From openssl at openssl.org Fri Jan 1 20:52:53 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Fri, 01 Jan 2021 20:52:53 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
--strict-warnings no-dtls1_2
Message-ID: <1609534373.287774.1244736.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2
Commit log since last time:
30af356df4 Don't call EVP_CIPHER_CTX_block_size() to find the block size
Build log ended with (last 100 lines):
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 80216E01F67F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../openssl/ssl/t1_lib.c:3308:
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 80216E01F67F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:610:SSL alert number 80
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6463
# false
not ok 2 - iteration 2
# ------------------------------------------------------------------------------
not ok 53 - test_ssl_pending
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/MzicHD5nGO default ../../../openssl/test/default.cnf => 1
not ok 1 - running sslapitest
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 8041188D5F7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 8041188D5F7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:852
# false
not ok 3 - test_large_message_dtls
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 8041188D5F7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 8041188D5F7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1333
# false
# ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1411
# false
not ok 4 - test_cleanse_plaintext
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 8041188D5F7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 8041188D5F7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6463
# false
not ok 2 - iteration 2
# ------------------------------------------------------------------------------
not ok 53 - test_ssl_pending
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/MzicHD5nGO fips ../../../openssl/test/fips-and-base.cnf => 1
not ok 3 - running sslapitest
# ------------------------------------------------------------------------------
# Failed test 'running sslapitest'
# at ../openssl/test/recipes/90-test_sslapi.t line 45.
# Looks like you failed 2 tests of 3.90-test_sslapi.t ...................
Dubious, test returned 2 (wstat 512, 0x200)
Failed 2/3 subtests
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
95-test_external_boringssl.t ....... skipped: No external tests in this configuration
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok
Test Summary Report
-------------------
80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit status: 1
80-test_ssl_new.t (Wstat: 768 Tests: 31 Failed: 3)
Failed tests: 8, 17, 19
Non-zero exit status: 3
90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2)
Failed tests: 1, 3
Non-zero exit status: 2
Files=227, Tests=3559, 1029 wallclock secs (14.70 usr 1.46 sys + 934.34 cusr 89.97 csys = 1040.47 CPU)
Result: FAIL
make[1]: *** [Makefile:3252: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2'
make: *** [Makefile:3249: tests] Error 2
From openssl at openssl.org Fri Jan 1 23:15:47 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Fri, 01 Jan 2021 23:15:47 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
--strict-warnings no-dtls1_2-method
Message-ID: <1609542947.364748.1547798.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method
Commit log since last time:
30af356df4 Don't call EVP_CIPHER_CTX_block_size() to find the block size
Build log ended with (last 100 lines):
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 80913F6B027F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../openssl/ssl/t1_lib.c:3308:
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 80913F6B027F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:610:SSL alert number 80
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6463
# false
not ok 2 - iteration 2
# ------------------------------------------------------------------------------
not ok 53 - test_ssl_pending
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/e6xJZzg77S default ../../../openssl/test/default.cnf => 1
not ok 1 - running sslapitest
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 80B1C9610E7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 80B1C9610E7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:852
# false
not ok 3 - test_large_message_dtls
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 80B1C9610E7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 80B1C9610E7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1333
# false
# ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1411
# false
not ok 4 - test_cleanse_plaintext
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 80B1C9610E7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 80B1C9610E7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6463
# false
not ok 2 - iteration 2
# ------------------------------------------------------------------------------
not ok 53 - test_ssl_pending
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/e6xJZzg77S fips ../../../openssl/test/fips-and-base.cnf => 1
not ok 3 - running sslapitest
# ------------------------------------------------------------------------------
# Failed test 'running sslapitest'
# at ../openssl/test/recipes/90-test_sslapi.t line 45.
# Looks like you failed 2 tests of 3.90-test_sslapi.t ...................
Dubious, test returned 2 (wstat 512, 0x200)
Failed 2/3 subtests
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
95-test_external_boringssl.t ....... skipped: No external tests in this configuration
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok
Test Summary Report
-------------------
80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit status: 1
80-test_ssl_new.t (Wstat: 768 Tests: 31 Failed: 3)
Failed tests: 8, 17, 19
Non-zero exit status: 3
90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2)
Failed tests: 1, 3
Non-zero exit status: 2
Files=227, Tests=3559, 890 wallclock secs (13.89 usr 1.39 sys + 796.51 cusr 89.05 csys = 900.84 CPU)
Result: FAIL
make[1]: *** [Makefile:3250: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method'
make: *** [Makefile:3247: tests] Error 2
From openssl at openssl.org Mon Jan 4 01:06:05 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Mon, 04 Jan 2021 01:06:05 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
--strict-warnings no-asm
Message-ID: <1609722365.838211.2158089.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-asm
Commit log since last time:
ea08f8b294 Add a test for the new CRYPTO_atomic_* functions
49fff26d67 Add documentation for CRYPTO_atomic_or and CRYPTO_atomic_load
db6bcc81ab Optimise OPENSSL_init_crypto
d5e742de65 Add some more CRYPTO_atomic functions
Build log ended with (last 100 lines):
rm -f test/sysdefaulttest
${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \
-o test/sysdefaulttest \
test/sysdefaulttest-bin-sysdefaulttest.o \
-lssl test/libtestutil.a -lcrypto -ldl -pthread
rm -f test/tls13ccstest
${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \
-o test/tls13ccstest \
test/helpers/tls13ccstest-bin-ssltestlib.o \
test/tls13ccstest-bin-tls13ccstest.o \
-lssl test/libtestutil.a -lcrypto -ldl -pthread
rm -f test/tls13secretstest
${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \
-o test/tls13secretstest \
crypto/tls13secretstest-bin-packet.o \
ssl/tls13secretstest-bin-tls13_enc.o \
test/tls13secretstest-bin-tls13secretstest.o \
-lssl test/libtestutil.a -lcrypto -ldl -pthread
rm -f test/uitest
${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \
-o test/uitest \
apps/lib/uitest-bin-apps_ui.o test/uitest-bin-uitest.o \
-lssl test/libtestutil.a -lcrypto -ldl -pthread
make[1]: Leaving directory '/home/openssl/run-checker/no-asm'
$ make test
make depend && make _tests
make[1]: Entering directory '/home/openssl/run-checker/no-asm'
make[1]: Leaving directory '/home/openssl/run-checker/no-asm'
make[1]: Entering directory '/home/openssl/run-checker/no-asm'
( SRCTOP=../openssl \
BLDTOP=. \
PERL="/usr/bin/perl" \
FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" \
EXE_EXT= \
/usr/bin/perl ../openssl/test/run_tests.pl )
01-test_abort.t .................... ok
01-test_sanity.t ................... ok
01-test_symbol_presence.t .......... ok
01-test_test.t ..................... ok
02-test_errstr.t ................... ok
02-test_internal_context.t ......... ok
02-test_internal_ctype.t ........... ok
02-test_internal_keymgmt.t ......... ok
02-test_internal_provider.t ........ ok
02-test_lhash.t .................... ok
02-test_ordinals.t ................. ok
02-test_sparse_array.t ............. ok
02-test_stack.t .................... ok
03-test_exdata.t ................... ok
03-test_fipsinstall.t .............. ok
03-test_internal_asn1.t ............ ok
03-test_internal_asn1_dsa.t ........ ok
03-test_internal_bn.t .............. ok
03-test_internal_chacha.t .......... ok
03-test_internal_curve448.t ........ ok
03-test_internal_ec.t .............. ok
03-test_internal_ffc.t ............. ok
03-test_internal_mdc2.t ............ ok
03-test_internal_modes.t ........... ok
03-test_internal_namemap.t ......... ok
03-test_internal_poly1305.t ........ ok
03-test_internal_rsa_sp800_56b.t ... ok
03-test_internal_siphash.t ......... ok
03-test_internal_sm2.t ............. ok
03-test_internal_sm4.t ............. ok
03-test_internal_ssl_cert_table.t .. ok
03-test_internal_x509.t ............ ok
03-test_params_api.t ............... ok
03-test_property.t ................. ok
03-test_ui.t ....................... ok
04-test_asn1_decode.t .............. ok
04-test_asn1_encode.t .............. ok
04-test_asn1_string_table.t ........ ok
04-test_bio_callback.t ............. ok
04-test_bioprint.t ................. ok
04-test_conf.t ..................... ok
04-test_encoder_decoder.t .......... ok
04-test_encoder_decoder_legacy.t ... ok
04-test_err.t ...................... ok
04-test_hexstring.t ................ ok
04-test_param_build.t .............. ok
04-test_params.t ................... ok
04-test_params_conversion.t ........ ok
04-test_pem.t ...................... ok
04-test_pem_read_depr.t ............ ok
04-test_provider.t ................. ok
04-test_provider_fallback.t ........ ok
05-test_bf.t ....................... ok
05-test_cast.t ..................... ok
05-test_cmac.t ..................... ok
05-test_des.t ...................... ok
05-test_hmac.t ..................... ok
05-test_idea.t ..................... ok
05-test_rand.t ..................... ok
05-test_rc2.t ...................... ok
05-test_rc4.t ...................... ok
05-test_rc5.t ...................... skipped: rc5 is not supported by this OpenSSL build
06-test-rdrand.t ................... ok
make[1]: *** [Makefile:3244: _tests] Terminated
make: *** [Makefile:3241: tests] Terminated
From openssl at openssl.org Mon Jan 4 01:56:44 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Mon, 04 Jan 2021 01:56:44 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
--strict-warnings no-autoerrinit
Message-ID: <1609725404.902846.2267183.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit
Commit log since last time:
ea08f8b294 Add a test for the new CRYPTO_atomic_* functions
49fff26d67 Add documentation for CRYPTO_atomic_or and CRYPTO_atomic_load
db6bcc81ab Optimise OPENSSL_init_crypto
d5e742de65 Add some more CRYPTO_atomic functions
Build log ended with (last 100 lines):
70-test_servername.t ............... ok
70-test_sslcbcpadding.t ............ ok
70-test_sslcertstatus.t ............ ok
70-test_sslextension.t ............. ok
70-test_sslmessages.t .............. ok
70-test_sslrecords.t ............... ok
70-test_sslsessiontick.t ........... ok
70-test_sslsigalgs.t ............... ok
70-test_sslsignature.t ............. ok
70-test_sslskewith0p.t ............. ok
70-test_sslversions.t .............. ok
70-test_sslvertol.t ................ ok
70-test_tls13alerts.t .............. ok
70-test_tls13cookie.t .............. ok
70-test_tls13downgrade.t ........... ok
70-test_tls13hrr.t ................. ok
70-test_tls13kexmodes.t ............ ok
70-test_tls13messages.t ............ ok
70-test_tls13psk.t ................. ok
70-test_tlsextms.t ................. ok
70-test_verify_extra.t ............. ok
70-test_wpacket.t .................. ok
71-test_ssl_ctx.t .................. ok
80-test_ca.t ....................... ok
80-test_cipherbytes.t .............. ok
80-test_cipherlist.t ............... ok
80-test_ciphername.t ............... ok
# 80-test_cms.t ...................... ok
80-test_cmsapi.t ................... ok
80-test_ct.t ....................... ok
80-test_dane.t ..................... ok
80-test_dtls.t ..................... ok
80-test_dtls_mtu.t ................. ok
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok
80-test_ssl_new.t .................. ok
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
# 81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. ok
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... ok
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ ok
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
95-test_external_boringssl.t ....... skipped: No external tests in this configuration
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok
Test Summary Report
-------------------
04-test_err.t (Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit status: 1
Files=227, Tests=3423, 884 wallclock secs (14.44 usr 1.28 sys + 794.72 cusr 85.10 csys = 895.54 CPU)
Result: FAIL
make[1]: *** [Makefile:3255: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit'
make: *** [Makefile:3252: tests] Error 2
From dev at ddvo.net Mon Jan 4 07:01:15 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Mon, 04 Jan 2021 07:01:15 +0000
Subject: [openssl] master update
Message-ID: <1609743675.523505.14548.nullmailer@dev.openssl.org>
The branch master has been updated
via 38b57c4c5268e4db0cad6db6744bf70ce4a0e188 (commit)
from ea08f8b294d129371536649463c76a81dc4d4e55 (commit)
- Log -----------------------------------------------------------------
commit 38b57c4c5268e4db0cad6db6744bf70ce4a0e188
Author: Dr. David von Oheimb
Date: Fri Jan 1 20:43:46 2021 +0100
Update copyright years of auto-generated headers (make update)
Reviewed-by: Matthias St. Pierre
(Merged from https://github.com/openssl/openssl/pull/13764)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/charmap.h | 2 +-
crypto/bn/bn_prime.h | 2 +-
crypto/conf/conf_def.h | 2 +-
crypto/objects/obj_dat.h | 2 +-
crypto/objects/obj_xref.h | 2 +-
include/openssl/obj_mac.h | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h
index e855b15977..ac1eb076cc 100644
--- a/crypto/asn1/charmap.h
+++ b/crypto/asn1/charmap.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/asn1/charmap.pl
*
- * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h
index ef16bb43d0..8a859ac02e 100644
--- a/crypto/bn/bn_prime.h
+++ b/crypto/bn/bn_prime.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/bn/bn_prime.pl
*
- * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
index 3fdb6a9b4a..1f66a58e09 100644
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/conf/keysets.pl
*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 440fd1d6af..1b852e6dfa 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/objects/obj_dat.pl
*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h
index ba290cc661..0f8a05652e 100644
--- a/crypto/objects/obj_xref.h
+++ b/crypto/objects/obj_xref.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by objxref.pl
*
- * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index 5af0024989..89b449037f 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/objects/objects.pl
*
- * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
From openssl at openssl.org Mon Jan 4 07:27:54 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Mon, 04 Jan 2021 07:27:54 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
--strict-warnings no-des
Message-ID: <1609745274.627667.2971884.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-des
Commit log since last time:
ea08f8b294 Add a test for the new CRYPTO_atomic_* functions
49fff26d67 Add documentation for CRYPTO_atomic_or and CRYPTO_atomic_load
db6bcc81ab Optimise OPENSSL_init_crypto
d5e742de65 Add some more CRYPTO_atomic functions
Build log ended with (last 100 lines):
70-test_sslextension.t ............. ok
70-test_sslmessages.t .............. ok
70-test_sslrecords.t ............... ok
70-test_sslsessiontick.t ........... ok
70-test_sslsigalgs.t ............... ok
70-test_sslsignature.t ............. ok
70-test_sslskewith0p.t ............. ok
70-test_sslversions.t .............. ok
70-test_sslvertol.t ................ ok
70-test_tls13alerts.t .............. ok
70-test_tls13cookie.t .............. ok
70-test_tls13downgrade.t ........... ok
70-test_tls13hrr.t ................. ok
70-test_tls13kexmodes.t ............ ok
70-test_tls13messages.t ............ ok
70-test_tls13psk.t ................. ok
70-test_tlsextms.t ................. ok
70-test_verify_extra.t ............. ok
70-test_wpacket.t .................. ok
71-test_ssl_ctx.t .................. ok
80-test_ca.t ....................... ok
80-test_cipherbytes.t .............. ok
80-test_cipherlist.t ............... ok
80-test_ciphername.t ............... ok
# 80-test_cms.t ...................... ok
80-test_cmsapi.t ................... ok
80-test_ct.t ....................... ok
80-test_dane.t ..................... ok
80-test_dtls.t ..................... ok
80-test_dtls_mtu.t ................. ok
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... skipped: The PKCS12 command line utility is not supported by this OpenSSL build
80-test_ssl_new.t .................. ok
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
# 81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. ok
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... ok
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ ok
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
95-test_external_boringssl.t ....... skipped: No external tests in this configuration
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok
Test Summary Report
-------------------
30-test_evp.t (Wstat: 512 Tests: 90 Failed: 2)
Failed tests: 14, 40
Non-zero exit status: 2
30-test_evp_kdf.t (Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit status: 1
Files=227, Tests=3425, 845 wallclock secs (14.28 usr 1.44 sys + 754.59 cusr 85.65 csys = 855.96 CPU)
Result: FAIL
make[1]: *** [Makefile:3210: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-des'
make: *** [Makefile:3207: tests] Error 2
From openssl at openssl.org Mon Jan 4 08:37:54 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Mon, 04 Jan 2021 08:37:54 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
--strict-warnings no-dso
Message-ID: <1609749474.403766.3133533.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dso
Commit log since last time:
ea08f8b294 Add a test for the new CRYPTO_atomic_* functions
49fff26d67 Add documentation for CRYPTO_atomic_or and CRYPTO_atomic_load
db6bcc81ab Optimise OPENSSL_init_crypto
d5e742de65 Add some more CRYPTO_atomic functions
Build log ended with (last 100 lines):
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_server_test-bin-cmp_server_test.d.tmp -MT test/cmp_server_test-bin-cmp_server_test.o -c -o test/cmp_server_test-bin-cmp_server_test.o ../openssl/test/cmp_server_test.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/cmp_server_test-bin-cmp_testlib.d.tmp -MT test/helpers/cmp_server_test-bin-cmp_testlib.o -c -o test/helpers/cmp_server_test-bin-cmp_testlib.o ../openssl/test/helpers/cmp_testlib.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_status_test-bin-cmp_status_test.d.tmp -MT test/cmp_status_test-bin-cmp_status_test.o -c -o test/cmp_status_test-bin-cmp_status_test.o ../openssl/test/cmp_status_test.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/cmp_status_test-bin-cmp_testlib.d.tmp -MT test/helpers/cmp_status_test-bin-cmp_testlib.o -c -o test/helpers/cmp_status_test-bin-cmp_testlib.o ../openssl/test/helpers/cmp_testlib.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_vfy_test-bin-cmp_vfy_test.d.tmp -MT test/cmp_vfy_test-bin-cmp_vfy_test.o -c -o test/cmp_vfy_test-bin-cmp_vfy_test.o ../openssl/test/cmp_vfy_test.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/cmp_vfy_test-bin-cmp_testlib.d.tmp -MT test/helpers/cmp_vfy_test-bin-cmp_testlib.o -c -o test/helpers/cmp_vfy_test-bin-cmp_testlib.o ../openssl/test/helpers/cmp_testlib.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmsapitest-bin-cmsapitest.d.tmp -MT test/cmsapitest-bin-cmsapitest.o -c -o test/cmsapitest-bin-cmsapitest.o ../openssl/test/cmsapitest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/conf_include_test-bin-conf_include_test.d.tmp -MT test/conf_include_test-bin-conf_include_test.o -c -o test/conf_include_test-bin-conf_include_test.o ../openssl/test/conf_include_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/confdump-bin-confdump.d.tmp -MT test/confdump-bin-confdump.o -c -o test/confdump-bin-confdump.o ../openssl/test/confdump.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/constant_time_test-bin-constant_time_test.d.tmp -MT test/constant_time_test-bin-constant_time_test.o -c -o test/constant_time_test-bin-constant_time_test.o ../openssl/test/constant_time_test.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/context_internal_test-bin-context_internal_test.d.tmp -MT test/context_internal_test-bin-context_internal_test.o -c -o test/context_internal_test-bin-context_internal_test.o ../openssl/test/context_internal_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/crltest-bin-crltest.d.tmp -MT test/crltest-bin-crltest.o -c -o test/crltest-bin-crltest.o ../openssl/test/crltest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ct_test-bin-ct_test.d.tmp -MT test/ct_test-bin-ct_test.o -c -o test/ct_test-bin-ct_test.o ../openssl/test/ct_test.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ctype_internal_test-bin-ctype_internal_test.d.tmp -MT test/ctype_internal_test-bin-ctype_internal_test.o -c -o test/ctype_internal_test-bin-ctype_internal_test.o ../openssl/test/ctype_internal_test.c
clang -I. -Iinclude -Iapps/include -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/curve448_internal_test-bin-curve448_internal_test.d.tmp -MT test/curve448_internal_test-bin-curve448_internal_test.o -c -o test/curve448_internal_test-bin-curve448_internal_test.o ../openssl/test/curve448_internal_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/d2i_test-bin-d2i_test.d.tmp -MT test/d2i_test-bin-d2i_test.o -c -o test/d2i_test-bin-d2i_test.o ../openssl/test/d2i_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/danetest-bin-danetest.d.tmp -MT test/danetest-bin-danetest.o -c -o test/danetest-bin-danetest.o ../openssl/test/danetest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/defltfips_test-bin-defltfips_test.d.tmp -MT test/defltfips_test-bin-defltfips_test.o -c -o test/defltfips_test-bin-defltfips_test.o ../openssl/test/defltfips_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/destest-bin-destest.d.tmp -MT test/destest-bin-destest.o -c -o test/destest-bin-destest.o ../openssl/test/destest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dhtest-bin-dhtest.d.tmp -MT test/dhtest-bin-dhtest.o -c -o test/dhtest-bin-dhtest.o ../openssl/test/dhtest.c
clang -Iinclude -Iapps/include -Iproviders/common/include -I../openssl/include -I../openssl/apps/include -I../openssl/providers/common/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbgtest-bin-drbgtest.d.tmp -MT test/drbgtest-bin-drbgtest.o -c -o test/drbgtest-bin-drbgtest.o ../openssl/test/drbgtest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.d.tmp -MT test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o -c -o test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o ../openssl/test/dsa_no_digest_size_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dsatest-bin-dsatest.d.tmp -MT test/dsatest-bin-dsatest.o -c -o test/dsatest-bin-dsatest.o ../openssl/test/dsatest.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtls_mtu_test-bin-dtls_mtu_test.d.tmp -MT test/dtls_mtu_test-bin-dtls_mtu_test.o -c -o test/dtls_mtu_test-bin-dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c
clang -I. -Iinclude -I../openssl -I../openssl/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/dtls_mtu_test-bin-ssltestlib.d.tmp -MT test/helpers/dtls_mtu_test-bin-ssltestlib.o -c -o test/helpers/dtls_mtu_test-bin-ssltestlib.o ../openssl/test/helpers/ssltestlib.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtlstest-bin-dtlstest.d.tmp -MT test/dtlstest-bin-dtlstest.o -c -o test/dtlstest-bin-dtlstest.o ../openssl/test/dtlstest.c
clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/dtlstest-bin-ssltestlib.d.tmp -MT test/helpers/dtlstest-bin-ssltestlib.o -c -o test/helpers/dtlstest-bin-ssltestlib.o ../openssl/test/helpers/ssltestlib.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtlsv1listentest-bin-dtlsv1listentest.d.tmp -MT test/dtlsv1listentest-bin-dtlsv1listentest.o -c -o test/dtlsv1listentest-bin-dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c
clang -Iinclude -Icrypto/ec -Iapps/include -I../openssl/include -I../openssl/crypto/ec -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ec_internal_test-bin-ec_internal_test.d.tmp -MT test/ec_internal_test-bin-ec_internal_test.o -c -o test/ec_internal_test-bin-ec_internal_test.o ../openssl/test/ec_internal_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ecdsatest-bin-ecdsatest.d.tmp -MT test/ecdsatest-bin-ecdsatest.o -c -o test/ecdsatest-bin-ecdsatest.o ../openssl/test/ecdsatest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ecstresstest-bin-ecstresstest.d.tmp -MT test/ecstresstest-bin-ecstresstest.o -c -o test/ecstresstest-bin-ecstresstest.o ../openssl/test/ecstresstest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ectest-bin-ectest.d.tmp -MT test/ectest-bin-ectest.o -c -o test/ectest-bin-ectest.o ../openssl/test/ectest.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/endecode_test-bin-endecode_test.d.tmp -MT test/endecode_test-bin-endecode_test.o -c -o test/endecode_test-bin-endecode_test.o ../openssl/test/endecode_test.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/endecode_test-bin-predefined_dhparams.d.tmp -MT test/helpers/endecode_test-bin-predefined_dhparams.o -c -o test/helpers/endecode_test-bin-predefined_dhparams.o ../openssl/test/helpers/predefined_dhparams.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/endecoder_legacy_test-bin-endecoder_legacy_test.d.tmp -MT test/endecoder_legacy_test-bin-endecoder_legacy_test.o -c -o test/endecoder_legacy_test-bin-endecoder_legacy_test.o ../openssl/test/endecoder_legacy_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/enginetest-bin-enginetest.d.tmp -MT test/enginetest-bin-enginetest.o -c -o test/enginetest-bin-enginetest.o ../openssl/test/enginetest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/errtest-bin-errtest.d.tmp -MT test/errtest-bin-errtest.o -c -o test/errtest-bin-errtest.o ../openssl/test/errtest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -DNO_FIPS_MODULE -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_extra_test-bin-evp_extra_test.d.tmp -MT test/evp_extra_test-bin-evp_extra_test.o -c -o test/evp_extra_test-bin-evp_extra_test.o ../openssl/test/evp_extra_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_extra_test2-bin-evp_extra_test2.d.tmp -MT test/evp_extra_test2-bin-evp_extra_test2.o -c -o test/evp_extra_test2-bin-evp_extra_test2.o ../openssl/test/evp_extra_test2.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_fetch_prov_test-bin-evp_fetch_prov_test.d.tmp -MT test/evp_fetch_prov_test-bin-evp_fetch_prov_test.o -c -o test/evp_fetch_prov_test-bin-evp_fetch_prov_test.o ../openssl/test/evp_fetch_prov_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_kdf_test-bin-evp_kdf_test.d.tmp -MT test/evp_kdf_test-bin-evp_kdf_test.o -c -o test/evp_kdf_test-bin-evp_kdf_test.o ../openssl/test/evp_kdf_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_libctx_test-bin-evp_libctx_test.d.tmp -MT test/evp_libctx_test-bin-evp_libctx_test.o -c -o test/evp_libctx_test-bin-evp_libctx_test.o ../openssl/test/evp_libctx_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.d.tmp -MT test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.o -c -o test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.o ../openssl/test/evp_pkey_dparams_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_pkey_provided_test-bin-evp_pkey_provided_test.d.tmp -MT test/evp_pkey_provided_test-bin-evp_pkey_provided_test.o -c -o test/evp_pkey_provided_test-bin-evp_pkey_provided_test.o ../openssl/test/evp_pkey_provided_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_test-bin-evp_test.d.tmp -MT test/evp_test-bin-evp_test.o -c -o test/evp_test-bin-evp_test.o ../openssl/test/evp_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/exdatatest-bin-exdatatest.d.tmp -MT test/exdatatest-bin-exdatatest.o -c -o test/exdatatest-bin-exdatatest.o ../openssl/test/exdatatest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/exptest-bin-exptest.d.tmp -MT test/exptest-bin-exptest.o -c -o test/exptest-bin-exptest.o ../openssl/test/exptest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/fatalerrtest-bin-fatalerrtest.d.tmp -MT test/fatalerrtest-bin-fatalerrtest.o -c -o test/fatalerrtest-bin-fatalerrtest.o ../openssl/test/fatalerrtest.c
clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/fatalerrtest-bin-ssltestlib.d.tmp -MT test/helpers/fatalerrtest-bin-ssltestlib.o -c -o test/helpers/fatalerrtest-bin-ssltestlib.o ../openssl/test/helpers/ssltestlib.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ffc_internal_test-bin-ffc_internal_test.d.tmp -MT test/ffc_internal_test-bin-ffc_internal_test.o -c -o test/ffc_internal_test-bin-ffc_internal_test.o ../openssl/test/ffc_internal_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/gmdifftest-bin-gmdifftest.d.tmp -MT test/gmdifftest-bin-gmdifftest.o -c -o test/gmdifftest-bin-gmdifftest.o ../openssl/test/gmdifftest.c
clang -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/gosttest-bin-gosttest.d.tmp -MT test/gosttest-bin-gosttest.o -c -o test/gosttest-bin-gosttest.o ../openssl/test/gosttest.c
clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/gosttest-bin-ssltestlib.d.tmp -MT test/helpers/gosttest-bin-ssltestlib.o -c -o test/helpers/gosttest-bin-ssltestlib.o ../openssl/test/helpers/ssltestlib.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/hexstr_test-bin-hexstr_test.d.tmp -MT test/hexstr_test-bin-hexstr_test.o -c -o test/hexstr_test-bin-hexstr_test.o ../openssl/test/hexstr_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/hmactest-bin-hmactest.d.tmp -MT test/hmactest-bin-hmactest.o -c -o test/hmactest-bin-hmactest.o ../openssl/test/hmactest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/http_test-bin-http_test.d.tmp -MT test/http_test-bin-http_test.o -c -o test/http_test-bin-http_test.o ../openssl/test/http_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ideatest-bin-ideatest.d.tmp -MT test/ideatest-bin-ideatest.o -c -o test/ideatest-bin-ideatest.o ../openssl/test/ideatest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/igetest-bin-igetest.d.tmp -MT test/igetest-bin-igetest.o -c -o test/igetest-bin-igetest.o ../openssl/test/igetest.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/keymgmt_internal_test-bin-keymgmt_internal_test.d.tmp -MT test/keymgmt_internal_test-bin-keymgmt_internal_test.o -c -o test/keymgmt_internal_test-bin-keymgmt_internal_test.o ../openssl/test/keymgmt_internal_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/lhash_test-bin-lhash_test.d.tmp -MT test/lhash_test-bin-lhash_test.o -c -o test/lhash_test-bin-lhash_test.o ../openssl/test/lhash_test.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/mdc2_internal_test-bin-mdc2_internal_test.d.tmp -MT test/mdc2_internal_test-bin-mdc2_internal_test.o -c -o test/mdc2_internal_test-bin-mdc2_internal_test.o ../openssl/test/mdc2_internal_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/mdc2test-bin-mdc2test.d.tmp -MT test/mdc2test-bin-mdc2test.o -c -o test/mdc2test-bin-mdc2test.o ../openssl/test/mdc2test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/memleaktest-bin-memleaktest.d.tmp -MT test/memleaktest-bin-memleaktest.o -c -o test/memleaktest-bin-memleaktest.o ../openssl/test/memleaktest.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/modes_internal_test-bin-modes_internal_test.d.tmp -MT test/modes_internal_test-bin-modes_internal_test.o -c -o test/modes_internal_test-bin-modes_internal_test.o ../openssl/test/modes_internal_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/moduleloadtest-bin-moduleloadtest.d.tmp -MT test/moduleloadtest-bin-moduleloadtest.o -c -o test/moduleloadtest-bin-moduleloadtest.o ../openssl/test/moduleloadtest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/moduleloadtest-bin-simpledynamic.d.tmp -MT test/moduleloadtest-bin-simpledynamic.o -c -o test/moduleloadtest-bin-simpledynamic.o ../openssl/test/simpledynamic.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/namemap_internal_test-bin-namemap_internal_test.d.tmp -MT test/namemap_internal_test-bin-namemap_internal_test.o -c -o test/namemap_internal_test-bin-namemap_internal_test.o ../openssl/test/namemap_internal_test.c
In file included from In file included from ../openssl/test/simpledynamic.c../openssl/test/moduleloadtest.c::1319:
:
../openssl/test/simpledynamic.h../openssl/test/simpledynamic.h::3939::3535:: errorerror: : unknown type name 'SD'unknown type name 'SD'
int sd_load(const char *filename, SD *sd, int type);int sd_load(const char *filename, SD *sd, int type);
^ ^
../openssl/test/simpledynamic.h:40:12:../openssl/test/simpledynamic.h :error40: :unknown type name 'SD'12
: error: unknown type name 'SD'
int sd_sym(SD sd, const char *symname, SD_SYM *sym);
^
int sd_sym(SD sd, const char *symname, SD_SYM *sym);
^
../openssl/test/simpledynamic.h:40:40: error: unknown type name 'SD_SYM'
int sd_sym(SD sd, const char *symname, SD_SYM *sym);
../openssl/test/simpledynamic.h ^:
40:40: error: unknown type name 'SD_SYM'
int sd_sym(SD sd, const char *symname, SD_SYM *sym);
^
../openssl/test/simpledynamic.h:41:14: error: unknown type name 'SD'
int sd_close(SD lib);
^
../openssl/test/simpledynamic.h:41:14: error: unknown type name 'SD'
int sd_close(SD lib);
^
4 errors generated.
4 errors generated.
make[1]: *** [Makefile:24774: test/moduleloadtest-bin-simpledynamic.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make[1]: *** [Makefile:24766: test/moduleloadtest-bin-moduleloadtest.o] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-dso'
make: *** [Makefile:3067: build_sw] Error 2
From matt at openssl.org Mon Jan 4 12:15:46 2021
From: matt at openssl.org (Matt Caswell)
Date: Mon, 04 Jan 2021 12:15:46 +0000
Subject: [openssl] master update
Message-ID: <1609762546.287682.12907.nullmailer@dev.openssl.org>
The branch master has been updated
via 2c61a670ebf2f1923a3bd2ef0ee4b2fa6261eaeb (commit)
via ce1119265005bd254fc92395f72490c19adc707c (commit)
from 38b57c4c5268e4db0cad6db6744bf70ce4a0e188 (commit)
- Log -----------------------------------------------------------------
commit 2c61a670ebf2f1923a3bd2ef0ee4b2fa6261eaeb
Author: Nirbheek Chauhan
Date: Wed Jul 8 23:23:04 2020 +0530
win-onecore: Build with /APPCONTAINER for UWP compat
When targeting the win-onecore configuration, we must link with
/APPCONTAINER which is a requirement for submitting apps to the
Windows Store.
Without this, the Windows App Certificate Kit will reject the app:
https://docs.microsoft.com/en-us/cpp/build/reference/appcontainer-windows-store-app
Reviewed-by: Richard Levitte
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/12400)
commit ce1119265005bd254fc92395f72490c19adc707c
Author: Nirbheek Chauhan
Date: Wed Jul 8 23:10:34 2020 +0530
crypto/win: Don't use disallowed APIs on UWP
CreateFiber and ConvertThreadToFiber are not allowed in Windows Store
(Universal Windows Platform) apps since they have been replaced by
their Ex variants which have a new dwFlags parameter.
This flag allows the fiber to do floating-point arithmetic in the
fiber on x86, which would silently cause corruption otherwise since
the floating-point state is not switched by default.
Switch to these "new" APIs which were added in Vista.
See: https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createfiberex#parameters
Reviewed-by: Richard Levitte
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/12400)
-----------------------------------------------------------------------
Summary of changes:
Configurations/50-win-onecore.conf | 9 +++++----
crypto/async/arch/async_win.c | 4 ++++
crypto/async/arch/async_win.h | 10 +++++++++-
3 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/Configurations/50-win-onecore.conf b/Configurations/50-win-onecore.conf
index 91e77b663f..efa2c837bc 100644
--- a/Configurations/50-win-onecore.conf
+++ b/Configurations/50-win-onecore.conf
@@ -36,13 +36,14 @@ my %targets = (
# /NODEFAULTLIB:kernel32.lib is needed, because MSVCRT.LIB has
# hidden reference to kernel32.lib, but we don't actually want
# it in "onecore" build.
- lflags => add("/NODEFAULTLIB:kernel32.lib"),
+ # /APPCONTAINER is needed for Universal Windows Platform compat
+ lflags => add("/NODEFAULTLIB:kernel32.lib /APPCONTAINER"),
defines => add("OPENSSL_SYS_WIN_CORE"),
ex_libs => "onecore.lib",
},
"VC-WIN64A-ONECORE" => {
inherit_from => [ "VC-WIN64A" ],
- lflags => add("/NODEFAULTLIB:kernel32.lib"),
+ lflags => add("/NODEFAULTLIB:kernel32.lib /APPCONTAINER"),
defines => add("OPENSSL_SYS_WIN_CORE"),
ex_libs => "onecore.lib",
},
@@ -68,7 +69,7 @@ my %targets = (
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "BN_LLONG RC4_CHAR",
- lflags => add("/NODEFAULTLIB:kernel32.lib"),
+ lflags => add("/NODEFAULTLIB:kernel32.lib /APPCONTAINER"),
ex_libs => "onecore.lib",
multilib => "-arm",
},
@@ -77,7 +78,7 @@ my %targets = (
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
- lflags => add("/NODEFAULTLIB:kernel32.lib"),
+ lflags => add("/NODEFAULTLIB:kernel32.lib /APPCONTAINER"),
ex_libs => "onecore.lib",
multilib => "-arm64",
},
diff --git a/crypto/async/arch/async_win.c b/crypto/async/arch/async_win.c
index 0db9efe3c1..72cc27c214 100644
--- a/crypto/async/arch/async_win.c
+++ b/crypto/async/arch/async_win.c
@@ -34,7 +34,11 @@ void async_local_cleanup(void)
int async_fibre_init_dispatcher(async_fibre *fibre)
{
+# if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600
+ fibre->fibre = ConvertThreadToFiberEx(NULL, FIBER_FLAG_FLOAT_SWITCH);
+# else
fibre->fibre = ConvertThreadToFiber(NULL);
+# endif
if (fibre->fibre == NULL) {
fibre->converted = 0;
fibre->fibre = GetCurrentFiber();
diff --git a/crypto/async/arch/async_win.h b/crypto/async/arch/async_win.h
index 87e661d766..eb61b032e0 100644
--- a/crypto/async/arch/async_win.h
+++ b/crypto/async/arch/async_win.h
@@ -26,8 +26,16 @@ typedef struct async_fibre_st {
# define async_fibre_swapcontext(o,n,r) \
(SwitchToFiber((n)->fibre), 1)
-# define async_fibre_makecontext(c) \
+
+# if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600
+# define async_fibre_makecontext(c) \
+ ((c)->fibre = CreateFiberEx(0, 0, FIBER_FLAG_FLOAT_SWITCH, \
+ async_start_func_win, 0))
+# else
+# define async_fibre_makecontext(c) \
((c)->fibre = CreateFiber(0, async_start_func_win, 0))
+# endif
+
# define async_fibre_free(f) (DeleteFiber((f)->fibre))
int async_fibre_init_dispatcher(async_fibre *fibre);
From mark at openssl.org Mon Jan 4 16:03:11 2021
From: mark at openssl.org (Mark J. Cox)
Date: Mon, 04 Jan 2021 16:03:11 +0000
Subject: [web] master update
Message-ID: <1609776191.583593.31111.nullmailer@dev.openssl.org>
The branch master has been updated
via 32ac25c3dc11364b8854de9e91303951f6ba406d (commit)
via 9720d7fff327192e2d845f4e4d305c32cc0fe8b9 (commit)
from 0689c523b599d89f0ce5caedab4f7d66bee1efb6 (commit)
- Log -----------------------------------------------------------------
commit 32ac25c3dc11364b8854de9e91303951f6ba406d
Merge: 0689c52 9720d7f
Author: Mark J. Cox
Date: Mon Jan 4 15:49:15 2021 +0000
Merge pull request #211 from iamamoose/sponsorupdate
Update the Sponsorship page to remove sponsorships that have lapsed
commit 9720d7fff327192e2d845f4e4d305c32cc0fe8b9
Author: Mark J. Cox
Date: Mon Jan 4 15:29:11 2021 +0000
Update the Sponsorship page to remove sponsorships that have lapsed and
add a link to recognise the GitHub Sponsors
-----------------------------------------------------------------------
Summary of changes:
support/acks.html | 22 ++++------------------
1 file changed, 4 insertions(+), 18 deletions(-)
diff --git a/support/acks.html b/support/acks.html
index 419924e..f3c75d2 100644
--- a/support/acks.html
+++ b/support/acks.html
@@ -15,10 +15,9 @@
Sponsorship Donations
-
We would like to identify and thank the following sponsors
for their donations which give significant support to the OpenSSL project.
- Please note some sponsors remain anonymous.
+ Please note sponsors may choose to remain anonymous.
- Exceptional:
-
-
-
- Platinum:
-
-
-
Bronze:
@@ -63,7 +47,9 @@
Other Donations
- We also identify and thank organizations who contribute
+ We also would like to thank those who contribute
+ via GitHub Sponsors,
+ as well as the organizations who contribute
in-kind donations to the project.
From no-reply at appveyor.com Mon Jan 4 21:27:08 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 04 Jan 2021 21:27:08 +0000
Subject: Build failed: openssl master.38943
Message-ID: <20210104212708.1.C8D5B45044A27129@appveyor.com>
An HTML attachment was scrubbed...
URL:
From openssl at openssl.org Mon Jan 4 23:09:26 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Mon, 04 Jan 2021 23:09:26 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
enable-fuzz-afl no-shared no-module
Message-ID: <1609801766.842490.692957.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module
Commit log since last time:
ea08f8b294 Add a test for the new CRYPTO_atomic_* functions
49fff26d67 Add documentation for CRYPTO_atomic_or and CRYPTO_atomic_load
db6bcc81ab Optimise OPENSSL_init_crypto
d5e742de65 Add some more CRYPTO_atomic functions
Build log ended with (last 100 lines):
# warn_cert_msg:../openssl/apps/cmp.c:687:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
# setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF
# save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem'
../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem -out_trusted root.crt => 0
not ok 43 - popo RAVERIFIED
# ------------------------------------------------------------------------------
# cmp_main:../openssl/apps/cmp.c:2663:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option
# warn_cert_msg:../openssl/apps/cmp.c:687:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
# setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF
# save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo5.pem'
../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo5.pem -out_trusted root.crt => 0
not ok 47 - popo NONE
# ------------------------------------------------------------------------------
# Failed test 'popo NONE'
# at ../openssl/test/recipes/81-test_cmp_cli.t line 183.
# cmp_main:../openssl/apps/cmp.c:2663:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option
# warn_cert_msg:../openssl/apps/cmp.c:687:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
# setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF
# save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo6.pem'
../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo6.pem -out_trusted root.crt => 0
not ok 48 - popo KEYENC not supported
# ------------------------------------------------------------------------------
# Looks like you failed 3 tests of 92.
not ok 7 - CMP app CLI Mock enrollment
# ------------------------------------------------------------------------------
#
# Failed test 'CMP app CLI Mock enrollment
# '
# at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1335.
# Looks like you failed 3 tests of 7.81-test_cmp_cli.t ..................
Dubious, test returned 3 (wstat 768, 0x300)
Failed 3/7 subtests
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. skipped: Test only supported in a shared build
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ skipped: Test only supported in a shared build
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build
90-test_v3name.t ................... ok
95-test_external_boringssl.t ....... skipped: No external tests in this configuration
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok
Test Summary Report
-------------------
81-test_cmp_cli.t (Wstat: 768 Tests: 7 Failed: 3)
Failed tests: 4-5, 7
Non-zero exit status: 3
Files=227, Tests=2999, 639 wallclock secs ( 9.40 usr 1.28 sys + 564.05 cusr 62.76 csys = 637.49 CPU)
Result: FAIL
make[1]: *** [Makefile:2463: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl'
make: *** [Makefile:2460: tests] Error 2
From no-reply at appveyor.com Tue Jan 5 01:01:13 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 05 Jan 2021 01:01:13 +0000
Subject: Build failed: openssl master.38949
Message-ID: <20210105010113.1.517E1192B0ED0A38@appveyor.com>
An HTML attachment was scrubbed...
URL:
From no-reply at appveyor.com Tue Jan 5 02:13:42 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 05 Jan 2021 02:13:42 +0000
Subject: Build completed: openssl master.38950
Message-ID: <20210105021342.1.C90FDC95F55C611A@appveyor.com>
An HTML attachment was scrubbed...
URL:
From dev at ddvo.net Tue Jan 5 11:29:01 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Tue, 05 Jan 2021 11:29:01 +0000
Subject: [openssl] OpenSSL_1_1_1-stable update
Message-ID: <1609846141.741832.13530.nullmailer@dev.openssl.org>
The branch OpenSSL_1_1_1-stable has been updated
via 80d5badd8fa7dcc7dffc88745376df53161e392a (commit)
from 9be10637502bf32189055dff8d3442e140e845c5 (commit)
- Log -----------------------------------------------------------------
commit 80d5badd8fa7dcc7dffc88745376df53161e392a
Author: Dr. David von Oheimb
Date: Sat Jan 2 21:23:12 2021 +0100
Update copyright years of auto-generated headers (make update)
This backports #13764.
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/13769)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/charmap.h | 2 +-
crypto/bn/bn_prime.h | 2 +-
crypto/conf/conf_def.h | 2 +-
crypto/objects/obj_dat.h | 2 +-
crypto/objects/obj_xref.h | 2 +-
include/openssl/obj_mac.h | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h
index cac354c6bf..e234c9e615 100644
--- a/crypto/asn1/charmap.h
+++ b/crypto/asn1/charmap.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/asn1/charmap.pl
*
- * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h
index ba48244534..1a25c28577 100644
--- a/crypto/bn/bn_prime.h
+++ b/crypto/bn/bn_prime.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/bn/bn_prime.pl
*
- * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
index 2ced300e40..1e4a03e10b 100644
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/conf/keysets.pl
*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index d1b1bc7faf..24b49a2df2 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/objects/obj_dat.pl
*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h
index 1ca04bbff1..5c3561ab7d 100644
--- a/crypto/objects/obj_xref.h
+++ b/crypto/objects/obj_xref.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by objxref.pl
*
- * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index 483fc0509e..eb812ed18d 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/objects/objects.pl
*
- * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
From tmraz at fedoraproject.org Tue Jan 5 15:44:43 2021
From: tmraz at fedoraproject.org (tmraz at fedoraproject.org)
Date: Tue, 05 Jan 2021 15:44:43 +0000
Subject: [openssl] master update
Message-ID: <1609861483.213427.25418.nullmailer@dev.openssl.org>
The branch master has been updated
via b043c41c0059786eb78492fb64217053272ef37d (commit)
via b2d14651533897b709208e633d4b4f590e0eff1c (commit)
from 2c61a670ebf2f1923a3bd2ef0ee4b2fa6261eaeb (commit)
- Log -----------------------------------------------------------------
commit b043c41c0059786eb78492fb64217053272ef37d
Author: Etienne Millon
Date: Mon Jan 4 11:33:55 2021 +0100
28-seclevel.cnf.in: fix typo in algo name
CLA: trivial
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13768)
commit b2d14651533897b709208e633d4b4f590e0eff1c
Author: Etienne Millon
Date: Mon Jan 4 11:28:36 2021 +0100
EVP_SIGNATURE-ED25519.pod: fix typo in algo name
CLA: trivial
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13768)
-----------------------------------------------------------------------
Summary of changes:
doc/man7/EVP_SIGNATURE-ED25519.pod | 2 +-
test/ssl-tests/28-seclevel.cnf.in | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/doc/man7/EVP_SIGNATURE-ED25519.pod b/doc/man7/EVP_SIGNATURE-ED25519.pod
index bb91ae2434..e2fc31f724 100644
--- a/doc/man7/EVP_SIGNATURE-ED25519.pod
+++ b/doc/man7/EVP_SIGNATURE-ED25519.pod
@@ -15,7 +15,7 @@ one-shot digest sign and digest verify using PureEdDSA and B or B be specified when
diff --git a/test/ssl-tests/28-seclevel.cnf.in b/test/ssl-tests/28-seclevel.cnf.in
index ebb082c0af..b7b96e87b7 100644
--- a/test/ssl-tests/28-seclevel.cnf.in
+++ b/test/ssl-tests/28-seclevel.cnf.in
@@ -34,7 +34,7 @@ our @tests_ec = (
test => { "ExpectedResult" => "Success" },
},
{
- # The Ed488 signature algorithm will not be enabled.
+ # The Ed448 signature algorithm will not be enabled.
# Because of the config order, the certificate is first loaded, and
# then the security level is chaged. If you try this with s_server
# the order will be reversed and it will instead fail to load the key.
@@ -47,7 +47,7 @@ our @tests_ec = (
test => { "ExpectedResult" => "ServerFail" },
},
{
- # The client will not sent the Ed488 signature algorithm, so the server
+ # The client will not sent the Ed448 signature algorithm, so the server
# doesn't have a useable signature algorithm for the certificate.
name => "SECLEVEL 5 client with ED448 key",
server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
From matt at openssl.org Tue Jan 5 18:09:37 2021
From: matt at openssl.org (Matt Caswell)
Date: Tue, 05 Jan 2021 18:09:37 +0000
Subject: [openssl] master update
Message-ID: <1609870177.248964.22759.nullmailer@dev.openssl.org>
The branch master has been updated
via 3497cc8776d50397ceefbd41bd3356a7f5d30c14 (commit)
from b043c41c0059786eb78492fb64217053272ef37d (commit)
- Log -----------------------------------------------------------------
commit 3497cc8776d50397ceefbd41bd3356a7f5d30c14
Author: bazmoz
Date: Sun Dec 27 22:05:14 2020 +0530
Updated SSL_CTX_new doc
Fixes #13703
Reviewed-by: Ben Kaduk
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/13741)
-----------------------------------------------------------------------
Summary of changes:
doc/man3/SSL_CTX_new.pod | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/doc/man3/SSL_CTX_new.pod b/doc/man3/SSL_CTX_new.pod
index b71cda9be0..4093e657e8 100644
--- a/doc/man3/SSL_CTX_new.pod
+++ b/doc/man3/SSL_CTX_new.pod
@@ -73,11 +73,12 @@ functions
=head1 DESCRIPTION
-SSL_CTX_new_ex() creates a new B object as a framework to
-establish TLS/SSL or DTLS enabled connections using the library context
-I (see L). Any cryptographic algorithms that are used
-by any B objects created from this B will be fetched from the
-I using the property query string I (see
+SSL_CTX_new_ex() creates a new B object, which holds various
+configuration and data relevant to TLS/SSL or DTLS session establishment. The
+library context I (see L) is used to provide the
+cryptographic algorithms needed for the session. Any cryptographic algorithms
+that are used by any B objects created from this B will be fetched
+from the I using the property query string I (see
L. Either or both the I or I
parameters may be NULL.
@@ -90,6 +91,10 @@ SSL_CTX_free) decrements it. When the reference count drops to zero, any memory
or resources allocated to the B object are freed. SSL_CTX_up_ref()
increments the reference count for an existing B structure.
+An B object should not be changed after it is used to create any B
+objects or from multiple threads concurrently, since the implementation does not
+provide serialization of access for these cases.
+
=head1 NOTES
The SSL_CTX object uses I as the connection method.
From openssl at openssl.org Tue Jan 5 21:09:09 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Tue, 05 Jan 2021 21:09:09 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
--strict-warnings no-dtls1_2
Message-ID: <1609880949.024793.3311836.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2
Commit log since last time:
ea08f8b294 Add a test for the new CRYPTO_atomic_* functions
49fff26d67 Add documentation for CRYPTO_atomic_or and CRYPTO_atomic_load
db6bcc81ab Optimise OPENSSL_init_crypto
d5e742de65 Add some more CRYPTO_atomic functions
Build log ended with (last 100 lines):
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 80C17CF03A7F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../openssl/ssl/t1_lib.c:3308:
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 80C17CF03A7F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:610:SSL alert number 80
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6463
# false
not ok 2 - iteration 2
# ------------------------------------------------------------------------------
not ok 53 - test_ssl_pending
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/hKckL8WvgN default ../../../openssl/test/default.cnf => 1
not ok 1 - running sslapitest
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 80D1AA42FA7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 80D1AA42FA7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:852
# false
not ok 3 - test_large_message_dtls
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 80D1AA42FA7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 80D1AA42FA7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1333
# false
# ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1411
# false
not ok 4 - test_cleanse_plaintext
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 80D1AA42FA7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 80D1AA42FA7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6463
# false
not ok 2 - iteration 2
# ------------------------------------------------------------------------------
not ok 53 - test_ssl_pending
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/hKckL8WvgN fips ../../../openssl/test/fips-and-base.cnf => 1
not ok 3 - running sslapitest
# ------------------------------------------------------------------------------
# Failed test 'running sslapitest'
# at ../openssl/test/recipes/90-test_sslapi.t line 45.
# Looks like you failed 2 tests of 3.90-test_sslapi.t ...................
Dubious, test returned 2 (wstat 512, 0x200)
Failed 2/3 subtests
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
95-test_external_boringssl.t ....... skipped: No external tests in this configuration
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok
Test Summary Report
-------------------
80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit status: 1
80-test_ssl_new.t (Wstat: 768 Tests: 31 Failed: 3)
Failed tests: 8, 17, 19
Non-zero exit status: 3
90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2)
Failed tests: 1, 3
Non-zero exit status: 2
Files=227, Tests=3559, 868 wallclock secs (14.05 usr 1.46 sys + 772.73 cusr 91.80 csys = 880.04 CPU)
Result: FAIL
make[1]: *** [Makefile:3259: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2'
make: *** [Makefile:3256: tests] Error 2
From openssl at openssl.org Tue Jan 5 23:36:15 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Tue, 05 Jan 2021 23:36:15 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
--strict-warnings no-dtls1_2-method
Message-ID: <1609889775.157147.3613991.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method
Commit log since last time:
ea08f8b294 Add a test for the new CRYPTO_atomic_* functions
49fff26d67 Add documentation for CRYPTO_atomic_or and CRYPTO_atomic_load
db6bcc81ab Optimise OPENSSL_init_crypto
d5e742de65 Add some more CRYPTO_atomic functions
Build log ended with (last 100 lines):
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 80918175B37F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../openssl/ssl/t1_lib.c:3308:
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 80918175B37F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:610:SSL alert number 80
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6463
# false
not ok 2 - iteration 2
# ------------------------------------------------------------------------------
not ok 53 - test_ssl_pending
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/j8p8AbYHtB default ../../../openssl/test/default.cnf => 1
not ok 1 - running sslapitest
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 80212C69497F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 80212C69497F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:852
# false
not ok 3 - test_large_message_dtls
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 80212C69497F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 80212C69497F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1333
# false
# ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1411
# false
not ok 4 - test_cleanse_plaintext
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 80212C69497F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 80212C69497F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6463
# false
not ok 2 - iteration 2
# ------------------------------------------------------------------------------
not ok 53 - test_ssl_pending
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/j8p8AbYHtB fips ../../../openssl/test/fips-and-base.cnf => 1
not ok 3 - running sslapitest
# ------------------------------------------------------------------------------
# Failed test 'running sslapitest'
# at ../openssl/test/recipes/90-test_sslapi.t line 45.
# Looks like you failed 2 tests of 3.90-test_sslapi.t ...................
Dubious, test returned 2 (wstat 512, 0x200)
Failed 2/3 subtests
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
95-test_external_boringssl.t ....... skipped: No external tests in this configuration
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok
Test Summary Report
-------------------
80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit status: 1
80-test_ssl_new.t (Wstat: 768 Tests: 31 Failed: 3)
Failed tests: 8, 17, 19
Non-zero exit status: 3
90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2)
Failed tests: 1, 3
Non-zero exit status: 2
Files=227, Tests=3559, 1004 wallclock secs (13.86 usr 1.26 sys + 916.02 cusr 85.05 csys = 1016.19 CPU)
Result: FAIL
make[1]: *** [Makefile:3252: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method'
make: *** [Makefile:3249: tests] Error 2
From kaduk at mit.edu Wed Jan 6 00:32:47 2021
From: kaduk at mit.edu (kaduk at mit.edu)
Date: Wed, 06 Jan 2021 00:32:47 +0000
Subject: [openssl] master update
Message-ID: <1609893167.096070.32238.nullmailer@dev.openssl.org>
The branch master has been updated
via 7fd1ca723a06739e76a17d1065ac94bcfcfc4f9f (commit)
via b39c215decf6e68c28cb64dcfaf5ae5a7e8d35b4 (commit)
from 3497cc8776d50397ceefbd41bd3356a7f5d30c14 (commit)
- Log -----------------------------------------------------------------
commit 7fd1ca723a06739e76a17d1065ac94bcfcfc4f9f
Author: John Baldwin
Date: Fri Nov 20 17:45:48 2020 -0800
Support session information on FreeBSD.
FreeBSD's /dev/crypto does not provide a CIOCGSESSINFO ioctl, but it
does provide other ioctls that can be used to provide similar
functionality.
First, FreeBSD's /dev/crypto defines a CIOCGESSION2 ioctl which accepts
a 'struct session2_op'. This structure extends 'struct session_op'
with a 'crid' member which can be used to either request an individual
driver by id, or a class of drivers via flags.
To determine if the available drivers for a given algorithm are
accelerated or not, use CIOCGESSION2 to first attempt to create an
accelerated (hardware) session. If that fails, fall back to
attempting a software session. In addition, when requesting a new
cipher session, use the current setting of the 'use_softdrivers' flag
to determine the value assigned to 'crid' when invoking CIOCGSESSION2.
Finally, use the returned 'crid' value from CIOCGSESSION2 to look up
the name of the associated driver via the CIOCFINDDEV ioctl.
Reviewed-by: Matt Caswell
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/13468)
commit b39c215decf6e68c28cb64dcfaf5ae5a7e8d35b4
Author: John Baldwin
Date: Fri Nov 20 17:07:35 2020 -0800
Use CRIOGET to fetch a crypto descriptor when present.
FreeBSD's current /dev/crypto implementation requires that consumers
clone a separate file descriptor via the CRIOGET ioctl that can then
be used with other ioctls such as CIOCGSESSION.
Reviewed-by: Matt Caswell
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/13468)
-----------------------------------------------------------------------
Summary of changes:
engines/e_devcrypto.c | 86 +++++++++++++++++++++++++++++++++++++++++++--------
1 file changed, 73 insertions(+), 13 deletions(-)
diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c
index d54ca3bbc1..7f3768d36c 100644
--- a/engines/e_devcrypto.c
+++ b/engines/e_devcrypto.c
@@ -34,6 +34,16 @@
#define engine_devcrypto_id "devcrypto"
+/*
+ * Use session2_op on FreeBSD which permits requesting specific
+ * drivers or classes of drivers at session creation time.
+ */
+#ifdef CIOCGSESSION2
+typedef struct session2_op session_op_t;
+#else
+typedef struct session_op session_op_t;
+#endif
+
/*
* ONE global file descriptor for all sessions. This allows operations
* such as digest session data copying (see digest_copy()), but is also
@@ -73,12 +83,12 @@ struct driver_info_st {
void engine_load_devcrypto_int(void);
#endif
-static int clean_devcrypto_session(struct session_op *sess) {
+static int clean_devcrypto_session(session_op_t *sess) {
if (ioctl(cfd, CIOCFSESSION, &sess->ses) < 0) {
ERR_raise_data(ERR_LIB_SYS, errno, "calling ioctl()");
return 0;
}
- memset(sess, 0, sizeof(struct session_op));
+ memset(sess, 0, sizeof(*sess));
return 1;
}
@@ -93,7 +103,7 @@ static int clean_devcrypto_session(struct session_op *sess) {
*****/
struct cipher_ctx {
- struct session_op sess;
+ session_op_t sess;
int op; /* COP_ENCRYPT or COP_DECRYPT */
unsigned long mode; /* EVP_CIPH_*_MODE */
@@ -198,6 +208,7 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
(struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
const struct cipher_data_st *cipher_d =
get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
+ int ret;
/* cleanup a previous session */
if (cipher_ctx->sess.ses != 0 &&
@@ -210,7 +221,15 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT;
cipher_ctx->mode = cipher_d->flags & EVP_CIPH_MODE;
cipher_ctx->blocksize = cipher_d->blocksize;
- if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
+#ifdef CIOCGSESSION2
+ cipher_ctx->sess.crid = (use_softdrivers == DEVCRYPTO_USE_SOFTWARE) ?
+ CRYPTO_FLAG_SOFTWARE | CRYPTO_FLAG_HARDWARE :
+ CRYPTO_FLAG_HARDWARE;
+ ret = ioctl(cfd, CIOCGSESSION2, &cipher_ctx->sess);
+#else
+ ret = ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess);
+#endif
+ if (ret < 0) {
ERR_raise_data(ERR_LIB_SYS, errno, "calling ioctl()");
return 0;
}
@@ -406,9 +425,12 @@ static int devcrypto_test_cipher(size_t cipher_data_index)
static void prepare_cipher_methods(void)
{
size_t i;
- struct session_op sess;
+ session_op_t sess;
unsigned long cipher_mode;
-#ifdef CIOCGSESSINFO
+#ifdef CIOCGSESSION2
+ struct crypt_find_op fop;
+ enum devcrypto_accelerated_t accelerated;
+#elif defined(CIOCGSESSINFO)
struct session_info_op siop;
#endif
@@ -426,10 +448,29 @@ static void prepare_cipher_methods(void)
*/
sess.cipher = cipher_data[i].devcryptoid;
sess.keylen = cipher_data[i].keylen;
+#ifdef CIOCGSESSION2
+ /*
+ * When using CIOCGSESSION2, first try to allocate a hardware
+ * ("accelerated") session. If that fails, fall back to
+ * allocating a software session.
+ */
+ sess.crid = CRYPTO_FLAG_HARDWARE;
+ if (ioctl(cfd, CIOCGSESSION2, &sess) == 0) {
+ accelerated = DEVCRYPTO_ACCELERATED;
+ } else {
+ sess.crid = CRYPTO_FLAG_SOFTWARE;
+ if (ioctl(cfd, CIOCGSESSION2, &sess) < 0) {
+ cipher_driver_info[i].status = DEVCRYPTO_STATUS_NO_CIOCGSESSION;
+ continue;
+ }
+ accelerated = DEVCRYPTO_NOT_ACCELERATED;
+ }
+#else
if (ioctl(cfd, CIOCGSESSION, &sess) < 0) {
cipher_driver_info[i].status = DEVCRYPTO_STATUS_NO_CIOCGSESSION;
continue;
}
+#endif
cipher_mode = cipher_data[i].flags & EVP_CIPH_MODE;
@@ -460,7 +501,14 @@ static void prepare_cipher_methods(void)
known_cipher_methods[i] = NULL;
} else {
cipher_driver_info[i].status = DEVCRYPTO_STATUS_USABLE;
-#ifdef CIOCGSESSINFO
+#ifdef CIOCGSESSION2
+ cipher_driver_info[i].accelerated = accelerated;
+ fop.crid = sess.crid;
+ if (ioctl(cfd, CIOCFINDDEV, &fop) == 0) {
+ cipher_driver_info[i].driver_name =
+ OPENSSL_strndup(fop.name, sizeof(fop.name));
+ }
+#elif defined(CIOCGSESSINFO)
siop.ses = sess.ses;
if (ioctl(cfd, CIOCGSESSINFO, &siop) < 0) {
cipher_driver_info[i].accelerated = DEVCRYPTO_ACCELERATION_UNKNOWN;
@@ -624,7 +672,7 @@ static void dump_cipher_info(void)
*****/
struct digest_ctx {
- struct session_op sess;
+ session_op_t sess;
/* This signals that the init function was called, not that it succeeded. */
int init_called;
unsigned char digest_res[HASH_MAX_LEN];
@@ -843,7 +891,7 @@ static void rebuild_known_digest_nids(ENGINE *e)
static void prepare_digest_methods(void)
{
size_t i;
- struct session_op sess1, sess2;
+ session_op_t sess1, sess2;
#ifdef CIOCGSESSINFO
struct session_info_op siop;
#endif
@@ -1051,7 +1099,7 @@ static void dump_digest_info(void)
#define DEVCRYPTO_CMD_DUMP_INFO (ENGINE_CMD_BASE + 3)
static const ENGINE_CMD_DEFN devcrypto_cmds[] = {
-#ifdef CIOCGSESSINFO
+#if defined(CIOCGSESSINFO) || defined(CIOCGSESSION2)
{DEVCRYPTO_CMD_USE_SOFTDRIVERS,
"USE_SOFTDRIVERS",
"specifies whether to use software (not accelerated) drivers ("
@@ -1087,7 +1135,7 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
{
int *new_list;
switch (cmd) {
-#ifdef CIOCGSESSINFO
+#if defined(CIOCGSESSINFO) || defined(CIOCGSESSION2)
case DEVCRYPTO_CMD_USE_SOFTDRIVERS:
switch (i) {
case DEVCRYPTO_REQUIRE_ACCELERATED:
@@ -1106,7 +1154,7 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
#endif
rebuild_known_cipher_nids(e);
return 1;
-#endif /* CIOCGSESSINFO */
+#endif /* CIOCGSESSINFO || CIOCGSESSION2 */
case DEVCRYPTO_CMD_CIPHERS:
if (p == NULL)
@@ -1172,10 +1220,12 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
*/
static int open_devcrypto(void)
{
+ int fd;
+
if (cfd >= 0)
return 1;
- if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+ if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
#ifndef ENGINE_DEVCRYPTO_DEBUG
if (errno != ENOENT)
#endif
@@ -1183,6 +1233,16 @@ static int open_devcrypto(void)
return 0;
}
+#ifdef CRIOGET
+ if (ioctl(fd, CRIOGET, &cfd) < 0) {
+ fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno));
+ cfd = -1;
+ return 0;
+ }
+#else
+ cfd = fd;
+#endif
+
return 1;
}
From tmraz at fedoraproject.org Wed Jan 6 10:07:13 2021
From: tmraz at fedoraproject.org (tmraz at fedoraproject.org)
Date: Wed, 06 Jan 2021 10:07:13 +0000
Subject: [openssl] master update
Message-ID: <1609927633.754759.7377.nullmailer@dev.openssl.org>
The branch master has been updated
via 7c0e98a5c40806ff9dde15cf4a619cc931800fd9 (commit)
from 7fd1ca723a06739e76a17d1065ac94bcfcfc4f9f (commit)
- Log -----------------------------------------------------------------
commit 7c0e98a5c40806ff9dde15cf4a619cc931800fd9
Author: David CARLIER
Date: Mon Jan 4 16:42:47 2021 +0000
Mac M1 setting change proposal.
Running tests takes very long with the current setting while it takes a
lot shorter time with this change.
Reviewed-by: Ben Kaduk
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13771)
-----------------------------------------------------------------------
Summary of changes:
Configurations/10-main.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 5f672fbb77..ef892b555a 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -1623,7 +1623,7 @@ my %targets = (
cflags => add("-arch arm64"),
lib_cppflags => add("-DL_ENDIAN"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
- asm_arch => 'aarch64_asm',
+ asm_arch => 'aarch64',
perlasm_scheme => "ios64",
},
From matt at openssl.org Wed Jan 6 11:26:43 2021
From: matt at openssl.org (Matt Caswell)
Date: Wed, 06 Jan 2021 11:26:43 +0000
Subject: [openssl] master update
Message-ID: <1609932403.590050.18962.nullmailer@dev.openssl.org>
The branch master has been updated
via e260bee0a97d4e6de60eae2c86d7c11ed03f2010 (commit)
from 7c0e98a5c40806ff9dde15cf4a619cc931800fd9 (commit)
- Log -----------------------------------------------------------------
commit e260bee0a97d4e6de60eae2c86d7c11ed03f2010
Author: Matt Caswell
Date: Mon Jan 4 17:29:35 2021 +0000
Only perform special TLS handling if TLS has been configured
Skip over special TLS steps for stream ciphers if we haven't been
configured for TLS.
Fixes #12528
Reviewed-by: Tomas Mraz
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/13774)
-----------------------------------------------------------------------
Summary of changes:
providers/implementations/ciphers/ciphercommon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
index 0941210f20..0e3e367dfc 100644
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -429,7 +429,7 @@ int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out,
}
*outl = inl;
- if (!ctx->enc) {
+ if (!ctx->enc && ctx->tlsversion > 0) {
/*
* Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
* cipher_aes_cbc_hmac_sha256_hw.c
From no-reply at appveyor.com Wed Jan 6 18:49:12 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 06 Jan 2021 18:49:12 +0000
Subject: Build failed: openssl master.38985
Message-ID: <20210106184912.1.FF04BE1166082F36@appveyor.com>
An HTML attachment was scrubbed...
URL:
From no-reply at appveyor.com Wed Jan 6 20:13:15 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 06 Jan 2021 20:13:15 +0000
Subject: Build completed: openssl master.38986
Message-ID: <20210106201315.1.D805FDEC57CC35A7@appveyor.com>
An HTML attachment was scrubbed...
URL:
From openssl at openssl.org Thu Jan 7 01:05:28 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Thu, 07 Jan 2021 01:05:28 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
--strict-warnings no-asm
Message-ID: <1609981528.357004.4164225.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-asm
Commit log since last time:
e260bee0a9 Only perform special TLS handling if TLS has been configured
7c0e98a5c4 Mac M1 setting change proposal.
7fd1ca723a Support session information on FreeBSD.
b39c215dec Use CRIOGET to fetch a crypto descriptor when present.
3497cc8776 Updated SSL_CTX_new doc
b043c41c00 28-seclevel.cnf.in: fix typo in algo name
b2d1465153 EVP_SIGNATURE-ED25519.pod: fix typo in algo name
2c61a670eb win-onecore: Build with /APPCONTAINER for UWP compat
ce11192650 crypto/win: Don't use disallowed APIs on UWP
38b57c4c52 Update copyright years of auto-generated headers (make update)
Build log ended with (last 100 lines):
30-test_evp_extra.t ................ ok
30-test_evp_fetch_prov.t ........... ok
30-test_evp_kdf.t .................. ok
30-test_evp_libctx.t ............... ok
30-test_evp_pkey_dparam.t .......... ok
30-test_evp_pkey_provided.t ........ ok
30-test_pbelu.t .................... ok
30-test_pkey_meth.t ................ ok
30-test_pkey_meth_kdf.t ............ ok
30-test_provider_status.t .......... ok
40-test_rehash.t ................... ok
60-test_x509_check_cert_pkey.t ..... ok
60-test_x509_dup_cert.t ............ ok
60-test_x509_store.t ............... ok
60-test_x509_time.t ................ ok
61-test_bio_prefix.t ............... ok
65-test_cmp_asn.t .................. ok
65-test_cmp_client.t ............... ok
65-test_cmp_ctx.t .................. ok
65-test_cmp_hdr.t .................. ok
65-test_cmp_msg.t .................. ok
65-test_cmp_protect.t .............. ok
65-test_cmp_server.t ............... ok
65-test_cmp_status.t ............... ok
65-test_cmp_vfy.t .................. ok
66-test_ossl_store.t ............... ok
70-test_asyncio.t .................. ok
70-test_bad_dtls.t ................. ok
70-test_clienthello.t .............. ok
70-test_comp.t ..................... ok
70-test_key_share.t ................ ok
70-test_packet.t ................... ok
70-test_recordlen.t ................ ok
70-test_renegotiation.t ............ ok
70-test_servername.t ............... ok
70-test_sslcbcpadding.t ............ ok
70-test_sslcertstatus.t ............ ok
70-test_sslextension.t ............. ok
70-test_sslmessages.t .............. ok
70-test_sslrecords.t ............... ok
70-test_sslsessiontick.t ........... ok
70-test_sslsigalgs.t ............... ok
70-test_sslsignature.t ............. ok
70-test_sslskewith0p.t ............. ok
70-test_sslversions.t .............. ok
70-test_sslvertol.t ................ ok
70-test_tls13alerts.t .............. ok
70-test_tls13cookie.t .............. ok
70-test_tls13downgrade.t ........... ok
70-test_tls13hrr.t ................. ok
70-test_tls13kexmodes.t ............ ok
70-test_tls13messages.t ............ ok
70-test_tls13psk.t ................. ok
70-test_tlsextms.t ................. ok
70-test_verify_extra.t ............. ok
70-test_wpacket.t .................. ok
71-test_ssl_ctx.t .................. ok
80-test_ca.t ....................... ok
80-test_cipherbytes.t .............. ok
80-test_cipherlist.t ............... ok
80-test_ciphername.t ............... ok
# 80-test_cms.t ...................... ok
80-test_cmsapi.t ................... ok
80-test_ct.t ....................... ok
80-test_dane.t ..................... ok
80-test_dtls.t ..................... ok
80-test_dtls_mtu.t ................. ok
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok
80-test_ssl_new.t .................. ok
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
# 81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. ok
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... ok
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ ok
90-test_srp.t ...................... ok
make[1]: *** wait: No child processes. Stop.
make[1]: *** Waiting for unfinished jobs....
make[1]: *** wait: No child processes. Stop.
make: *** [Makefile:3241: tests] Terminated
From openssl at openssl.org Thu Jan 7 01:55:19 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Thu, 07 Jan 2021 01:55:19 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
--strict-warnings no-autoerrinit
Message-ID: <1609984519.607193.79366.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit
Commit log since last time:
e260bee0a9 Only perform special TLS handling if TLS has been configured
7c0e98a5c4 Mac M1 setting change proposal.
7fd1ca723a Support session information on FreeBSD.
b39c215dec Use CRIOGET to fetch a crypto descriptor when present.
3497cc8776 Updated SSL_CTX_new doc
b043c41c00 28-seclevel.cnf.in: fix typo in algo name
b2d1465153 EVP_SIGNATURE-ED25519.pod: fix typo in algo name
2c61a670eb win-onecore: Build with /APPCONTAINER for UWP compat
ce11192650 crypto/win: Don't use disallowed APIs on UWP
38b57c4c52 Update copyright years of auto-generated headers (make update)
Build log ended with (last 100 lines):
70-test_servername.t ............... ok
70-test_sslcbcpadding.t ............ ok
70-test_sslcertstatus.t ............ ok
70-test_sslextension.t ............. ok
70-test_sslmessages.t .............. ok
70-test_sslrecords.t ............... ok
70-test_sslsessiontick.t ........... ok
70-test_sslsigalgs.t ............... ok
70-test_sslsignature.t ............. ok
70-test_sslskewith0p.t ............. ok
70-test_sslversions.t .............. ok
70-test_sslvertol.t ................ ok
70-test_tls13alerts.t .............. ok
70-test_tls13cookie.t .............. ok
70-test_tls13downgrade.t ........... ok
70-test_tls13hrr.t ................. ok
70-test_tls13kexmodes.t ............ ok
70-test_tls13messages.t ............ ok
70-test_tls13psk.t ................. ok
70-test_tlsextms.t ................. ok
70-test_verify_extra.t ............. ok
70-test_wpacket.t .................. ok
71-test_ssl_ctx.t .................. ok
80-test_ca.t ....................... ok
80-test_cipherbytes.t .............. ok
80-test_cipherlist.t ............... ok
80-test_ciphername.t ............... ok
# 80-test_cms.t ...................... ok
80-test_cmsapi.t ................... ok
80-test_ct.t ....................... ok
80-test_dane.t ..................... ok
80-test_dtls.t ..................... ok
80-test_dtls_mtu.t ................. ok
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok
80-test_ssl_new.t .................. ok
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
# 81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. ok
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... ok
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ ok
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
95-test_external_boringssl.t ....... skipped: No external tests in this configuration
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok
Test Summary Report
-------------------
04-test_err.t (Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit status: 1
Files=227, Tests=3423, 845 wallclock secs (14.47 usr 1.40 sys + 752.47 cusr 86.52 csys = 854.86 CPU)
Result: FAIL
make[1]: *** [Makefile:3244: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit'
make: *** [Makefile:3241: tests] Error 2
From openssl at openssl.org Thu Jan 7 07:26:05 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Thu, 07 Jan 2021 07:26:05 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
--strict-warnings no-des
Message-ID: <1610004365.129166.784619.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-des
Commit log since last time:
e260bee0a9 Only perform special TLS handling if TLS has been configured
7c0e98a5c4 Mac M1 setting change proposal.
7fd1ca723a Support session information on FreeBSD.
b39c215dec Use CRIOGET to fetch a crypto descriptor when present.
3497cc8776 Updated SSL_CTX_new doc
b043c41c00 28-seclevel.cnf.in: fix typo in algo name
b2d1465153 EVP_SIGNATURE-ED25519.pod: fix typo in algo name
2c61a670eb win-onecore: Build with /APPCONTAINER for UWP compat
ce11192650 crypto/win: Don't use disallowed APIs on UWP
38b57c4c52 Update copyright years of auto-generated headers (make update)
Build log ended with (last 100 lines):
70-test_sslextension.t ............. ok
70-test_sslmessages.t .............. ok
70-test_sslrecords.t ............... ok
70-test_sslsessiontick.t ........... ok
70-test_sslsigalgs.t ............... ok
70-test_sslsignature.t ............. ok
70-test_sslskewith0p.t ............. ok
70-test_sslversions.t .............. ok
70-test_sslvertol.t ................ ok
70-test_tls13alerts.t .............. ok
70-test_tls13cookie.t .............. ok
70-test_tls13downgrade.t ........... ok
70-test_tls13hrr.t ................. ok
70-test_tls13kexmodes.t ............ ok
70-test_tls13messages.t ............ ok
70-test_tls13psk.t ................. ok
70-test_tlsextms.t ................. ok
70-test_verify_extra.t ............. ok
70-test_wpacket.t .................. ok
71-test_ssl_ctx.t .................. ok
80-test_ca.t ....................... ok
80-test_cipherbytes.t .............. ok
80-test_cipherlist.t ............... ok
80-test_ciphername.t ............... ok
# 80-test_cms.t ...................... ok
80-test_cmsapi.t ................... ok
80-test_ct.t ....................... ok
80-test_dane.t ..................... ok
80-test_dtls.t ..................... ok
80-test_dtls_mtu.t ................. ok
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... skipped: The PKCS12 command line utility is not supported by this OpenSSL build
80-test_ssl_new.t .................. ok
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
# 81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. ok
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... ok
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ ok
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
95-test_external_boringssl.t ....... skipped: No external tests in this configuration
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok
Test Summary Report
-------------------
30-test_evp.t (Wstat: 512 Tests: 90 Failed: 2)
Failed tests: 14, 40
Non-zero exit status: 2
30-test_evp_kdf.t (Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit status: 1
Files=227, Tests=3425, 862 wallclock secs (14.30 usr 1.63 sys + 759.10 cusr 83.78 csys = 858.81 CPU)
Result: FAIL
make[1]: *** [Makefile:3187: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-des'
make: *** [Makefile:3184: tests] Error 2
From openssl at openssl.org Thu Jan 7 08:39:28 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Thu, 07 Jan 2021 08:39:28 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
--strict-warnings no-dso
Message-ID: <1610008768.791698.946482.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dso
Commit log since last time:
e260bee0a9 Only perform special TLS handling if TLS has been configured
7c0e98a5c4 Mac M1 setting change proposal.
7fd1ca723a Support session information on FreeBSD.
b39c215dec Use CRIOGET to fetch a crypto descriptor when present.
3497cc8776 Updated SSL_CTX_new doc
b043c41c00 28-seclevel.cnf.in: fix typo in algo name
b2d1465153 EVP_SIGNATURE-ED25519.pod: fix typo in algo name
2c61a670eb win-onecore: Build with /APPCONTAINER for UWP compat
ce11192650 crypto/win: Don't use disallowed APIs on UWP
38b57c4c52 Update copyright years of auto-generated headers (make update)
Build log ended with (last 100 lines):
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_server_test-bin-cmp_server_test.d.tmp -MT test/cmp_server_test-bin-cmp_server_test.o -c -o test/cmp_server_test-bin-cmp_server_test.o ../openssl/test/cmp_server_test.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/cmp_server_test-bin-cmp_testlib.d.tmp -MT test/helpers/cmp_server_test-bin-cmp_testlib.o -c -o test/helpers/cmp_server_test-bin-cmp_testlib.o ../openssl/test/helpers/cmp_testlib.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_status_test-bin-cmp_status_test.d.tmp -MT test/cmp_status_test-bin-cmp_status_test.o -c -o test/cmp_status_test-bin-cmp_status_test.o ../openssl/test/cmp_status_test.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/cmp_status_test-bin-cmp_testlib.d.tmp -MT test/helpers/cmp_status_test-bin-cmp_testlib.o -c -o test/helpers/cmp_status_test-bin-cmp_testlib.o ../openssl/test/helpers/cmp_testlib.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_vfy_test-bin-cmp_vfy_test.d.tmp -MT test/cmp_vfy_test-bin-cmp_vfy_test.o -c -o test/cmp_vfy_test-bin-cmp_vfy_test.o ../openssl/test/cmp_vfy_test.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/cmp_vfy_test-bin-cmp_testlib.d.tmp -MT test/helpers/cmp_vfy_test-bin-cmp_testlib.o -c -o test/helpers/cmp_vfy_test-bin-cmp_testlib.o ../openssl/test/helpers/cmp_testlib.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmsapitest-bin-cmsapitest.d.tmp -MT test/cmsapitest-bin-cmsapitest.o -c -o test/cmsapitest-bin-cmsapitest.o ../openssl/test/cmsapitest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/conf_include_test-bin-conf_include_test.d.tmp -MT test/conf_include_test-bin-conf_include_test.o -c -o test/conf_include_test-bin-conf_include_test.o ../openssl/test/conf_include_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/confdump-bin-confdump.d.tmp -MT test/confdump-bin-confdump.o -c -o test/confdump-bin-confdump.o ../openssl/test/confdump.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/constant_time_test-bin-constant_time_test.d.tmp -MT test/constant_time_test-bin-constant_time_test.o -c -o test/constant_time_test-bin-constant_time_test.o ../openssl/test/constant_time_test.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/context_internal_test-bin-context_internal_test.d.tmp -MT test/context_internal_test-bin-context_internal_test.o -c -o test/context_internal_test-bin-context_internal_test.o ../openssl/test/context_internal_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/crltest-bin-crltest.d.tmp -MT test/crltest-bin-crltest.o -c -o test/crltest-bin-crltest.o ../openssl/test/crltest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ct_test-bin-ct_test.d.tmp -MT test/ct_test-bin-ct_test.o -c -o test/ct_test-bin-ct_test.o ../openssl/test/ct_test.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ctype_internal_test-bin-ctype_internal_test.d.tmp -MT test/ctype_internal_test-bin-ctype_internal_test.o -c -o test/ctype_internal_test-bin-ctype_internal_test.o ../openssl/test/ctype_internal_test.c
clang -I. -Iinclude -Iapps/include -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/curve448_internal_test-bin-curve448_internal_test.d.tmp -MT test/curve448_internal_test-bin-curve448_internal_test.o -c -o test/curve448_internal_test-bin-curve448_internal_test.o ../openssl/test/curve448_internal_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/d2i_test-bin-d2i_test.d.tmp -MT test/d2i_test-bin-d2i_test.o -c -o test/d2i_test-bin-d2i_test.o ../openssl/test/d2i_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/danetest-bin-danetest.d.tmp -MT test/danetest-bin-danetest.o -c -o test/danetest-bin-danetest.o ../openssl/test/danetest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/defltfips_test-bin-defltfips_test.d.tmp -MT test/defltfips_test-bin-defltfips_test.o -c -o test/defltfips_test-bin-defltfips_test.o ../openssl/test/defltfips_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/destest-bin-destest.d.tmp -MT test/destest-bin-destest.o -c -o test/destest-bin-destest.o ../openssl/test/destest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dhtest-bin-dhtest.d.tmp -MT test/dhtest-bin-dhtest.o -c -o test/dhtest-bin-dhtest.o ../openssl/test/dhtest.c
clang -Iinclude -Iapps/include -Iproviders/common/include -I../openssl/include -I../openssl/apps/include -I../openssl/providers/common/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbgtest-bin-drbgtest.d.tmp -MT test/drbgtest-bin-drbgtest.o -c -o test/drbgtest-bin-drbgtest.o ../openssl/test/drbgtest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.d.tmp -MT test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o -c -o test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o ../openssl/test/dsa_no_digest_size_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dsatest-bin-dsatest.d.tmp -MT test/dsatest-bin-dsatest.o -c -o test/dsatest-bin-dsatest.o ../openssl/test/dsatest.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtls_mtu_test-bin-dtls_mtu_test.d.tmp -MT test/dtls_mtu_test-bin-dtls_mtu_test.o -c -o test/dtls_mtu_test-bin-dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c
clang -I. -Iinclude -I../openssl -I../openssl/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/dtls_mtu_test-bin-ssltestlib.d.tmp -MT test/helpers/dtls_mtu_test-bin-ssltestlib.o -c -o test/helpers/dtls_mtu_test-bin-ssltestlib.o ../openssl/test/helpers/ssltestlib.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtlstest-bin-dtlstest.d.tmp -MT test/dtlstest-bin-dtlstest.o -c -o test/dtlstest-bin-dtlstest.o ../openssl/test/dtlstest.c
clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/dtlstest-bin-ssltestlib.d.tmp -MT test/helpers/dtlstest-bin-ssltestlib.o -c -o test/helpers/dtlstest-bin-ssltestlib.o ../openssl/test/helpers/ssltestlib.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtlsv1listentest-bin-dtlsv1listentest.d.tmp -MT test/dtlsv1listentest-bin-dtlsv1listentest.o -c -o test/dtlsv1listentest-bin-dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c
clang -Iinclude -Icrypto/ec -Iapps/include -I../openssl/include -I../openssl/crypto/ec -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ec_internal_test-bin-ec_internal_test.d.tmp -MT test/ec_internal_test-bin-ec_internal_test.o -c -o test/ec_internal_test-bin-ec_internal_test.o ../openssl/test/ec_internal_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ecdsatest-bin-ecdsatest.d.tmp -MT test/ecdsatest-bin-ecdsatest.o -c -o test/ecdsatest-bin-ecdsatest.o ../openssl/test/ecdsatest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ecstresstest-bin-ecstresstest.d.tmp -MT test/ecstresstest-bin-ecstresstest.o -c -o test/ecstresstest-bin-ecstresstest.o ../openssl/test/ecstresstest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ectest-bin-ectest.d.tmp -MT test/ectest-bin-ectest.o -c -o test/ectest-bin-ectest.o ../openssl/test/ectest.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/endecode_test-bin-endecode_test.d.tmp -MT test/endecode_test-bin-endecode_test.o -c -o test/endecode_test-bin-endecode_test.o ../openssl/test/endecode_test.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/endecode_test-bin-predefined_dhparams.d.tmp -MT test/helpers/endecode_test-bin-predefined_dhparams.o -c -o test/helpers/endecode_test-bin-predefined_dhparams.o ../openssl/test/helpers/predefined_dhparams.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/endecoder_legacy_test-bin-endecoder_legacy_test.d.tmp -MT test/endecoder_legacy_test-bin-endecoder_legacy_test.o -c -o test/endecoder_legacy_test-bin-endecoder_legacy_test.o ../openssl/test/endecoder_legacy_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/enginetest-bin-enginetest.d.tmp -MT test/enginetest-bin-enginetest.o -c -o test/enginetest-bin-enginetest.o ../openssl/test/enginetest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/errtest-bin-errtest.d.tmp -MT test/errtest-bin-errtest.o -c -o test/errtest-bin-errtest.o ../openssl/test/errtest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -DNO_FIPS_MODULE -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_extra_test-bin-evp_extra_test.d.tmp -MT test/evp_extra_test-bin-evp_extra_test.o -c -o test/evp_extra_test-bin-evp_extra_test.o ../openssl/test/evp_extra_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_extra_test2-bin-evp_extra_test2.d.tmp -MT test/evp_extra_test2-bin-evp_extra_test2.o -c -o test/evp_extra_test2-bin-evp_extra_test2.o ../openssl/test/evp_extra_test2.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_fetch_prov_test-bin-evp_fetch_prov_test.d.tmp -MT test/evp_fetch_prov_test-bin-evp_fetch_prov_test.o -c -o test/evp_fetch_prov_test-bin-evp_fetch_prov_test.o ../openssl/test/evp_fetch_prov_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_kdf_test-bin-evp_kdf_test.d.tmp -MT test/evp_kdf_test-bin-evp_kdf_test.o -c -o test/evp_kdf_test-bin-evp_kdf_test.o ../openssl/test/evp_kdf_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_libctx_test-bin-evp_libctx_test.d.tmp -MT test/evp_libctx_test-bin-evp_libctx_test.o -c -o test/evp_libctx_test-bin-evp_libctx_test.o ../openssl/test/evp_libctx_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.d.tmp -MT test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.o -c -o test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.o ../openssl/test/evp_pkey_dparams_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_pkey_provided_test-bin-evp_pkey_provided_test.d.tmp -MT test/evp_pkey_provided_test-bin-evp_pkey_provided_test.o -c -o test/evp_pkey_provided_test-bin-evp_pkey_provided_test.o ../openssl/test/evp_pkey_provided_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_test-bin-evp_test.d.tmp -MT test/evp_test-bin-evp_test.o -c -o test/evp_test-bin-evp_test.o ../openssl/test/evp_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/exdatatest-bin-exdatatest.d.tmp -MT test/exdatatest-bin-exdatatest.o -c -o test/exdatatest-bin-exdatatest.o ../openssl/test/exdatatest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/exptest-bin-exptest.d.tmp -MT test/exptest-bin-exptest.o -c -o test/exptest-bin-exptest.o ../openssl/test/exptest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/fatalerrtest-bin-fatalerrtest.d.tmp -MT test/fatalerrtest-bin-fatalerrtest.o -c -o test/fatalerrtest-bin-fatalerrtest.o ../openssl/test/fatalerrtest.c
clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/fatalerrtest-bin-ssltestlib.d.tmp -MT test/helpers/fatalerrtest-bin-ssltestlib.o -c -o test/helpers/fatalerrtest-bin-ssltestlib.o ../openssl/test/helpers/ssltestlib.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ffc_internal_test-bin-ffc_internal_test.d.tmp -MT test/ffc_internal_test-bin-ffc_internal_test.o -c -o test/ffc_internal_test-bin-ffc_internal_test.o ../openssl/test/ffc_internal_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/gmdifftest-bin-gmdifftest.d.tmp -MT test/gmdifftest-bin-gmdifftest.o -c -o test/gmdifftest-bin-gmdifftest.o ../openssl/test/gmdifftest.c
clang -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/gosttest-bin-gosttest.d.tmp -MT test/gosttest-bin-gosttest.o -c -o test/gosttest-bin-gosttest.o ../openssl/test/gosttest.c
clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I. -I../openssl/include -I../openssl/apps/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/gosttest-bin-ssltestlib.d.tmp -MT test/helpers/gosttest-bin-ssltestlib.o -c -o test/helpers/gosttest-bin-ssltestlib.o ../openssl/test/helpers/ssltestlib.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/hexstr_test-bin-hexstr_test.d.tmp -MT test/hexstr_test-bin-hexstr_test.o -c -o test/hexstr_test-bin-hexstr_test.o ../openssl/test/hexstr_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/hmactest-bin-hmactest.d.tmp -MT test/hmactest-bin-hmactest.o -c -o test/hmactest-bin-hmactest.o ../openssl/test/hmactest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/http_test-bin-http_test.d.tmp -MT test/http_test-bin-http_test.o -c -o test/http_test-bin-http_test.o ../openssl/test/http_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ideatest-bin-ideatest.d.tmp -MT test/ideatest-bin-ideatest.o -c -o test/ideatest-bin-ideatest.o ../openssl/test/ideatest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/igetest-bin-igetest.d.tmp -MT test/igetest-bin-igetest.o -c -o test/igetest-bin-igetest.o ../openssl/test/igetest.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/keymgmt_internal_test-bin-keymgmt_internal_test.d.tmp -MT test/keymgmt_internal_test-bin-keymgmt_internal_test.o -c -o test/keymgmt_internal_test-bin-keymgmt_internal_test.o ../openssl/test/keymgmt_internal_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/lhash_test-bin-lhash_test.d.tmp -MT test/lhash_test-bin-lhash_test.o -c -o test/lhash_test-bin-lhash_test.o ../openssl/test/lhash_test.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/mdc2_internal_test-bin-mdc2_internal_test.d.tmp -MT test/mdc2_internal_test-bin-mdc2_internal_test.o -c -o test/mdc2_internal_test-bin-mdc2_internal_test.o ../openssl/test/mdc2_internal_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/mdc2test-bin-mdc2test.d.tmp -MT test/mdc2test-bin-mdc2test.o -c -o test/mdc2test-bin-mdc2test.o ../openssl/test/mdc2test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/memleaktest-bin-memleaktest.d.tmp -MT test/memleaktest-bin-memleaktest.o -c -o test/memleaktest-bin-memleaktest.o ../openssl/test/memleaktest.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/modes_internal_test-bin-modes_internal_test.d.tmp -MT test/modes_internal_test-bin-modes_internal_test.o -c -o test/modes_internal_test-bin-modes_internal_test.o ../openssl/test/modes_internal_test.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/moduleloadtest-bin-moduleloadtest.d.tmp -MT test/moduleloadtest-bin-moduleloadtest.o -c -o test/moduleloadtest-bin-moduleloadtest.o ../openssl/test/moduleloadtest.c
clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/moduleloadtest-bin-simpledynamic.d.tmp -MT test/moduleloadtest-bin-simpledynamic.o -c -o test/moduleloadtest-bin-simpledynamic.o ../openssl/test/simpledynamic.c
clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/namemap_internal_test-bin-namemap_internal_test.d.tmp -MT test/namemap_internal_test-bin-namemap_internal_test.o -c -o test/namemap_internal_test-bin-namemap_internal_test.o ../openssl/test/namemap_internal_test.c
In file included from ../openssl/test/moduleloadtest.c:19:
../openssl/test/simpledynamic.h:39:35: error: unknown type name 'SD'
int sd_load(const char *filename, SD *sd, int type);
^
../openssl/test/simpledynamic.h:40:12: error: unknown type name 'SD'
int sd_sym(SD sd, const char *symname, SD_SYM *sym);
^
../openssl/test/simpledynamic.h:40:40: error: unknown type name 'SD_SYM'
int sd_sym(SD sd, const char *symname, SD_SYM *sym);
^
../openssl/test/simpledynamic.h:41:14: error: unknown type name 'SD'
int sd_close(SD lib);
^
4 errors generated.
make[1]: *** [Makefile:24764: test/moduleloadtest-bin-moduleloadtest.o] Error 1
make[1]: *** Waiting for unfinished jobs....
In file included from ../openssl/test/simpledynamic.c:13:
../openssl/test/simpledynamic.h:39:35: error: unknown type name 'SD'
int sd_load(const char *filename, SD *sd, int type);
^
../openssl/test/simpledynamic.h:40:12: error: unknown type name 'SD'
int sd_sym(SD sd, const char *symname, SD_SYM *sym);
^
../openssl/test/simpledynamic.h:40:40: error: unknown type name 'SD_SYM'
int sd_sym(SD sd, const char *symname, SD_SYM *sym);
^
../openssl/test/simpledynamic.h:41:14: error: unknown type name 'SD'
int sd_close(SD lib);
^
4 errors generated.
make[1]: *** [Makefile:24772: test/moduleloadtest-bin-simpledynamic.o] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-dso'
make: *** [Makefile:3065: build_sw] Error 2
From tmraz at fedoraproject.org Thu Jan 7 08:58:41 2021
From: tmraz at fedoraproject.org (tmraz at fedoraproject.org)
Date: Thu, 07 Jan 2021 08:58:41 +0000
Subject: [openssl] OpenSSL_1_1_1-stable update
Message-ID: <1610009921.419218.12659.nullmailer@dev.openssl.org>
The branch OpenSSL_1_1_1-stable has been updated
via a953f26dba5dadf8ac69c6fcbf71ebe3efba9407 (commit)
from 80d5badd8fa7dcc7dffc88745376df53161e392a (commit)
- Log -----------------------------------------------------------------
commit a953f26dba5dadf8ac69c6fcbf71ebe3efba9407
Author: Ole Andr? Vadla Ravn?s
Date: Wed Dec 30 22:14:23 2020 +0100
poly1305/asm/poly1305-armv4.pl: fix Clang compatibility issue
I.e.:
error: out of range immediate fixup value
This fix is identical to one of the changes made in 3405db9, which I
discovered right after taking a quick stab at fixing this.
CLA: trivial
Fixes #7878
Reviewed-by: Kurt Roeckx
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13757)
-----------------------------------------------------------------------
Summary of changes:
crypto/poly1305/asm/poly1305-armv4.pl | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/crypto/poly1305/asm/poly1305-armv4.pl b/crypto/poly1305/asm/poly1305-armv4.pl
index f77e1170f6..0a4fe55d98 100755
--- a/crypto/poly1305/asm/poly1305-armv4.pl
+++ b/crypto/poly1305/asm/poly1305-armv4.pl
@@ -133,10 +133,10 @@ poly1305_init:
# ifdef __thumb2__
itete eq
# endif
- addeq r12,r11,#(poly1305_emit-.Lpoly1305_init)
- addne r12,r11,#(poly1305_emit_neon-.Lpoly1305_init)
- addeq r11,r11,#(poly1305_blocks-.Lpoly1305_init)
- addne r11,r11,#(poly1305_blocks_neon-.Lpoly1305_init)
+ addeq r12,r11,#(.Lpoly1305_emit-.Lpoly1305_init)
+ addne r12,r11,#(.Lpoly1305_emit_neon-.Lpoly1305_init)
+ addeq r11,r11,#(.Lpoly1305_blocks-.Lpoly1305_init)
+ addne r11,r11,#(.Lpoly1305_blocks_neon-.Lpoly1305_init)
# endif
# ifdef __thumb2__
orr r12,r12,#1 @ thumb-ify address
@@ -352,6 +352,7 @@ $code.=<<___;
.type poly1305_emit,%function
.align 5
poly1305_emit:
+.Lpoly1305_emit:
stmdb sp!,{r4-r11}
.Lpoly1305_emit_enter:
@@ -671,6 +672,7 @@ poly1305_init_neon:
.type poly1305_blocks_neon,%function
.align 5
poly1305_blocks_neon:
+.Lpoly1305_blocks_neon:
ldr ip,[$ctx,#36] @ is_base2_26
ands $len,$len,#-16
beq .Lno_data_neon
@@ -1157,6 +1159,7 @@ poly1305_blocks_neon:
.type poly1305_emit_neon,%function
.align 5
poly1305_emit_neon:
+.Lpoly1305_emit_neon:
ldr ip,[$ctx,#36] @ is_base2_26
stmdb sp!,{r4-r11}
From matt at openssl.org Thu Jan 7 13:45:49 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 07 Jan 2021 13:45:49 +0000
Subject: [openssl] master update
Message-ID: <1610027149.185137.13165.nullmailer@dev.openssl.org>
The branch master has been updated
via bd0c71298a82cc78aadba39485fc1ebec3c1c0ad (commit)
from e260bee0a97d4e6de60eae2c86d7c11ed03f2010 (commit)
- Log -----------------------------------------------------------------
commit bd0c71298a82cc78aadba39485fc1ebec3c1c0ad
Author: Matt Caswell
Date: Thu Jan 7 13:38:50 2021 +0000
Update copyright year
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/13800)
-----------------------------------------------------------------------
Summary of changes:
crypto/async/arch/async_win.c | 2 +-
crypto/async/arch/async_win.h | 2 +-
doc/man3/SSL_CTX_new.pod | 2 +-
doc/man7/EVP_SIGNATURE-ED25519.pod | 2 +-
engines/e_devcrypto.c | 2 +-
providers/implementations/ciphers/ciphercommon.c | 2 +-
test/ssl-tests/28-seclevel.cnf.in | 2 +-
7 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/crypto/async/arch/async_win.c b/crypto/async/arch/async_win.c
index 72cc27c214..0b276fd504 100644
--- a/crypto/async/arch/async_win.c
+++ b/crypto/async/arch/async_win.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/async/arch/async_win.h b/crypto/async/arch/async_win.h
index eb61b032e0..0fab95996e 100644
--- a/crypto/async/arch/async_win.h
+++ b/crypto/async/arch/async_win.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/SSL_CTX_new.pod b/doc/man3/SSL_CTX_new.pod
index 4093e657e8..1c953098e2 100644
--- a/doc/man3/SSL_CTX_new.pod
+++ b/doc/man3/SSL_CTX_new.pod
@@ -233,7 +233,7 @@ SSL_CTX_new_ex() was added in OpenSSL 3.0.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man7/EVP_SIGNATURE-ED25519.pod b/doc/man7/EVP_SIGNATURE-ED25519.pod
index e2fc31f724..2183d83c2e 100644
--- a/doc/man7/EVP_SIGNATURE-ED25519.pod
+++ b/doc/man7/EVP_SIGNATURE-ED25519.pod
@@ -92,7 +92,7 @@ L,
=head1 COPYRIGHT
-Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c
index 7f3768d36c..d549edfd29 100644
--- a/engines/e_devcrypto.c
+++ b/engines/e_devcrypto.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
index 0e3e367dfc..ffe644bb4c 100644
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/test/ssl-tests/28-seclevel.cnf.in b/test/ssl-tests/28-seclevel.cnf.in
index b7b96e87b7..56c23eba3a 100644
--- a/test/ssl-tests/28-seclevel.cnf.in
+++ b/test/ssl-tests/28-seclevel.cnf.in
@@ -1,5 +1,5 @@
# -*- mode: perl; -*-
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
From matt at openssl.org Thu Jan 7 14:03:30 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 07 Jan 2021 14:03:30 +0000
Subject: [web] master update
Message-ID: <1610028210.149616.4732.nullmailer@dev.openssl.org>
The branch master has been updated
via 89d554f676bdacf8497b41c8f2eae3b395bb2ff9 (commit)
from 32ac25c3dc11364b8854de9e91303951f6ba406d (commit)
- Log -----------------------------------------------------------------
commit 89d554f676bdacf8497b41c8f2eae3b395bb2ff9
Author: Matt Caswell
Date: Thu Jan 7 14:00:02 2021 +0000
Add newsflash entry for alpha10 release
Reviewed-by: Mark J. Cox
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/web/pull/212)
-----------------------------------------------------------------------
Summary of changes:
news/newsflash.txt | 1 +
1 file changed, 1 insertion(+)
diff --git a/news/newsflash.txt b/news/newsflash.txt
index 6b39413..1d842c7 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -5,6 +5,7 @@
# headings. URL paths must all be absolute.
Date: Item
+07-Jan-2021: Alpha 10 of OpenSSL 3.0 is now available: please download and test it
08-Dec-2020: OpenSSL 1.1.1i is now available, including bug and security fixes
26-Nov-2020: Alpha 9 of OpenSSL 3.0 is now available: please download and test it
05-Nov-2020: Alpha 8 of OpenSSL 3.0 is now available: please download and test it
From matt at openssl.org Thu Jan 7 14:07:24 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 07 Jan 2021 14:07:24 +0000
Subject: [openssl] master update
Message-ID: <1610028444.803327.21842.nullmailer@dev.openssl.org>
The branch master has been updated
via a86add03abf7ebdf63d79971b9feb396931b8697 (commit)
via cae118f9382c3790359b3ff050d6e01c11579a7f (commit)
from bd0c71298a82cc78aadba39485fc1ebec3c1c0ad (commit)
- Log -----------------------------------------------------------------
commit a86add03abf7ebdf63d79971b9feb396931b8697
Author: Matt Caswell
Date: Thu Jan 7 13:48:32 2021 +0000
Prepare for 3.0 alpha 11
Reviewed-by: Nicola Tuveri
commit cae118f9382c3790359b3ff050d6e01c11579a7f
Author: Matt Caswell
Date: Thu Jan 7 13:48:10 2021 +0000
Prepare for release of 3.0 alpha 10
Reviewed-by: Nicola Tuveri
-----------------------------------------------------------------------
Summary of changes:
VERSION.dat | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/VERSION.dat b/VERSION.dat
index 5a486d1b91..9956ebb7e7 100644
--- a/VERSION.dat
+++ b/VERSION.dat
@@ -1,7 +1,7 @@
MAJOR=3
MINOR=0
PATCH=0
-PRE_RELEASE_TAG=alpha10-dev
+PRE_RELEASE_TAG=alpha11-dev
BUILD_METADATA=
RELEASE_DATE=""
SHLIB_VERSION=3
From matt at openssl.org Thu Jan 7 14:07:34 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 07 Jan 2021 14:07:34 +0000
Subject: [openssl] openssl-3.0.0-alpha10 create
Message-ID: <1610028454.928022.25195.nullmailer@dev.openssl.org>
The annotated tag openssl-3.0.0-alpha10 has been created
at 45817feda8996f2e0812731b9b3e565d2682d694 (tag)
tagging cae118f9382c3790359b3ff050d6e01c11579a7f (commit)
replaces openssl-3.0.0-alpha9
tagged by Matt Caswell
on Thu Jan 7 13:48:21 2021 +0000
- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha10 release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl/3ESURHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJF8eQgAiULWDjFXQy/pgDxFDB3Z2k3KsiqEFzty
Z7ymUtQTNAyEDsxO6KRCBVPL6HeogGrNZmqD0MxS2QhW6pcAgnaqgeNwIwEYGh8Z
nSsihgXRQyos5YhEpIuVzFk1iCtugVw+zayyxAyDhVvYJ05+XX656G1ZmsgSR2Rn
GmxoH2b7sIVNapyLDPXSJHceP9fIYu0elVyHTl8PFoubKapTW+zqh0m1KLfIQ+cx
wg2Bh9sSrbV63CK0yDOvgqK1Wz1HMobNHM8+5avbzVHrF57hAKr9IrpPfaV7uXx/
bGAqiY7ppsc0nforH4szCQdseJJiMhppHs97bFaVSk2crmcDOV+6Bg==
=GxWV
-----END PGP SIGNATURE-----
Ankita Shetty (4):
cmp_client.c: Remove dead code of variable 'txt' in cert_response()
cmp_client.c: Fix indentation and remove empty line
openssl.pod: Carve out Trusted Certificate, Pass Phrase, Name Format, and Format Options
openssl.pod: Fix openSSL options doc
Ard Biesheuvel (1):
aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode
Benjamin Kaduk (1):
Fix comment in do_dtls1_write()
Daiki Ueno (1):
openssl dgst: add option to specify output length for XOF
Daniel Bevenius (2):
EVP: don't touch the lock for evp_pkey_downgrade
STORE: clear err after ossl_store_get0_loader_int
David CARLIER (1):
Mac M1 setting change proposal.
David Carlier (2):
CRYPTO_secure_malloc_init: Add FreeBSD support for secure-malloc dont-dump-region.
Add MAP_CONCEAL from OpenBSD which has similar purpose but on mmap call level.
David von Oheimb (1):
openssl.pod: Move verification doc to new doc/man1/openssl-verification-options.pod
Dmitry Belyavskiy (8):
OPENSSL_NO_GOST has nothing to do with low-level algos
Deprecate -cipher-commands and -digest-commands options
Skip unavailable digests and ciphers in -*-commands
Documenting the options deprecating
Documenting the options deprecating in CHANGES.md
Skip tests depending on deprecated list -*-commands options
Fetch provided algorithm once per benchmark
Fix doc-nits for list command
Dr. David von Oheimb (42):
asn1t.h: Improve comments documenting ASN1_ITYPE_... and the 'funcs' field
X509_dup: fix copying of libctx and propq using new ASN1_OP_DUP_POST cb operation
endecode_test.c: Significant speedup in generating DH and DHX keys
remove obsolete test/drbg_extra_test.h
remove obsolete test/drbg_cavs_data.h
test cleanup: move helper .c and .h files to test/helpers/
endecode_test.c: Add warning that 512-bit DH key size is for testing only
apps/pkcs12.c: Correct default legacy algs and make related doc consistent
apps/pkcs12.c: Improve user guidance, re-ordering no-export vs. export options
x509_vfy.c: Restore rejection of expired trusted (root) certificate
appveyor.yml: Let 'nmake' run by defaut silently (/S), using MAKEVERBOSE like .travis.yml
appveyor.yml: Let 'nmake' do builds in parallel on all CPU cores
.travis.yml: Do some build (gcc) runs in parallel (-j4)
ci.yml: Add 'perl configdata.pm --dump' to each config
ci.yml: Let 'make' run silently (-s) with build (gcc) runs in parallel (-j4)
appveyor.yml: Move printing of env variables such that locally defined ones are shown as well.
encode_key2any.c: Fix build error on OPENSSL_NO_DH and OPENSSL_NO_EC
encode_key2text.c: Fix build error on OPENSSL_NO_{DH,DSA,EC}
fuzz/server.c: Fix build error on OPENSSL_NO_{DSA,EC,DEPECATED_3_0}
apps/speed.c: Fix build errors on OPENSSL_NO_{RSA,DSA,EC,DEPECATED_3_0}
endecode_test.c: Fix build errors on OPENSSL_NO_{DH,DSA,EC,EC2M}
evp_pkey_dparams_test.c: Fix build error on OPENSSL_NO_{DH,DSA,EC}
apps/speed.c: Rename misleading 'rsa_count' variable to 'op_count'
{.travis,ci,appveyor}.yml: Make minimal config consistent, add no-deprecated no-ec no-ktls no-siv
apps/verify:c: Enable output of multiple verification errors due to -x509_strict
x509_vfy.c: Improve comments (correcting typos etc.)
test/certs/setup.sh: Fix two glitches
find-doc-nits: fix regexp and point out that CA.pl and tsget.pod are special
Use adapted test_get_libctx() for simpler test setup and better error reporting
apps/req.c: Improve diagnostics on multiple/overriding X.509 extensions defined via -reqext option
x509v3_config.pod: Clarify semantics of subjectKeyIdentifier and authorityKeyIdentifier
apps/{req,x509,ca}.c: Clean up code setting X.509 cert version v3
apps/{req,x509,ca}.c: Cleanup: move shared X509{,_REQ,_CRL} code to apps/lib/apps.c
apps/x509.c: Factor out common aspects of X509 signing
openssl-ca.pod.in: Clarify the -extensions/-crlexts options vs. x509_extensions/crl_extensions
X509V3_EXT_add_nconf_sk(): Improve description and use of 'sk' arg, which may be NULL
v2i_AUTHORITY_KEYID(): Correct out-of-memory behavior and avoid mem leaks
openssl_hexstr2buf_sep(): Prevent misleading 'malloc failure' errors on short input
apps/{ca,req,x509}.c: Improve diag and doc mostly on X.509 extensions, fix multiple instances
apps/cmp.c: Fix bug on -path option introduced in commit 3c9d6266ed85
apps/cmp.c: Correct -keyform option range w.r.t engine
Update copyright years of auto-generated headers (make update)
Etienne Millon (2):
EVP_SIGNATURE-ED25519.pod: fix typo in algo name
28-seclevel.cnf.in: fix typo in algo name
Fangming.Fang (1):
Read MIDR_EL1 system register on aarch64
Ingo Schwarze (1):
Fix NULL pointer access caused by X509_ATTRIBUTE_create()
J08nY (1):
README: Move Travis link to .com from .org.
John Baldwin (4):
Allow zero-byte writes to be reported as success.
Collapse two identical if statements into a single body.
Use CRIOGET to fetch a crypto descriptor when present.
Support session information on FreeBSD.
Kelvin Lee (1):
Fix simpledynamic.c - a typo and missed a header
Liang Liu (1):
[DOC]Fix two broken links in INSTALL.md; Change name of zlib flag to the current one.
Matt Caswell (56):
Prepare for 3.0 alpha 10
Fix no-posix-io
Deprecate DH_new as well as i2d_DHparams and d2i_DHparams
Deprecate functions for getting and setting DH values in an EVP_PKEY
Deprecate EVP_PKEY_assign_DH and other similar macros
Deprecate the DHparams and DHxparams PEM routines
Remove fuzzing of deprecated functions in a no-deprecated build
Don't test a deprecated function in a no-deprecated build
Deprecate more DH functions
Convert DH deprecations to the new way of deprecating functions
Updates the CHANGES.md entry regarding DH deprecation
Remove d2i_DHparams.pod and move documentation to d2i_RSAPrivateKey.pod
Fix no-engine
Fix instances of pointer addition with the NULL pointer
Fix TLS1.2 CHACHA20-POLY1305 ciphersuites with OPENSSL_SMALL_FOOTPRINT
Fix builds that specify both no-dh and no-ec
Don't Overflow when printing Thawte Strong Extranet Version
Fix a compile error with the no-sock option
Fix no-dtls
Fix no-dsa
DirectoryString is a CHOICE type and therefore uses explicit tagging
Correctly compare EdiPartyName in GENERAL_NAME_cmp()
Check that multi-strings/CHOICE types don't use implicit tagging
Complain if we are attempting to encode with an invalid ASN.1 template
Add a test for GENERAL_NAME_cmp
Add a test for encoding/decoding using an invalid ASN.1 Template
Update CHANGES and NEWS for new release
Fix a test failure with no-tls1_3
Fix a compilation failure with no-tls_1_2
Fix no-err
Modify is_tls13_capable() to take account of the servername cb
Test that we can negotiate TLSv1.3 if we have an SNI callback
Don't use no-asm in the Github CIs
Skip evp_test cases where we need the legacy prov and its not available
Fix sslapitest.c if built with no-legacy
Don't use legacy provider if not available in test_ssl_old
Don't load the legacy provider in endecoder_legacy_test
Skip testing ciphers in the legacy provider if no legacy
Don't load the legacy provider if not available in test_enc_more
Don't load the legacy provider in test_evp_libctx unnecessarily
Don't use the legacy provider in test_store if its not available
Don't run a legacy specific PKCS12 test if no legacy provider
Skip cms tests using RC2 if no legacy provider
Fix some typos in EVP_PKEY-DH.pod
Fix no-threads
Move the caching of cipher constants into evp_cipher_from_dispatch
Cache Digest constants
Optimise OPENSSL_init_crypto to not need a lock when loading config
Don't call EVP_CIPHER_CTX_block_size() to find the block size
Add some more CRYPTO_atomic functions
Optimise OPENSSL_init_crypto
Add documentation for CRYPTO_atomic_or and CRYPTO_atomic_load
Add a test for the new CRYPTO_atomic_* functions
Only perform special TLS handling if TLS has been configured
Update copyright year
Prepare for release of 3.0 alpha 10
Nan Xiao (1):
Fix typo in OPENSSL_malloc.pod
Nirbheek Chauhan (2):
crypto/win: Don't use disallowed APIs on UWP
win-onecore: Build with /APPCONTAINER for UWP compat
Pauli (19):
Print random seed on test failure.
remove unused return value assignments
remove unused assignments
remove unused initialisations
tag unused function arguments as ossl_unused
rand: add a provider side seed source.
Fix error clash in build
rand seed: include lock and unlock functions.
rand: don't leak memory
rand: allow seed-src to be missing
params: allow more variations in integer conversions.
params: add integer conversion test cases.
test: print OPENSSL_TEST_RAND_ORDER=x when a randomised test fails.
test: document the random test ordering env variable
dsa: documentation deprecation changes
dsa: fuzzer deprecation changes
dsa: apps deprecation changes
dsa: provider and library deprecation changes
dsa: add additional deprecated functions to CHANGES entry.
Petr Gotthard (1):
Fix OSSL_PARAM creation in OSSL_STORE_open_ex
Rich Salz (3):
Deprecate OCSP_REQ_CTX_set1_req
Document OCSP_REQ_CTX_i2d.
Check non-option arguments
Richard Levitte (80):
APPS: Make it possible for apps to set the base (fallback) UI_METHOD
APPS: Modify apps/cmp.c to use set_base_ui_method() for its -batch option
ERR: Restore the similarity of ERR_print_error_cb() and ERR_error_string_n()
TEST: Adapt test/errtest for the 'no-err' configuration
EVP_PKEY & DSA: Make DSA EVP_PKEY_CTX parameter ctrls / setters more available
ERR: Drop or deprecate dangerous or overly confusing functions
ERR: drop err_delete_thread_state() TODO marker
TEST: Fix path length in test/ossl_store_test.c
RSA: correct digestinfo_ripemd160_der[]
TEST: Break out the local dynamic loading code from shlibloadtest.c
TEST: Add a simple module loader, and test the FIPS module with it
ENCODER: Don't pass libctx to OSSL_ENCODER_CTX_new_by_EVP_PKEY()
Adapt everything else to the updated OSSL_ENCODER_CTX_new_by_EVP_PKEY()
APPS: Add OSSL_STORE loader for engine keys
APPS: Adapt load_key() and load_pubkey() for the engine: loader
Add test to demonstrate the app's new engine key loading
Switch deprecation method for AES
Switch deprecation method for ASN.1
Switch deprecation method for BIO
Switch deprecation method for Blowfish
Switch deprecation method for BIGNUM
Switch deprecation method for Camellia
Switch deprecation method for CAST
Switch deprecation method for CMAC
Switch deprecation method for CONF
Switch deprecation method for CRYPTO
Switch deprecation method for DES
Switch deprecation method for ENGINE
Switch deprecation method for ERR
Switch deprecation method for EVP
Switch deprecation method for HMAC
Switch deprecation method for IDEA
Switch deprecation method for MD2
Switch deprecation method for MD4
Switch deprecation method for MD5
Switch deprecation method for MDC2
Switch deprecation method for PKCS#12
Switch deprecation method for RAND
Switch deprecation method for RC2
Switch deprecation method for RC4
Switch deprecation method for RC5
Switch deprecation method for RIPEMD
Switch deprecation method for SEED
Switch deprecation method for SHA
Switch deprecation method for SRP
Switch deprecation method for SSL
Switch deprecation method for OSSL_STORE
Switch deprecation method for Whirlpool
Switch deprecation method for X.509
DSA: Make DSA_bits() and DSA_size() check that there are key parameters
EVP: Adjust EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits()
PEM: Add a more generic way to implement PEM _ex functions for libctx
providers/common/der/build.info: Improve checks of disabled algos
EVP: constify the EVP_PKEY_get_*_param() argument |pkey|
EVP: Add EVP_PKEY_get_group_name() to extract the group name of a pkey
TLS: Use EVP_PKEY_get_group_name() to get the group name
DOCS: Update OSSL_DECODER_CTX_new_by_EVP_PKEY.pod to match declarations
DOCS: Improve documentation of the EVP_PKEY type
Building: Fix the library file names for MSVC builds to include multilib
PEM: Unlock MSBLOB and PVK functions from 'no-dsa' and 'no-rc4'
Remove unnecessary guards around MSBLOB and PVK readers and writers
APPS: Correct the output structure for public keys in 'openssl rsa'
TEST: Fix test/recipes/15-test_rsa.t
PROV: Add MSBLOB and PVK encoders
EVP_PKEY & DSA: move dsa_ctrl.c to be included only on libcrypto
EVP_PKEY & DH: Make DH EVP_PKEY_CTX parameter ctrls / setters more available
EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available
Drop unnecessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_EC
Add necessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_EC
DECODER EVP_PKEY: Don't store all the EVP_KEYMGMTs
MSBLOB & PVK: Make it possible to write EVP_PKEYs with provided internal key
DECODER: Adjust the library context of keys in our decoders
CORE: Separate OSSL_PROVIDER activation from OSSL_PROVIDER reference
EVP: Fix memory leak in EVP_PKEY_CTX_dup()
GitHub CI: Add 'check-update' and 'check-docs'
make update
TEST: Fix test/endecode_test.c for 'no-legacy'
Fix 'no-deprecated'
GitHub CI: Separate no-deprecated job from minimal job
Drop OPENSSL_NO_RSA everywhere
Sebastian Andrzej Siewior (1):
Configurations: PowerPC is big endian
Shane Lontis (16):
Fix EVP_CIPHER_CTX_set_padding for legacy path
Fix no-deprecated configuration
Fix s390 EDDSA HW support in providers.
Add EVP_KDF-X942 to the fips module
Fix X509 propq so it does not use references
Fix x509_crl propq so that it uses a copy
fix x509_PUBKEY propq so that it uses a copy
Fix EVP_PKEY_CTX propq so that it uses a copy
Fix ecdsa digest setting code to match dsa.
Fix dsa & rsa signature dupctx() so that ctx->propq is strduped
Change OPENSSL_hexstr2buf_ex() & OPENSSL_buf2hexstr_ex() to pass the separator
Deprecate EC_POINT_bn2point and EC_POINT_point2bn.
Add validate method to ECX keymanager
Add fips self tests for all included kdf
Fix Segfault in EVP_PKEY_CTX_dup when the ctx has an undefined operation.
Change AES-CTS modes CS2 and CS3 to also be inside the fips module.
Tim Hudson (1):
Correct system guessing for darwin64-arm64 target
Tomas Mraz (6):
EVP_DigestFinalXOF must not reset the EVP_MD_CTX
Add test for no reset after DigestFinal_ex and DigestFinalXOF
Fix regression in EVP_DigestInit_ex: crash when called with NULL type
Documentation improvements for EVP_DigestInit_ex and related functions
v3nametest: Make the gennames structure static
Github CI: run also on repository pushes
bazmoz (1):
Updated SSL_CTX_new doc
ihsinme (1):
Update bio_ok.c
jwalch (1):
Restore v2i_AUTHORITY_INFO_ACCESS() behavior
-----------------------------------------------------------------------
From tmraz at fedoraproject.org Thu Jan 7 16:40:09 2021
From: tmraz at fedoraproject.org (tmraz at fedoraproject.org)
Date: Thu, 07 Jan 2021 16:40:09 +0000
Subject: [openssl] master update
Message-ID: <1610037609.443433.7684.nullmailer@dev.openssl.org>
The branch master has been updated
via 3d0b6494d5a973d516e0944bc02b22385fca318a (commit)
via 981b4b95721907384f4add9de72bf90e0ba39288 (commit)
via 1c47539a2331ff0b58a4e8663bcc6db0dc2c6449 (commit)
via c1e8a0c66e32b4144fdeb49bd5ff7acb76df72b9 (commit)
from a86add03abf7ebdf63d79971b9feb396931b8697 (commit)
- Log -----------------------------------------------------------------
commit 3d0b6494d5a973d516e0944bc02b22385fca318a
Author: Otto Hollmann
Date: Tue Oct 20 12:47:55 2020 +0200
Remove extra space.
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12100)
commit 981b4b95721907384f4add9de72bf90e0ba39288
Author: Otto Hollmann
Date: Mon Oct 19 16:25:26 2020 +0200
Fixed error and return code.
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12100)
commit 1c47539a2331ff0b58a4e8663bcc6db0dc2c6449
Author: Otto Hollmann
Date: Mon Oct 19 10:05:57 2020 +0200
Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites.
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12100)
commit c1e8a0c66e32b4144fdeb49bd5ff7acb76df72b9
Author: Otto Hollmann
Date: Tue Jun 9 15:50:12 2020 +0200
Fix set_ciphersuites ignore unknown ciphers.
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12100)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 5 +++++
doc/man3/SSL_CTX_set_cipher_list.pod | 10 +++++-----
ssl/ssl_ciph.c | 18 +++++++++---------
3 files changed, 19 insertions(+), 14 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index a296406137..94bf750ffc 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,11 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
+ * Changed behavior of SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites()
+ to ignore unknown ciphers.
+
+ *Otto Hollmann*
+
* The -cipher-commands and -digest-commands options of the command line
utility list has been deprecated.
Instead use the -cipher-algorithms and -digest-algorithms options.
diff --git a/doc/man3/SSL_CTX_set_cipher_list.pod b/doc/man3/SSL_CTX_set_cipher_list.pod
index 2fdebdf51d..c2786295b7 100644
--- a/doc/man3/SSL_CTX_set_cipher_list.pod
+++ b/doc/man3/SSL_CTX_set_cipher_list.pod
@@ -65,11 +65,11 @@ cipher string for TLSv1.3 ciphersuites.
=head1 NOTES
-The control string B for SSL_CTX_set_cipher_list() and
-SSL_set_cipher_list() should be universally usable and not depend
-on details of the library configuration (ciphers compiled in). Thus no
-syntax checking takes place. Items that are not recognized, because the
-corresponding ciphers are not compiled in or because they are mistyped,
+The control string B for SSL_CTX_set_cipher_list(), SSL_set_cipher_list(),
+SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() should be universally
+usable and not depend on details of the library configuration (ciphers compiled
+in). Thus no syntax checking takes place. Items that are not recognized, because
+the corresponding ciphers are not compiled in or because they are mistyped,
are simply ignored. Failure is only flagged if no ciphers could be collected
at all.
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 64ecc543ba..6c77cd3d40 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1288,19 +1288,17 @@ static int ciphersuite_cb(const char *elem, int len, void *arg)
/* Arbitrary sized temp buffer for the cipher name. Should be big enough */
char name[80];
- if (len > (int)(sizeof(name) - 1)) {
- ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
- return 0;
- }
+ if (len > (int)(sizeof(name) - 1))
+ /* Anyway return 1 so we can parse rest of the list */
+ return 1;
memcpy(name, elem, len);
name[len] = '\0';
cipher = ssl3_get_cipher_by_std_name(name);
- if (cipher == NULL) {
- ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
- return 0;
- }
+ if (cipher == NULL)
+ /* Ciphersuite not found but return 1 to parse rest of the list */
+ return 1;
if (!sk_SSL_CIPHER_push(ciphersuites, cipher)) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
@@ -1319,7 +1317,9 @@ static __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const cha
/* Parse the list. We explicitly allow an empty list */
if (*str != '\0'
- && !CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers)) {
+ && (CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers) <= 0
+ || sk_SSL_CIPHER_num(newciphers) == 0)) {
+ ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
sk_SSL_CIPHER_free(newciphers);
return 0;
}
From openssl at openssl.org Thu Jan 7 23:11:10 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Thu, 07 Jan 2021 23:11:10 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
enable-fuzz-afl no-shared no-module
Message-ID: <1610061070.053587.2698585.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module
Commit log since last time:
e260bee0a9 Only perform special TLS handling if TLS has been configured
7c0e98a5c4 Mac M1 setting change proposal.
7fd1ca723a Support session information on FreeBSD.
b39c215dec Use CRIOGET to fetch a crypto descriptor when present.
3497cc8776 Updated SSL_CTX_new doc
b043c41c00 28-seclevel.cnf.in: fix typo in algo name
b2d1465153 EVP_SIGNATURE-ED25519.pod: fix typo in algo name
2c61a670eb win-onecore: Build with /APPCONTAINER for UWP compat
ce11192650 crypto/win: Don't use disallowed APIs on UWP
38b57c4c52 Update copyright years of auto-generated headers (make update)
Build log ended with (last 100 lines):
# warn_cert_msg:../openssl/apps/cmp.c:687:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
# setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF
# save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem'
../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem -out_trusted root.crt => 0
not ok 43 - popo RAVERIFIED
# ------------------------------------------------------------------------------
# cmp_main:../openssl/apps/cmp.c:2663:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option
# warn_cert_msg:../openssl/apps/cmp.c:687:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
# setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF
# save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo5.pem'
../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo5.pem -out_trusted root.crt => 0
not ok 47 - popo NONE
# ------------------------------------------------------------------------------
# Failed test 'popo NONE'
# at ../openssl/test/recipes/81-test_cmp_cli.t line 183.
# cmp_main:../openssl/apps/cmp.c:2663:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option
# warn_cert_msg:../openssl/apps/cmp.c:687:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
# setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF
# save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo6.pem'
../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo6.pem -out_trusted root.crt => 0
not ok 48 - popo KEYENC not supported
# ------------------------------------------------------------------------------
# Looks like you failed 3 tests of 92.
not ok 7 - CMP app CLI Mock enrollment
# ------------------------------------------------------------------------------
#
# Failed test 'CMP app CLI Mock enrollment
# '
# at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1335.
# Looks like you failed 3 tests of 7.81-test_cmp_cli.t ..................
Dubious, test returned 3 (wstat 768, 0x300)
Failed 3/7 subtests
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. skipped: Test only supported in a shared build
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ skipped: Test only supported in a shared build
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build
90-test_v3name.t ................... ok
95-test_external_boringssl.t ....... skipped: No external tests in this configuration
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok
Test Summary Report
-------------------
81-test_cmp_cli.t (Wstat: 768 Tests: 7 Failed: 3)
Failed tests: 4-5, 7
Non-zero exit status: 3
Files=227, Tests=2999, 703 wallclock secs (10.20 usr 1.40 sys + 617.70 cusr 71.88 csys = 701.18 CPU)
Result: FAIL
make[1]: *** [Makefile:2458: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl'
make: *** [Makefile:2455: tests] Error 2
From matt at openssl.org Fri Jan 8 10:43:51 2021
From: matt at openssl.org (Matt Caswell)
Date: Fri, 08 Jan 2021 10:43:51 +0000
Subject: [openssl] master update
Message-ID: <1610102631.138808.12460.nullmailer@dev.openssl.org>
The branch master has been updated
via d0afb30ef3950cacff50ec539e90073b95a276df (commit)
from 3d0b6494d5a973d516e0944bc02b22385fca318a (commit)
- Log -----------------------------------------------------------------
commit d0afb30ef3950cacff50ec539e90073b95a276df
Author: Matt Caswell
Date: Thu Dec 10 10:36:23 2020 +0000
Ensure DTLS free functions can handle NULL
Our free functions should be able to deal with the case where the object
being freed is NULL. This turns out to not be quite the case for DTLS
related objects.
Fixes #13649
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13655)
-----------------------------------------------------------------------
Summary of changes:
ssl/d1_lib.c | 9 +++++----
ssl/record/rec_layer_d1.c | 3 +++
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index cc41eee976..62c5f26e5d 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -142,10 +142,11 @@ void dtls1_free(SSL *s)
ssl3_free(s);
- dtls1_clear_queues(s);
-
- pqueue_free(s->d1->buffered_messages);
- pqueue_free(s->d1->sent_messages);
+ if (s->d1 != NULL) {
+ dtls1_clear_queues(s);
+ pqueue_free(s->d1->buffered_messages);
+ pqueue_free(s->d1->sent_messages);
+ }
OPENSSL_free(s->d1);
s->d1 = NULL;
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index cc412bae37..10321ce015 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -46,6 +46,9 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl)
{
+ if (rl->d == NULL)
+ return;
+
DTLS_RECORD_LAYER_clear(rl);
pqueue_free(rl->d->unprocessed_rcds.q);
pqueue_free(rl->d->processed_rcds.q);
From matt at openssl.org Fri Jan 8 10:44:02 2021
From: matt at openssl.org (Matt Caswell)
Date: Fri, 08 Jan 2021 10:44:02 +0000
Subject: [openssl] OpenSSL_1_1_1-stable update
Message-ID: <1610102642.452109.13452.nullmailer@dev.openssl.org>
The branch OpenSSL_1_1_1-stable has been updated
via 37d9e3d7fdfbe7713adcdeca55b1303c6ad8dc12 (commit)
from a953f26dba5dadf8ac69c6fcbf71ebe3efba9407 (commit)
- Log -----------------------------------------------------------------
commit 37d9e3d7fdfbe7713adcdeca55b1303c6ad8dc12
Author: Matt Caswell
Date: Thu Dec 10 10:36:23 2020 +0000
Ensure DTLS free functions can handle NULL
Our free functions should be able to deal with the case where the object
being freed is NULL. This turns out to not be quite the case for DTLS
related objects.
Fixes #13649
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13655)
(cherry picked from commit d0afb30ef3950cacff50ec539e90073b95a276df)
-----------------------------------------------------------------------
Summary of changes:
ssl/d1_lib.c | 9 +++++----
ssl/record/rec_layer_d1.c | 3 +++
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 2a15ee8ad9..8874bed353 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -142,10 +142,11 @@ void dtls1_free(SSL *s)
ssl3_free(s);
- dtls1_clear_queues(s);
-
- pqueue_free(s->d1->buffered_messages);
- pqueue_free(s->d1->sent_messages);
+ if (s->d1 != NULL) {
+ dtls1_clear_queues(s);
+ pqueue_free(s->d1->buffered_messages);
+ pqueue_free(s->d1->sent_messages);
+ }
OPENSSL_free(s->d1);
s->d1 = NULL;
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index e56c6b9595..d0cb72d757 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -46,6 +46,9 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl)
{
+ if (rl->d == NULL)
+ return;
+
DTLS_RECORD_LAYER_clear(rl);
pqueue_free(rl->d->unprocessed_rcds.q);
pqueue_free(rl->d->processed_rcds.q);
From tmraz at fedoraproject.org Fri Jan 8 11:12:39 2021
From: tmraz at fedoraproject.org (tmraz at fedoraproject.org)
Date: Fri, 08 Jan 2021 11:12:39 +0000
Subject: [openssl] master update
Message-ID: <1610104359.532482.21386.nullmailer@dev.openssl.org>
The branch master has been updated
via 22aa4a3afb53984201c84970ec03b251d0117f00 (commit)
from d0afb30ef3950cacff50ec539e90073b95a276df (commit)
- Log -----------------------------------------------------------------
commit 22aa4a3afb53984201c84970ec03b251d0117f00
Author: Billy Brumley
Date: Tue Jan 5 13:08:09 2021 +0200
[crypto/dh] side channel hardening for computing DH shared keys
Reviewed-by: Nicola Tuveri
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13783)
-----------------------------------------------------------------------
Summary of changes:
crypto/dh/dh_key.c | 34 +++++++++++++++++++++++++++++++---
doc/man3/DH_generate_key.pod | 27 +++++++++++++++++++++------
2 files changed, 52 insertions(+), 9 deletions(-)
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 2e61ccbaa2..4535715367 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -86,26 +86,53 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err;
}
- ret = BN_bn2bin(tmp, key);
+ /* return the padded key, i.e. same number of bytes as the modulus */
+ ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->params.p));
err:
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ret;
}
+/*-
+ * NB: This function is inherently not constant time due to the
+ * RFC 5246 (8.1.2) padding style that strips leading zero bytes.
+ */
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
+ int ret = 0, i;
+ volatile size_t npad = 0, mask = 1;
+
+ /* compute the key; ret is constant unless compute_key is external */
#ifdef FIPS_MODULE
- return compute_key(key, pub_key, dh);
+ ret = compute_key(key, pub_key, dh);
#else
- return dh->meth->compute_key(key, pub_key, dh);
+ ret = dh->meth->compute_key(key, pub_key, dh);
#endif
+ if (ret <= 0)
+ return ret;
+
+ /* count leading zero bytes, yet still touch all bytes */
+ for (i = 0; i < ret; i++) {
+ mask &= !key[i];
+ npad += mask;
+ }
+
+ /* unpad key */
+ ret -= npad;
+ /* key-dependent memory access, potentially leaking npad / ret */
+ memmove(key, key + npad, ret);
+ /* key-dependent memory access, potentially leaking npad / ret */
+ memset(key + ret, 0, npad);
+
+ return ret;
}
int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
int rv, pad;
+ /* rv is constant unless compute_key is external */
#ifdef FIPS_MODULE
rv = compute_key(key, pub_key, dh);
#else
@@ -114,6 +141,7 @@ int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
if (rv <= 0)
return rv;
pad = BN_num_bytes(dh->params.p) - rv;
+ /* pad is constant (zero) unless compute_key is external */
if (pad > 0) {
memmove(key + pad, key, rv);
memset(key, 0, pad);
diff --git a/doc/man3/DH_generate_key.pod b/doc/man3/DH_generate_key.pod
index 7cc9e84a44..c5b58615e0 100644
--- a/doc/man3/DH_generate_key.pod
+++ b/doc/man3/DH_generate_key.pod
@@ -2,7 +2,8 @@
=head1 NAME
-DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
+DH_generate_key, DH_compute_key, DH_compute_key_padded - perform
+Diffie-Hellman key exchange
=head1 SYNOPSIS
@@ -14,18 +15,20 @@ L:
int DH_generate_key(DH *dh);
- int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+ int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+
+ int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
=head1 DESCRIPTION
-Both of the functions described on this page are deprecated.
+All of the functions described on this page are deprecated.
Applications should instead use L
and L.
DH_generate_key() performs the first step of a Diffie-Hellman key
exchange by generating private and public DH values. By calling
-DH_compute_key(), these are combined with the other party's public
-value to compute the shared key.
+DH_compute_key() or DH_compute_key_padded(), these are combined with
+the other party's public value to compute the shared key.
DH_generate_key() expects B to contain the shared parameters
Bp> and Bg>. It generates a random private DH value
@@ -36,6 +39,14 @@ published.
DH_compute_key() computes the shared secret from the private DH value
in B and the other party's public value in B and stores
it in B. B must point to B bytes of memory.
+The padding style is RFC 5246 (8.1.2) that strips leading zero bytes.
+It is not constant time due to the leading zero bytes being stripped.
+The return value should be considered public.
+
+DH_compute_key_padded() is similar but stores a fixed number of bytes.
+The padding style is NIST SP 800-56A (C.1) that retains leading zero bytes.
+It is constant time due to the leading zero bytes being retained.
+The return value should be considered public.
=head1 RETURN VALUES
@@ -44,6 +55,8 @@ DH_generate_key() returns 1 on success, 0 otherwise.
DH_compute_key() returns the size of the shared secret on success, -1
on error.
+DH_compute_key_padded() returns B on success, -1 on error.
+
The error codes can be obtained by L.
=head1 SEE ALSO
@@ -53,7 +66,9 @@ L, L, L, L
=head1 HISTORY
-Both of these functions were deprecated in OpenSSL 3.0.
+DH_compute_key_padded() was added in OpenSSL 1.0.2.
+
+All of these functions were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
From openssl at openssl.org Fri Jan 8 16:36:03 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Fri, 08 Jan 2021 16:36:03 +0000
Subject: FAILED build of OpenSSL branch master with options -d
--strict-warnings enable-weak-ssl-ciphers
Message-ID: <1610123763.594759.570387.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings enable-weak-ssl-ciphers
Commit log since last time:
e260bee0a9 Only perform special TLS handling if TLS has been configured
7c0e98a5c4 Mac M1 setting change proposal.
7fd1ca723a Support session information on FreeBSD.
b39c215dec Use CRIOGET to fetch a crypto descriptor when present.
3497cc8776 Updated SSL_CTX_new doc
b043c41c00 28-seclevel.cnf.in: fix typo in algo name
b2d1465153 EVP_SIGNATURE-ED25519.pod: fix typo in algo name
2c61a670eb win-onecore: Build with /APPCONTAINER for UWP compat
ce11192650 crypto/win: Don't use disallowed APIs on UWP
38b57c4c52 Update copyright years of auto-generated headers (make update)
Build log ended with (last 100 lines):
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok
80-test_ssl_new.t .................. ok
ERROR in SERVER
40B7F7449E7F0000:error:0A0000F4:SSL routines:ossl_statem_server_read_transition:unexpected message:../openssl/ssl/statem/statem_srvr.c:312:
Doing handshakes=1 bytes=256
TLSv1, cipher SSLv3 ADH-RC4-MD5, temp key: 2048 bits DH
../../util/wrap.pl ../../test/ssl_old_test -s_key keyU.ss -s_cert certU.ss -c_key keyU.ss -c_cert certU.ss -config ../../../openssl/test/default-and-legacy.cnf -provider default -provider legacy -s_cert certD.ss -s_key keyD.ss -s_cert certE.ss -s_key keyE.ss -cipher 'ADH-RC4-MD5:@SECLEVEL=0' -ciphersuites '' -tls1 => 1
not ok 28 - Testing ADH-RC4-MD5:@SECLEVEL=0
# ------------------------------------------------------------------------------
ERROR in SERVER
40C7004F817F0000:error:0A0000F4:SSL routines:ossl_statem_server_read_transition:unexpected message:../openssl/ssl/statem/statem_srvr.c:312:
Doing handshakes=1 bytes=256
TLSv1, cipher SSLv3 RC4-MD5, 2048 bits RSA
../../util/wrap.pl ../../test/ssl_old_test -s_key keyU.ss -s_cert certU.ss -c_key keyU.ss -c_cert certU.ss -config ../../../openssl/test/default-and-legacy.cnf -provider default -provider legacy -s_cert certD.ss -s_key keyD.ss -s_cert certE.ss -s_key keyE.ss -cipher 'RC4-MD5:@SECLEVEL=0' -ciphersuites '' -tls1 => 1
not ok 42 - Testing RC4-MD5:@SECLEVEL=0
# ------------------------------------------------------------------------------
ERROR in SERVER
4077479FD97F0000:error:0A0000F4:SSL routines:ossl_statem_server_read_transition:unexpected message:../openssl/ssl/statem/statem_srvr.c:312:
Doing handshakes=1 bytes=256
TLSv1.2, cipher SSLv3 ADH-RC4-MD5, temp key: 2048 bits DH
../../util/wrap.pl ../../test/ssl_old_test -s_key keyU.ss -s_cert certU.ss -c_key keyU.ss -c_cert certU.ss -config ../../../openssl/test/default-and-legacy.cnf -provider default -provider legacy -s_cert certD.ss -s_key keyD.ss -s_cert certE.ss -s_key keyE.ss -cipher 'ADH-RC4-MD5:@SECLEVEL=0' -ciphersuites '' -tls1_2 => 1
not ok 118 - Testing ADH-RC4-MD5:@SECLEVEL=0
# ------------------------------------------------------------------------------
ERROR in SERVER
40D7A439157F0000:error:0A0000F4:SSL routines:ossl_statem_server_read_transition:unexpected message:../openssl/ssl/statem/statem_srvr.c:312:
Doing handshakes=1 bytes=256
TLSv1.2, cipher SSLv3 RC4-MD5, 2048 bits RSA
../../util/wrap.pl ../../test/ssl_old_test -s_key keyU.ss -s_cert certU.ss -c_key keyU.ss -c_cert certU.ss -config ../../../openssl/test/default-and-legacy.cnf -provider default -provider legacy -s_cert certD.ss -s_key keyD.ss -s_cert certE.ss -s_key keyE.ss -cipher 'RC4-MD5:@SECLEVEL=0' -ciphersuites '' -tls1_2 => 1
not ok 143 - Testing RC4-MD5:@SECLEVEL=0
# ------------------------------------------------------------------------------
# Looks like you failed 4 tests of 148.
not ok 4 - Testing ciphersuites
# ------------------------------------------------------------------------------
# Looks like you failed 1 test of 12.80-test_ssl_old.t ..................
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/12 subtests
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
# 81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. ok
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... ok
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ ok
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
95-test_external_boringssl.t ....... skipped: No external tests in this configuration
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok
Test Summary Report
-------------------
80-test_ssl_old.t (Wstat: 256 Tests: 12 Failed: 1)
Failed test: 4
Non-zero exit status: 1
Files=227, Tests=3560, 881 wallclock secs (14.53 usr 1.47 sys + 784.51 cusr 90.90 csys = 891.41 CPU)
Result: FAIL
make[1]: *** [Makefile:3237: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/enable-weak-ssl-ciphers'
make: *** [Makefile:3234: tests] Error 2
From matt at openssl.org Fri Jan 8 17:27:32 2021
From: matt at openssl.org (Matt Caswell)
Date: Fri, 08 Jan 2021 17:27:32 +0000
Subject: [openssl] master update
Message-ID: <1610126852.671287.3281.nullmailer@dev.openssl.org>
The branch master has been updated
via becbacd705170952725571ae4404846b0ecee86a (commit)
from 22aa4a3afb53984201c84970ec03b251d0117f00 (commit)
- Log -----------------------------------------------------------------
commit becbacd705170952725571ae4404846b0ecee86a
Author: Michael Baentsch
Date: Thu Jan 7 09:09:32 2021 +0100
Adding TLS group name retrieval
Function SSL_group_to_name() added, together with documentation and tests.
This now permits displaying names of internal and external
provider-implemented groups.
Partial fix of #13767
Reviewed-by: Tomas Mraz
Reviewed-by: Nicola Tuveri
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/13785)
-----------------------------------------------------------------------
Summary of changes:
apps/lib/s_cb.c | 23 ++++------------------
doc/man3/SSL_group_to_name.pod | 43 ++++++++++++++++++++++++++++++++++++++++++
include/openssl/ssl.h.in | 2 ++
ssl/s3_lib.c | 18 ++++++++++++++++++
ssl/ssl_local.h | 1 +
ssl/t1_lib.c | 2 +-
test/sslapitest.c | 23 ++++++++++++++++++++++
util/libssl.num | 1 +
8 files changed, 93 insertions(+), 20 deletions(-)
create mode 100644 doc/man3/SSL_group_to_name.pod
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index c7994417aa..67e0fbd5bd 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -345,7 +345,6 @@ int ssl_print_point_formats(BIO *out, SSL *s)
int ssl_print_groups(BIO *out, SSL *s, int noshared)
{
int i, ngroups, *groups, nid;
- const char *gname;
ngroups = SSL_get1_groups(s, NULL);
if (ngroups <= 0)
@@ -353,39 +352,25 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared)
groups = app_malloc(ngroups * sizeof(int), "groups to print");
SSL_get1_groups(s, groups);
- BIO_puts(out, "Supported Elliptic Groups: ");
+ BIO_puts(out, "Supported groups: ");
for (i = 0; i < ngroups; i++) {
if (i)
BIO_puts(out, ":");
nid = groups[i];
- /* If unrecognised print out hex version */
- if (nid & TLSEXT_nid_unknown) {
- BIO_printf(out, "0x%04X", nid & 0xFFFF);
- } else {
- /* TODO(TLS1.3): Get group name here */
- /* Use NIST name for curve if it exists */
- gname = EC_curve_nid2nist(nid);
- if (gname == NULL)
- gname = OBJ_nid2sn(nid);
- BIO_printf(out, "%s", gname);
- }
+ BIO_printf(out, "%s", SSL_group_to_name(s, nid));
}
OPENSSL_free(groups);
if (noshared) {
BIO_puts(out, "\n");
return 1;
}
- BIO_puts(out, "\nShared Elliptic groups: ");
+ BIO_puts(out, "\nShared groups: ");
ngroups = SSL_get_shared_group(s, -1);
for (i = 0; i < ngroups; i++) {
if (i)
BIO_puts(out, ":");
nid = SSL_get_shared_group(s, i);
- /* TODO(TLS1.3): Convert for DH groups */
- gname = EC_curve_nid2nist(nid);
- if (gname == NULL)
- gname = OBJ_nid2sn(nid);
- BIO_printf(out, "%s", gname);
+ BIO_printf(out, "%s", SSL_group_to_name(s, nid));
}
if (ngroups == 0)
BIO_puts(out, "NONE");
diff --git a/doc/man3/SSL_group_to_name.pod b/doc/man3/SSL_group_to_name.pod
new file mode 100644
index 0000000000..9c0e75c188
--- /dev/null
+++ b/doc/man3/SSL_group_to_name.pod
@@ -0,0 +1,43 @@
+=pod
+
+=head1 NAME
+
+SSL_group_to_name - get name of group
+
+=head1 SYNOPSIS
+
+ #include
+
+ const char *SSL_group_to_name(const SSL *ssl, int id);
+
+=head1 DESCRIPTION
+
+SSL_group_to_name() is used to retrieve the TLS group name
+associated with a given TLS group ID, as registered via built-in
+or external providers and as returned by a call to SSL_get1_groups()
+or SSL_get_shared_group().
+
+=head1 RETURN VALUES
+
+If non-NULL, SSL_group_to_name() returns the TLS group name
+corresponding to the given I as a NULL-terminated string.
+If SSL_group_to_name() returns NULL, an error occurred; possibly no
+corresponding tlsname was registered during provider initialisation.
+
+Note that the return value is valid only during the lifetime of the
+SSL object I.
+
+=head1 SEE ALSO
+
+L
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L.
+
+=cut
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 37b4c82f02..4e5d50bd6d 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -1501,6 +1501,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_get_max_proto_version(s) \
SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
+const char *SSL_group_to_name(SSL *s, int id);
+
/* Backwards compatibility, original 1.1.0 names */
# define SSL_CTRL_GET_SERVER_TMP_KEY \
SSL_CTRL_GET_PEER_TMP_KEY
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 298efdc1cb..0739bc9082 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4986,3 +4986,21 @@ int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,
EVP_PKEY_CTX_free(pctx);
return rv;
}
+
+const char *SSL_group_to_name(SSL *s, int nid) {
+ int group_id = 0;
+ const TLS_GROUP_INFO *cinf = NULL;
+
+ /* first convert to real group id for internal and external IDs */
+ if (nid & TLSEXT_nid_unknown)
+ group_id = nid & 0xFFFF;
+ else
+ group_id = tls1_nid2group_id(nid);
+
+ /* then look up */
+ cinf = tls1_group_id_lookup(s->ctx, group_id);
+
+ if (cinf != NULL)
+ return cinf->tlsname;
+ return NULL;
+}
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index c2a4087c3b..22ab387422 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2650,6 +2650,7 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
__owur const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t curve_id);
__owur int tls1_group_id2nid(uint16_t group_id, int include_unknown);
+__owur uint16_t tls1_nid2group_id(int nid);
__owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves);
__owur uint16_t tls1_shared_group(SSL *s, int nmatch);
__owur int tls1_set_groups(uint16_t **pext, size_t *pextlen,
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index bc366c8a7c..60c17dd809 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -460,7 +460,7 @@ int tls1_group_id2nid(uint16_t group_id, int include_unknown)
return TLSEXT_nid_unknown | (int)group_id;
}
-static uint16_t tls1_nid2group_id(int nid)
+uint16_t tls1_nid2group_id(int nid)
{
size_t i;
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 915387a87c..984c6a8764 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -4318,6 +4318,7 @@ static int test_key_exchange(int idx)
int *kexch_groups = &kexch_alg;
int kexch_groups_size = 1;
int max_version = TLS1_3_VERSION;
+ char *kexch_name0 = NULL;
switch (idx) {
# ifndef OPENSSL_NO_EC
@@ -4329,47 +4330,60 @@ static int test_key_exchange(int idx)
case 0:
kexch_groups = ecdhe_kexch_groups;
kexch_groups_size = OSSL_NELEM(ecdhe_kexch_groups);
+ kexch_name0 = "secp256r1";
break;
case 1:
kexch_alg = NID_X9_62_prime256v1;
+ kexch_name0 = "secp256r1";
break;
case 2:
kexch_alg = NID_secp384r1;
+ kexch_name0 = "secp384r1";
break;
case 3:
kexch_alg = NID_secp521r1;
+ kexch_name0 = "secp521r1";
break;
case 4:
kexch_alg = NID_X25519;
+ kexch_name0 = "x25519";
break;
case 5:
kexch_alg = NID_X448;
+ kexch_name0 = "x448";
break;
# endif
# ifndef OPENSSL_NO_DH
# ifndef OPENSSL_NO_TLS1_2
case 13:
max_version = TLS1_2_VERSION;
+ kexch_name0 = "ffdhe2048";
# endif
/* Fall through */
case 6:
kexch_groups = ffdhe_kexch_groups;
kexch_groups_size = OSSL_NELEM(ffdhe_kexch_groups);
+ kexch_name0 = "ffdhe2048";
break;
case 7:
kexch_alg = NID_ffdhe2048;
+ kexch_name0 = "ffdhe2048";
break;
case 8:
kexch_alg = NID_ffdhe3072;
+ kexch_name0 = "ffdhe3072";
break;
case 9:
kexch_alg = NID_ffdhe4096;
+ kexch_name0 = "ffdhe4096";
break;
case 10:
kexch_alg = NID_ffdhe6144;
+ kexch_name0 = "ffdhe6144";
break;
case 11:
kexch_alg = NID_ffdhe8192;
+ kexch_name0 = "ffdhe8192";
break;
# endif
default:
@@ -4425,6 +4439,11 @@ static int test_key_exchange(int idx)
if (!TEST_int_eq(SSL_get_shared_group(serverssl, 0),
idx == 13 ? 0 : kexch_groups[0]))
goto end;
+
+ if (!TEST_str_eq(SSL_group_to_name(serverssl, kexch_groups[0]),
+ kexch_name0))
+ goto end;
+
if (max_version == TLS1_3_VERSION) {
if (!TEST_int_eq(SSL_get_negotiated_group(serverssl), kexch_groups[0]))
goto end;
@@ -8000,6 +8019,10 @@ static int test_pluggable_group(int idx)
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
goto end;
+ if (!TEST_str_eq(group_name,
+ SSL_group_to_name(serverssl, SSL_get_shared_group(serverssl, 0))))
+ goto end;
+
testresult = 1;
end:
diff --git a/util/libssl.num b/util/libssl.num
index 37b0d37735..cd62067763 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -519,3 +519,4 @@ SSL_get1_peer_certificate ? 3_0_0 EXIST::FUNCTION:
SSL_load_client_CA_file_ex ? 3_0_0 EXIST::FUNCTION:
SSL_set0_tmp_dh_pkey ? 3_0_0 EXIST::FUNCTION:
SSL_CTX_set0_tmp_dh_pkey ? 3_0_0 EXIST::FUNCTION:
+SSL_group_to_name ? 3_0_0 EXIST::FUNCTION:
From openssl at openssl.org Fri Jan 8 21:00:36 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Fri, 08 Jan 2021 21:00:36 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
--strict-warnings no-dtls1_2
Message-ID: <1610139636.132429.1124262.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2
Commit log since last time:
e260bee0a9 Only perform special TLS handling if TLS has been configured
7c0e98a5c4 Mac M1 setting change proposal.
7fd1ca723a Support session information on FreeBSD.
b39c215dec Use CRIOGET to fetch a crypto descriptor when present.
3497cc8776 Updated SSL_CTX_new doc
b043c41c00 28-seclevel.cnf.in: fix typo in algo name
b2d1465153 EVP_SIGNATURE-ED25519.pod: fix typo in algo name
2c61a670eb win-onecore: Build with /APPCONTAINER for UWP compat
ce11192650 crypto/win: Don't use disallowed APIs on UWP
38b57c4c52 Update copyright years of auto-generated headers (make update)
Build log ended with (last 100 lines):
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 80A180BC427F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../openssl/ssl/t1_lib.c:3308:
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 80A180BC427F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:610:SSL alert number 80
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6463
# false
not ok 2 - iteration 2
# ------------------------------------------------------------------------------
not ok 53 - test_ssl_pending
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/AKa_WsAuw0 default ../../../openssl/test/default.cnf => 1
not ok 1 - running sslapitest
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 80D1277C647F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 80D1277C647F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:852
# false
not ok 3 - test_large_message_dtls
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 80D1277C647F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 80D1277C647F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1333
# false
# ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1411
# false
not ok 4 - test_cleanse_plaintext
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 80D1277C647F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 80D1277C647F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6463
# false
not ok 2 - iteration 2
# ------------------------------------------------------------------------------
not ok 53 - test_ssl_pending
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/AKa_WsAuw0 fips ../../../openssl/test/fips-and-base.cnf => 1
not ok 3 - running sslapitest
# ------------------------------------------------------------------------------
# Failed test 'running sslapitest'
# at ../openssl/test/recipes/90-test_sslapi.t line 45.
# Looks like you failed 2 tests of 3.90-test_sslapi.t ...................
Dubious, test returned 2 (wstat 512, 0x200)
Failed 2/3 subtests
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
95-test_external_boringssl.t ....... skipped: No external tests in this configuration
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok
Test Summary Report
-------------------
80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit status: 1
80-test_ssl_new.t (Wstat: 768 Tests: 31 Failed: 3)
Failed tests: 8, 17, 19
Non-zero exit status: 3
90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2)
Failed tests: 1, 3
Non-zero exit status: 2
Files=227, Tests=3559, 868 wallclock secs (14.04 usr 1.51 sys + 775.95 cusr 90.34 csys = 881.84 CPU)
Result: FAIL
make[1]: *** [Makefile:3246: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2'
make: *** [Makefile:3243: tests] Error 2
From no-reply at appveyor.com Fri Jan 8 21:31:02 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 08 Jan 2021 21:31:02 +0000
Subject: Build failed: openssl master.39035
Message-ID: <20210108213102.1.4B7E6C989D0D6E10@appveyor.com>
An HTML attachment was scrubbed...
URL:
From nic.tuv at gmail.com Fri Jan 8 22:05:53 2021
From: nic.tuv at gmail.com (nic.tuv at gmail.com)
Date: Fri, 08 Jan 2021 22:05:53 +0000
Subject: [openssl] master update
Message-ID: <1610143553.708200.28583.nullmailer@dev.openssl.org>
The branch master has been updated
via 1330093b9c7e0325ca76589fb9ace5b664830c6d (commit)
via 9e49aff2aaac4c42ea6c4078266947c75761276b (commit)
via 4554988e582e676a51c451de031939b45e60d00c (commit)
via ed37336b6383cacbcbb8f6b1334eba0ad43530d5 (commit)
via c5bc5ec849273ae0c3f8b32f1d23c33d93be3203 (commit)
from becbacd705170952725571ae4404846b0ecee86a (commit)
- Log -----------------------------------------------------------------
commit 1330093b9c7e0325ca76589fb9ace5b664830c6d
Author: Nicola Tuveri
Date: Tue Nov 10 12:28:52 2020 +0200
[test][pkey_check] Add more invalid SM2 key tests
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13359)
commit 9e49aff2aaac4c42ea6c4078266947c75761276b
Author: Nicola Tuveri
Date: Tue Nov 10 01:11:48 2020 +0200
Add SM2 private key range validation
According to the relevant standards, the valid range for SM2 private
keys is [1, n-1), where n is the order of the curve generator.
For this reason we cannot reuse the EC validation function as it is, and
we introduce a new internal function `sm2_key_private_check()`.
Partially fixes https://github.com/openssl/openssl/issues/8435
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13359)
commit 4554988e582e676a51c451de031939b45e60d00c
Author: Nicola Tuveri
Date: Mon Nov 9 23:34:00 2020 +0200
[test][pkey_check] Add invalid SM2 key test
SM2 private keys have different validation requirements than EC keys:
this test checks one corner case highlighted in
https://github.com/openssl/openssl/issues/8435
As @bbbrumley mentioned in
https://github.com/openssl/openssl/issues/8435#issuecomment-720504282
this only fixes the absence of a regression test for validation of this
kind of boundary issues for decoded SM2 keys.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13359)
commit ed37336b6383cacbcbb8f6b1334eba0ad43530d5
Author: Nicola Tuveri
Date: Mon Nov 9 22:35:28 2020 +0200
[apps/pkey] Return error on failed `-[pub]check`
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13359)
commit c5bc5ec849273ae0c3f8b32f1d23c33d93be3203
Author: Nicola Tuveri
Date: Mon Nov 9 22:34:18 2020 +0200
[test] Add `pkey -check` validation tests
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13359)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 14 +++++
apps/pkey.c | 5 +-
crypto/err/openssl.txt | 1 +
crypto/sm2/build.info | 2 +-
crypto/sm2/sm2_err.c | 2 +
crypto/sm2/sm2_key.c | 49 ++++++++++++++++
include/crypto/sm2.h | 2 +
include/crypto/sm2err.h | 1 +
providers/implementations/keymgmt/build.info | 4 +-
providers/implementations/keymgmt/ec_kmgmt.c | 67 +++++++++++++++++++---
test/recipes/91-test_pkey_check.t | 61 ++++++++++++++++++++
.../91-test_pkey_check_data/ec_p256_bad_0.pem | 4 ++
.../91-test_pkey_check_data/ec_p256_bad_1.pem | 4 ++
test/recipes/91-test_pkey_check_data/sm2_bad_0.pem | 4 ++
test/recipes/91-test_pkey_check_data/sm2_bad_1.pem | 4 ++
.../91-test_pkey_check_data/sm2_bad_neg1.pem | 4 ++
16 files changed, 215 insertions(+), 13 deletions(-)
create mode 100644 crypto/sm2/sm2_key.c
create mode 100644 test/recipes/91-test_pkey_check.t
create mode 100644 test/recipes/91-test_pkey_check_data/ec_p256_bad_0.pem
create mode 100644 test/recipes/91-test_pkey_check_data/ec_p256_bad_1.pem
create mode 100644 test/recipes/91-test_pkey_check_data/sm2_bad_0.pem
create mode 100644 test/recipes/91-test_pkey_check_data/sm2_bad_1.pem
create mode 100644 test/recipes/91-test_pkey_check_data/sm2_bad_neg1.pem
diff --git a/CHANGES.md b/CHANGES.md
index 94bf750ffc..65031b89a5 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,20 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
+ * Validation of SM2 keys has been separated from the validation of regular EC
+ keys, allowing to improve the SM2 validation process to reject loaded private
+ keys that are not conforming to the SM2 ISO standard.
+ In particular, a private scalar `k` outside the range `1 <= k < n-1` is now
+ correctly rejected.
+
+ *Nicola Tuveri*
+
+ * Behavior of the `pkey` app is changed, when using the `-check` or `-pubcheck`
+ switches: a validation failure triggers an early exit, returning a failure
+ exit status to the parent process.
+
+ *Nicola Tuveri*
+
* Changed behavior of SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites()
to ignore unknown ciphers.
diff --git a/apps/pkey.c b/apps/pkey.c
index 65988a8fc2..67dc8c012c 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -82,6 +82,7 @@ int pkey_main(int argc, char **argv)
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *ctx = NULL;
const EVP_CIPHER *cipher = NULL;
char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL;
char *passinarg = NULL, *passoutarg = NULL, *prog;
@@ -231,7 +232,6 @@ int pkey_main(int argc, char **argv)
if (check || pub_check) {
int r;
- EVP_PKEY_CTX *ctx;
ctx = EVP_PKEY_CTX_new(pkey, e);
if (ctx == NULL) {
@@ -260,8 +260,8 @@ int pkey_main(int argc, char **argv)
ERR_reason_error_string(err));
ERR_get_error(); /* remove err from error stack */
}
+ goto end;
}
- EVP_PKEY_CTX_free(ctx);
}
if (!noout) {
@@ -313,6 +313,7 @@ int pkey_main(int argc, char **argv)
end:
if (ret != 0)
ERR_print_errors(bio_err);
+ EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
release_engine(e);
BIO_free_all(out);
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 5440e47093..4e36fc3394 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -3103,6 +3103,7 @@ SM2_R_INVALID_DIGEST:102:invalid digest
SM2_R_INVALID_DIGEST_TYPE:103:invalid digest type
SM2_R_INVALID_ENCODING:104:invalid encoding
SM2_R_INVALID_FIELD:105:invalid field
+SM2_R_INVALID_PRIVATE_KEY:113:invalid private key
SM2_R_NO_PARAMETERS_SET:109:no parameters set
SM2_R_USER_ID_TOO_LARGE:106:user id too large
SSL_R_ALGORITHM_FETCH_FAILED:295:algorithm fetch failed
diff --git a/crypto/sm2/build.info b/crypto/sm2/build.info
index 402a76cc5d..a50d08d0bc 100644
--- a/crypto/sm2/build.info
+++ b/crypto/sm2/build.info
@@ -1,5 +1,5 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
- sm2_sign.c sm2_crypt.c sm2_err.c
+ sm2_sign.c sm2_crypt.c sm2_err.c sm2_key.c
diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c
index 60509e14d1..ab9c094a9d 100644
--- a/crypto/sm2/sm2_err.c
+++ b/crypto/sm2/sm2_err.c
@@ -28,6 +28,8 @@ static const ERR_STRING_DATA SM2_str_reasons[] = {
"invalid digest type"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ENCODING), "invalid encoding"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FIELD), "invalid field"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_PRIVATE_KEY),
+ "invalid private key"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PARAMETERS_SET), "no parameters set"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_USER_ID_TOO_LARGE), "user id too large"},
{0, NULL}
diff --git a/crypto/sm2/sm2_key.c b/crypto/sm2/sm2_key.c
new file mode 100644
index 0000000000..5182d01058
--- /dev/null
+++ b/crypto/sm2/sm2_key.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include
+#include "crypto/sm2err.h"
+#include "crypto/sm2.h"
+#include /* EC_KEY and EC_GROUP functions */
+
+/*
+ * SM2 key generation is implemented within ec_generate_key() in
+ * crypto/ec/ec_key.c
+ */
+
+int sm2_key_private_check(const EC_KEY *eckey)
+{
+ int ret = 0;
+ BIGNUM *max = NULL;
+ const EC_GROUP *group = NULL;
+ const BIGNUM *priv_key = NULL, *order = NULL;
+
+ if (eckey == NULL
+ || (group = EC_KEY_get0_group(eckey)) == NULL
+ || (priv_key = EC_KEY_get0_private_key(eckey)) == NULL
+ || (order = EC_GROUP_get0_order(group)) == NULL ) {
+ ERR_raise(ERR_LIB_SM2, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
+ /* range of SM2 private key is [1, n-1) */
+ max = BN_dup(order);
+ if (max == NULL || !BN_sub_word(max, 1))
+ goto end;
+ if (BN_cmp(priv_key, BN_value_one()) < 0
+ || BN_cmp(priv_key, max) >= 0) {
+ ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_PRIVATE_KEY);
+ goto end;
+ }
+ ret = 1;
+
+ end:
+ BN_free(max);
+ return ret;
+}
diff --git a/include/crypto/sm2.h b/include/crypto/sm2.h
index fe87c84bba..e442e7aec7 100644
--- a/include/crypto/sm2.h
+++ b/include/crypto/sm2.h
@@ -17,6 +17,8 @@
# include
+int sm2_key_private_check(const EC_KEY *eckey);
+
/* The default user id as specified in GM/T 0009-2012 */
# define SM2_DEFAULT_USERID "1234567812345678"
diff --git a/include/crypto/sm2err.h b/include/crypto/sm2err.h
index f8fabcb74e..fe081ddba8 100644
--- a/include/crypto/sm2err.h
+++ b/include/crypto/sm2err.h
@@ -61,6 +61,7 @@ int err_load_SM2_strings_int(void);
# define SM2_R_INVALID_DIGEST_TYPE 103
# define SM2_R_INVALID_ENCODING 104
# define SM2_R_INVALID_FIELD 105
+# define SM2_R_INVALID_PRIVATE_KEY 113
# define SM2_R_NO_PARAMETERS_SET 109
# define SM2_R_USER_ID_TOO_LARGE 106
diff --git a/providers/implementations/keymgmt/build.info b/providers/implementations/keymgmt/build.info
index 75f61a6de1..f434a720bc 100644
--- a/providers/implementations/keymgmt/build.info
+++ b/providers/implementations/keymgmt/build.info
@@ -1,7 +1,6 @@
# We make separate GOAL variables for each algorithm, to make it easy to
# switch each to the Legacy provider when needed.
-$EC_GOAL=../../libimplementations.a
$ECX_GOAL=../../libimplementations.a
$KDF_GOAL=../../libimplementations.a
@@ -14,7 +13,8 @@ IF[{- !$disabled{dsa} -}]
SOURCE[../../libnonfips.a]=dsa_kmgmt.c
ENDIF
IF[{- !$disabled{ec} -}]
- SOURCE[$EC_GOAL]=ec_kmgmt.c
+ SOURCE[../../libfips.a]=ec_kmgmt.c
+ SOURCE[../../libnonfips.a]=ec_kmgmt.c
ENDIF
IF[{- !$disabled{asm} -}]
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index 7e3fadc580..ac7094490e 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -27,7 +27,12 @@
#include "prov/providercommonerr.h"
#include "prov/provider_ctx.h"
#include "internal/param_build_set.h"
-#include "crypto/sm2.h"
+
+#ifndef FIPS_MODULE
+# ifndef OPENSSL_NO_SM2
+# include "crypto/sm2.h"
+# endif
+#endif
static OSSL_FUNC_keymgmt_new_fn ec_newdata;
static OSSL_FUNC_keymgmt_gen_init_fn ec_gen_init;
@@ -50,13 +55,16 @@ static OSSL_FUNC_keymgmt_import_types_fn ec_import_types;
static OSSL_FUNC_keymgmt_export_fn ec_export;
static OSSL_FUNC_keymgmt_export_types_fn ec_export_types;
static OSSL_FUNC_keymgmt_query_operation_name_fn ec_query_operation_name;
-#ifndef OPENSSL_NO_SM2
+#ifndef FIPS_MODULE
+# ifndef OPENSSL_NO_SM2
static OSSL_FUNC_keymgmt_gen_fn sm2_gen;
static OSSL_FUNC_keymgmt_get_params_fn sm2_get_params;
static OSSL_FUNC_keymgmt_gettable_params_fn sm2_gettable_params;
static OSSL_FUNC_keymgmt_settable_params_fn sm2_settable_params;
static OSSL_FUNC_keymgmt_import_fn sm2_import;
static OSSL_FUNC_keymgmt_query_operation_name_fn sm2_query_operation_name;
+static OSSL_FUNC_keymgmt_validate_fn sm2_validate;
+# endif
#endif
#define EC_DEFAULT_MD "SHA256"
@@ -76,7 +84,8 @@ const char *ec_query_operation_name(int operation_id)
return NULL;
}
-#ifndef OPENSSL_NO_SM2
+#ifndef FIPS_MODULE
+# ifndef OPENSSL_NO_SM2
static
const char *sm2_query_operation_name(int operation_id)
{
@@ -86,6 +95,7 @@ const char *sm2_query_operation_name(int operation_id)
}
return NULL;
}
+# endif
#endif
/*
@@ -364,12 +374,14 @@ int ec_import(void *keydata, int selection, const OSSL_PARAM params[])
return common_import(keydata, selection, params, 0);
}
-#ifndef OPENSSL_NO_SM2
+#ifndef FIPS_MODULE
+# ifndef OPENSSL_NO_SM2
static
int sm2_import(void *keydata, int selection, const OSSL_PARAM params[])
{
return common_import(keydata, selection, params, 1);
}
+# endif
#endif
static
@@ -746,7 +758,8 @@ int ec_set_params(void *key, const OSSL_PARAM params[])
return ec_key_otherparams_fromdata(eck, params);
}
-#ifndef OPENSSL_NO_SM2
+#ifndef FIPS_MODULE
+# ifndef OPENSSL_NO_SM2
static
int sm2_get_params(void *key, OSSL_PARAM params[])
{
@@ -782,6 +795,40 @@ const OSSL_PARAM *sm2_settable_params(ossl_unused void *provctx)
{
return sm2_known_settable_params;
}
+
+static
+int sm2_validate(const void *keydata, int selection)
+{
+ const EC_KEY *eck = keydata;
+ int ok = 0;
+ BN_CTX *ctx = NULL;
+
+ if (!ossl_prov_is_running())
+ return 0;
+
+ ctx = BN_CTX_new_ex(ec_key_get_libctx(eck));
+ if (ctx == NULL)
+ return 0;
+
+ if ((selection & EC_POSSIBLE_SELECTIONS) != 0)
+ ok = 1;
+
+ if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
+ ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx);
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+ ok = ok && ec_key_public_check(eck, ctx);
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
+ ok = ok && sm2_key_private_check(eck);
+
+ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR)
+ ok = ok && ec_key_pairwise_check(eck, ctx);
+
+ BN_CTX_free(ctx);
+ return ok;
+}
+# endif
#endif
static
@@ -1084,7 +1131,8 @@ err:
return NULL;
}
-#ifndef OPENSSL_NO_SM2
+#ifndef FIPS_MODULE
+# ifndef OPENSSL_NO_SM2
/*
* The callback arguments (osslcb & cbarg) are not used by EC_KEY generation
*/
@@ -1130,6 +1178,7 @@ err:
EC_KEY_free(ec);
return NULL;
}
+# endif
#endif
static void ec_gen_cleanup(void *genctx)
@@ -1195,7 +1244,8 @@ const OSSL_DISPATCH ossl_ec_keymgmt_functions[] = {
{ 0, NULL }
};
-#ifndef OPENSSL_NO_SM2
+#ifndef FIPS_MODULE
+# ifndef OPENSSL_NO_SM2
const OSSL_DISPATCH sm2_keymgmt_functions[] = {
{ OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))ec_newdata },
{ OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))ec_gen_init },
@@ -1213,7 +1263,7 @@ const OSSL_DISPATCH sm2_keymgmt_functions[] = {
{ OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))sm2_settable_params },
{ OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ec_has },
{ OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))ec_match },
- { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))ec_validate },
+ { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))sm2_validate },
{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))sm2_import },
{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ec_import_types },
{ OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ec_export },
@@ -1222,4 +1272,5 @@ const OSSL_DISPATCH sm2_keymgmt_functions[] = {
(void (*)(void))sm2_query_operation_name },
{ 0, NULL }
};
+# endif
#endif
diff --git a/test/recipes/91-test_pkey_check.t b/test/recipes/91-test_pkey_check.t
new file mode 100644
index 0000000000..4dce838d1f
--- /dev/null
+++ b/test/recipes/91-test_pkey_check.t
@@ -0,0 +1,61 @@
+#! /usr/bin/env perl
+# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test qw/:DEFAULT data_file/;
+use OpenSSL::Test::Utils;
+
+sub check_key {
+ my $f = shift;
+
+ return run(app(['openssl', 'pkey', '-check', '-text',
+ '-in', $f]));
+}
+
+sub check_key_notok {
+ my $f = shift;
+ my $str = "$f should fail validation";
+
+ $f = data_file($f);
+
+ if ( -s $f ) {
+ ok(!check_key($f), $str);
+ } else {
+ fail("Missing file $f");
+ }
+}
+
+setup("test_pkey_check");
+
+my @tests = ();
+
+push(@tests, (
+ # For EC keys the range for the secret scalar `k` is `1 <= k <= n-1`
+ "ec_p256_bad_0.pem", # `k` set to `n` (equivalent to `0 mod n`, invalid)
+ "ec_p256_bad_1.pem", # `k` set to `n+1` (equivalent to `1 mod n`, invalid)
+ )) unless disabled("ec");
+
+push(@tests, (
+ # For SM2 keys the range for the secret scalar `k` is `1 <= k < n-1`
+ "sm2_bad_neg1.pem", # `k` set to `n-1` (invalid, because SM2 range)
+ "sm2_bad_0.pem", # `k` set to `n` (equivalent to `0 mod n`, invalid)
+ "sm2_bad_1.pem", # `k` set to `n+1` (equivalent to `1 mod n`, invalid)
+ )) unless disabled("sm2");
+
+plan skip_all => "No tests within the current enabled feature set"
+ unless @tests;
+
+plan tests => scalar(@tests);
+
+foreach my $t (@tests) {
+ check_key_notok($t);
+}
diff --git a/test/recipes/91-test_pkey_check_data/ec_p256_bad_0.pem b/test/recipes/91-test_pkey_check_data/ec_p256_bad_0.pem
new file mode 100644
index 0000000000..64c273901f
--- /dev/null
+++ b/test/recipes/91-test_pkey_check_data/ec_p256_bad_0.pem
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCD/////AAAAAP//////
+////vOb6racXnoTzucrC/GMlUQ==
+-----END PRIVATE KEY-----
diff --git a/test/recipes/91-test_pkey_check_data/ec_p256_bad_1.pem b/test/recipes/91-test_pkey_check_data/ec_p256_bad_1.pem
new file mode 100644
index 0000000000..5171958a27
--- /dev/null
+++ b/test/recipes/91-test_pkey_check_data/ec_p256_bad_1.pem
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCD/////AAAAAP//////
+////vOb6racXnoTzucrC/GMlUg==
+-----END PRIVATE KEY-----
diff --git a/test/recipes/91-test_pkey_check_data/sm2_bad_0.pem b/test/recipes/91-test_pkey_check_data/sm2_bad_0.pem
new file mode 100644
index 0000000000..5ad2bd184b
--- /dev/null
+++ b/test/recipes/91-test_pkey_check_data/sm2_bad_0.pem
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEECAQAwEwYHKoZIzj0CAQYIKoEcz1UBgi0EJzAlAgEBBCD////+////////////
+////cgPfayHGBStTu/QJOdVBIw==
+-----END PRIVATE KEY-----
diff --git a/test/recipes/91-test_pkey_check_data/sm2_bad_1.pem b/test/recipes/91-test_pkey_check_data/sm2_bad_1.pem
new file mode 100644
index 0000000000..d094d4d296
--- /dev/null
+++ b/test/recipes/91-test_pkey_check_data/sm2_bad_1.pem
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEECAQAwEwYHKoZIzj0CAQYIKoEcz1UBgi0EJzAlAgEBBCD////+////////////
+////cgPfayHGBStTu/QJOdVBJA==
+-----END PRIVATE KEY-----
diff --git a/test/recipes/91-test_pkey_check_data/sm2_bad_neg1.pem b/test/recipes/91-test_pkey_check_data/sm2_bad_neg1.pem
new file mode 100644
index 0000000000..36adb93fb9
--- /dev/null
+++ b/test/recipes/91-test_pkey_check_data/sm2_bad_neg1.pem
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEECAQAwEwYHKoZIzj0CAQYIKoEcz1UBgi0EJzAlAgEBBCD////+////////////////cgPfayHG
+BStTu/QJOdVBIg==
+-----END PRIVATE KEY-----
From no-reply at appveyor.com Fri Jan 8 22:24:07 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 08 Jan 2021 22:24:07 +0000
Subject: Build failed: openssl master.39042
Message-ID: <20210108222407.1.CC8DCF1E0DBD7863@appveyor.com>
An HTML attachment was scrubbed...
URL:
From nic.tuv at gmail.com Fri Jan 8 22:26:12 2021
From: nic.tuv at gmail.com (nic.tuv at gmail.com)
Date: Fri, 08 Jan 2021 22:26:12 +0000
Subject: [openssl] master update
Message-ID: <1610144772.278100.32512.nullmailer@dev.openssl.org>
The branch master has been updated
via 6d4313f03eddd39ca8d06a5e1d20fc1adcb207c5 (commit)
from 1330093b9c7e0325ca76589fb9ace5b664830c6d (commit)
- Log -----------------------------------------------------------------
commit 6d4313f03eddd39ca8d06a5e1d20fc1adcb207c5
Author: Thomas De Schampheleire
Date: Mon Dec 21 15:17:24 2020 +0100
replace 'unsigned const char' with 'const unsigned char'
The openssl code base has only a few occurrences of 'unsigned const char'
(15 occurrences), compared to the more common 'const unsigned char' (4420
occurrences).
While the former is not illegal C, mixing the 'const' keyword (a 'type
qualifier') in between 'unsigned' and 'char' (both 'type specifiers') is a
bit odd.
The background for writing this patch is not to be pedantic, but because
the 'opmock' program (used to mock headers for unit tests) does not accept
the 'unsigned const char' construct. While this definitely is a bug in
opmock or one of its dependencies, openssl is the only piece of software we
are using in combination with opmock that has this construct.
CLA: trivial
Reviewed-by: Nicola Tuveri
Reviewed-by: Matt Caswell
Reviewed-by: Matthias St. Pierre
(Merged from https://github.com/openssl/openssl/pull/13722)
-----------------------------------------------------------------------
Summary of changes:
apps/passwd.c | 12 ++++++------
crypto/des/fcrypt.c | 4 ++--
doc/man3/SSL_CTX_dane_enable.pod | 4 ++--
include/openssl/ssl.h.in | 4 ++--
ssl/ssl_lib.c | 6 +++---
5 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/apps/passwd.c b/apps/passwd.c
index c39254460d..6673040273 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -22,7 +22,7 @@
#include
#include
-static unsigned const char cov_2char[64] = {
+static const unsigned char cov_2char[64] = {
/* from crypto/des/fcrypt.c */
0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
@@ -413,7 +413,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))
goto err;
if (!EVP_DigestUpdate(md2,
- (i & 1) ? (unsigned const char *)passwd : buf,
+ (i & 1) ? (const unsigned char *)passwd : buf,
(i & 1) ? passwd_len : sizeof(buf)))
goto err;
if (i % 3) {
@@ -425,7 +425,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
goto err;
}
if (!EVP_DigestUpdate(md2,
- (i & 1) ? buf : (unsigned const char *)passwd,
+ (i & 1) ? buf : (const unsigned char *)passwd,
(i & 1) ? sizeof(buf) : passwd_len))
goto err;
if (!EVP_DigestFinal_ex(md2, buf, NULL))
@@ -627,7 +627,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
n = passwd_len;
while (n) {
if (!EVP_DigestUpdate(md,
- (n & 1) ? buf : (unsigned const char *)passwd,
+ (n & 1) ? buf : (const unsigned char *)passwd,
(n & 1) ? buf_size : passwd_len))
goto err;
n >>= 1;
@@ -673,7 +673,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
if (!EVP_DigestInit_ex(md2, sha, NULL))
goto err;
if (!EVP_DigestUpdate(md2,
- (n & 1) ? (unsigned const char *)p_bytes : buf,
+ (n & 1) ? (const unsigned char *)p_bytes : buf,
(n & 1) ? passwd_len : buf_size))
goto err;
if (n % 3) {
@@ -685,7 +685,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
goto err;
}
if (!EVP_DigestUpdate(md2,
- (n & 1) ? buf : (unsigned const char *)p_bytes,
+ (n & 1) ? buf : (const unsigned char *)p_bytes,
(n & 1) ? buf_size : passwd_len))
goto err;
if (!EVP_DigestFinal_ex(md2, buf, NULL))
diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c
index 0b181fda3b..190a44dbdf 100644
--- a/crypto/des/fcrypt.c
+++ b/crypto/des/fcrypt.c
@@ -31,7 +31,7 @@
* Added more values to handle illegal salt values the way normal crypt()
* implementations do.
*/
-static unsigned const char con_salt[128] = {
+static const unsigned char con_salt[128] = {
0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9,
0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1,
0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9,
@@ -50,7 +50,7 @@ static unsigned const char con_salt[128] = {
0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44,
};
-static unsigned const char cov_2char[64] = {
+static const unsigned char cov_2char[64] = {
0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
diff --git a/doc/man3/SSL_CTX_dane_enable.pod b/doc/man3/SSL_CTX_dane_enable.pod
index e886325191..72fd1bf883 100644
--- a/doc/man3/SSL_CTX_dane_enable.pod
+++ b/doc/man3/SSL_CTX_dane_enable.pod
@@ -18,10 +18,10 @@ TLS client
uint8_t mtype, uint8_t ord);
int SSL_dane_enable(SSL *s, const char *basedomain);
int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
- uint8_t mtype, unsigned const char *data, size_t dlen);
+ uint8_t mtype, const unsigned char *data, size_t dlen);
int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
- uint8_t *mtype, unsigned const char **data,
+ uint8_t *mtype, const unsigned char **data,
size_t *dlen);
unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 4e5d50bd6d..0025a2a8cd 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -1810,10 +1810,10 @@ __owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md,
uint8_t mtype, uint8_t ord);
__owur int SSL_dane_enable(SSL *s, const char *basedomain);
__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
- uint8_t mtype, unsigned const char *data, size_t dlen);
+ uint8_t mtype, const unsigned char *data, size_t dlen);
__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
- uint8_t *mtype, unsigned const char **data,
+ uint8_t *mtype, const unsigned char **data,
size_t *dlen);
/*
* Bridge opacity barrier between libcrypt and libssl, also needed to support
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d14d5819ba..a8a1416073 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -269,7 +269,7 @@ static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
static int dane_tlsa_add(SSL_DANE *dane,
uint8_t usage,
uint8_t selector,
- uint8_t mtype, unsigned const char *data, size_t dlen)
+ uint8_t mtype, const unsigned char *data, size_t dlen)
{
danetls_record *t;
const EVP_MD *md = NULL;
@@ -1099,7 +1099,7 @@ int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
}
int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
- uint8_t *mtype, unsigned const char **data, size_t *dlen)
+ uint8_t *mtype, const unsigned char **data, size_t *dlen)
{
SSL_DANE *dane = &s->dane;
@@ -1126,7 +1126,7 @@ SSL_DANE *SSL_get0_dane(SSL *s)
}
int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
- uint8_t mtype, unsigned const char *data, size_t dlen)
+ uint8_t mtype, const unsigned char *data, size_t dlen)
{
return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
}
From nic.tuv at gmail.com Fri Jan 8 22:40:05 2021
From: nic.tuv at gmail.com (nic.tuv at gmail.com)
Date: Fri, 08 Jan 2021 22:40:05 +0000
Subject: [openssl] master update
Message-ID: <1610145605.400650.21203.nullmailer@dev.openssl.org>
The branch master has been updated
via 732e24bb14ea9c4f68b8c9cd2bf605e0bd6b498e (commit)
from 6d4313f03eddd39ca8d06a5e1d20fc1adcb207c5 (commit)
- Log -----------------------------------------------------------------
commit 732e24bb14ea9c4f68b8c9cd2bf605e0bd6b498e
Author: Romain Geissler
Date: Thu Jan 7 16:54:58 2021 +0000
Fix simpledynamic test compilation when condigured without DSO support.
This fixes this compilation error:
In file included from test/simpledynamic.c:13:
test/simpledynamic.h:39:35: error: unknown type name 'SD'
39 | int sd_load(const char *filename, SD *sd, int type);
| ^~
test/simpledynamic.h:40:12: error: unknown type name 'SD'
40 | int sd_sym(SD sd, const char *symname, SD_SYM *sym);
| ^~
test/simpledynamic.h:40:40: error: unknown type name 'SD_SYM'
40 | int sd_sym(SD sd, const char *symname, SD_SYM *sym);
| ^~~~~~
test/simpledynamic.h:41:14: error: unknown type name 'SD'
41 | int sd_close(SD lib);
| ^~
make[1]: *** [Makefile:24670: test/moduleloadtest-bin-simpledynamic.o] Error 1
make[1]: *** Waiting for unfinished jobs....
In file included from test/moduleloadtest.c:19:
test/simpledynamic.h:39:35: error: unknown type name 'SD'
39 | int sd_load(const char *filename, SD *sd, int type);
| ^~
test/simpledynamic.h:40:12: error: unknown type name 'SD'
40 | int sd_sym(SD sd, const char *symname, SD_SYM *sym);
| ^~
test/simpledynamic.h:40:40: error: unknown type name 'SD_SYM'
40 | int sd_sym(SD sd, const char *symname, SD_SYM *sym);
| ^~~~~~
test/simpledynamic.h:41:14: error: unknown type name 'SD'
41 | int sd_close(SD lib);
| ^~
Reviewed-by: Tomas Mraz
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/13802)
-----------------------------------------------------------------------
Summary of changes:
test/simpledynamic.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/test/simpledynamic.h b/test/simpledynamic.h
index cc4aed5c43..247b49f7fe 100644
--- a/test/simpledynamic.h
+++ b/test/simpledynamic.h
@@ -36,9 +36,11 @@ typedef void *SD_SYM;
# endif
+# if defined(DSO_DLFCN) || defined(DSO_WIN32)
int sd_load(const char *filename, SD *sd, int type);
int sd_sym(SD sd, const char *symname, SD_SYM *sym);
int sd_close(SD lib);
const char *sd_error(void);
+# endif
#endif
From nic.tuv at gmail.com Fri Jan 8 23:15:27 2021
From: nic.tuv at gmail.com (nic.tuv at gmail.com)
Date: Fri, 08 Jan 2021 23:15:27 +0000
Subject: [openssl] master update
Message-ID: <1610147727.789272.27894.nullmailer@dev.openssl.org>
The branch master has been updated
via 42141197a107ef9cd297a7755fece569b84016b8 (commit)
from 732e24bb14ea9c4f68b8c9cd2bf605e0bd6b498e (commit)
- Log -----------------------------------------------------------------
commit 42141197a107ef9cd297a7755fece569b84016b8
Author: anupamam13
Date: Mon Nov 2 17:50:11 2020 +0530
Fix for negative return value from `SSL_CTX_sess_accept()`
Fixes #13183
From the original issue report, before this commit, on master and on
1.1.1, the issue can be detected with the following steps:
- Start with a default SSL_CTX, initiate a TLS 1.3 connection with SNI,
"Accept" count of default context gets incremented
- After servername lookup, "Accept" count of default context gets
decremented and that of SNI context is incremented
- Server sends a "Hello Retry Request"
- Client sends the second "Client Hello", now again "Accept" count of
default context is decremented. Hence giving a negative value.
This commit fixes it by adding a check on `s->hello_retry_request` in
addition to `SSL_IS_FIRST_HANDSHAKE(s)`, to ensure the counter is moved
only on the first ClientHello.
CLA: trivial
Reviewed-by: Matt Caswell
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/13297)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/extensions.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index a4e60d417c..7b42016d59 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -957,7 +957,8 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
* context, to avoid the confusing situation of having sess_accept_good
* exceed sess_accept (zero) for the new context.
*/
- if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx) {
+ if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx
+ && s->hello_retry_request == SSL_HRR_NONE) {
tsan_counter(&s->ctx->stats.sess_accept);
tsan_decr(&s->session_ctx->stats.sess_accept);
}
From nic.tuv at gmail.com Fri Jan 8 23:17:13 2021
From: nic.tuv at gmail.com (nic.tuv at gmail.com)
Date: Fri, 08 Jan 2021 23:17:13 +0000
Subject: [openssl] OpenSSL_1_1_1-stable update
Message-ID: <1610147833.419389.29244.nullmailer@dev.openssl.org>
The branch OpenSSL_1_1_1-stable has been updated
via 212d7118a788e332dae4123d40f65ea6e24044d2 (commit)
from 37d9e3d7fdfbe7713adcdeca55b1303c6ad8dc12 (commit)
- Log -----------------------------------------------------------------
commit 212d7118a788e332dae4123d40f65ea6e24044d2
Author: anupamam13
Date: Mon Nov 2 17:50:11 2020 +0530
Fix for negative return value from `SSL_CTX_sess_accept()`
Fixes #13183
From the original issue report, before this commit, on master and on
1.1.1, the issue can be detected with the following steps:
- Start with a default SSL_CTX, initiate a TLS 1.3 connection with SNI,
"Accept" count of default context gets incremented
- After servername lookup, "Accept" count of default context gets
decremented and that of SNI context is incremented
- Server sends a "Hello Retry Request"
- Client sends the second "Client Hello", now again "Accept" count of
default context is decremented. Hence giving a negative value.
This commit fixes it by adding a check on `s->hello_retry_request` in
addition to `SSL_IS_FIRST_HANDSHAKE(s)`, to ensure the counter is moved
only on the first ClientHello.
CLA: trivial
Reviewed-by: Matt Caswell
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/13297)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/extensions.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index c785ab785d..e24b1b0e4d 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -966,7 +966,8 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
* context, to avoid the confusing situation of having sess_accept_good
* exceed sess_accept (zero) for the new context.
*/
- if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx) {
+ if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx
+ && s->hello_retry_request == SSL_HRR_NONE) {
tsan_counter(&s->ctx->stats.sess_accept);
tsan_decr(&s->session_ctx->stats.sess_accept);
}
From openssl at openssl.org Fri Jan 8 23:21:08 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Fri, 08 Jan 2021 23:21:08 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
--strict-warnings no-dtls1_2-method
Message-ID: <1610148068.808519.1427330.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method
Commit log since last time:
e260bee0a9 Only perform special TLS handling if TLS has been configured
7c0e98a5c4 Mac M1 setting change proposal.
7fd1ca723a Support session information on FreeBSD.
b39c215dec Use CRIOGET to fetch a crypto descriptor when present.
3497cc8776 Updated SSL_CTX_new doc
b043c41c00 28-seclevel.cnf.in: fix typo in algo name
b2d1465153 EVP_SIGNATURE-ED25519.pod: fix typo in algo name
2c61a670eb win-onecore: Build with /APPCONTAINER for UWP compat
ce11192650 crypto/win: Don't use disallowed APIs on UWP
38b57c4c52 Update copyright years of auto-generated headers (make update)
Build log ended with (last 100 lines):
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 8041A8F0FA7F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../openssl/ssl/t1_lib.c:3308:
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 8041A8F0FA7F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:610:SSL alert number 80
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6463
# false
not ok 2 - iteration 2
# ------------------------------------------------------------------------------
not ok 53 - test_ssl_pending
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/mYhhqxdo1_ default ../../../openssl/test/default.cnf => 1
not ok 1 - running sslapitest
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 8021C885577F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 8021C885577F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:852
# false
not ok 3 - test_large_message_dtls
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 8021C885577F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 8021C885577F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1333
# false
# ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1411
# false
not ok 4 - test_cleanse_plaintext
# ------------------------------------------------------------------------------
# INFO: @ ../openssl/test/helpers/ssltestlib.c:942
# SSL_connect() failed -1, 1
# 8021C885577F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# INFO: @ ../openssl/test/helpers/ssltestlib.c:960
# SSL_accept() failed -1, 1
# 8021C885577F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6463
# false
not ok 2 - iteration 2
# ------------------------------------------------------------------------------
not ok 53 - test_ssl_pending
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/mYhhqxdo1_ fips ../../../openssl/test/fips-and-base.cnf => 1
not ok 3 - running sslapitest
# ------------------------------------------------------------------------------
# Failed test 'running sslapitest'
# at ../openssl/test/recipes/90-test_sslapi.t line 45.
# Looks like you failed 2 tests of 3.90-test_sslapi.t ...................
Dubious, test returned 2 (wstat 512, 0x200)
Failed 2/3 subtests
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
95-test_external_boringssl.t ....... skipped: No external tests in this configuration
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok
Test Summary Report
-------------------
80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit status: 1
80-test_ssl_new.t (Wstat: 768 Tests: 31 Failed: 3)
Failed tests: 8, 17, 19
Non-zero exit status: 3
90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2)
Failed tests: 1, 3
Non-zero exit status: 2
Files=227, Tests=3559, 835 wallclock secs (13.91 usr 1.39 sys + 742.93 cusr 87.80 csys = 846.03 CPU)
Result: FAIL
make[1]: *** [Makefile:3253: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method'
make: *** [Makefile:3250: tests] Error 2
From no-reply at appveyor.com Fri Jan 8 23:34:25 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 08 Jan 2021 23:34:25 +0000
Subject: Build completed: openssl master.39043
Message-ID: <20210108233425.1.E552EFA8365723F1@appveyor.com>
An HTML attachment was scrubbed...
URL:
From beldmit at gmail.com Sat Jan 9 17:24:26 2021
From: beldmit at gmail.com (beldmit at gmail.com)
Date: Sat, 09 Jan 2021 17:24:26 +0000
Subject: [openssl] master update
Message-ID: <1610213066.364291.31359.nullmailer@dev.openssl.org>
The branch master has been updated
via e211d949cd5737e53cd3399e6a88453930768b98 (commit)
from 42141197a107ef9cd297a7755fece569b84016b8 (commit)
- Log -----------------------------------------------------------------
commit e211d949cd5737e53cd3399e6a88453930768b98
Author: Sahana Prasad
Date: Fri Jan 8 16:26:21 2021 +0100
doc/man7/provider.pod: updates providers to use EVP_MD_free() and EVP_CIPHER_free()
instead of EVP_MD_meth_free() and EVP_CIPHER_meth_free() respectively which are used mostly by the engine (legacy) code.
Signed-off-by: Sahana Prasad
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/13814)
-----------------------------------------------------------------------
Summary of changes:
doc/man7/provider.pod | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/doc/man7/provider.pod b/doc/man7/provider.pod
index 2eb396fad3..18a80eff5a 100644
--- a/doc/man7/provider.pod
+++ b/doc/man7/provider.pod
@@ -324,34 +324,34 @@ Fetch any available implementation of SHA2-256 in the default context:
EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", NULL);
...
- EVP_MD_meth_free(md);
+ EVP_MD_free(md);
Fetch any available implementation of AES-128-CBC in the default context:
EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "AES-128-CBC", NULL);
...
- EVP_CIPHER_meth_free(cipher);
+ EVP_CIPHER_free(cipher);
Fetch an implementation of SHA2-256 from the default provider in the default
context:
EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", "provider=default");
...
- EVP_MD_meth_free(md);
+ EVP_MD_free(md);
Fetch an implementation of SHA2-256 that is not from the default provider in the
default context:
EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", "provider!=default");
...
- EVP_MD_meth_free(md);
+ EVP_MD_free(md);
Fetch an implementation of SHA2-256 from the default provider in the specified
context:
EVP_MD *md = EVP_MD_fetch(ctx, "SHA2-256", "provider=default");
...
- EVP_MD_meth_free(md);
+ EVP_MD_free(md);
Load the legacy provider into the default context and then fetch an
implementation of WHIRLPOOL from it:
@@ -361,7 +361,7 @@ implementation of WHIRLPOOL from it:
EVP_MD *md = EVP_MD_fetch(NULL, "WHIRLPOOL", "provider=legacy");
...
- EVP_MD_meth_free(md);
+ EVP_MD_free(md);
Note that in the above example the property string "provider=legacy" is optional
since, assuming no other providers have been loaded, the only implementation of
@@ -376,8 +376,8 @@ other providers:
EVP_MD *md_whirlpool = EVP_MD_fetch(NULL, "whirlpool", NULL);
EVP_MD *md_sha256 = EVP_MD_fetch(NULL, "SHA2-256", NULL);
...
- EVP_MD_meth_free(md_whirlpool);
- EVP_MD_meth_free(md_sha256);
+ EVP_MD_free(md_whirlpool);
+ EVP_MD_free(md_sha256);
=head1 SEE ALSO
From scan-admin at coverity.com Sun Jan 10 07:50:18 2021
From: scan-admin at coverity.com (scan-admin at coverity.com)
Date: Sun, 10 Jan 2021 07:50:18 +0000 (UTC)
Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2
Message-ID: <5ffab1b9e912a_458922ade9bab2f58686eb@prd-scan-dashboard-0.mail>
Your request for analysis of OpenSSL-1.0.2 has been completed successfully.
The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DsGXX_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFujZ1lz0noQIDRODCPOfT2gslJFX5VTxA9O8tqtayO382k4vT-2B-2FJjz6r8oZdkZil2QpR10K9od-2BCVps4rQgXF08wgdOfiXw8cQ4cCa-2BNp9CmKm8sTOs1TNMNV3Rjn7dU6XmnY-2BbKxZvi3plSFWyEJu5FfCTKusbXxktLokOu8kRPoDzFtmgu-2BV5DCBQASm7lQ-3D
Build ID: 362876
Analysis Summary:
New defects found: 0
Defects eliminated: 0
From scan-admin at coverity.com Sun Jan 10 07:53:29 2021
From: scan-admin at coverity.com (scan-admin at coverity.com)
Date: Sun, 10 Jan 2021 07:53:29 +0000 (UTC)
Subject: Coverity Scan: Analysis completed for openssl/openssl
Message-ID: <5ffab2794a667_45a402ade9bab2f586861b@prd-scan-dashboard-0.mail>
Your request for analysis of openssl/openssl has been completed successfully.
The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DVEWn_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeE-2FLts1UuKG3YgAU4l0DWSxQgNC63xqIZKzB29uyx8oVFk8LcbMvOuKdWAKt-2BY-2F3x4tXjaQPYbVkDqDNyw-2BctpW0-2BIDUEqXgThsEK1t9es627mhHRSjyjrYJPV5-2FvOUgu5ENADBrv1DPrYrN6Z9HiJLj433tw0-2FldxKrPa6NDhWAkfzqij9YiJ-2B-2BYeH4j6UogY-3D
Build ID: 362875
Analysis Summary:
New defects found: 0
Defects eliminated: 0
From nic.tuv at gmail.com Sun Jan 10 20:10:10 2021
From: nic.tuv at gmail.com (nic.tuv at gmail.com)
Date: Sun, 10 Jan 2021 20:10:10 +0000
Subject: [openssl] OpenSSL_1_1_1-stable update
Message-ID: <1610309410.672117.10958.nullmailer@dev.openssl.org>
The branch OpenSSL_1_1_1-stable has been updated
via 6e3ba20dc49ccbf12ff4c27a4d8b84dcbeb71654 (commit)
from 212d7118a788e332dae4123d40f65ea6e24044d2 (commit)
- Log -----------------------------------------------------------------
commit 6e3ba20dc49ccbf12ff4c27a4d8b84dcbeb71654
Author: Billy Brumley
Date: Fri Jan 8 13:45:49 2021 +0200
[crypto/dh] side channel hardening for computing DH shared keys (1.1.1)
Reviewed-by: Tomas Mraz
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/13772)
-----------------------------------------------------------------------
Summary of changes:
crypto/dh/dh_key.c | 31 +++++++++++++++++++++++++++++--
doc/man3/DH_generate_key.pod | 25 +++++++++++++++++++++----
2 files changed, 50 insertions(+), 6 deletions(-)
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index daffdf74dd..ccf51b3546 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -25,18 +25,45 @@ int DH_generate_key(DH *dh)
return dh->meth->generate_key(dh);
}
+/*-
+ * NB: This function is inherently not constant time due to the
+ * RFC 5246 (8.1.2) padding style that strips leading zero bytes.
+ */
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
- return dh->meth->compute_key(key, pub_key, dh);
+ int ret = 0, i;
+ volatile size_t npad = 0, mask = 1;
+
+ /* compute the key; ret is constant unless compute_key is external */
+ if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0)
+ return ret;
+
+ /* count leading zero bytes, yet still touch all bytes */
+ for (i = 0; i < ret; i++) {
+ mask &= !key[i];
+ npad += mask;
+ }
+
+ /* unpad key */
+ ret -= npad;
+ /* key-dependent memory access, potentially leaking npad / ret */
+ memmove(key, key + npad, ret);
+ /* key-dependent memory access, potentially leaking npad / ret */
+ memset(key + ret, 0, npad);
+
+ return ret;
}
int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
int rv, pad;
+
+ /* rv is constant unless compute_key is external */
rv = dh->meth->compute_key(key, pub_key, dh);
if (rv <= 0)
return rv;
pad = BN_num_bytes(dh->p) - rv;
+ /* pad is constant (zero) unless compute_key is external */
if (pad > 0) {
memmove(key + pad, key, rv);
memset(key, 0, pad);
@@ -212,7 +239,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err;
}
- ret = BN_bn2bin(tmp, key);
+ ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p));
err:
BN_CTX_end(ctx);
BN_CTX_free(ctx);
diff --git a/doc/man3/DH_generate_key.pod b/doc/man3/DH_generate_key.pod
index 297e7fbf47..fab14d77e8 100644
--- a/doc/man3/DH_generate_key.pod
+++ b/doc/man3/DH_generate_key.pod
@@ -2,7 +2,8 @@
=head1 NAME
-DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
+DH_generate_key, DH_compute_key, DH_compute_key_padded - perform
+Diffie-Hellman key exchange
=head1 SYNOPSIS
@@ -10,14 +11,16 @@ DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
int DH_generate_key(DH *dh);
- int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+ int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+
+ int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
=head1 DESCRIPTION
DH_generate_key() performs the first step of a Diffie-Hellman key
exchange by generating private and public DH values. By calling
-DH_compute_key(), these are combined with the other party's public
-value to compute the shared key.
+DH_compute_key() or DH_compute_key_padded(), these are combined with
+the other party's public value to compute the shared key.
DH_generate_key() expects B to contain the shared parameters
Bp> and Bg>. It generates a random private DH value
@@ -28,6 +31,14 @@ published.
DH_compute_key() computes the shared secret from the private DH value
in B and the other party's public value in B and stores
it in B. B must point to B bytes of memory.
+The padding style is RFC 5246 (8.1.2) that strips leading zero bytes.
+It is not constant time due to the leading zero bytes being stripped.
+The return value should be considered public.
+
+DH_compute_key_padded() is similar but stores a fixed number of bytes.
+The padding style is NIST SP 800-56A (C.1) that retains leading zero bytes.
+It is constant time due to the leading zero bytes being retained.
+The return value should be considered public.
=head1 RETURN VALUES
@@ -36,12 +47,18 @@ DH_generate_key() returns 1 on success, 0 otherwise.
DH_compute_key() returns the size of the shared secret on success, -1
on error.
+DH_compute_key_padded() returns B on success, -1 on error.
+
The error codes can be obtained by L.
=head1 SEE ALSO
L, L, L, L
+=head1 HISTORY
+
+DH_compute_key_padded() was added in OpenSSL 1.0.2.
+
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
From openssl at openssl.org Mon Jan 11 01:02:23 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Mon, 11 Jan 2021 01:02:23 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
--strict-warnings no-asm
Message-ID: <1610326943.961679.2072330.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-asm
Commit log since last time:
e211d949cd doc/man7/provider.pod: updates providers to use EVP_MD_free() and EVP_CIPHER_free() instead of EVP_MD_meth_free() and EVP_CIPHER_meth_free() respectively which are used mostly by the engine (legacy) code.
42141197a1 Fix for negative return value from `SSL_CTX_sess_accept()`
732e24bb14 Fix simpledynamic test compilation when condigured without DSO support.
6d4313f03e replace 'unsigned const char' with 'const unsigned char'
1330093b9c [test][pkey_check] Add more invalid SM2 key tests
9e49aff2aa Add SM2 private key range validation
4554988e58 [test][pkey_check] Add invalid SM2 key test
ed37336b63 [apps/pkey] Return error on failed `-[pub]check`
c5bc5ec849 [test] Add `pkey -check` validation tests
becbacd705 Adding TLS group name retrieval
22aa4a3afb [crypto/dh] side channel hardening for computing DH shared keys
d0afb30ef3 Ensure DTLS free functions can handle NULL
3d0b6494d5 Remove extra space.
981b4b9572 Fixed error and return code.
1c47539a23 Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites.
c1e8a0c66e Fix set_ciphersuites ignore unknown ciphers.
a86add03ab Prepare for 3.0 alpha 11
cae118f938 Prepare for release of 3.0 alpha 10
bd0c71298a Update copyright year
Build log ended with (last 100 lines):
30-test_evp_extra.t ................ ok
30-test_evp_fetch_prov.t ........... ok
30-test_evp_kdf.t .................. ok
30-test_evp_libctx.t ............... ok
30-test_evp_pkey_dparam.t .......... ok
30-test_evp_pkey_provided.t ........ ok
30-test_pbelu.t .................... ok
30-test_pkey_meth.t ................ ok
30-test_pkey_meth_kdf.t ............ ok
30-test_provider_status.t .......... ok
40-test_rehash.t ................... ok
60-test_x509_check_cert_pkey.t ..... ok
60-test_x509_dup_cert.t ............ ok
60-test_x509_store.t ............... ok
60-test_x509_time.t ................ ok
61-test_bio_prefix.t ............... ok
65-test_cmp_asn.t .................. ok
65-test_cmp_client.t ............... ok
65-test_cmp_ctx.t .................. ok
65-test_cmp_hdr.t .................. ok
65-test_cmp_msg.t .................. ok
65-test_cmp_protect.t .............. ok
65-test_cmp_server.t ............... ok
65-test_cmp_status.t ............... ok
65-test_cmp_vfy.t .................. ok
66-test_ossl_store.t ............... ok
70-test_asyncio.t .................. ok
70-test_bad_dtls.t ................. ok
70-test_clienthello.t .............. ok
70-test_comp.t ..................... ok
70-test_key_share.t ................ ok
70-test_packet.t ................... ok
70-test_recordlen.t ................ ok
70-test_renegotiation.t ............ ok
70-test_servername.t ............... ok
70-test_sslcbcpadding.t ............ ok
70-test_sslcertstatus.t ............ ok
70-test_sslextension.t ............. ok
70-test_sslmessages.t .............. ok
70-test_sslrecords.t ............... ok
70-test_sslsessiontick.t ........... ok
70-test_sslsigalgs.t ............... ok
70-test_sslsignature.t ............. ok
70-test_sslskewith0p.t ............. ok
70-test_sslversions.t .............. ok
70-test_sslvertol.t ................ ok
70-test_tls13alerts.t .............. ok
70-test_tls13cookie.t .............. ok
70-test_tls13downgrade.t ........... ok
70-test_tls13hrr.t ................. ok
70-test_tls13kexmodes.t ............ ok
70-test_tls13messages.t ............ ok
70-test_tls13psk.t ................. ok
70-test_tlsextms.t ................. ok
70-test_verify_extra.t ............. ok
70-test_wpacket.t .................. ok
71-test_ssl_ctx.t .................. ok
80-test_ca.t ....................... ok
80-test_cipherbytes.t .............. ok
80-test_cipherlist.t ............... ok
80-test_ciphername.t ............... ok
# 80-test_cms.t ...................... ok
80-test_cmsapi.t ................... ok
80-test_ct.t ....................... ok
80-test_dane.t ..................... ok
80-test_dtls.t ..................... ok
80-test_dtls_mtu.t ................. ok
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok
80-test_ssl_new.t .................. ok
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
# 81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. ok
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... ok
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ ok
90-test_srp.t ...................... ok
make: *** [Makefile:3249: tests] Terminated
make[1]: *** wait: No child processes. Stop.
make[1]: *** Waiting for unfinished jobs....
make[1]: *** wait: No child processes. Stop.
From openssl at openssl.org Mon Jan 11 01:53:55 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Mon, 11 Jan 2021 01:53:55 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
--strict-warnings no-autoerrinit
Message-ID: <1610330035.478823.2181685.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit
Commit log since last time:
e211d949cd doc/man7/provider.pod: updates providers to use EVP_MD_free() and EVP_CIPHER_free() instead of EVP_MD_meth_free() and EVP_CIPHER_meth_free() respectively which are used mostly by the engine (legacy) code.
42141197a1 Fix for negative return value from `SSL_CTX_sess_accept()`
732e24bb14 Fix simpledynamic test compilation when condigured without DSO support.
6d4313f03e replace 'unsigned const char' with 'const unsigned char'
1330093b9c [test][pkey_check] Add more invalid SM2 key tests
9e49aff2aa Add SM2 private key range validation
4554988e58 [test][pkey_check] Add invalid SM2 key test
ed37336b63 [apps/pkey] Return error on failed `-[pub]check`
c5bc5ec849 [test] Add `pkey -check` validation tests
becbacd705 Adding TLS group name retrieval
22aa4a3afb [crypto/dh] side channel hardening for computing DH shared keys
d0afb30ef3 Ensure DTLS free functions can handle NULL
3d0b6494d5 Remove extra space.
981b4b9572 Fixed error and return code.
1c47539a23 Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites.
c1e8a0c66e Fix set_ciphersuites ignore unknown ciphers.
a86add03ab Prepare for 3.0 alpha 11
cae118f938 Prepare for release of 3.0 alpha 10
bd0c71298a Update copyright year
Build log ended with (last 100 lines):
70-test_sslcbcpadding.t ............ ok
70-test_sslcertstatus.t ............ ok
70-test_sslextension.t ............. ok
70-test_sslmessages.t .............. ok
70-test_sslrecords.t ............... ok
70-test_sslsessiontick.t ........... ok
70-test_sslsigalgs.t ............... ok
70-test_sslsignature.t ............. ok
70-test_sslskewith0p.t ............. ok
70-test_sslversions.t .............. ok
70-test_sslvertol.t ................ ok
70-test_tls13alerts.t .............. ok
70-test_tls13cookie.t .............. ok
70-test_tls13downgrade.t ........... ok
70-test_tls13hrr.t ................. ok
70-test_tls13kexmodes.t ............ ok
70-test_tls13messages.t ............ ok
70-test_tls13psk.t ................. ok
70-test_tlsextms.t ................. ok
70-test_verify_extra.t ............. ok
70-test_wpacket.t .................. ok
71-test_ssl_ctx.t .................. ok
80-test_ca.t ....................... ok
80-test_cipherbytes.t .............. ok
80-test_cipherlist.t ............... ok
80-test_ciphername.t ............... ok
# 80-test_cms.t ...................... ok
80-test_cmsapi.t ................... ok
80-test_ct.t ....................... ok
80-test_dane.t ..................... ok
80-test_dtls.t ..................... ok
80-test_dtls_mtu.t ................. ok
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok
80-test_ssl_new.t .................. ok
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
# 81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. ok
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... ok
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ ok
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
91-test_pkey_check.t ............... ok
95-test_external_boringssl.t ....... skipped: No external tests in this configuration
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok
Test Summary Report
-------------------
04-test_err.t (Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit status: 1
Files=228, Tests=3428, 894 wallclock secs (14.47 usr 1.47 sys + 804.50 cusr 84.66 csys = 905.10 CPU)
Result: FAIL
make[1]: *** [Makefile:3276: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit'
make: *** [Makefile:3273: tests] Error 2
From no-reply at appveyor.com Mon Jan 11 05:12:09 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 11 Jan 2021 05:12:09 +0000
Subject: Build failed: openssl master.39067
Message-ID: <20210111051209.1.67AAEB171F68B36B@appveyor.com>
An HTML attachment was scrubbed...
URL:
From openssl at openssl.org Mon Jan 11 07:24:58 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Mon, 11 Jan 2021 07:24:58 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
--strict-warnings no-des
Message-ID: <1610349898.921333.2888004.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-des
Commit log since last time:
e211d949cd doc/man7/provider.pod: updates providers to use EVP_MD_free() and EVP_CIPHER_free() instead of EVP_MD_meth_free() and EVP_CIPHER_meth_free() respectively which are used mostly by the engine (legacy) code.
42141197a1 Fix for negative return value from `SSL_CTX_sess_accept()`
732e24bb14 Fix simpledynamic test compilation when condigured without DSO support.
6d4313f03e replace 'unsigned const char' with 'const unsigned char'
1330093b9c [test][pkey_check] Add more invalid SM2 key tests
9e49aff2aa Add SM2 private key range validation
4554988e58 [test][pkey_check] Add invalid SM2 key test
ed37336b63 [apps/pkey] Return error on failed `-[pub]check`
c5bc5ec849 [test] Add `pkey -check` validation tests
becbacd705 Adding TLS group name retrieval
22aa4a3afb [crypto/dh] side channel hardening for computing DH shared keys
d0afb30ef3 Ensure DTLS free functions can handle NULL
3d0b6494d5 Remove extra space.
981b4b9572 Fixed error and return code.
1c47539a23 Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites.
c1e8a0c66e Fix set_ciphersuites ignore unknown ciphers.
a86add03ab Prepare for 3.0 alpha 11
cae118f938 Prepare for release of 3.0 alpha 10
bd0c71298a Update copyright year
Build log ended with (last 100 lines):
70-test_sslmessages.t .............. ok
70-test_sslrecords.t ............... ok
70-test_sslsessiontick.t ........... ok
70-test_sslsigalgs.t ............... ok
70-test_sslsignature.t ............. ok
70-test_sslskewith0p.t ............. ok
70-test_sslversions.t .............. ok
70-test_sslvertol.t ................ ok
70-test_tls13alerts.t .............. ok
70-test_tls13cookie.t .............. ok
70-test_tls13downgrade.t ........... ok
70-test_tls13hrr.t ................. ok
70-test_tls13kexmodes.t ............ ok
70-test_tls13messages.t ............ ok
70-test_tls13psk.t ................. ok
70-test_tlsextms.t ................. ok
70-test_verify_extra.t ............. ok
70-test_wpacket.t .................. ok
71-test_ssl_ctx.t .................. ok
80-test_ca.t ....................... ok
80-test_cipherbytes.t .............. ok
80-test_cipherlist.t ............... ok
80-test_ciphername.t ............... ok
# 80-test_cms.t ...................... ok
80-test_cmsapi.t ................... ok
80-test_ct.t ....................... ok
80-test_dane.t ..................... ok
80-test_dtls.t ..................... ok
80-test_dtls_mtu.t ................. ok
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... skipped: The PKCS12 command line utility is not supported by this OpenSSL build
80-test_ssl_new.t .................. ok
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
# 81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. ok
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... ok
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ ok
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
91-test_pkey_check.t ............... ok
95-test_external_boringssl.t ....... skipped: No external tests in this configuration
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok
Test Summary Report
-------------------
30-test_evp.t (Wstat: 512 Tests: 90 Failed: 2)
Failed tests: 14, 40
Non-zero exit status: 2
30-test_evp_kdf.t (Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit status: 1
Files=228, Tests=3430, 889 wallclock secs (14.02 usr 1.41 sys + 798.32 cusr 86.37 csys = 900.12 CPU)
Result: FAIL
make[1]: *** [Makefile:3185: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-des'
make: *** [Makefile:3182: tests] Error 2
From no-reply at appveyor.com Mon Jan 11 08:19:02 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 11 Jan 2021 08:19:02 +0000
Subject: Build completed: openssl master.39068
Message-ID: <20210111081902.1.9D279A3F94CC0199@appveyor.com>
An HTML attachment was scrubbed...
URL:
From openssl at openssl.org Mon Jan 11 08:52:45 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Mon, 11 Jan 2021 08:52:45 +0000
Subject: SUCCESSFUL build of OpenSSL branch master with options -d
--strict-warnings no-dso
Message-ID: <1610355165.561403.3080852.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dso
Commit log since last time:
e211d949cd doc/man7/provider.pod: updates providers to use EVP_MD_free() and EVP_CIPHER_free() instead of EVP_MD_meth_free() and EVP_CIPHER_meth_free() respectively which are used mostly by the engine (legacy) code.
42141197a1 Fix for negative return value from `SSL_CTX_sess_accept()`
732e24bb14 Fix simpledynamic test compilation when condigured without DSO support.
6d4313f03e replace 'unsigned const char' with 'const unsigned char'
1330093b9c [test][pkey_check] Add more invalid SM2 key tests
9e49aff2aa Add SM2 private key range validation
4554988e58 [test][pkey_check] Add invalid SM2 key test
ed37336b63 [apps/pkey] Return error on failed `-[pub]check`
c5bc5ec849 [test] Add `pkey -check` validation tests
becbacd705 Adding TLS group name retrieval
22aa4a3afb [crypto/dh] side channel hardening for computing DH shared keys
d0afb30ef3 Ensure DTLS free functions can handle NULL
3d0b6494d5 Remove extra space.
981b4b9572 Fixed error and return code.
1c47539a23 Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites.
c1e8a0c66e Fix set_ciphersuites ignore unknown ciphers.
a86add03ab Prepare for 3.0 alpha 11
cae118f938 Prepare for release of 3.0 alpha 10
bd0c71298a Update copyright year
From dev at ddvo.net Mon Jan 11 18:36:08 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Mon, 11 Jan 2021 18:36:08 +0000
Subject: [openssl] master update
Message-ID: <1610390168.312348.29975.nullmailer@dev.openssl.org>
The branch master has been updated
via 046a7aaa5e3c398b19fcdb5b486d57ab9c6ced30 (commit)
via 1f7643e86e7dfdc559092fe4a467bad2ce86f6f2 (commit)
via 475d10028e57ae0987911af580f0de8d701325ec (commit)
via 400e2acfe0bae9aec1f9df50fa51f6b7cf8ad779 (commit)
from e211d949cd5737e53cd3399e6a88453930768b98 (commit)
- Log -----------------------------------------------------------------
commit 046a7aaa5e3c398b19fcdb5b486d57ab9c6ced30
Author: Dr. David von Oheimb
Date: Tue Dec 22 10:28:03 2020 +0100
apps/pkey.c: Forther improve user guidance, also on non-sensical option combinations
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13712)
commit 1f7643e86e7dfdc559092fe4a467bad2ce86f6f2
Author: Dr. David von Oheimb
Date: Tue Dec 22 08:37:03 2020 +0100
apps/pkey.c: Re-order help output and option documentation
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13712)
commit 475d10028e57ae0987911af580f0de8d701325ec
Author: Dr. David von Oheimb
Date: Tue Dec 15 14:30:38 2020 +0100
apps/pkey.c: Make clear that -passout is not supported for DER output
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13712)
commit 400e2acfe0bae9aec1f9df50fa51f6b7cf8ad779
Author: Dr. David von Oheimb
Date: Thu Dec 10 17:10:52 2020 +0100
apps.c: Fix crash in case uri arg of IS_HTTP or IS_HTTPS is NULL
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13712)
-----------------------------------------------------------------------
Summary of changes:
apps/lib/apps.c | 8 +--
apps/pkey.c | 94 ++++++++++++++++++-----------
doc/man1/openssl-pkey.pod.in | 141 ++++++++++++++++++++++++++-----------------
3 files changed, 147 insertions(+), 96 deletions(-)
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 1998a8bc2f..457dac87bc 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -469,10 +469,10 @@ CONF *app_load_config_modules(const char *configfile)
return conf;
}
-#define IS_HTTP(uri) \
- (strncmp(uri, OSSL_HTTP_PREFIX, strlen(OSSL_HTTP_PREFIX)) == 0)
-#define IS_HTTPS(uri) \
- (strncmp(uri, OSSL_HTTPS_PREFIX, strlen(OSSL_HTTPS_PREFIX)) == 0)
+#define IS_HTTP(uri) ((uri) != NULL \
+ && strncmp(uri, OSSL_HTTP_PREFIX, strlen(OSSL_HTTP_PREFIX)) == 0)
+#define IS_HTTPS(uri) ((uri) != NULL \
+ && strncmp(uri, OSSL_HTTPS_PREFIX, strlen(OSSL_HTTPS_PREFIX)) == 0)
X509 *load_cert_pass(const char *uri, int maybe_stdin,
const char *pass, const char *desc)
diff --git a/apps/pkey.c b/apps/pkey.c
index 67dc8c012c..5d12cc059a 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -36,7 +36,7 @@ typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE,
OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB,
- OPT_TEXT, OPT_NOOUT, OPT_MD, OPT_TRADITIONAL, OPT_CHECK, OPT_PUB_CHECK,
+ OPT_TEXT, OPT_NOOUT, OPT_CIPHER, OPT_TRADITIONAL, OPT_CHECK, OPT_PUB_CHECK,
OPT_EC_PARAM_ENC, OPT_EC_CONV_FORM,
OPT_PROV_ENUM
} OPTION_CHOICE;
@@ -47,33 +47,36 @@ const OPTIONS pkey_options[] = {
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
+ OPT_PROV_OPTIONS,
+
{"check", OPT_CHECK, '-', "Check key consistency"},
{"pubcheck", OPT_PUB_CHECK, '-', "Check public key consistency"},
- {"", OPT_MD, '-', "Any supported cipher"},
- {"ec_param_enc", OPT_EC_PARAM_ENC, 's',
- "Specifies the way the ec parameters are encoded"},
- {"ec_conv_form", OPT_EC_CONV_FORM, 's',
- "Specifies the point conversion form "},
OPT_SECTION("Input"),
{"in", OPT_IN, 's', "Input key"},
- {"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+ {"inform", OPT_INFORM, 'f',
+ "Key input format (ENGINE, other values ignored)"},
+ {"passin", OPT_PASSIN, 's', "Key input pass phrase source"},
{"pubin", OPT_PUBIN, '-',
- "Read public key from input (default is private key)"},
- {"traditional", OPT_TRADITIONAL, '-',
- "Use traditional format for private keys"},
+ "Read only public components from key input"},
OPT_SECTION("Output"),
- {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
- {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
- {"out", OPT_OUT, '>', "Output file"},
- {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
- {"text_pub", OPT_TEXT_PUB, '-', "Only output public key components"},
- {"text", OPT_TEXT, '-', "Output in plaintext as well"},
- {"noout", OPT_NOOUT, '-', "Don't output the key"},
+ {"out", OPT_OUT, '>', "Output file for encoded and/or text output"},
+ {"outform", OPT_OUTFORM, 'F', "Output encoding format (DER or PEM)"},
+ {"", OPT_CIPHER, '-', "Any supported cipher to be used for encryption"},
+ {"passout", OPT_PASSOUT, 's', "Output PEM file pass phrase source"},
+ {"traditional", OPT_TRADITIONAL, '-',
+ "Use traditional format for private key PEM output"},
+ {"pubout", OPT_PUBOUT, '-', "Restrict encoded output to public components"},
+ {"noout", OPT_NOOUT, '-', "Do not output the key in encoded form"},
+ {"text", OPT_TEXT, '-', "Output key components in plaintext"},
+ {"text_pub", OPT_TEXT_PUB, '-',
+ "Output only public key components in text form"},
+ {"ec_conv_form", OPT_EC_CONV_FORM, 's',
+ "Specifies the EC point conversion form in the encoding"},
+ {"ec_param_enc", OPT_EC_PARAM_ENC, 's',
+ "Specifies the way the EC parameters are encoded"},
- OPT_PROV_OPTIONS,
{NULL}
};
@@ -88,7 +91,7 @@ int pkey_main(int argc, char **argv)
char *passinarg = NULL, *passoutarg = NULL, *prog;
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
- int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0, ret = 1;
+ int pubin = 0, pubout = 0, text_pub = 0, text = 0, noout = 0, ret = 1;
int private = 0, traditional = 0, check = 0, pub_check = 0;
#ifndef OPENSSL_NO_EC
EC_KEY *eckey;
@@ -133,13 +136,13 @@ int pkey_main(int argc, char **argv)
outfile = opt_arg();
break;
case OPT_PUBIN:
- pubin = pubout = pubtext = 1;
+ pubin = pubout = 1;
break;
case OPT_PUBOUT:
pubout = 1;
break;
case OPT_TEXT_PUB:
- pubtext = text = 1;
+ text_pub = 1;
break;
case OPT_TEXT:
text = 1;
@@ -156,7 +159,7 @@ int pkey_main(int argc, char **argv)
case OPT_PUB_CHECK:
pub_check = 1;
break;
- case OPT_MD:
+ case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &cipher))
goto opthelp;
break;
@@ -192,10 +195,28 @@ int pkey_main(int argc, char **argv)
if (argc != 0)
goto opthelp;
- private = !noout && !pubout ? 1 : 0;
- if (text && !pubtext)
- private = 1;
+ if (noout && pubout)
+ BIO_printf(bio_err,
+ "Warning: The -pubout option is ignored with -noout\n");
+ if (text && text_pub)
+ BIO_printf(bio_err,
+ "Warning: The -text option is ignored with -text_pub\n");
+ if (traditional && (noout || outformat != FORMAT_PEM))
+ BIO_printf(bio_err,
+ "Warning: The -traditional is ignored since there is no PEM output\n");
+ private = (!noout && !pubout) || (text && !text_pub);
+ if (cipher == NULL) {
+ if (passoutarg != NULL)
+ BIO_printf(bio_err,
+ "Warning: The -passout option is ignored without a cipher option\n");
+ } else {
+ if (noout || outformat != FORMAT_PEM) {
+ BIO_printf(bio_err,
+ "Error: Cipher options are supported only for PEM output\n");
+ goto end;
+ }
+ }
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
@@ -283,6 +304,11 @@ int pkey_main(int argc, char **argv)
}
}
} else if (outformat == FORMAT_ASN1) {
+ if (text || text_pub) {
+ BIO_printf(bio_err,
+ "Error: Text output cannot be combined with DER output\n");
+ goto end;
+ }
if (pubout) {
if (!i2d_PUBKEY_bio(out, pkey))
goto end;
@@ -297,15 +323,13 @@ int pkey_main(int argc, char **argv)
}
}
- if (text) {
- if (pubtext) {
- if (EVP_PKEY_print_public(out, pkey, 0, NULL) <= 0)
- goto end;
- } else {
- assert(private);
- if (EVP_PKEY_print_private(out, pkey, 0, NULL) <= 0)
- goto end;
- }
+ if (text_pub) {
+ if (EVP_PKEY_print_public(out, pkey, 0, NULL) <= 0)
+ goto end;
+ } else if (text) {
+ assert(private);
+ if (EVP_PKEY_print_private(out, pkey, 0, NULL) <= 0)
+ goto end;
}
ret = 0;
diff --git a/doc/man1/openssl-pkey.pod.in b/doc/man1/openssl-pkey.pod.in
index 86597c9e36..df031fb258 100644
--- a/doc/man1/openssl-pkey.pod.in
+++ b/doc/man1/openssl-pkey.pod.in
@@ -13,118 +13,149 @@ openssl-pkey - public or private key processing command
B B
[B<-help>]
-[B<-inform> B|B|B|B]
-[B<-outform> B|B]
+{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
+[B<-check>]
+[B<-pubcheck>]
[B<-in> I|I]
+[B<-inform> B|B|B|B]
[B<-passin> I]
+[B<-pubin>]
[B<-out> I]
+[B<-outform> B|B]
+[B<-I>]
[B<-passout> I]
[B<-traditional>]
-[B<-I>]
+[B<-pubout>]
+[B<-noout>]
[B<-text>]
[B<-text_pub>]
-[B<-noout>]
-[B<-pubin>]
-[B<-pubout>]
-[B<-check>]
-[B<-pubcheck>]
[B<-ec_conv_form> I]
[B<-ec_param_enc> I]
-{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
=for openssl ifdef engine
=head1 DESCRIPTION
This command processes public or private keys. They can be
-converted between various forms and their components printed out.
+converted between various forms and their components printed.
=head1 OPTIONS
+=head2 General options
+
=over 4
=item B<-help>
Print out a usage message.
+{- $OpenSSL::safe::opt_engine_item -}
+
+{- $OpenSSL::safe::opt_provider_item -}
+
+=item B<-check>
+
+This option checks the consistency of a key pair for both public and private
+components.
+
+=item B<-pubcheck>
+
+This option checks the correctness of either a public key
+or the public component of a key pair.
+
+=back
+
+=head2 Input options
+
+=over 4
+
+=item B<-in> I|I
+
+This specifies the input to read a key from
+or standard input if this option is not specified.
+If the key input is encrypted and B<-passin> is not given
+a pass phrase will be prompted for.
+
=item B<-inform> B|B|B|B
The key input format; the default is B.
The only value with effect is B; all others have become obsolete.
See L for details.
-=item B<-outform> B|B
+=item B<-passin> I
-The key output formats; the default is B.
-See L for details.
+The password source for the key input.
-=item B<-in> I|I
+For more information about the format of B
+see L.
-This specifies the input to read a key from or standard input if this
-option is not specified. If the key is encrypted a pass phrase will be
-prompted for.
+=item B<-pubin>
-=item B<-passin> I, B<-passout> I
+By default a private key is read from the input.
+With this option only the public components are read.
-The password source for the input and output file.
-For more information about the format of B
-see L.
+=back
+
+=head2 Output options
+
+=over 4
=item B<-out> I
-This specifies the output filename to write a key to or standard output if this
-option is not specified. If any encryption options are set then a pass phrase
-will be prompted for. The output filename should B be the same as the input
-filename.
+This specifies the output filename to save the encoded and/or text output of key
+or standard output if this option is not specified.
+If any cipher option is set but no B<-passout> is given
+then a pass phrase will be prompted for.
+The output filename should B be the same as the input filename.
-=item B<-traditional>
+=item B<-outform> B|B
-Normally a private key is written using standard format: this is PKCS#8 form
-with the appropriate encryption algorithm (if any). If the B<-traditional>
-option is specified then the older "traditional" format is used instead.
+The key output format; the default is B.
+See L for details.
=item B<-I>
-These options encrypt the private key with the supplied cipher. Any algorithm
-name accepted by EVP_get_cipherbyname() is acceptable such as B.
+Encrypt the PEM encoded private key with the supplied cipher. Any algorithm
+name accepted by EVP_get_cipherbyname() is acceptable such as B.
+Encryption is not supported for DER output.
-=item B<-text>
-
-Prints out the various public or private key components in
-plain text in addition to the encoded version.
+=item B<-passout> I
-=item B<-text_pub>
+The password source for the output file.
-Print out only public key components even if a private key is being processed.
+For more information about the format of B
+see L.
-=item B<-noout>
+=item B<-traditional>
-Do not output the encoded version of the key.
+Normally a private key is written using standard format: this is PKCS#8 form
+with the appropriate encryption algorithm (if any). If the B<-traditional>
+option is specified then the older "traditional" format is used instead.
-=item B<-pubin>
+=item B<-pubout>
-By default a private key is read from the input file: with this
-option a public key is read instead.
+By default the encoded private and public key is output;
+this option restricts the encoded output to the public components.
+This option is automatically set if the input is a public key.
-=item B<-pubout>
+=item B<-noout>
-By default a private key is output: with this option a public
-key will be output instead. This option is automatically set if
-the input is a public key.
+Do not output the key in encoded form.
-=item B<-check>
+=item B<-text>
-This option checks the consistency of a key pair for both public and private
-components.
+Output the various key components in plain text
+(possibly in addition to the PEM encoded form).
+This cannot be combined with encoded output in DER format.
-=item B<-pubcheck>
+=item B<-text_pub>
-This option checks the correctness of either a public key or the public component
-of a key pair.
+Output in text form only the public key components (also for private keys).
+This cannot be combined with encoded output in DER format.
=item B<-ec_conv_form> I
-This option only applies to elliptic curve based public and private keys.
+This option only applies to elliptic-curve based keys.
This specifies how the points on the elliptic curve are converted
into octet strings. Possible values are: B (the default
@@ -146,10 +177,6 @@ EC parameters structures). The default value is B.
B the B alternative, as specified in RFC 3279,
is currently not implemented in OpenSSL.
-{- $OpenSSL::safe::opt_engine_item -}
-
-{- $OpenSSL::safe::opt_provider_item -}
-
=back
=head1 EXAMPLES
From dev at ddvo.net Mon Jan 11 18:40:41 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Mon, 11 Jan 2021 18:40:41 +0000
Subject: [openssl] master update
Message-ID: <1610390441.530688.18492.nullmailer@dev.openssl.org>
The branch master has been updated
via 678cae0295e3fe600edc049742b8c765a58edebc (commit)
via 3372039252c4d9c67de784a0fbdad5589991a347 (commit)
from 046a7aaa5e3c398b19fcdb5b486d57ab9c6ced30 (commit)
- Log -----------------------------------------------------------------
commit 678cae0295e3fe600edc049742b8c765a58edebc
Author: Dr. David von Oheimb
Date: Thu Jan 7 10:16:12 2021 +0100
APPS: Print help also on -h and --h; print high-level help when no cmd given
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13799)
commit 3372039252c4d9c67de784a0fbdad5589991a347
Author: Dr. David von Oheimb
Date: Thu Jan 7 09:00:02 2021 +0100
APPS: Fix confusion between program and app/command name used in diagnostic/help output
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13799)
-----------------------------------------------------------------------
Summary of changes:
apps/cmp.c | 6 ++----
apps/dgst.c | 3 +--
apps/enc.c | 16 ++++++++--------
apps/include/opt.h | 1 +
apps/lib/opt.c | 13 +++++++++++--
apps/openssl.c | 37 ++++++++++++++++++-------------------
apps/s_client.c | 3 +--
test/recipes/20-test_app.t | 10 ++++++++--
8 files changed, 50 insertions(+), 39 deletions(-)
diff --git a/apps/cmp.c b/apps/cmp.c
index a484234f90..b28b7431ce 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -42,6 +42,7 @@
#include
#include
+static char *prog;
static char *opt_config = NULL;
#define CMP_SECTION "cmp"
#define SECTION_NAME_MAX 40 /* max length of section name */
@@ -49,10 +50,6 @@ static char *opt_config = NULL;
static char *opt_section = CMP_SECTION;
static int opt_verbosity = OSSL_CMP_LOG_INFO;
-#undef PROG
-#define PROG cmp_main
-static char *prog = "cmp";
-
static int read_config(void);
static CONF *conf = NULL; /* OpenSSL config file context structure */
@@ -2625,6 +2622,7 @@ int cmp_main(int argc, char **argv)
int ret = 0; /* default: failure */
if (argc <= 1) {
+ prog = opt_appname(argv[0]);
opt_help(cmp_options);
goto err;
}
diff --git a/apps/dgst.c b/apps/dgst.c
index 7110a97cf4..845c2eabc9 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -111,9 +111,8 @@ int dgst_main(int argc, char **argv)
int engine_impl = 0;
struct doall_dgst_digests dec;
- prog = opt_progname(argv[0]);
buf = app_malloc(BUFSIZE, "I/O buffer");
- md = EVP_get_digestbyname(prog);
+ md = EVP_get_digestbyname(argv[0]);
prog = opt_init(argc, argv, dgst_options);
while ((o = opt_next()) != OPT_EOF) {
diff --git a/apps/enc.c b/apps/enc.c
index f97621b1a6..42b14d4993 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -112,7 +112,7 @@ int enc_main(int argc, char **argv)
const EVP_CIPHER *cipher = NULL, *c;
const EVP_MD *dgst = NULL;
char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p;
- char *infile = NULL, *outfile = NULL, *prog;
+ char *infile = NULL, *outfile = NULL, *prog, *arg0;
char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL;
char mbuf[sizeof(magic) - 1];
OPTION_CHOICE o;
@@ -131,18 +131,18 @@ int enc_main(int argc, char **argv)
BIO *bzl = NULL;
#endif
- /* first check the program name */
- prog = opt_progname(argv[0]);
- if (strcmp(prog, "base64") == 0) {
+ /* first check the command name */
+ arg0 = argv[0];
+ if (strcmp(arg0, "base64") == 0) {
base64 = 1;
#ifdef ZLIB
- } else if (strcmp(prog, "zlib") == 0) {
+ } else if (strcmp(arg0, "zlib") == 0) {
do_zlib = 1;
#endif
} else {
- cipher = EVP_get_cipherbyname(prog);
- if (cipher == NULL && strcmp(prog, "enc") != 0) {
- BIO_printf(bio_err, "%s is not a known cipher\n", prog);
+ cipher = EVP_get_cipherbyname(arg0);
+ if (cipher == NULL && strcmp(arg0, "enc") != 0) {
+ BIO_printf(bio_err, "%s is not a known cipher\n", arg0);
goto end;
}
}
diff --git a/apps/include/opt.h b/apps/include/opt.h
index 56de57cf4c..15375e3a80 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -341,6 +341,7 @@ typedef struct string_int_pair_st {
const char *opt_path_end(const char *filename);
char *opt_progname(const char *argv0);
+char *opt_appname(const char *arg0);
char *opt_getprog(void);
char *opt_init(int ac, char **av, const OPTIONS * o);
int opt_next(void);
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index 260ff3b1c2..22d4138301 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -138,6 +138,15 @@ char *opt_progname(const char *argv0)
}
#endif
+char *opt_appname(const char *arg0)
+{
+ size_t len = strlen(prog);
+
+ if (arg0 != NULL)
+ snprintf(prog + len, sizeof(prog) - len - 1, " %s", arg0);
+ return prog;
+}
+
char *opt_getprog(void)
{
return prog;
@@ -151,7 +160,6 @@ char *opt_init(int ac, char **av, const OPTIONS *o)
argv = av;
opt_begin();
opts = o;
- opt_progname(av[0]);
unknown = NULL;
/* Check all options up until the PARAM marker (if present) */
@@ -724,7 +732,8 @@ int opt_next(void)
*arg++ = '\0';
for (o = opts; o->name; ++o) {
/* If not this option, move on to the next one. */
- if (strcmp(p, o->name) != 0)
+ if (!(strcmp(p, "h") == 0 && strcmp(o->name, "help") == 0)
+ && strcmp(p, o->name) != 0)
continue;
/* If it doesn't take a value, make sure none was given. */
diff --git a/apps/openssl.c b/apps/openssl.c
index e6746087ad..b61ed5f81d 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -235,7 +235,9 @@ int main(int argc, char *argv[])
FUNCTION f, *fp;
LHASH_OF(FUNCTION) *prog = NULL;
char *pname;
+ const char *fname;
ARGS arg;
+ int global_help = 0;
int ret = 0;
arg.argv = NULL;
@@ -249,9 +251,7 @@ int main(int argc, char *argv[])
#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
argv = copy_argv(&argc, argv);
#elif defined(_WIN32)
- /*
- * Replace argv[] with UTF-8 encoded strings.
- */
+ /* Replace argv[] with UTF-8 encoded strings. */
win32_utf8argv(&argc, &argv);
#endif
@@ -259,18 +259,11 @@ int main(int argc, char *argv[])
setup_trace(getenv("OPENSSL_TRACE"));
#endif
- if (!apps_startup()) {
- BIO_printf(bio_err,
- "FATAL: Startup failure (dev note: apps_startup() failed)\n");
- ERR_print_errors(bio_err);
- ret = 1;
- goto end;
- }
-
- prog = prog_init();
- if (prog == NULL) {
+ if ((fname = "apps_startup", !apps_startup())
+ || (fname = "prog_init", (prog = prog_init()) == NULL)) {
BIO_printf(bio_err,
- "FATAL: Startup failure (dev note: prog_init() failed)\n");
+ "FATAL: Startup failure (dev note: %s()) for %s\n",
+ fname, argv[0]);
ERR_print_errors(bio_err);
ret = 1;
goto end;
@@ -285,15 +278,21 @@ int main(int argc, char *argv[])
f.name = pname;
fp = lh_FUNCTION_retrieve(prog, &f);
if (fp == NULL) {
- /* We assume we've been called as 'openssl cmd' */
+ /* We assume we've been called as 'openssl ...' */
+ global_help = argc > 1
+ && (strcmp(argv[1], "-help") == 0 || strcmp(argv[1], "--help") == 0
+ || strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--h") == 0);
argc--;
argv++;
+ opt_appname(argc == 1 || global_help ? "help" : argv[0]);
+ } else {
+ argv[0] = pname;
}
/* If there's a command, run with that, otherwise "help". */
- ret = argc > 0
- ? do_cmd(prog, argc, argv)
- : do_cmd(prog, 1, help_argv);
+ ret = argc == 0 || global_help
+ ? do_cmd(prog, 1, help_argv)
+ : do_cmd(prog, argc, argv);
end:
OPENSSL_free(default_config_file);
@@ -360,7 +359,7 @@ int help_main(int argc, char **argv)
}
calculate_columns(functions, &dc);
- BIO_printf(bio_err, "Standard commands");
+ BIO_printf(bio_err, "%s:\n\nStandard commands", prog);
i = 0;
tp = FT_none;
for (fp = functions; fp->name != NULL; fp++) {
diff --git a/apps/s_client.c b/apps/s_client.c
index 56444baeca..25c01f4088 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1010,7 +1010,6 @@ int s_client_main(int argc, char **argv)
# endif
#endif
- prog = opt_progname(argv[0]);
c_quiet = 0;
c_debug = 0;
c_showcerts = 0;
@@ -1019,7 +1018,7 @@ int s_client_main(int argc, char **argv)
cctx = SSL_CONF_CTX_new();
if (vpm == NULL || cctx == NULL) {
- BIO_printf(bio_err, "%s: out of memory\n", prog);
+ BIO_printf(bio_err, "%s: out of memory\n", opt_getprog());
goto end;
}
diff --git a/test/recipes/20-test_app.t b/test/recipes/20-test_app.t
index e7246565f2..dfd0db25b8 100644
--- a/test/recipes/20-test_app.t
+++ b/test/recipes/20-test_app.t
@@ -13,7 +13,7 @@ use OpenSSL::Test;
setup("test_app");
-plan tests => 3;
+plan tests => 5;
ok(run(app(["openssl"])),
"Run openssl app with no args");
@@ -21,5 +21,11 @@ ok(run(app(["openssl"])),
ok(run(app(["openssl", "help"])),
"Run openssl app with help");
-ok(!run(app(["openssl", "-help"])),
+ok(!run(app(["openssl", "-wrong"])),
"Run openssl app with incorrect arg");
+
+ok(run(app(["openssl", "-help"])),
+ "Run openssl app with -help");
+
+ok(run(app(["openssl", "--help"])),
+ "Run openssl app with --help");
From no-reply at appveyor.com Mon Jan 11 20:28:37 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 11 Jan 2021 20:28:37 +0000
Subject: Build failed: openssl master.39082
Message-ID: <20210111202837.1.B9596B86F5F56362@appveyor.com>
An HTML attachment was scrubbed...
URL:
From openssl at openssl.org Mon Jan 11 23:34:47 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Mon, 11 Jan 2021 23:34:47 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
enable-fuzz-afl no-shared no-module
Message-ID: <1610408087.872619.643438.nullmailer@run.openssl.org>
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module
Commit log since last time:
e211d949cd doc/man7/provider.pod: updates providers to use EVP_MD_free() and EVP_CIPHER_free() instead of EVP_MD_meth_free() and EVP_CIPHER_meth_free() respectively which are used mostly by the engine (legacy) code.
42141197a1 Fix for negative return value from `SSL_CTX_sess_accept()`
732e24bb14 Fix simpledynamic test compilation when condigured without DSO support.
6d4313f03e replace 'unsigned const char' with 'const unsigned char'
1330093b9c [test][pkey_check] Add more invalid SM2 key tests
9e49aff2aa Add SM2 private key range validation
4554988e58 [test][pkey_check] Add invalid SM2 key test
ed37336b63 [apps/pkey] Return error on failed `-[pub]check`
c5bc5ec849 [test] Add `pkey -check` validation tests
becbacd705 Adding TLS group name retrieval
22aa4a3afb [crypto/dh] side channel hardening for computing DH shared keys
d0afb30ef3 Ensure DTLS free functions can handle NULL
3d0b6494d5 Remove extra space.
981b4b9572 Fixed error and return code.
1c47539a23 Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites.
c1e8a0c66e Fix set_ciphersuites ignore unknown ciphers.
a86add03ab Prepare for 3.0 alpha 11
cae118f938 Prepare for release of 3.0 alpha 10
bd0c71298a Update copyright year
Build log ended with (last 100 lines):
# setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF
# save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem'
../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem -out_trusted root.crt => 0
not ok 43 - popo RAVERIFIED
# ------------------------------------------------------------------------------
# cmp_main:../openssl/apps/cmp.c:2663:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option
# warn_cert_msg:../openssl/apps/cmp.c:687:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
# setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF
# save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo5.pem'
../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo5.pem -out_trusted root.crt => 0
not ok 47 - popo NONE
# ------------------------------------------------------------------------------
# Failed test 'popo NONE'
# at ../openssl/test/recipes/81-test_cmp_cli.t line 183.
# cmp_main:../openssl/apps/cmp.c:2663:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option
# warn_cert_msg:../openssl/apps/cmp.c:687:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
# setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF
# save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo6.pem'
../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo6.pem -out_trusted root.crt => 0
not ok 48 - popo KEYENC not supported
# ------------------------------------------------------------------------------
# Looks like you failed 3 tests of 92.
not ok 7 - CMP app CLI Mock enrollment
# ------------------------------------------------------------------------------
#
# Failed test 'CMP app CLI Mock enrollment
# '
# at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1335.
# Looks like you failed 3 tests of 7.81-test_cmp_cli.t ..................
Dubious, test returned 3 (wstat 768, 0x300)
Failed 3/7 subtests
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. skipped: Test only supported in a shared build
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ skipped: Test only supported in a shared build
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build
90-test_v3name.t ................... ok
91-test_pkey_check.t ............... ok
95-test_external_boringssl.t ....... skipped: No external tests in this configuration
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok
Test Summary Report
-------------------
81-test_cmp_cli.t (Wstat: 768 Tests: 7 Failed: 3)
Failed tests: 4-5, 7
Non-zero exit status: 3
Files=228, Tests=3004, 693 wallclock secs (10.61 usr 1.32 sys + 610.63 cusr 71.30 csys = 693.86 CPU)
Result: FAIL
make[1]: *** [Makefile:2459: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl'
make: *** [Makefile:2456: tests] Error 2
From kaduk at mit.edu Mon Jan 11 23:51:21 2021
From: kaduk at mit.edu (kaduk at mit.edu)
Date: Mon, 11 Jan 2021 23:51:21 +0000
Subject: [openssl] master update
Message-ID: <1610409081.301923.4306.nullmailer@dev.openssl.org>
The branch master has been updated
via 3ddf44ea5a2c1c8c55f4f4072a611791c79d4e7c (commit)
from 678cae0295e3fe600edc049742b8c765a58edebc (commit)
- Log -----------------------------------------------------------------
commit 3ddf44ea5a2c1c8c55f4f4072a611791c79d4e7c
Author: John Baldwin
Date: Thu Jan 7 14:09:41 2021 -0800
Close /dev/crypto file descriptor after CRIOGET ioctl().
Reviewed-by: Matt Caswell
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/13807)
-----------------------------------------------------------------------
Summary of changes:
engines/e_devcrypto.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c
index d549edfd29..e1c4372f72 100644
--- a/engines/e_devcrypto.c
+++ b/engines/e_devcrypto.c
@@ -1236,9 +1236,11 @@ static int open_devcrypto(void)
#ifdef CRIOGET
if (ioctl(fd, CRIOGET, &cfd) < 0) {
fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno));
+ close(fd);
cfd = -1;
return 0;
}
+ close(fd);
#else
cfd = fd;
#endif
From no-reply at appveyor.com Tue Jan 12 03:19:43 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 12 Jan 2021 03:19:43 +0000
Subject: Build failed: openssl master.39095
Message-ID: <20210112031943.1.5C9BD2F84A3B4EC4@appveyor.com>
An HTML attachment was scrubbed...
URL:
From no-reply at appveyor.com Tue Jan 12 03:37:18 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 12 Jan 2021 03:37:18 +0000
Subject: Build failed: openssl master.39096
Message-ID: <20210112033718.1.C586B57084123E3B@appveyor.com>
An HTML attachment was scrubbed...
URL:
From no-reply at appveyor.com Tue Jan 12 06:29:31 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 12 Jan 2021 06:29:31 +0000
Subject: Build completed: openssl master.39097
Message-ID: <20210112062931.1.048BE900A70FD4CD@appveyor.com>
An HTML attachment was scrubbed...
URL:
From matthias.st.pierre at ncp-e.com Tue Jan 12 10:19:48 2021
From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com)
Date: Tue, 12 Jan 2021 10:19:48 +0000
Subject: [openssl] master update
Message-ID: <1610446788.625383.23994.nullmailer@dev.openssl.org>
The branch master has been updated
via b209835364de35541d835185f3dc3a984e2c1545 (commit)
from 3ddf44ea5a2c1c8c55f4f4072a611791c79d4e7c (commit)
- Log -----------------------------------------------------------------
commit b209835364de35541d835185f3dc3a984e2c1545
Author: Dr. Matthias St. Pierre
Date: Sat Jan 9 17:29:47 2021 +0100
v3_ocsp.c: fix indentation of include directives
Fixes #13820
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/13822)
-----------------------------------------------------------------------
Summary of changes:
crypto/ocsp/v3_ocsp.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c
index 7d3d730457..9e24102685 100644
--- a/crypto/ocsp/v3_ocsp.c
+++ b/crypto/ocsp/v3_ocsp.c
@@ -7,14 +7,14 @@
* https://www.openssl.org/source/license.html
*/
-# include