%s: Error initializing context\n", prog);
ERR_print_errors(bio_err);
@@ -514,7 +513,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
char *passinarg, int pkey_op, ENGINE *e,
const int engine_impl, int rawin,
EVP_PKEY **ppkey,
- OSSL_LIB_CTX *libctx, const char *propq)
+ OSSL_LIB_CTX *libctx)
{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
@@ -522,6 +521,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
char *passin = NULL;
int rv = -1;
X509 *x;
+
if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
|| (pkey_op == EVP_PKEY_OP_DERIVE))
&& (key_type != KEY_PRIVKEY && kdfalg == NULL)) {
@@ -573,7 +573,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
if (impl != NULL)
ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
else
- ctx = EVP_PKEY_CTX_new_from_name(libctx, kdfalg, propq);
+ ctx = EVP_PKEY_CTX_new_from_name(libctx, kdfalg, app_get0_propq());
} else {
if (pkey == NULL)
goto end;
@@ -582,7 +582,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
if (impl != NULL)
ctx = EVP_PKEY_CTX_new(pkey, impl);
else
- ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
+ ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, app_get0_propq());
if (ppkey != NULL)
*ppkey = pkey;
EVP_PKEY_free(pkey);
diff --git a/apps/smime.c b/apps/smime.c
index 2e35009709..2a9ee27a34 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -155,7 +155,6 @@ int smime_main(int argc, char **argv)
ENGINE *e = NULL;
const char *mime_eol = "\n";
OSSL_LIB_CTX *libctx = app_get0_libctx();
- const char *propq = app_get0_propq();
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
return 1;
@@ -487,7 +486,7 @@ int smime_main(int argc, char **argv)
if (operation & SMIME_IP) {
PKCS7 *p7_in = NULL;
- p7 = PKCS7_new_ex(libctx, propq);
+ p7 = PKCS7_new_ex(libctx, app_get0_propq());
if (p7 == NULL) {
BIO_printf(bio_err, "Error allocating PKCS7 object\n");
goto end;
@@ -534,7 +533,7 @@ int smime_main(int argc, char **argv)
if (operation == SMIME_ENCRYPT) {
if (indef)
flags |= PKCS7_STREAM;
- p7 = PKCS7_encrypt_ex(encerts, in, cipher, flags, libctx, propq);
+ p7 = PKCS7_encrypt_ex(encerts, in, cipher, flags, libctx, app_get0_propq());
} else if (operation & SMIME_SIGNERS) {
int i;
/*
@@ -549,7 +548,7 @@ int smime_main(int argc, char **argv)
flags |= PKCS7_STREAM;
}
flags |= PKCS7_PARTIAL;
- p7 = PKCS7_sign_ex(NULL, NULL, other, in, flags, libctx, propq);
+ p7 = PKCS7_sign_ex(NULL, NULL, other, in, flags, libctx, app_get0_propq());
if (p7 == NULL)
goto end;
if (flags & PKCS7_NOCERTS) {
diff --git a/apps/storeutl.c b/apps/storeutl.c
index 0ec65ab047..9333c478f2 100644
--- a/apps/storeutl.c
+++ b/apps/storeutl.c
@@ -19,7 +19,7 @@
static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
int expected, int criterion, OSSL_STORE_SEARCH *search,
int text, int noout, int recursive, int indent, BIO *out,
- const char *prog, OSSL_LIB_CTX *libctx, const char *propq);
+ const char *prog, OSSL_LIB_CTX *libctx);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_OUT, OPT_PASSIN,
@@ -85,7 +85,6 @@ int storeutl_main(int argc, char *argv[])
OSSL_STORE_SEARCH *search = NULL;
const EVP_MD *digest = NULL;
OSSL_LIB_CTX *libctx = app_get0_libctx();
- const char *propq = app_get0_propq();
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
@@ -315,7 +314,7 @@ int storeutl_main(int argc, char *argv[])
ret = process(argv[0], get_ui_method(), &pw_cb_data,
expected, criterion, search,
- text, noout, recursive, 0, out, prog, libctx, propq);
+ text, noout, recursive, 0, out, prog, libctx);
end:
OPENSSL_free(fingerprint);
@@ -346,12 +345,12 @@ static int indent_printf(int indent, BIO *bio, const char *format, ...)
static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
int expected, int criterion, OSSL_STORE_SEARCH *search,
int text, int noout, int recursive, int indent, BIO *out,
- const char *prog, OSSL_LIB_CTX *libctx, const char *propq)
+ const char *prog, OSSL_LIB_CTX *libctx)
{
OSSL_STORE_CTX *store_ctx = NULL;
int ret = 1, items = 0;
- if ((store_ctx = OSSL_STORE_open_ex(uri, libctx, propq, uimeth, uidata,
+ if ((store_ctx = OSSL_STORE_open_ex(uri, libctx, app_get0_propq(), uimeth, uidata,
NULL, NULL))
== NULL) {
BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri);
@@ -436,7 +435,7 @@ static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
ret += process(suburi, uimeth, uidata,
expected, criterion, search,
text, noout, recursive, indent + 2, out, prog,
- libctx, propq);
+ libctx);
}
break;
case OSSL_STORE_INFO_PARAMS:
diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index 3176c19eee..8e30f81fe9 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -645,6 +645,26 @@ the PKCS#11 URI as defined in RFC 7512 should be possible to use directly:
-key pkcs11:object=some-private-key;pin-value=1234
+=head2 Provider Options
+
+=over 4
+
+=item B<-provider> I<name>
+
+Load and initialize the provider identified by I<name>.
+
+=item B<-provider-path> I<path>
+
+Specifies the search path that is to be used for looking for providers.
+
+=item B<-propquery> I<propq>
+
+Specifies the I<property query clause> to be used when fetching algorithms
+from the loaded providers.
+See L<property(7)> for a more detailed description.
+
+=back
+
=head1 ENVIRONMENT
The OpenSSL library can be take some configuration parameters from the
diff --git a/doc/perlvars.pm b/doc/perlvars.pm
index d4fbba9a64..47f813d51e 100644
--- a/doc/perlvars.pm
+++ b/doc/perlvars.pm
@@ -93,12 +93,15 @@ $OpenSSL::safe::opt_r_item = ""
# Provider options
$OpenSSL::safe::opt_provider_synopsis = ""
. "[B<-provider> I<name>]\n"
-. "[B<-provider-path> I<path>]";
+. "[B<-provider-path> I<path>]\n"
+. "[B<-propquery> I<propq>]";
$OpenSSL::safe::opt_provider_item = ""
. "=item B<-provider> I<name>\n"
. "\n"
. "=item B<-provider-path> I<path>\n"
. "\n"
+. "=item B<-propquery> I<propq>\n"
+. "\n"
. "See L<openssl(1)/Provider Options>.";
# Configuration option
diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
index ffa334f15e..16bad16d65 100644
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -26,7 +26,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
plan tests =>
($no_fips ? 0 : 2) # FIPS install test + fips related test
- + 12;
+ + 13;
# We want to know that an absurdly small number of bits isn't support
if (disabled("deprecated-3.0")) {
@@ -101,6 +101,9 @@ ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
'-pkeyopt', 'e:65538',
'-out', 'genrsatest.pem' ])),
"genpkey with a even public exponent should fail");
+ok(!run(app([ 'openssl', 'genpkey', '-propquery', 'unknown',
+ '-algorithm', 'RSA' ])),
+ "genpkey requesting unknown=yes property should fail");
SKIP: {
diff --git a/test/recipes/20-test_mac.t b/test/recipes/20-test_mac.t
index e34381c025..61f6161b0c 100644
--- a/test/recipes/20-test_mac.t
+++ b/test/recipes/20-test_mac.t
@@ -78,6 +78,11 @@ my @mac_fail_tests = (
input => '00',
err => 'EVP_MAC_Init',
desc => 'KMAC128 Fail no key' },
+ { cmd => [qw{openssl mac -propquery unknown -macopt hexkey:404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F}],
+ type => 'KMAC128',
+ input => '00',
+ err => 'Invalid MAC name KMAC128',
+ desc => 'KMAC128 Fail unknown property' },
);
my @siphash_fail_tests = (
More information about the openssl-commits
mailing list